KR-102961211-B1 - DIGITAL TWIN-BASED ATTACK SIMULATION AND RESPONSE SYSTEM FOR ROAD TRAFFIC INFRASTRUCTURE PROTECTION

Abstract

The present invention relates to a digital twin-based road traffic infrastructure attack simulation response system, and the problem to be solved is to automatically generate cyber attack scenarios in a road traffic system, simulate them, and analyze and present countermeasures. For example, a digital twin-based road traffic infrastructure attack simulation response system is disclosed, comprising: a virtual road network generation unit that constructs a virtual road network by time-synchronizing data collected from real road traffic infrastructure and reproduces actual traffic flow by linking a traffic simulation model to the virtual road network; an attack scenario generation unit that generates an attack scenario based on security vulnerability information of equipment constituting the real road traffic infrastructure and evaluates the feasibility and characteristics of the attack scenario; an attack impact evaluation unit that applies the attack scenario to the virtual road network to simulate traffic flow changes and anomalies and analyzes the impact on traffic performance and safety based on the simulation results; and a response strategy management unit that derives a response strategy based on predefined rules or learned response policies based on the attack impact analysis results of the attack impact evaluation unit, and sets the response strategy to an applicable state or determines whether to apply it.

Inventors

• 박상호
• 박진성
• 김재용
• 임영욱

Assignees

• 주식회사 파도

Dates

Publication Date

20260507

Application Date

20250718

Claims (7)

1. A system implemented as a computing device comprising one or more processors and a memory storing a program for controlling said processors, A virtual road network generation unit that constructs a virtual road network by time-synchronizing data collected from real road traffic infrastructure and reproduces actual traffic flow by linking a traffic simulation model to the virtual road network; An attack scenario generation unit that generates an attack scenario based on security vulnerability information of equipment constituting real-world road traffic infrastructure, and evaluates the feasibility and attack characteristics of the said attack scenario; An attack impact evaluation unit that applies the above attack scenario to the above virtual road network to simulate traffic flow changes and anomalies, and analyzes the impact on traffic performance and safety based on the simulation results; and It includes a response strategy management unit that derives a response strategy based on predefined rules or learned response policies based on the attack impact analysis results of the attack impact evaluation unit, and sets the response strategy to an applicable state or determines whether to apply it. The aforementioned attack impact assessment unit, An attack reflection execution unit that applies signal control status, vehicle position, and intersection entry events corresponding to the above attack scenario onto the virtual road network; A traffic response analysis unit that simulates traffic flow changes based on the state information of the virtual road network changed by the attack reflection execution unit, and calculates average delay time, congestion index, and route change rate based on the simulation results; and A digital twin-based attack simulation response system characterized by including an impact quantification unit that quantitatively measures the possibility of traffic performance changes and safety impairment based on the calculation results of the traffic response analysis unit.
2. In Article 1, A digital twin-based road traffic infrastructure attack simulation response system characterized by further including a situation visualization unit that visualizes and provides the situation regarding the simulation execution state of the virtual road network, the execution state of the attack scenario, and the application state of the response strategy, respectively.
3. In Article 2, The above situation visualization unit is, A virtual environment output unit that renders a virtual space on a two-dimensional or three-dimensional visual interface based on vehicle location, traffic flow, and traffic control status data time-synchronized with the virtual road network; An attack scenario flow output unit that visualizes the execution steps, target equipment, intrusion path, and expected impact area of the above attack scenario as a scenario flowchart and a space-based heatmap; An impact spatial visualization unit that spatially visualizes the attack impact area based on congestion, average delay time, and route deviation rate included in the traffic performance indicators and safety degradation indicators among the above attack impact analysis results; A response strategy effect output unit that visualizes the application timing, application method, application results, and priority information between strategies based on a time series of the above response strategies; and A digital twin-based road traffic infrastructure attack simulation response system characterized by including a visualization control unit that simultaneously outputs output information of each of the virtual environment output unit, the attack scenario flow output unit, the impact map spatial visualization unit, and the response strategy effect output unit in parallel on a dashboard, or selectively displays at least one of each output information according to a user request.
4. In Article 1, The virtual road network generation unit above is, A real-world data collection unit that receives at least one road traffic infrastructure data among location information, signal control information, sensor observation information, and communication equipment status information from real-world road traffic infrastructure; A data alignment processing unit that aligns the above road traffic infrastructure data to a reference time and generates normalized time-aligned data by correcting missing data or removing outliers; A virtual road network configuration unit that configures a time-synchronized virtual road network based on the above time alignment data and generates a three-dimensional virtual space based on spatial information; and A digital twin-based road traffic infrastructure attack simulation response system characterized by including a traffic flow simulation linkage unit that implements dynamic traffic situations corresponding to real vehicle flow by linking a traffic simulation model to the virtual space above.
5. In Article 1, The above attack scenario generation unit is, Equipment status collection unit that collects equipment status information including at least one of a unique identifier of real road traffic infrastructure configuration equipment, a firmware version, whether a port is open, and a list of running services; A vulnerability information linkage unit that queries public vulnerability information linked to the above equipment status information from an external CVE/NVD database; An attack path search unit that constructs a node and edge-based threat path tree for the connection relationships between equipment constituting a real road traffic infrastructure based on the above-mentioned public vulnerability information, and extracts possible intrusion paths from the threat path tree; and A digital twin-based road traffic infrastructure attack simulation response system characterized by including an attack characteristic evaluation unit that estimates the probability of attack success and attack damage based on path length, degree of exposure, and authentication level for the above-mentioned intrusion possible paths.
6. delete
7. In Article 1, The aforementioned Response Strategy Management Department, A rule-based strategy extraction unit that receives the above attack impact analysis results as input, searches for condition-matching items in a predefined fixed rule-based policy table, and extracts a response strategy; If the conditions in the above rule-based strategy extraction unit are not matched or are insufficient, a case-learning-based strategy prediction unit that predicts a response strategy through a pre-trained prediction model based on past attack and response history; and A digital twin-based road traffic infrastructure attack simulation response system characterized by including a strategy execution management unit that automatically applies a response strategy extracted by the rule-based strategy extraction unit or a response strategy predicted by the case learning-based strategy prediction unit, or sets it to a waiting state for application, depending on whether it is approved by an administrator or a preset policy condition.

Description

Digital Twin-Based Attack Simulation and Response System for Road Traffic Infrastructure Protection The embodiments of the present invention belong to the technical field of security for road traffic infrastructure, and more specifically, to a digital twin-based road traffic infrastructure attack simulation response system that utilizes digital twin technology to recreate road traffic infrastructure in a virtual environment, automatically generates and simulates cyber attack scenarios thereon to analyze the impact of attacks and derive response strategies, and can be used to solve complex road-based infrastructure security problems linked to autonomous driving environments, smart transportation networks, vehicle-to-infrastructure communication (V2I), etc. Recently, with the advancement of smart city technology, road traffic infrastructure is expanding beyond simple physical facilities into complex information and communication systems. Traffic controllers, vehicle detection sensors, CCTVs, and wireless communication modules are interconnected to control traffic flow, and some components are directly connected to autonomous driving systems through vehicle-to-infrastructure (V2I) communication or real-time integration with central control centers. While such advanced road traffic infrastructure enables efficient traffic operations, it is simultaneously exposed to various security threats. In particular, as each piece of equipment is connected to open networks or operates based on wireless communication, threats such as external intrusions or takeover attacks through internal privilege escalation are becoming a reality. Most existing technologies are limited to traffic flow analysis or equipment status monitoring, and do not provide the capability to simulate security threats to the road infrastructure itself or automatically derive response strategies. Furthermore, existing simulation tools are limited in their ability to assess security because they fail to reflect the actual traffic system's response to attack scenarios or lack the integration of attack impact analysis with response strategy design. In addition, the generation of attack scenarios relies on manual or rule-based configuration, and automation is lacking in terms of dynamic exploration of attack paths, linkage with vulnerability information, and connectivity with simulation execution. Consequently, the lack of a systematic scenario-based assessment and response system for security vulnerabilities in road traffic infrastructure is being pointed out as a problem, and a technical approach to address this is urgently required. FIG. 1 is a schematic diagram showing the overall configuration of a digital twin-based road traffic infrastructure attack simulation response system according to an embodiment of the present invention. FIG. 2 is a block diagram showing the detailed configuration of a virtual road network generation unit according to an embodiment of the present invention. FIG. 3 is a flowchart showing the overall operation process of a virtual road network generation unit according to an embodiment of the present invention. FIG. 4 is a block diagram showing the detailed configuration of an attack scenario generation unit according to an embodiment of the present invention. FIG. 5 is a flowchart showing the overall operation process of the attack scenario generation unit according to an embodiment of the present invention. FIG. 6 is a block diagram showing the detailed configuration of an attack impact evaluation unit according to an embodiment of the present invention. FIG. 7 is a flowchart showing the overall operation process of the attack impact evaluation unit according to an embodiment of the present invention. FIG. 8 is a block diagram showing the detailed configuration of a response strategy management unit according to an embodiment of the present invention. FIG. 9 is a flowchart showing the overall operation process of the response strategy management unit according to an embodiment of the present invention. FIG. 10 is a block diagram showing the detailed configuration of a situation visualization unit according to an embodiment of the present invention. FIG. 11 is a flowchart showing the overall operation process of the situation visualization unit according to an embodiment of the present invention. FIG. 12 is a diagram exemplarily showing a visualization dashboard screen according to an embodiment of the present invention. FIG. 13 is a flowchart illustrated exemplarily to explain the overall operation process of a digital twin-based road traffic infrastructure attack simulation response system according to an embodiment of the invention. The terms used in this specification will be briefly explained, and the invention will be described in detail. The terms used in this invention have been selected based on currently widely used general terms, taking into account their functions within the invention; however, these terms may vary