| 51 | 0 | 5 |
| 下载次数 | 被引频次 | 阅读次数 |
针对卫星系统面临的多层次、多类型网络安全威胁的问题,提出了一种基于MITRE ATT&CK框架的卫星系统网络安全量化评估模型。该模型首先对卫星功能组件进行分类和攻击技术匹配,随后计算出各组件相关攻击的风险优先数,并识别卫星中的高风险威胁。同时,该模型结合资源消耗与安全性之间的折线图,分析计算、存储和带宽资源开销与安全性之间的关系。实验结果表明,该模型能够全面评估卫星系统的安全威胁,并为有限资源下卫星系统网络的最优安全策略提供指导。
Abstract:In response to the multi-layered and diverse cybersecurity threats faced by satellite systems, a satellite system cybersecurity quantitative evaluation model based on the MITRE ATT&CK framework is proposed. The model conducts a detailed classification of satellite functional components and matches them with attack techniques, calculating the risk priority numbers(RPNs) associated with attacks on each component to identify high-risk threats within the satellite system. At the same time, the model analyzes the relationship between computational, storage, and bandwidth resource consumption and system security through a line chart analysis of resource consumption versus security. Experimental results demonstrate that the proposed model can comprehensively assess the security threats in satellite systems and provide guidance for selecting the optimal security strategies under limited resource conditions. The results show that the model effectively assesses satellite system security threats and guides optimal defense strategies under resource constraints.
[1] PAVUR J, MARTINOVIC I. SOK:building a launchpad for impactful satellite cyber-security research[EB/OL].[2025-04-20]. https://arxiv.org/abs/2010.10872v1
[2] TEDESCHI P, SCIANCALEPORE S, DI PIETRO R. Satellite-based communications security:a survey of threats, solutions, and research challenges[J]. Computer networks, 2022, 216:109246.DOI:10.1016/j.comnet.2022.109246
[3] WILLBOLD J, SCHLOEGEL M, V?GELE M, et al. Space odyssey:an experimental software security analysis of satellites[C]//Proceedings of IEEE Symposium on Security and Privacy(SP).IEEE, 2023:1-19. DOI:10.1109/SP46215.2023.10351029
[4] PELED R, AIZIKOVICH E, HABLER E, et al. Evaluating the security of satellite systems[EB/OL].[2025-04-20]. https://arxiv.org/abs/2312.01330v1
[5] IEC 60812 Technical Committee. Analysis techniques for system reliability-procedure for failure mode and effects analysis(FMEA)[EB/OL].[2025-04-20]. http://atltransformers. uk/wp-content/uploads/LEMUR-AG15%20PA05-07421/PA05-07241%20LEMUR-AG15%20Nov2020/PA05-7241%20LEMURAG15/2%20Standards/BS%20EN%2060812-2006%20FMEA.pdf
[6] AMRO A, GKIOULOS V, KATSIKAS S. Assessing cyber risk in cyber-physical systems using the ATT&CK framework[J]. ACM transactions on privacy and security, 2023, 26(2):1-33. DOI:10.1145/3571733
[7] BEHFARNIA A, ESLAMI A. Risk assessment of autonomous vehicles using Bayesian defense graphs[C]//Proceedings of IEEE88th Vehicular Technology Conference(VTC-Fall). IEEE, 2018:1-5. DOI:10.1109/VTCFall.2018.8690732
[8] YOUSAF A, AMRO A, KWA P T H, et al. Cyber risk assessment of cyber-enabled autonomous cargo vessel[J]. International journal of critical infrastructure protection, 2024, 46:100695. DOI:10.1016/j.ijcip.2024.100695
基本信息:
DOI:
中图分类号:TN927.2;TN915.08
引用信息:
[1]朱飞,曹进,韩昌隆等.基于MITRE ATT&CK框架的卫星系统网络安全量化评估模型[J].中兴通讯技术,2025,31(03):14-21.
基金信息:
国家自然科学基金项目(U23B2024,62172317)