With development of network informationization of high-speed railway signal systems,there are more se-rious security threats and risks.To assess network security risk of the system,this paper proposed a modeling method of attack graph for high-speed railway signal systems based on security domain.Host security domain and network security domain are applied to divide the network in consideration of its hierarchical structure.Distribute generation of attack graphs are developed both in and between the security domains.Meanwhile,attack modes and the minimum constraint threshold of attack benefits are used to reduce complexity of generating attack graphs according to security level require-ments of each sub-network in the system.A simulated attack behavior from a CTC station permeates into the network is applied to verify effectiveness of this method.The results show that there are 143 state nodes,142 directed edges and 20 attack paths generated in an unconstrained attack graph.A state attack graph based on a revenue constraint threshold of the minimum attack generates 51 state nodes,50 directed edges and 8 attack paths.Simulation results show that the pro-posed method can improve the efficiency of generating an attack graph,and simplify its scale to obtain possible attack paths.
DownLoad: