A multi-step attack path prediction method for Oil & Gas intelligence pipeline cyber physics system based on CPNE

Owing to the integration of the 5th Generation Mobile Communication Technology (5G) and industrial internet construction, Oil & Gas intelligent pipeline network has witnessed accelerated construction and development. The Oil & Gas intelligent pipeline network proposed by China National Petroleum Corporation exhibits the advantages such as high integration, data unification, and intelligent decision-making, which helps to greatly reduce manual management costs, optimize risk decision-making by managers, and avoid risks such as human misuse. However, the highly integrated Cyber-physical system of the Internet and the Internet of Things faces various cyber security threats, and traditional intrusion detection systems exhibit drawbacks in the face of complex cyber-attack behaviors. In response to incomplete multi-step attack path prediction in traditional prediction methods, this paper proposes a multi-step attack path prediction method for Oil & Gas intelligence pipeline cyber physics system (CPS) based on Colored Petri nets and mixed strategy Nash equilibrium (CPNE). Taking into account the importance of assets and the dependency relationships between assets within the cyber-physical system of Oil & Gas intelligent pipeline network, CPNE constructs a node dependency model for the cyber-physical system of Oil & Gas intelligent pipeline network, simulates multi-step attack and defense games, calculates the probability of node failure triggering and transfer using mixed strategy Nash equilibrium, and extracts the risk of multi-step attack paths for different attack strategies. With the filtration and separation unit of a certain natural gas station as an example, this paper establishes a CPNE model to rank the risk of the first multi-step attack single attack source path and predict the risk of subsequent multi-step attack source paths, thus predicting multi-step attack paths. Taking three rounds of attacks as an example, compared to the paths predicted by traditional probability attack graph models, the proposed CPNE model is more advantageous in multi attack source path prediction, with a 2.33-fold increase in the relative coverage rate of path predictions.