摘要
针对工业控制系统日益严峻的信息安全问题,结合工业控制系统信息安全的特点,提出了一种结合D-S证据理论和层次分析法的工业控制系统信息安全风险评估方法。首先建立风险评估层次结构,并量化专家的语言评价;然后采用D-S证据理论对评估结果进行合成来降低主观因素的影响;最后利用各安全威胁概率的置信区间进行重要性排序,并提出了相关信息安全防护对策。对火电厂工业控制系统的应用结果表明,该方法能够量化各安全威胁的影响,能有效处理工业控制系统信息安全风险评估过程中的不确定性问题。
The cyber security in industrial control system is becoming increasingly serious. By considering the characteristics of industrial control system cyber security, a new method integrating D-S evidence theory and AHP is proposed in this work. Firstly, the risk assessment hierarchy is established and the experts' linguistic assessment is quantified. Then, the synthetic evaluation is realized using D-S evidence theory such that the influence of subjective factors can be reduced. Finally, all security threats are sorted according to their importance using the confidence interval of probability, and then, the related cyber security protection measures are proposed. The experimental results in industrial control system of thermal power plant show that the proposed method can quantify the effect of security threats, and effectively cope with uncertainties in the cyber security risk assessment of industrial control system.
出处
《华东理工大学学报(自然科学版)》
CAS
CSCD
北大核心
2014年第4期500-505,共6页
Journal of East China University of Science and Technology
关键词
工业控制系统
信息安全
证据理论
风险评估
industrial control system
cyber security
evidence theory
risk assessment