摘要
提出基于模糊层次分析法(FAHP)的工业控制系统(ICS)安全评估方法,对工控系统设备与具体攻击方式进行分析,建立层次分析化安全评估模型,以期对工控系统的安全状况有更全面的评估,对工控系统中的易受攻击设备能够采取有针对性的防范措施.以典型化工控制系统为例,从信息安全评估原理到工控系统安全评估原理进行迁移,完善了工控系统层次化建模的合理性与逻辑性;建立层次化分析模型,引入模糊一致矩阵,给出模糊层次法的评估步骤;根据攻击方式,采用统一评语集,利用模糊综合评价计算各个子目标安全值,判断系统脆弱性所在,即工控系统中的易受攻击设备,得到系统的整体安全状态值.评估结果显示,该工控系统中最脆弱的部分为工程师站和PLC,需要重点加强安全防护措施,而整个工控系统处于"基本安全"偏向"比较危险"的状态.
A security assessment for industrial control systems(ICS)based on fuzzy analytic hierarchy process(FAHP)was proposed in order to comprehensively assess the ICS security condition and provide targeted measurement for the equipment which is vulnerable in ICS.The analytic hierarchy model of security assessment was established with the analysis of equipment in ICS and specific attacks.The FAHP method was implemented taking a typical chemical industrial control system for example.The principle of information security assessment was transferred to the principle of security assessment for ICS,and the rationality and logicality of the hierarchical modeling for ICS was improved.The proposed assessment established an analytic hierarchy model,introducing fuzzy consistent matrix and making the step of FAHP.According to the attack method,the sub goal security value was calculated with fuzzy comprehensive evaluation using unified assessment set in order to determine the vulnerability of ICS.The vulnerability of ICS refers to the vulnerable equipment in ICS.Then the overall security situation for ICS was obtained.The assessment results show that the vulnerable equipment in this ICS is engineer station and PLC,which need highly protective measures in particular.The security level of the control system is‘basically secure'.
出处
《浙江大学学报(工学版)》
EI
CAS
CSCD
北大核心
2016年第4期759-765,共7页
Journal of Zhejiang University:Engineering Science
基金
国家自然科学基金资助项目(61433006)
关键词
模糊层次分析法
工控系统
安全风险评估
fuzzy analytic hierarchy process
industrial control system
security assessment
