摘要
为了定量地评估(Supervisory Control and Data Acquisition,SCADA)系统的信息安全脆弱性,提出一种基于层次分析法和攻击防御树模型的SCADA系统脆弱性评估方法。该方法首先以最终攻击目标作为根节点,以攻击事件作为叶节点,并考虑各叶节点的防御措施,建立系统的攻击防御树模型。然后以攻击难度、攻击被发现的可能性和攻击后果的严重程度作为评判标准,采用多属性效用理论对攻击树叶节点的脆弱性进行量化,并结合层次分析法赋权来计算各叶节点、攻击序列和系统整体的脆弱性,以及叶节点脆弱性灵敏度指标。通过1个算例说明所提方法的具体应用,计算结果表明该方法合理可行,应用该方法有助于风险管理者找到系统的薄弱环节,重点采取防御措施。
Today SCADA communication is carried through a variety of medias. These communication channels are increasingly less isolated, leaving SCADA system vulnerable to information attack. In order to assess the SCADA system's information security vulnerability, this paper proposes a methodology to evaluate the cyber security vulnerability by using the analytic hierarchy process and attack countermeasure tree. The ultimate attack goal is presented as the top node, and the attack events are presented as the leaf nodes to formulate the attack countermeasure model. We choose three important parameters including technical difficulty, severity of impact, probability. We use the analytic hierarchy process to calculate the weight of each parameter. Then this paper evaluates the system, attack scenario, and leaf vulnerabilities, as well as the leaf node vulnerability sensitivity. The evaluating results show that the proposed method is reasonable and applicable. By using the proposed method, the risk management persons can find the most vulnerable places in a SCADA system, so they can apply protection measures with focusing on these weakest places.
作者
黄慧萍
肖世德
梁红琴
HUANG Hui-ping;X~AO Shi-de;LIANG Hong-qin(Mechatronics Engineering Department, Southwest Jiaotong University, Chengdu 610031, China)
出处
《控制工程》
CSCD
北大核心
2018年第6期1091-1097,共7页
Control Engineering of China
基金
中央高校基本科研业务费理工科科技创新项目(A0920502051722-37)
关键词
SCADA系统
攻击防御树
层次分析法
信息安全
脆弱性
SCADA system
attack countermeasure tree
analytic hierarchy process
cyber security
vulnerability
