摘要
近年来工业控制系统的安全事件层出不穷,国内缺乏有效的安全量化风险评估方法。针对该问题,提出了一种基于模糊层次分析法和攻击树模型相结合的工业控制系统安全量化评估方法。该方法对典型的工业控制系统建立层次化分析模型,结合群决策请多位专家对各层要素进行相对重要性赋值得到判别矩阵,并对判进行模糊化处理。最后,对工业控制系统的每一种攻击方式建立攻击树模型来定量地分析每一种攻击发生的概率,并根据上述系统脆弱性采取针对的防护措施。实验结果表明,该方法是有效的。
In recent years,the safety incidents of industrial control systems have emerged in an endless stream,and there is no effective safety quantitative risk assessment method in China.Aiming at this problem,a quantitative security assessment method for industrial control systems based on the combination of fuzzy analytic hierarchy process and attack tree model is proposed.It establishes a hierarchical analysis model for a typical industrial control system.In combination with group decision-making,multiple experts are asked to assign relative importance to the elements of each layer to obtain a discrimination matrix,and the judgment is fuzzified.Finally,an attack tree model is established for each attack mode of the industrial control system to quantitatively analyze the probability of each attack,and the corresponding protective measures are taken according to the above system vulnerability.The experimental results indicate that the method is effective.
作者
王智刚
李林森
WANG Zhi-gang;LI Lin-sen(School of Cyber Science and Engineering,Shanghai Jiaotong University,Shanghai 200240,China)
出处
《通信技术》
2019年第12期3050-3057,共8页
Communications Technology
基金
国家重点研发计划项目课题(No.2018YFB0803503)
NSFC-浙江两化融合联合基金(No.U1509219)~~
关键词
风险评估
模糊层次分析法
群决策
攻击树模型
risk assessment
fuzzy analytic hierarchy process
group decision
attack tree model
