摘要
为减少工业控制系统(ICS)风险评估中专家主观性的影响,使评估结果体现资产在可用性、完整性和机密性(AIC)3个方面不同的安全需求,提出一种基于模糊集和熵的灰色风险评估模型。结合威胁种类和安全目标,建立风险评估指标体系;引入模糊集和信息熵对权重的计算方法进行改进;将灰色理论用于风险评估,计算出ICS整体的风险、各设备风险以及设备在AIC这3方面面临的不同风险。对民航某ICS的应用结果表明,该模型能较为全面地评估系统的风险,为ICS防护提供重要依据。
To reduce the subjective impact of experts in the industrial control system(ICS)risk assessment process,and to make the assessment results reflect the security requirements of assets in terms of availability,integrity and confidentiality(AIC),a grey risk assessment model based on fuzzy sets and entropy was proposed.The threat types and security objectives were combined to establish a risk assessment index system.Fuzzy sets and information entropy were introduced to improve the weight determination method.The grey theory was used in the risk assessment,and the risks of the ICS as a whole,the risks of each equipment,and the different risks faced by the equipment in three aspects of AIC were calculated.The application results of an ICS for civil aviation show that the proposed model can comprehensively assess the risk of the system and provide an important basis for the protection of ICS.
作者
顾兆军
彭辉
GU Zhao-jun;PENG Hui(College of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China;Information Security Assessment Center,Civil Aviation University of China,Tianjin 300300,China)
出处
《计算机工程与设计》
北大核心
2020年第2期339-345,共7页
Computer Engineering and Design
基金
国家自然科学基金项目(61601467、U1533104)
民航安全能力建设基金项目(PESA170003、PDSA2018079、PDSA2018080、PDSA2018082)
民航科技基金项目(MHRD20140205、MHRD20150233)
中国民航信息技术科研基地开放课题基金项目(CAAC-ITRB-201702)
中央高校基本科研业务费中国民航大学专项基金项目(3122018C036、3122018D030)
关键词
工业控制系统
风险评估
模糊集
信息熵
灰色理论
industrial control system
risk assessment
fuzzy sets
information entropy
grey theory