摘要
针对油气生产物联网系统动态风险评估问题,提出一种基于贝叶斯攻击图的油气生产物联网系统风险评估模型。首先通过对系统进行风险分析,得到入侵证据及系统漏洞,结合入侵证据和漏洞利用成功概率,采用EM算法对训练数据进行数据补全并动态更新贝叶斯攻击图的条件概率参数表,通过条件概率表可计算得出先验概率,结合入侵证据计算得到节点的后验概率,进而得到系统的风险值,考虑资源利用的相关性对风险值进行最终修正。仿真结果分析证明了该模型的有效性和准确性。
Aiming at the dynamic risk assessment of oil and gas production IoT system,a risk assessment model of oil and gas production IoT system based on Bayesian attack graph was proposed.Firstly,through the risk analysis of the system,the intrusion evidence and system vulnerabilities are obtained,combined with the intrusion evidence and the success probability of vulnerability exploitation,the EM algorithm is used to complete the data of the training data and dynamically update the conditional probability parameter table of the Bayesian attack graph,the prior probability can be calculated through the conditional probability table,and the posterior probability of the node is calculated by combining the intrusion evidence,then the risk value of the system is obtained,and the risk value is finally corrected considering the correlation of resource utilization.The simulation results have proved the effectiveness and accuracy of the model.
作者
刘子龙
周纯杰
胡晓娅
曹德舜
李娜
Liu Zilong;Zhou Chunjie;Hu Xiaoya;Cao Deshun;Li Na(School of Artificial Intelligence and Automation,Huazhong University of Science and Technology,Wuhan 470074,China;Research Institute of Huazhong University of Science and Technology in Shenzhen,Shenzhen 518057,China;SINOPEC Research Institute of Safety Engineering Co.,Qingdao 266000,China)
出处
《网络安全与数据治理》
2024年第4期3-11,23,共10页
CYBER SECURITY AND DATA GOVERNANCE
基金
深圳市科技计划(JCYJ20230807143613028)。
关键词
贝叶斯攻击图
贝叶斯参数学习
风险值计算
风险值修正
Bayesian attack diagram
Bayesian parameter learning
value-at-risk calculation
risk value correction