基于层次分析法的工控网络态势评估研究

Network situation assessment on industrial control system based on analytic hierarchy process

现有的网络安全态势评估方法没有考虑到工业控制系统(industrial control system,ICS)网络安全需求的特殊性,无法实现准确的评估。此外,ICS传输大量异构数据,容易受到网络攻击,现有的分类方法无法有效处理多类别不平衡数据。针对该问题,本文首先分析了工控系统的特点,提出了基于层次分析法的工控系统安全态势量化评估方法,该方法可以更准确地反映ICS网络安全状况;然后针对多攻击类型数据不平衡问题,提出了平均欠过采样方法,以平衡数据并且不会导致数据量过大;最后基于极限梯度提升(extreme gradient boosting,XGBoost)算法构建了ICS网络态势评估分类器,实验表明,本文设计的分类模型相较于传统分类算法支持向量机、K近邻以及随机森林可以实现更好的精度。

Existing network security situation assessment methods do not take into account the particularity of industrial control system(ICS)network security requirements,and they cannot achieve accurate assessment.In addition,ICS transmits a large amount of heterogeneous data,which is vulnerable to network attacks,and the existing classification methods cannot effectively deal with multi-class unbalanced data.To address this problem,this paper first analyzes the characteristics of industrial control systems and proposes a quantitative assessment method for industrial control system security posture based on analytic hierarchy process,which can more accurately represent the ICS network security status;it proposes an average under-over sampling method for the problem of data imbalance of multiple attack types,which balances the data and does not lead to excessive data volume;finally,based on the extreme gradient boosting(XGBoost)it is used to construct a classifier for ICS network situational assessment,with experiments showing that the classification model designed in this paper can achieve better accuracy than the traditional classification algorithms of support vector machine,K-nearest neighbor and random forest.