Automatic Technology, Telecommunication Technology |
|
|
|
|
Security assessment for industrial control systems based on fuzzy analytic hierarchy process |
JIA Chi qian, FENG Dong qin |
State Key Laboratory of Industrial Control Technology, Zhejiang University, Hangzhou 310027, China |
|
|
Abstract A security assessment for industrial control systems (ICS) based on fuzzy analytic hierarchy process (FAHP) was proposed in order to comprehensively assess the ICS security condition and provide targeted measurement for the equipment which is vulnerable in ICS. The analytic hierarchy model of security assessment was established with the analysis of equipment in ICS and specific attacks. The FAHP method was implemented taking a typical chemical industrial control system for example. The principle of information security assessment was transferred to the principle of security assessment for ICS, and the rationality and logicality of the hierarchical modeling for ICS was improved. The proposed assessment established an analytic hierarchy model, introducing fuzzy consistent matrix and making the step of FAHP. According to the attack method, the sub goal security value was calculated with fuzzy comprehensive evaluation using unified assessment set in order to determine the vulnerability of ICS. The vulnerability of ICS refers to the vulnerable equipment in ICS. Then the overall security situation for ICS was obtained. The assessment results show that the vulnerable equipment in this ICS is engineer station and PLC, which need highly protective measures in particular. The security level of the control system is ‘basically secure’.
|
Published: 01 April 2016
|
|
基于模糊层次分析法的工控系统安全评估
提出基于模糊层次分析法(FAHP)的工业控制系统(ICS)安全评估方法,对工控系统设备与具体攻击方式进行分析,建立层次分析化安全评估模型,以期对工控系统的安全状况有更全面的评估,对工控系统中的易受攻击设备能够采取有针对性的防范措施.以典型化工控制系统为例,从信息安全评估原理到工控系统安全评估原理进行迁移,完善了工控系统层次化建模的合理性与逻辑性;建立层次化分析模型,引入模糊一致矩阵,给出模糊层次法的评估步骤;根据攻击方式,采用统一评语集,利用模糊综合评价计算各个子目标安全值,判断系统脆弱性所在,即工控系统中的易受攻击设备,得到系统的整体安全状态值.评估结果显示,该工控系统中最脆弱的部分为工程师站和PLC,需要重点加强安全防护措施,而整个工控系统处于“基本安全”偏向“比较危险”的状态.
|
|
[1] HRISTOVA A, SCHLEGEL R, OBERMEIER S.Security assessment methodology for industrial control system products [C]∥The 4th Annual IEEE International Conference on Cyber Technology in Automation, Control and Intelligent Systems. [S.l.]: IEEE, 2014: 264-269.
[2] RALSTON P A S, GRAHAM J H, HIEB J L. Cyber security risk assessment for SCADA and DCS networks [J]. ISA Transaction, 2007, 46(4): 583-594.
[3] WANG L J, WANG B, PENG Y J. Research the information security risk assessment technique based on Bayesian network [C]∥2010 3rd International Conference on Advanced Computer Theory and Engineering. Chengdu: [s.n.], 2010: V3 600 V3 604.
[4] BIAN N Y, WANG X Y, MAO L. Network security situational assessment model based on improved AHP_FCE [C]∥2013 6th International Conference on Advanced Computational Intelligence. Hangzhou: [s.n.], 2013: 200-205.
[5] 卢慧康,陈冬青,彭勇.工业控制系统信息安全风险评估量化研究[J].自动化仪表,2014,35(10): 21-25.
LU Hui kang, CHEN Dong qing, PENG Yong. Quantitative research on risk assessment for information security of industrial control system [J]. Process Automation Instrumentation,2014,35(10): 21-25.
[6] 秦晨,陈晓方,杨玉婷.基于FAHP IE算法的尾矿库安全性三级评估研究及应用[J].控制工程,2014,21(6): 995-1000.
QIN Chen, CHEN Xiao fang, YANG Yu ting. Research on safety three level evaluation of tailings reservoir based on FAHP IE method [J]. Control Engineering of China, 2014, 21(6): 995-1000.
[7] 元云丽.基于模糊层次分析法(FAHP)的建设工程项目 风险管理研究[D].重庆:重庆大学,2013.
YUAN Yun li. The research on the construction engineering project risk management based on fuzzy analytic hierarchy process [D]. Chongqing: Chongqing University, 2013.
[8] GB/T 20984 2007,信息安全风险评估规范\[S].北京:中国标准出版社,2007.
[9] GB/T 26333 2010,工业控制网络安全评估规范\[S].北京:中国标准出版社,2010.
[10] 张吉军.模糊一致判断矩阵3种排序方法的比较研究[J].系统工程与电子技术,2003,25(11): 1370-1372.
ZHANG Ji jun. Comparison of three ranking methods for the fuzzy consistent judgement matrix [J]. Journal of System Engineering and Electronics, 2003,25(11): 1370-1372.
[11] 吕跃进.基于模糊一致矩阵的模糊层次分析法的排序[J].模糊系统与数学,2002,16(2): 79-85.
LV Yue jin. Weight calculation method of fuzzy analytical hierarchy process [J]. Fuzzy Systems and Mathematics,2002,16(2): 79-85. |
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
|
Shared |
|
|
|
|
|
Discussed |
|
|
|
|