检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:王智刚 李林森[1] WANG Zhi-gang;LI Lin-sen(School of Cyber Science and Engineering,Shanghai Jiaotong University,Shanghai 200240,China)
机构地区:[1]上海交通大学网络安全学院
出 处:《通信技术》2019年第12期3050-3057,共8页Communications Technology
基 金:国家重点研发计划项目课题(No.2018YFB0803503);NSFC-浙江两化融合联合基金(No.U1509219)~~
摘 要:近年来工业控制系统的安全事件层出不穷,国内缺乏有效的安全量化风险评估方法。针对该问题,提出了一种基于模糊层次分析法和攻击树模型相结合的工业控制系统安全量化评估方法。该方法对典型的工业控制系统建立层次化分析模型,结合群决策请多位专家对各层要素进行相对重要性赋值得到判别矩阵,并对判进行模糊化处理。最后,对工业控制系统的每一种攻击方式建立攻击树模型来定量地分析每一种攻击发生的概率,并根据上述系统脆弱性采取针对的防护措施。实验结果表明,该方法是有效的。In recent years,the safety incidents of industrial control systems have emerged in an endless stream,and there is no effective safety quantitative risk assessment method in China.Aiming at this problem,a quantitative security assessment method for industrial control systems based on the combination of fuzzy analytic hierarchy process and attack tree model is proposed.It establishes a hierarchical analysis model for a typical industrial control system.In combination with group decision-making,multiple experts are asked to assign relative importance to the elements of each layer to obtain a discrimination matrix,and the judgment is fuzzified.Finally,an attack tree model is established for each attack mode of the industrial control system to quantitatively analyze the probability of each attack,and the corresponding protective measures are taken according to the above system vulnerability.The experimental results indicate that the method is effective.
分 类 号:TN929.5[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28
