基于系统动力学的民航CPS网络风险评估  被引量：1

作　　者：顾兆军[1] 姚峰 张一诺 隋翯 Gu Zhaojun;Yao Feng;Zhang Yinuo;Sui He(Information Security Evaluation Center,Civil Aviation University of China,Tianjin 300300,China;College of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China;College of Aeronautical Engineering,Civil Aviation University of China,Tianjin 300300,China)

机构地区：[1]中国民航大学信息安全测评中心,天津300300 [2]中国民航大学计算机科学与技术学院,天津300300 [3]中国民航大学航空工程学院,天津300300

出　　处：《系统工程学报》2023年第2期245-253,共9页Journal of Systems Engineering

基　　金：民航安全能力建设基金资助项目(PESA2022093);天津市研究生科研创新项目基金资助项目(2021YJSS121);中国民航大学信息安全测评中心开放基金资助项目(ISECCA-202103)。

摘　　要：为解决民航信息物理系统网络风险评估中风险的时间依赖性及复杂的耦合效应,以航油自控系统为例,提出一种基于系统动力学与关联分析相结合的评估方法.首先定义系统动力学表达式,利用系统安全状态函数达成评估目标一致性.进一步结合软因素将风险系统划分为网络风险、业务风险、人为风险和管理风险四个子系统,使用轻量级控件规则定义风险耦合,最后使用Vensim进行仿真分析.结果表明,基于系统动力学的网络风险评估方法相比于传统方法更关注风险耦合,评估结果更具有实时性,为解析风险动态演化机制、从根本上降低航油自控系统网络风险提供了科学依据.In order to solve the time dependence and complex coupling effect of risks in the cyber risk assessment of civil aviation cyber-physical system,an assessment method based on the combination of system dynamics and correlation analysis is proposed,taking the aviation fuel automatic control system as an example.Firstly,the expression of system dynamics is defined,and the system safety state function is used to achieve the consistency of evaluation objectives.The risk system is further divided into four subsystems:cyber risk,business risk,human risk,and management risk based on soft factors.The risk coupling is defined using lightweight control rules.Finally,Vensim is used for simulation analysis.The results show that cyber risk assessment method based on system dynamics pays more attention to risk coupling than traditional methods,and the assessment results are more real-time,which provides a scientific basis for analyzing the dynamic evolution mechanism of risk and fundamentally reducing the cyber risk of aviation fuel automation system.

关 键 词：网络风险评估 系统动力学 民航信息物理系统 风险耦合 

分 类 号：TP399[自动化与计算机技术—计算机应用技术]