工控系统网络安全等级测评评估研究  被引量：2

作　　者：朱晓鹏 黄文财 钟远生 吴耿 ZHU Xiao-peng;HUANG Wen-cai;ZHONG Yuan-sheng;WU Geng(Guangdong Testing Institute of Product Quality Supervision,Guangzhou 510670,China;National Key Laboratory for Market Supervision(Intelligent Robot Safety),Guangzhou 510670,China)

机构地区：[1]广东产品质量监督检验研究院,广东广州510670 [2]国家市场监管重点实验室(智能机器人安全),广东广州510670

出　　处：《计算机技术与发展》2023年第12期149-155,共7页Computer Technology and Development

基　　金：国家市场监督管理总局科技计划项目(2022MK095)。

摘　　要：针对当前工控系统网络安全等级测评计算繁琐、权重计算简单、缺乏工控系统的针对性和评估结果具有随机性和模糊性的问题,研究一种工控系统网络安全等级测评评估方法。绘制以网络安全等级测评为基础的工控系统典型框架,分析工控系统相对安全通用类等级测评在评估指标上的差异,并采用主观赋权法确保上述评估指标差异在工控系统权重赋值中倾斜的合理性,应用客观赋权法保证权重赋值的科学性,使用组合赋权法综合考量主客观赋权优点,确保工控系统评估指标权重赋值的合理性和科学性;使用专家云模型结合组合赋权法获取的组合权重,得出工控系统网络安全等级测评评估结果,再基于云模型的概率统计和模糊数学,克服繁琐的计算和评估结果的模糊性和随机性;最后,将该方法应用于某大型化工产业工控系统,结果表明该系统等级测评结果为良,与预案评审结果一致,验证了该方法在网络安全等级测评中的有效性和适用性。Aiming at the problems of complex calculation,simple weight calculation,lack of pertinence of industrial control systems,and randomness and fuzziness of evaluation results in the current industrial control system network security level evaluation,a method for evaluating the network security level of industrial control systems is studied.A typical industrial control system framework based on network security level assessment is drawn,the differences in evaluation indicators between industrial control systems and general security level assessments is analyzed,and subjective weighting methods are used to ensure the rationality of the above evaluation indicator differences in the weighting of industrial control systems.The objective weighting methods are used to ensure the scientificity of weighting,and combined weighting methods are used to comprehensively consider the advantages of subjective and objective weighting,which ensures the rationality and scientificity of the weight assignment of industrial control system evaluation indicators;using the combination weights obtained by combining the expert cloud model with the combination weighting method,the evaluation results of the network security level of the industrial control system are obtained.Based on the probability statistics and fuzzy mathematics of the cloud model,the fuzziness and randomness of the tedious calculation and evaluation results are overcome.Finally,the proposed method is applied to a large chemical industry industrial control system,and it is showed that the system level evaluation is effective,consistent with the plan evaluation results,The effectiveness and applicability of the proposed method in network security level evaluation are verified.

关 键 词：工控系统 网络安全 等级测评 组合赋权 专家云模型 

分 类 号：TP393.038[自动化与计算机技术—计算机应用技术]