基于α-截集三角模糊数和攻击树的CTCS网络安全风险评估方法  

Network security risk assessment method for CTCS based onα-cut triangular fuzzy number and attack tree

在线阅读下载全文

作  者:姚洪磊 刘吉强[1] 童恩栋 牛温佳 YAO Honglei;LIU Jiqiang;TONG Endong;NIU Wenjia(School of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China;Institute of Computing Technology,China Academy of Railway Sciences Corporation Limited,Beijing 100081,China)

机构地区:[1]北京交通大学计算机与信息技术学院,北京100044 [2]中国铁道科学研究院集团有限公司电子计算技术研究所,北京100081

出  处:《计算机应用》2024年第4期1018-1026,共9页journal of Computer Applications

基  金:中国国家铁路集团有限公司重点课题(K2022W010)。

摘  要:针对工业控制系统网络安全风险评估影响因素的不确定性和指标量化困难问题,提出一种基于模糊理论和攻击树的方法评估工业控制系统风险,并将它应用于中国列车控制系统(CTCS)的风险评估。首先,基于CTCS可能面临的网络安全威胁和系统自身的脆弱性建立攻击树模型,使用α-截集三角模糊数(TFN)计算攻击树叶节点和攻击路径的区间概率;其次,利用层次分析法(AHP)建立安全事件损失数学模型,最终得出风险评估值。实验结果表明,所提方法可以有效评估系统风险,预测攻击路径,降低主观因素对风险评估过程的影响,使评估结果更契合实际,为安全防护策略的选择提供参考和依据。To solve the problems of uncertain influence factors and indicator quantification difficulty in the risk assessment of industrial control networks,a method based on fuzzy theory and attack tree was proposed,and the proposed method was tested and verified on Chinese Train Control System(CTCS).First,an attack tree model for CTCS was constructed based on network security threats and system vulnerability.α-cut Triangular Fuzzy Number(TFN)was used to calculate the interval probabilities of leaf nodes and attack paths.Then,Analytic Hierarchy Process(AHP)was adopted to establish the mathematical model for security event losses and get the final risk assessment result.Finally,the experimental result demonstrates that the proposed method implements system risk assessment effectively,predicts the attack paths successfully and reduces the influence of subjective factors.By taking advantage of the proposed method,the risk assessment result would be more realistic and provides reference and basis for the selection of security protection strategies.

关 键 词:攻击树 α-截集三角模糊数 层次分析法 中国列车控制系统 风险评估 

分 类 号:TP311.5[自动化与计算机技术—计算机软件与理论]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象