基于层次分析法的工控网络态势评估研究  

作　　者：郭琳 易军凯 王浩 GUO Lin;YI Junkai;WANG Hao(School of Automation,Beijing Information Science and Technology University,Beijing 100192,China)

机构地区：[1]北京信息科技大学自动化学院,北京100192

出　　处：《西安理工大学学报》2024年第2期260-268,共9页Journal of Xi'an University of Technology

基　　金：国家自然科学基金资助项目(U1636208)。

摘　　要：现有的网络安全态势评估方法没有考虑到工业控制系统(industrial control system,ICS)网络安全需求的特殊性,无法实现准确的评估。此外,ICS传输大量异构数据,容易受到网络攻击,现有的分类方法无法有效处理多类别不平衡数据。针对该问题,本文首先分析了工控系统的特点,提出了基于层次分析法的工控系统安全态势量化评估方法,该方法可以更准确地反映ICS网络安全状况;然后针对多攻击类型数据不平衡问题,提出了平均欠过采样方法,以平衡数据并且不会导致数据量过大;最后基于极限梯度提升(extreme gradient boosting,XGBoost)算法构建了ICS网络态势评估分类器,实验表明,本文设计的分类模型相较于传统分类算法支持向量机、K近邻以及随机森林可以实现更好的精度。Existing network security situation assessment methods do not take into account the particularity of industrial control system(ICS)network security requirements,and they cannot achieve accurate assessment.In addition,ICS transmits a large amount of heterogeneous data,which is vulnerable to network attacks,and the existing classification methods cannot effectively deal with multi-class unbalanced data.To address this problem,this paper first analyzes the characteristics of industrial control systems and proposes a quantitative assessment method for industrial control system security posture based on analytic hierarchy process,which can more accurately represent the ICS network security status;it proposes an average under-over sampling method for the problem of data imbalance of multiple attack types,which balances the data and does not lead to excessive data volume;finally,based on the extreme gradient boosting(XGBoost)it is used to construct a classifier for ICS network situational assessment,with experiments showing that the classification model designed in this paper can achieve better accuracy than the traditional classification algorithms of support vector machine,K-nearest neighbor and random forest.

关 键 词：工业控制系统 网络安全态势评估 层次分析法 数据采样 

分 类 号：TP393.0[自动化与计算机技术—计算机应用技术]