[1]YANG Li,QIN Hongmei,SU Huawen.Research on security risk assessment of SCADA system based on the cloud model and combination weighting[J].CAAI Transactions on Intelligent Systems,2022,17(5):969-979.[doi:10.11992/tis.202107005]
Copy

Research on security risk assessment of SCADA system based on the cloud model and combination weighting

CAAI Transactions on Intelligent Systems[ISSN 1673-4785/CN 23-1538/TP] Volume: 17 Number of periods: 2022 5 Page number: 969-979 Column: 学术论文—智能系统 Public date: 2022-09-05
Title:
Research on security risk assessment of SCADA system based on the cloud model and combination weighting
Author(s):
YANG Li QIN Hongmei SU Huawen
School of Computer Science, Southwest Petroleum University, Chengdu 610500, China
Keywords:
SCADA systemsecurity risk assessmentcloud modelcombination weightingcloud similarityambiguityrandomnesscloud digital characteristics
CLC:
TP399
DOI:
10.11992/tis.202107005
Abstract:
The current (supervisory control and data acquisition, SCADA) system faces a huge security threat, and monitoring and evaluating its risk status is an effective countermeasure. In this paper, a cloud model theory is introduced to the security risk assessment of the SCADA system, and a security risk assessment model is proposed based on the cloud model and combination weighting to effectively deal with the problem of ambiguity and randomness in the assessment process. Firstly, a security risk assessment index system is constructed from assets, threats, vulnerabilities, and security measures of a SCADA system, Then the least squares estimate is used to obtain optimal combination weighting, and the cloud digital characteristics are calculated with the help of cloud generator, to get comprehensive security risk assessment cloud. Next, according to the golden ratio, the standard evaluation cloud is constructed and combined with the improved cloud similarity calculation method to obtain the final evaluation result. Finally, the effectiveness and feasibility of the model are verified through experiments. The research results show that the model can obtain accurate evaluation results, and compared with the fuzzy comprehensive evaluation method, it shows that this method has higher credibility and better evaluation effect. This method not only helps in identifying security risk threats in the SCADA system but also provides a certain reference for security risk assessment in other fields.
References:
[1] 王华忠. 监控与数据采集(SCADA)系统及其应用[M]. 北京: 电子工业出版社, 2010.
[2] 陶耀东, 李宁, 曾广圣. 工业控制系统安全综述[J]. 计算机工程与应用, 2016, 52(13): 8–18
TAO Yaodong, LI Ning, ZENG Guangsheng. Review of industrial control systems security[J]. Computer engineering and applications, 2016, 52(13): 8–18
[3] 王增光, 卢昱, 陈立云. 网络安全风险评估方法综述[J]. 飞航导弹, 2018(4): 62–66,73
WANG Zengguang, LU Yu, CHEN Liyun. Review of cyber security risk assessment method[J]. Aerodynamic missile journal, 2018(4): 62–66,73
[4] 姜莹莹, 曹谢东, 白琳, 等. 基于层次分析法的SCADA系统安全评价[J]. 物联网技术, 2013, 3(12): 71–73,75
JIANG Yingying, CAO Xiedong, BAI Lin, et al. Safety evaluation of SCADA system based on AHP[J]. Internet of Things technologies, 2013, 3(12): 71–73,75
[5] BIAN Nayun, WANG Xiaofeng, MAO Li. Network security situational assessment model based on improved AHP_FCE[C]//2013 Sixth International Conference on Advanced Computational Intelligence (ICACI). Hangzhou: IEEE, 2013: 200?205.
[6] MARKOVIC-PETROVIC J D, STOJANOVIC M D, BOSTJANCIC RAKAS S V. A fuzzy AHP approach for security risk assessment in SCADA networks[J]. Advances in electrical and computer engineering, 2019, 19(3): 69–74.
[7] LI Meng, LI Wenjing, YU Peng, et al. Risk prediction of the SCADA communication network based on entropy-gray model[C]//2017 13th International Conference on Network and Service Management (CNSM). Tokyo. IEEE, 2017: 256?261.
[8] 万书亭, 万杰, 张成杰. 基于灰色理论和变权模糊综合评判的风电机组性能评估[J]. 太阳能学报, 2015, 36(9): 2285–2291
WAN Shuting, WAN Jie, ZHANG Chengjie. Comprehensive evaluation of wind power unit performance evaluation based on grey theory and variable weight fuzzy mathematics[J]. Acta energiae solaris sinica, 2015, 36(9): 2285–2291
[9] YANG Li, CAO Xiedong, LI Jie. A new cyber security risk evaluation method for oil and gas SCADA based on factor state space[J]. Chaos, solitons & fractals, 2016, 89: 203–209.
[10] YANG Li, CAO Xiedong, GENG Xinyu. A novel intelligent assessment method for SCADA information security risk based on causality analysis[J]. Cluster computing, 2019, 22(3): 5491–5503.
[11] 李德毅, 杜鹢. 不确定性人工智能[M]. 北京: 国防工业出版社, 2005.
[12] 陈圆超, 戴剑勇, 谢东. 矿井通风系统的组合赋权云模型综合评价[J]. 系统工程, 2020, 38(6): 35–42
CHEN Yuanchao, DAI Jianyong, XIE Dong. Comprehensive evaluation of mine ventilation system based on combination weighting cloud model[J]. Systems engineering, 2020, 38(6): 35–42
[13] 张仕斌, 许春香. 基于云模型的信任评估方法研究[J]. 计算机学报, 2013, 36(2): 422–431
ZHANG Shibin, XU Chunxiang. Study on the trust evaluation approach based on cloud model[J]. Chinese journal of computers, 2013, 36(2): 422–431
[14] 刘常昱, 冯芒, 戴晓军, 等. 基于云X信息的逆向云新算法[J]. 系统仿真学报, 2004, 16(11): 2417–2420
LIU Changyu, FENG Mang, DAI Xiaojun, et al. A new algorithm of backward cloud[J]. Acta simulata systematica sinica, 2004, 16(11): 2417–2420
[15] 陈昊, 李兵, 刘常昱. 一种无确定度的逆向云算法[J]. 小型微型计算机系统, 2015, 36(3): 544–549
CHEN Hao, LI Bing, LIU Changyu. An algorithm of backward cloud without certainty degree[J]. Journal of Chinese computer systems, 2015, 36(3): 544–549
[16] 邸凯昌. 空间数据发掘与知识发现[M]. 武汉: 武汉大学出版社, 2000.
[17] GENG Xinyu, YE Jinchi, XIA Zhen, et al. An improved algorithm of nearness degree of incidence based on grey neural network[J]. IEEE access, 2020, 8: 207044–207053.
[18] 龚艳冰, 蒋亚东, 梁雪春. 基于模糊贴近度的正态云模型相似度度量[J]. 系统工程, 2015, 33(9): 133–137
GONG Yanbing, JIANG Yadong, LIANG Xuechun. Similarity measurement for normal cloud models based on fuzzy similarity measure[J]. Systems engineering, 2015, 33(9): 133–137
[19] KULLBACK S, LEIBLER R A. On information and sufficiency[J]. The annals of mathematical statistics, 1951, 22(1): 79–86.
[20] BUDKA M, GABRYS B, MUSIAL K. On accuracy of PDF divergence estimators and their applicability to representative data sampling[J]. Entropy, 2011, 13(7): 1229–1266.
[21] 许昌林, 王国胤. 正态云概念的漂移性度量及分析[J]. 计算机科学, 2014, 41(7): 9–14,51
XU Changlin, WANG Guoyin. Excursive measurement and analysis of normal cloud concept[J]. Computer science, 2014, 41(7): 9–14,51
[22] 张光卫, 李德毅, 李鹏, 等. 基于云模型的协同过滤推荐算法[J]. 软件学报, 2007, 18(10): 2403–2411
ZHANG Guangwei, LI Deyi, LI Peng, et al. A collaborative filtering recommendation algorithm based on cloud model[J]. Journal of software, 2007, 18(10): 2403–2411
[23] 李海林, 郭崇慧, 邱望仁. 正态云模型相似度计算方法[J]. 电子学报, 2011, 39(11): 2561–2567
LI Hailin, GUO Chonghui, QIU Wangren. Similarity measurement between normal cloud models[J]. Acta electronica sinica, 2011, 39(11): 2561–2567
[24] 张勇, 赵东宁, 李德毅. 相似云及其度量分析方法[J]. 信息与控制, 2004, 33(2): 129–132
ZHANG Yong, ZHAO Dongning, LI Deyi. The similar cloud and the measurement method[J]. Information and control, 2004, 33(2): 129–132
[25] 贾驰千, 冯冬芹. 基于模糊层次分析法的工控系统安全评估[J]. 浙江大学学报(工学版), 2016, 50(4): 759–765
JIA Chiqian, FENG Dongqin. Security assessment for industrial control systems based on fuzzy analytic hierarchy process[J]. Journal of Zhejiang university (engineering science edition), 2016, 50(4): 759–765
[26] 谷倩倩, 丁松滨. 基于综合集成赋权法的航空公司飞行安全风险灰色评估[J]. 交通信息与安全, 2017, 35(6): 38–45
GU Qianqian, DING Songbin. A gray evaluation method of flight safety risk based on comprehensive integration weight method[J]. Journal of transport information and safety, 2017, 35(6): 38–45
[27] 赵辉, 王玥, 张旭东, 等. 基于云模型的特色小镇PPP项目融资风险评价[J]. 土木工程与管理学报, 2019, 36(4): 81–88
ZHAO Hui, WANG Yue, ZHANG Xudong, et al. Financing risk evaluation of featured town PPP project based on cloud model[J]. Journal of civil engineering and management, 2019, 36(4): 81–88
Similar References:

Memo

-

Last Update: 1900-01-01

Copyright © CAAI Transactions on Intelligent Systems