[1]杨力,秦红梅,苏华文.基于云模型和组合权重的SCADA系统安全风险评估研究[J].智能系统学报,2022,17(5):969-979.[doi:10.11992/tis.202107005]
YANG Li,QIN Hongmei,SU Huawen.Research on security risk assessment of SCADA system based on the cloud model and combination weighting[J].CAAI Transactions on Intelligent Systems,2022,17(5):969-979.[doi:10.11992/tis.202107005]
点击复制
《智能系统学报》[ISSN 1673-4785/CN 23-1538/TP] 卷:
17
期数:
2022年第5期
页码:
969-979
栏目:
学术论文—智能系统
出版日期:
2022-09-05
- Title:
-
Research on security risk assessment of SCADA system based on the cloud model and combination weighting
- 作者:
-
杨力, 秦红梅, 苏华文
-
西南石油大学 计算机科学学院,四川 成都 610500
- Author(s):
-
YANG Li, QIN Hongmei, SU Huawen
-
School of Computer Science, Southwest Petroleum University, Chengdu 610500, China
-
- 关键词:
-
SCADA系统; 安全风险评估; 云模型; 组合权重; 云相似度; 模糊性; 随机性; 云数字特征
- Keywords:
-
SCADA system; security risk assessment; cloud model; combination weighting; cloud similarity; ambiguity; randomness; cloud digital characteristics
- 分类号:
-
TP399
- DOI:
-
10.11992/tis.202107005
- 文献标志码:
-
2022-05-19
- 摘要:
-
当前数据采集与监控系统(supervisory control and data acquisition, SCADA)系统面临着巨大的安全威胁,对其风险状况进行监测和评估是一项有效的应对措施。为有效处理评估过程中存在的模糊性和随机性问题,将云模型理论引入SCADA系统安全风险评估中,提出了一种基于云模型和组合权重的安全风险评估模型。该模型从SCADA系统的资产、威胁、脆弱性、安全措施4方面构建安全风险评估指标体系,采用最小二乘法求出评估指标的最优组合权重,借助云发生器得到评估指标的云模型数字特征和SCADA系统的综合评估云,然后基于黄金分割率构建标准评估云,同时结合改进的云相似度计算方法得出最终评估结果,最后通过实验验证了模型的有效性和可行性。研究结果表明,该模型能够得到准确的评估结果,与模糊综合评价等方法相比,该评估方法具备更高的可信性,评价效果更好。该方法不仅有助识别SCADA系统的安全风险威胁,而且为其他领域的安全风险评估提供了一定的参考。
- Abstract:
-
The current (supervisory control and data acquisition, SCADA) system faces a huge security threat, and monitoring and evaluating its risk status is an effective countermeasure. In this paper, a cloud model theory is introduced to the security risk assessment of the SCADA system, and a security risk assessment model is proposed based on the cloud model and combination weighting to effectively deal with the problem of ambiguity and randomness in the assessment process. Firstly, a security risk assessment index system is constructed from assets, threats, vulnerabilities, and security measures of a SCADA system, Then the least squares estimate is used to obtain optimal combination weighting, and the cloud digital characteristics are calculated with the help of cloud generator, to get comprehensive security risk assessment cloud. Next, according to the golden ratio, the standard evaluation cloud is constructed and combined with the improved cloud similarity calculation method to obtain the final evaluation result. Finally, the effectiveness and feasibility of the model are verified through experiments. The research results show that the model can obtain accurate evaluation results, and compared with the fuzzy comprehensive evaluation method, it shows that this method has higher credibility and better evaluation effect. This method not only helps in identifying security risk threats in the SCADA system but also provides a certain reference for security risk assessment in other fields.
更新日期/Last Update:
1900-01-01