[1]朱晓鹏,黄文财,钟远生,等.工控系统网络安全等级测评评估研究[J].计算机技术与发展,2023,33(12):149-155.[doi:10. 3969 / j. issn. 1673-629X. 2023. 12. 021]
 ZHU Xiao-peng,HUANG Wen-cai,ZHONG Yuan-sheng,et al.Research on Evaluation of Network Security Level of Industrial Control System[J].,2023,33(12):149-155.[doi:10. 3969 / j. issn. 1673-629X. 2023. 12. 021]
点击复制

工控系统网络安全等级测评评估研究()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
33
期数:
2023年12期
页码:
149-155
栏目:
网络空间安全
出版日期:
2023-12-10

文章信息/Info

Title:
Research on Evaluation of Network Security Level of Industrial Control System
文章编号:
1673-629X(2023)12-0143-06
作者:
朱晓鹏12 黄文财12 钟远生12 吴 耿12
1. 广东产品质量监督检验研究院,广东 广州 510670;
2. 国家市场监管重点实验室(智能机器人安全),广东 广州 510670
Author(s):
ZHU Xiao-peng12 HUANG Wen-cai12 ZHONG Yuan-sheng12 WU Geng12
1. Guangdong Testing Institute of Product Quality Supervision,Guangzhou 510670,China;
2. National Key Laboratory for Market Supervision ( Intelligent Robot Safety) ,Guangzhou 510670,China
关键词:
工控系统网络安全等级测评组合赋权专家云模型
Keywords:
industrial control systemnetwork securitygrade evaluationcombination empowermentexpert cloud model
分类号:
TP393. 038
DOI:
10. 3969 / j. issn. 1673-629X. 2023. 12. 021
摘要:
针对当前工控系统网络安全等级测评计算繁琐、权重计算简单、缺乏工控系统的针对性和评估结果具有随机性和模糊性的问题,研究一种工控系统网络安全等级测评评估方法。 绘制以网络安全等级测评为基础的工控系统典型框架,分析工控系统相对安全通用类等级测评在评估指标上的差异,并采用主观赋权法确保上述评估指标差异在工控系统权重赋值中倾斜的合理性,应用客观赋权法保证权重赋值的科学性,使用组合赋权法综合考量主客观赋权优点,确保工控系统评估指标权重赋值的合理性和科学性;使用专家云模型结合组合赋权法获取的组合权重,得出工控系统网络安全等级测评评估结果,再基于云模型的概率统计和模糊数学,克服繁琐的计算和评估结果的模糊性和随机性;最后,将该方法应用于某大型化工产业工控系统,结果表明该系统等级测评结果为良,与预案评审结果一致,验证了该方法在网络安全等级测评中的有效性和适用性。
Abstract:
Aiming at the problems of complex calculation,simple weight calculation,lack of pertinence of industrial control systems,andrandomness and fuzziness of evaluation results in the?
current industrial control system network security level evaluation,a method for evaluating the network security level of industrial control systems is studied. A typical industrial control system framework based onnetwork security level assessment is drawn,the differences in evaluation indicators between industrial control systems and general securitylevel assessments is analyzed, and subjective weighting methods are used to ensure the rationality of the above evaluation indicatordifferences in the weighting of industrial control systems. The objective weighting methods are used to ensure the scientificity ofweighting,and combined weighting methods are used to comprehensively consider the advantages of subjective and objective weighting,which ensures the rationality and scientificity of the weight assignment of industrial control system evaluation indicators; using the combination weights obtained by combining the expert cloud model with the combination weighting method, the evaluation results of thenetwork security level of the industrial control system are obtained. Based on the probability statistics and fuzzy mathematics of the cloudmodel,the fuzziness and randomness of the tedious calculation and evaluation results are overcome. Finally, the proposed method isapplied to a large chemical industry industrial control system,and it is showed that the system level evaluation is effective,consistent withthe plan evaluation results, The effectiveness and applicability of the proposed method in network security level evaluation are verified.

相似文献/References:

[1]严华 蔡瑞英.即时通信监控系统的设计与实现[J].计算机技术与发展,2009,(07):242.
 YAN Hua,CAI Rui-ying.Design and Implementation of Monitoring System of Instant Messaging[J].,2009,(12):242.
[2]李生 邓一贵 唐学文 潘磊 林玉香.基于移动代理的分布式入侵检测系统的研究[J].计算机技术与发展,2009,(09):132.
 LI Sheng,DENG Yi-gui,TANG Xue-wen,et al.Research of Mobile Agent - Based Distributed Intrusion Detection System[J].,2009,(12):132.
[3]潘晓君.基于缓存超时的ARP欺骗攻击协议的研究[J].计算机技术与发展,2009,(10):167.
 PAN Xiao-jun.Research of ARP Spoofing Attack Protocol Based on Cache Overtime[J].,2009,(12):167.
[4]彭云峰 沈明玉.入侵防御系统在应急平台网络中的应用研究[J].计算机技术与发展,2009,(02):162.
 PENG Yun-feng,SHEN Ming-yu.Research on Intrusion Prevention System for Emergency Response Network[J].,2009,(12):162.
[5]尚占锋 章登义.DDoS防御机制研究[J].计算机技术与发展,2008,(01):7.
 SHANG Zhan-feng,ZHANG Deng-yi.Research of DDoS Defense Mechanism[J].,2008,(12):7.
[6]涂溢彬 饶云波[] 廖云 周明天.蜜网系统在检测新型Rootkit中的应用[J].计算机技术与发展,2008,(01):181.
 TU Yi-bin,RAO Yun-bo,LIAO Yun,et al.Honeynet System Applied in New Pattern Rootkit[J].,2008,(12):181.
[7]邵晓宇 杨善林 褚伟.基于Linux入侵检测动态防火墙的设计与实现[J].计算机技术与发展,2008,(05):156.
 SHAO Xiao-yu,YANG Shan-lin,CHU Wei.Design and Implementation of Dynamic Intrusion Detection Firewall Based on Linux[J].,2008,(12):156.
[8]孙印杰 王敏 陈智芳.解析蜜罐技术在网络安全中的应用[J].计算机技术与发展,2008,(07):129.
 SUN Yin-jie,WANG Min,CHEN Zhi-fang.Analysis Honeypot Technology Application in Network Security[J].,2008,(12):129.
[9]曹莹莹 王绍棣 王汝传 张伟.恶意代码传播效果的控制技术研究[J].计算机技术与发展,2010,(08):128.
 CAO Ying-ying,WANG Shao-di,WANG Ru-chuan,et al.Research on Malware Code Propagation Effect Control Technology[J].,2010,(12):128.
[10]潘文婵 章韵.路由器访问控制列表在网络安全中的应用[J].计算机技术与发展,2010,(08):159.
 PAN Wen-chan,ZHANG Yun.Application of Access Control List on Router in Network Security[J].,2010,(12):159.

更新日期/Last Update: 2023-12-10