CN106559414B - Quantitative assessment of dynamic consequences of network attacks based on the area information Situation - Google Patents

Quantitative assessment of dynamic consequences of network attacks based on the area information Situation Download PDF

Info

Publication number
CN106559414B
CN106559414B CN201610929385.9A CN201610929385A CN106559414B CN 106559414 B CN106559414 B CN 106559414B CN 201610929385 A CN201610929385 A CN 201610929385A CN 106559414 B CN106559414 B CN 106559414B
Authority
CN
China
Prior art keywords
site
model
flow
information
output
Prior art date
Application number
CN201610929385.9A
Other languages
Chinese (zh)
Other versions
CN106559414A (en
Inventor
周纯杰
朱钱详
秦元庆
印炜
Original Assignee
华中科技大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华中科技大学 filed Critical 华中科技大学
Priority to CN201610929385.9A priority Critical patent/CN106559414B/en
Publication of CN106559414A publication Critical patent/CN106559414A/en
Application granted granted Critical
Publication of CN106559414B publication Critical patent/CN106559414B/en

Links

Abstract

本发明公开了一种基于区域态势信息的网络攻击后果动态定量评估方法,获取工业关键基础设施所有站点内部工艺的运行信息并进行筛选,获得由网络攻击导致的异常发生的位置信息,以及物理设备当前的有用的运行状态信息;利用多层流模型计算站点输出的物质流异常信息,并建立站点的输入输出物质流计算模型;根据由网络攻击导致的站点输出物质流异常信息,以及站点的输入输出物质流计算模型,以及输送网络的拓扑图模型,建立态势预测模型,以预测未来一段时间内整个工业关键基础设施输送网络中物质流的流动状态;获取所有生产站点生产过程异常导致的经营者的利润损失、输送网络异常导致消费者物质需求缺口所造成的损失;实现了对网络攻击后果动态的、定量的评估。 The present invention discloses a dynamic area network attack situation quantitative assessment of the consequences of the information based, industrial operation information acquiring all critical infrastructure sites internal processes and screened to obtain position information of the cyber attacks abnormality occurs, and the physical device useful current operation state information; a multilayer flow model to calculate the output substances site abnormal traffic, and to establish input and output material flow calculation model site; sites according to the abnormality information output material flow caused by the network attacks, and the input station output material flow calculation model and topology model transport network, established trend forecasting model to predict the flow state of the whole industry critical infrastructure in the coming period transport network material flow; acquiring operators all production sites production process caused by abnormal loss of profits, delivery network anomalies result in loss of consumer demand gap caused by the substance; to achieve a quantitative assessment of the consequences of a dynamic network attacks.

Description

基于区域态势信息的网络攻击后果动态定量评估方法 Quantitative assessment of dynamic consequences of network attacks based on the area information Situation

技术领域 FIELD

[0001] 本发明属于工业关键基础设施信息安全技术领域,更具体地,涉及一种基于区域态势信息的网络攻击后果动态定量评估方法。 [0001] The present invention belongs to the technical field of industrial critical infrastructure information security, and more particularly, to a method for quantitative assessment of the dynamic consequences of network attacks based on situation information area.

背景技术 Background technique

[0002] 工业关键基础设施为社会和民众提供连续的物质和能量服务,为社会的正常运行提供了坚实的保障;随着信息化进程的快速发展,工业关键基础设施对信息技术的依赖性不断增强;伴随着智能控制设备更多的漏洞被发现、攻击技术的进步,工业关键基础设施面临着严峻的信息安全问题。 [0002] Industrial critical infrastructure for the community and the public to provide continuous material and energy services to provide a solid guarantee for the normal operation of society; With the rapid development of information technology processes, industrial critical infrastructure dependence on information technology continues enhanced; along with intelligent control device more vulnerabilities are discovered, the attacker advances in technology, critical infrastructure industry is facing severe information security problems. 工业关键基础设施具有复杂网络的拓扑特征以及物质能量的流动特征。 Topological features with complex industrial critical infrastructure networks and the flow characteristics of the material energy. 针对工业关键基础设施的网络攻击,其最终目标是造成大范围内的物质能量服务的中断,使得消费者无法获得物质能量的服务;网络攻击后果的评估结果可用于判断出工业关键基础设施的脆弱部分,获得系统中各站点的当前以及未来状态,其制定安全决策提供重要依据; Cyber ​​attacks against critical infrastructure industry, with the ultimate goal of disruption of matter and energy in a wide range of services, so that consumers can not get the material energy services; assessment of the consequences of cyber attacks can be used to determine the vulnerability of critical infrastructure industry part of the system to obtain current and future status of the site, which is an important basis for the development of security decision-making;

[0003] 现有对工业关键基础设施的网络攻击后果进行评估的方法,多是针对具体的研究对象故障所进行的静态分析;而工业关键基础的态势是实时变化的,网络攻击行为也是实时变化的,静态分析不能准确评估网络攻击的对工业关键基础设施所造成后果。 [0003] Existing methods for the consequences of cyber attack critical infrastructure industries to evaluate, mostly for static analysis of the specific object of study carried out by the failure; and critical infrastructure industry trend changes in real time, real-time network attacks but also change static analysis can not accurately assess the consequences of cyber attacks on critical infrastructure industries.

发明内容 SUMMARY

[0004] 针对现有技术的以上缺陷或改进需求,本发明提供了一种基于区域态势信息的网络攻击后果动态定量评估方法,其目的在于利用态势信息对网络攻击造成的后果进行动态定量评估。 [0004] To solve the above drawbacks of the prior art or the need for improvement, the present invention provides a quantitative assessment of the dynamic area network attack situation information based on the consequences of an object to consequences trend information using the network caused by the attack dynamic quantitative assessment.

[0005] 为实现上述目的,按照本发明的一个方面,提供了一种基于区域态势信息的网络攻击后果动态定量评估方法,包括如下步骤: [0005] To achieve the above object, according to one aspect of the present invention, there is provided a quantitative assessment of the dynamic area network attack situation information based on the consequences, comprising the steps of:

[0006] (1)建立包括多个物质流和信息流耦合结构的站点的多层流模型;利用该多层流模型的特征对站点内部信息进行筛选,获取当前有用的运行状态信息,并判断网络攻击的对象; [0006] (1) establishing a multi-layer flow model sites comprises a plurality of material flow and the flow coupling structure information; multilayered flow model by using the characteristics of the filter station internal information, useful to obtain the current operating status information, and determines network object of attack;

[0007] (2)根据多层流模型计算站点输出的物质流异常信息,并建立站点的输入输出物质流计算模型; [0007] (2) The multilayered flow stream abnormality information output from the model calculation site material and build material flow calculation model of the input and output sites;

[0008] (3)根据由网络攻击导致的站点输出物质流异常信息、站点的输入输出物质流计算模型,建立工业关键基础设施拓扑结构的多层图模型;根据多层图模型建立态势预测模型并进行态势预测; [0008] (3) The abnormality information stream output material from the site of cyber attacks, the input and output material flow calculation model of the site, creating multiple layers of FIG industrial model critical infrastructure topology; multilayer build predictive models FIG trend model and trend forecasting;

[0009] (4)根据态势预测信息计算所有生产站点生产过程异常导致的经营者利润损失、 以及由输送网络异常导致的消费者物质需求缺口造成的损失,获取定量评估结果。 [0009] (4) According to the operators lost profits forecast trend information to calculate all the production sites abnormalities caused by the production process, as well as material losses consumer demand gap caused by the abnormal transport network caused by obtaining quantitative evaluation of the results.

[0010] 优选地,上述基于区域态势信息的网络攻击后果评估的方法,其步骤⑴包括如下子步骤: [0010] Preferably, the above methods result area network attack situation evaluation based on the information, which ⑴ step comprises the substeps of:

[0011] (1.1)建立站点的多层流模型,包括站点与工艺的关系模型、工艺的物质流模型、 物质流与功能角色关系模型、物质流功能角色模型、信息流与功能角色关系模型、以及信息流与物质流交互影响模型; [0011] (1.1) to establish a multi-layer flow model sites, including the site and the relational model technology, material flow process model, material flow and function of the role of the relational model, role model function of material flow, information flow and function of the role of the relational model, as well as information flow and material flow interaction model;

[0012] (1.2)根据站点的多层流模型对站点内部信息进行筛选,获取与站点的物质服务输出计算有关的数据;并判断是否发生异常; [0012] (1.2) according to the internal information on the site model site multilayered flow filter, the material and the site outputting the acquired service data relating to the calculation; and determines whether the abnormality occurs;

[0013] 各个站点不同位置均布署有不同类型的探针,采集到的数据数量大、种类繁多;结合多层流模型的特征,通过本步骤筛选出与站点的物质服务输出计算有关的数据,可极大减少运算量。 [0013] each site are deployed at different locations have different types of probes, a large amount of data collected, a wide range; binding characteristics of the multilayered flow model, selected data related to the calculation of the substance through the service site in this step output , can greatly reduce the amount of computation.

[0014] 优选地,上述基于区域态势信息的网络攻击后果评估的方法,其步骤(1.1)包括如下子步骤: [0014] Preferably, the above methods result area network attack situation evaluation based on information which step (1.1) comprises the substeps of:

[0015] (1.1.1)建立站点与工艺的关系模型:站点i向外界提供的物质服务量数值Serv1 (t) =Fsi (prci,i (t) ,. . . ,prci,m (t)); [0015] (1.1.1) and the relationship between process model sites: sites and services to the value i supplied from the outside of amount of substance Serv1 (t) = Fsi (prci, i (t),, prci, m (t)... );

[0016]其中,站点i的系统由m个工艺親合而成;prci,j⑴是指工艺j为站点i提供的物质量,Fsi是指静态函数; [0016] wherein, i is the site engagement system formed by the process of m pro; prci, j⑴ refers to the process station i j is the mass was provided, the Fsi refers static functions;

[0017] (1.1.2)建立工艺的物质流模型:站点1内部工艺」提供的物质量? [0017] (1.1.2) to establish model material flow process: site quality was 1 internal process "provided? 代^(〇= flowi.j (t); Generation ^ (billion = flowi.j (t);

[0018] 其中,flowi.j⑴是指物质流Mat_floWi,j的输出物质量; [0018] wherein, flowi.j⑴-output refers to mass material flow Mat_floWi, j's;

[0019] (1.1.3)建立物质流与功能角色关系模型:物质流Mat-f Iowk输出的物质量f Iowk (t) =Fmk (Parka (t),…,Park,s (t)); [0019] (1.1.3) to establish the role and function of the relationship between the material flow model: Mat-f Iowk mass flow output of substance f Iowk (t) = Fmk (Parka (t), ..., Park, s (t));

[0020] 其中,物质流Mat-f Iowk由s个功能角色构成,Park,。 [0020] wherein material flow is constituted by Mat-f Iowk s functional role, Park ,. (t)是指物质流Mat-f Iowk的功能角色〇的参数值;其中K〇<s; (T) is a parameter value of the mass flow Mat-f Iowk functional role of the square; wherein K〇 <s;

[0021] (1 · 1.4)建立物质流功能角色模型Fv。 [0021] (1 * 1.4) establish the role model function of material flow Fv. (par〇,i⑴,· · ·,par〇,q⑴)=0:其中,Fv0代表静态函数;par。 (Par〇, i⑴, · · ·, par〇, q⑴) = 0: where, Fv0 represents the static function; par. ,q⑴是指功能角色〇的第q个参数值; , Q⑴ refers to the q-th parameter value of the square functional roles;

[0022] 其中,功能角色是指实现某一功能的单个或多个设备的组合,用三元组〈Par, FvDep>表示;Par为该功能角色的运行参数值,静态函数Fv描述该功能角色当前的动作,静态函数Dep描述该功能角色与其它功能角色的依赖关系;某功能角色〇共有q个参数值,则Par。 [0022] wherein the functional role is a combination of single or multiple devices to achieve a certain function, the triples <Par, FvDep> represents; Par operational parameter value for the functional role of static function describing the functional role Fv the current action, static function Dep describe the dependence of the functional role of other functional roles; a functional role billion total of q parameter value, Par. (t) = {parQ,i (t),. . .,par〇,q⑴};其中一部分参数通过传感器采集获得,另一部分参数则通过静态函数Fv。 (T) = {parQ, i (t) ,., par〇, q⑴..}; Wherein a portion of the acquisition parameters obtained by the sensor, the other part through the static function parameters Fv. 计算获得,Fv。 Calculated to obtain, Fv. (par〇,i⑴,· · ·,par〇,q⑴)=0; (Par〇, i⑴, · · ·, par〇, q⑴) = 0;

[0023] (1.1.5)建立信息流与功能角色关系模型: [0023] (1.1.5) to establish the flow of information and the functional role relational model:

[0024] 信息流u的输出Ctlu ⑴=Fwu(Piru,s(t),Piru,d,Piru,a(t)); [0024] The output stream u Ctlu ⑴ = Fwu (Piru, s (t), Piru, d, Piru, a (t));

[0025] 其中,Piru,s⑴为信息流u中感知功能角色的参数值,Piru,a⑴为执行功能角色的参数值,Piru,d (t)为决策功能角色的参数值;Fw代表静态函数; Parameter values ​​[0025] wherein, Piru, s⑴ perceived functional role for the stream in u, Piru, a⑴ parameter values ​​to perform the functions character, Piru, d (t) is the decision function role; Fw for static functions;

[0026] 将工艺看作信息流与物质流的親合,用三元组〈IroIe,Fw,ct 1〉表示信息流的属性;Irole为信息流的支撑功能角色的集合,静态函数Fw描述信息流的运行过程,数值集合ctl (t)为该信息流的输出,表示为控制功能角色的控制值; [0026] The processes considered as the affinity material flow stream, with the triple <IroIe, Fw, ct 1> represents a stream attribute information; Irole support function for the character set information flow, static function Fw description running the process stream, the output set of values ​​ctl (t) for the flow of information, a control value of the control character;

[0027] (1.1.6)建立信息流与物质流交互影响模型: [0027] (1.1.6) to establish information flow and material flow model interaction:

[0028] [0028]

Figure CN106559414BD00061

[0029] 其中,物质流Mat-f l0Wk有q个支撑功能角色,函数Fau,k代表信息流调控参数Ctlu (t)对物质流可控功能角色的参数Park,。 [0029] wherein material flow Mat-f l0Wk have a support function q characters, function Fau, k representative of traffic regulation parameter Ctlu (t) of the material flow controlled parameter Park role-,. ⑴的影响;函数Fsu,k代表物质流功能角色的参数Park,。 Effect of ⑴; function Fsu, k representative of mass flow parameters of the functional role of Park ,. (t)对信息流感知功能角色参数Piru,s (t)的影响。 Functional role parameter Piru, impact s (t) (t) of the information known to the flu.

[0030] 优选地,上述基于区域态势信息的网络攻击后果评估的方法,其步骤(1.2)包括如下子步骤: [0030] Preferably, the above methods result area network attack situation evaluation based on information which step (1.2) comprises the substeps of:

[0031] (1.2.1)列举站点的多层流模型中所有功能角色,将站点内部信息集合中与上述功能角色无关的信息全部丢弃,获取与站点的物质服务输出计算有关的数据; [0031] (1.2.1) all functional role multilayered flow model exemplified site, the internal information collection site information unrelated to the functional roles of all discarded materials service station acquires the output data related to calculations;

[0032] (1.2.2)判断异常发生的位置:从上述与站点的物质服务输出计算有关的数据中, [0032] The position (1.2.2) determines abnormality has occurred: the output of said substance and the site of the service related data is calculated,

[0033] 将不符合物质流功能角色〇的状态描述函数Fv。 [0033] The material flow will not meet the functional roles of the square state is described functions Fv. (par〇,i (t),...paro.q⑴)=0、与相邻的功能角色P的关联关系函数Dep〇,P (Paro (t),ParP (t)) =0的功能角色参数值提取出来,获得发生异常的物质流功能角色的信息; (Par〇, i (t), ... paro.q⑴) = 0, the function Dep〇 adjacent relationship functional role of P, P (Paro (t), ParP (t)) = 0 of the functional role parameter values ​​extracted, obtain information material flow functional roles where the exception occurred;

[0034] 将上述与站点的物质服务输出计算有关的数据中不符合信息流与物质流交互影响模型 [0034] The output of the service material and site-related data in the calculation does not meet the information flow and material flow interaction model

[0035] [0035]

Figure CN106559414BD00071

[0036] 以及不符合信息流与功能角色关系模型Ctlu = Fwu (Piru,s,Piru,d,Piru,a)的信息流功能角色参数值提取出来,获得发生异常的信息流功能角色的信息; [0036] and does not meet the information extracting and functional role relational model Ctlu functional role parameter value = Fwu (Piru, s, Piru, d, Piru, a) the flow of information out of the stream of information functional role has abnormality;

[0037] 根据发生异常的物质功能角色的信息和发生异常的信息流功能角色的信息确定受到网络攻击的站点。 [0037] determined by the site network attacks based on information and abnormal information flow functional role of role-matter abnormalities occur.

[0038] 优选地,上述基于区域态势信息的网络攻击后果评估的方法,其步骤⑵包括如下子步骤: [0038] Preferably, the above methods result area network attack situation evaluation based on the information, which ⑵ step comprises the substeps of:

[0039] (2.1)根据多层流模型获取网络攻击对工艺的输出的影响的定量评估值; [0039] (2.1) Quantitative evaluation value acquisition process of the network attacks affect the output of the multilayer flow model;

[0040] 具体地,当网络攻击导致信息流Inf-flowi中某个功能角色Irolei,k,j异常,使其属性中的参数值错误;根据信息流与功能角色关系模型获取信息流Inf-How1输出的异常控制值ctli⑴; [0040] Specifically, when the network attack traffic Inf-flowi cause a functional role in Irolei, k, j abnormal, so the error parameter value attribute; obtained according to information flow and information flow model of the relationship between functional role Inf-How1 ctli⑴ abnormal control value output;

[0041] 并根据信息流调控参数对物质流可控功能角色的参数的影响,获得物质流Mat-flowi中各功能角色的参数值Pari,j⑴; Parameter [0041] information flow and under the influence of the material flow regulation parameter role-controllable parameters, mass flow is obtained Mat-flowi functional role of each value Pari, j⑴;

[0042] 并根据物质流与功能角色关系模型以及站点与工艺的关系模型获得该工艺的输出物质量prci⑴,获得网络攻击对工艺Processi的输出的影响的定量评估值prci (t); Quantitative evaluation value [0042] and obtained in accordance with the relational model of the process material flow and functional role relationship model and the process site and the quality of the output product prci⑴, obtain network attacks impact on the output of the process Processi prci (t);

[0043] (2.2)根据上述定量评估值prCl (t)、以及站点的物质输出与工艺关系模型,获取当站点i受到网络攻击时,站点i的物质的输出量Servi (t); [0043] (2.2) based on the quantitative evaluation value prCl (t), and the materials and process output relationship model of the site, the site when i acquires network attack, the output of the site of substance i Servi (t);

[0044] (2.3)根据各站点i的物质的输出量Servi (t)计算获取工业关键基础设施中所有站点的物质输出量; [0044] (2.3) obtaining material output of all industrial sites critical infrastructure output substance of each station i Servi (t) calculated;

[0045] 工业关键基础设施由多个站点构成,在该步骤中采用多层流模型获取工业关键基础设施所有的站点的输出Serm (t),KiSn;包括非异常站点和异常站点。 [0045] Industrial key infrastructure consists of a plurality of sites, multi-layer flow model obtain an output Serm (t) for all of the critical infrastructures of industrial sites, KiSn in this step; comprises abnormal non abnormal sites and sites.

[0046] 优选地,上述基于区域态势信息的网络攻击后果评估的方法,其步骤⑶包括如下子步骤: [0046] Preferably, the above methods result area network attack situation evaluation based on the information, which ⑶ step comprises the substeps of:

[0047] (3.1)建立工业关键基础设施的拓扑结构的多层图模型,将处于同一时刻的传播过程放在同一层次中; [0047] (3.1) to establish a multi-layer topology graph model of critical infrastructure industry, we will be in the same propagation time in the same hierarchy;

[0048] (3.2)根据网络攻击导致站点输出异常在多层图模型中的扩散过程建立态势预测模型并进行态势预测。 [0048] (3.2) outputs an abnormal site in the diffusion process of establishing a multi-layer model of FIG state predicting model and predict the situation according to cyber attacks.

[0049] 优选地,上述基于区域态势信息的网络攻击后果评估的方法,其步骤(3.1)的多层图建模方法,包括如下子步骤: [0049] Preferably, the above methods result area network attack situation evaluation based on information which step (3.1) of the multilayer FIG modeling method comprising the sub-steps of:

[0050] (3.1.1)建立工业关键基础设施输送网络的拓扑结构图; [0050] (3.1.1) to establish the topology of FIG industrial critical infrastructure transport network;

[0051] 该拓扑结构图为一个有向无环的复杂网络<G,E>;G表示站点集合,E表示站点间的管道连线集合;将站点集合G分为生产站点集合Gg、传输站点集合匕和消费站点集合Gc; [0051] The topology of a directed acyclic graph complex network <G, E>; G represents a collection site, E denotes a set of pipes connecting between sites; production site collection site into the collection G Gg, transmission sites collection dagger and consumer site collections Gc;

[0052] (3.1.2)以生产站点为根节点,以传输站点为中间节点,以消费站点为叶节点建立树,获得从生产站点到消费站点的路径集合; [0052] (3.1.2) in the production site as the root node, intermediate nodes in a transmission site to the site of consumption for the establishment of a tree leaf node, the path is obtained from the production site to the site of collection of consumption;

[0053] 以生产站点集合68中生产站点为根节点,以传输站点为中间节点,以消费站点为叶节点建立树;由1个生产站点建成1个树,这些树中相邻两个节点的影响过程耗费的时间完全一样; [0053] In the production site the production site 68 set as the root node, intermediate nodes in a transmission site to the site of consumption build a tree leaf node; manufactured by a production site built a tree, these two trees adjacent nodes the impact of time-consuming process exactly the same;

[0054] (3.1.3)按照路径分段的规则将多个树合并形成多层图,使得无环复杂网络<G,E> 中的边E分成多个不同的集合、同一集合的边处于物质流动过程的同一时间段,将同一时间段的边归于多层图中的同一层次,由此将无环复杂网络<G,E>建模成多层图。 [0054] (3.1.3) in accordance with the rules of the plurality of path segment will be combined to form a multi-layer tree diagram such that complex network acyclic <G, E> E into a plurality of different sides of the set, while at the same set of the same time the material flow process, the time period attributed to the same side of the same level in FIG multilayer, whereby a complex network acyclic <G, E> modeled multilayer FIG.

[0055] 优选地,上述基于区域态势信息的网络攻击后果评估的方法,其步骤(3.2)包括如下子步骤: [0055] Preferably, the above methods result area network attack situation evaluation based on information which step (3.2) comprises the substeps of:

[0056] (3.2.1)根据站点输出物质异常在工业关键基础设施网络中的传播过程以及多层流模型计算单步过程各站点的物质输出量; Material output single-step process for each of these sites [0056] (3.2.1) is calculated according to the abnormal propagation model and a multilayer stream output material in an industrial site critical infrastructure network;

[0057] 对于异常的站点Gi,由步骤2计算出其物质输出为Servi (t),由步骤3.1获得Gi关联的边ί:;.., ς仄,其中1彡S彡k,即该边属于多层图中第S层;按照Es—Es+14. . .^Ek的顺序逐步分析站点异常传播过程,根据多层流模型计算单步过程各站点的物质输出量; [0057] For sites Gi abnormality, which is calculated in step 2 material output Servi (t), obtained in step 3.1 Gi associated edge ί:; .., ς Chek, wherein S 1 San San k, i.e., the edge belonging to the first S-layer multilayer FIG.;... in accordance with the Es-Es + 14 ^ Ek site sequence analysis abnormal propagation phase, single-step process material output is calculated according to the site of the multi-layer flow model;

[0058] (3.2.2)根据多层图模型计算在网络攻击发生后的各个时段内工业关键基础设施各站点的物质输出状态; [0058] (3.2.2) in each output period of the multilayer material model calculation in the network of FIG attack industrial critical infrastructure according to the state of the site;

[0059] 对于发生在t时刻的网络攻击,根据多层图模型各个站点在未来各个时段内物质输出为Servi (t_ Δ t),Servi (t),Servi (t+ Δ t),…··,I^iSn; [0059] occurs at time t for network attacks, a multilayer model of each site FIG substance in the next output period according to the respective Servi (t_ Δ t), Servi (t), Servi (t + Δ t), ... ··, I ^ iSn;

[0060] (3.2.3)根据多层流模型获取系统稳定后各站点的输出: [0060] (3.2.3) in accordance with the output of each of these sites multilayer flow model acquisition system stability:

[0061] 工业关键基础设施遭受网络攻击后,其内部各个站点的物质输出量会产生波动, 但最终系统会趋于稳定状态; [0061] After the industrial critical infrastructure cyber attacks, the output of its internal matter of each site will fluctuate, but in the end the system will stabilize state;

[0062] 该状态下:Servi (t+h X Δ t) = Servi (t+ (h+1) X Δ t)。 [0062] In this state: Servi (t + h X Δ t) = Servi (t + (h + 1) X Δ t).

[0063] 优选地,上述基于区域态势信息的网络攻击后果评估的方法,其步骤⑷包括如下子步骤: [0063] Preferably, the above methods result area network attack situation evaluation based on the information, which ⑷ step comprises the substeps of:

[0064] (4.1)获取工业关键基础设施持有人的利润损失 [0064] (4.1) Gets loss industry critical infrastructure holders of profit

[0065] [0065]

Figure CN106559414BD00081

[0066] {Servg,i (t- Δ t),· · ·,Servg,i (t- Δ t)}是指具有1个生产站点的工业关键基础设施在未受到网络攻击时所有生产站点的物质输出; [0066] {Servg, i (t- Δ t), · · ·, Servg, i (t- Δ t)} refers to industrial critical infrastructure having a production site in the network attack not all production sites material output;

[0067] {Servg,i (t+hX Δ t),. . . Servg,i (t+hX Δ t)}是指该工业关键系统在受到网络攻击后、系统稳定后所有生产站点的物质输出;U时刻是指受损的站点被全部修复的时刻, price是指站点所生产的物质的单价; [0067] {Servg, i (t + hX Δ t) ,... Servg, i (t + hX Δ t)} is a substance which outputs the key industrial network attack system after the system is stable for all production sites ; U time refers to the time the damaged site is completely restored, price refers to a monovalent substances produced by the site;

[0068] (4.2)计算工业关键基础设施覆盖区域内消费者的生产生活损失 [0068] (4.2) calculate the loss of productive life in the area of ​​consumer industries covered critical infrastructure

[0069] [0069]

Figure CN106559414BD00091

[0070]其中,{Served⑴,...,Servc.mCt)}是指消费站点集合G。 [0070] wherein, {Served⑴, ..., Servc.mCt)} refers to the consumption site collection G. 接收物质量;b是指工业关键基础设施的消费站点数量;2,Pl,3}是指消费站点心^接收的物质服务Servc1 ⑴中提供给工业、商业、民用的比重;其中Pi,i+Pi,2+Pi,3 = l; {valuei,i,valuei,2,valuei,3是指消费站点G。 A receiver quality; B is the number of critical infrastructure, industrial consumption site; 2, Pl, 3} means a consumption site heart ^ ⑴ provided in the receiving material service Servc1 for industrial, commercial, residential proportion; wherein Pi, i + Pi, 2 + Pi, 3 = l; {valuei,, valuei, 2, valuei, 3 refers to the consumption site G. ,i附近的工业、商业、民用部分单位物质服务量能创造的社会经济价值;^时刻是指受损的站点被全部修复的时刻; , I near the industrial, commercial, residential part of the material per unit of service can create social and economic value; ^ time refers to the time the site was damaged all repaired;

[0071] 受到网络攻击后,各个消费站点接收的物质量由{Servc,i (t- Δ t),…,Servc,b (t-Δ t)}变为{Servc,i (t+h X Δ t),· · ·,Servc,b (t+h X Δ t)}; [0071] After the network attack, the mass of each object received by the consumer site {Servc, i (t- Δ t), ..., Servc, b (t-Δ t)} becomes {Servc, i (t + h X Δ t), · · ·, Servc, b (t + h X Δ t)};

[0072] (4.3)根据工业关键基础设施持有人和消费者的损失值获得由网络攻击导致的所有损失值L〇SS = L〇SSl+L〇SS2。 [0072] (4.3) to obtain all losses caused by the cyber attack critical infrastructure, according to industry and consumers holding losses value value L〇SS = L〇SSl + L〇SS2.

[0073] 总体而言,通过本发明所构思的以上技术方案与现有技术相比,能够取得下列有益效果: [0073] In general, the present invention contemplated by the above technical solutions than the prior art, the following advantageous effects can be obtained:

[0074] (1)本发明提供的基于区域态势信息的网络攻击后果动态定量评估方法,提出了用于获取和理解系统态势的多层流模型;通过该模型能建立系统与多种流的耦合模型,而且定量地描述信息流、物质流的动态流动过程,实现对工业基础设施网络攻击的定量的、准确的态势获取与态势理解; [0074] (1) of the present invention provides a quantitative assessment of the dynamic area network attack situation information based on the consequences proposed multi-layer flow model system for acquiring and understanding of the situation; through the model with the coupling system can build a variety of streams models and quantitative description of the information flow, dynamic flow process material flow to achieve quantitative industrial infrastructure network attacks, accurate understanding situation acquires situation;

[0075] (2)本发明提供的基于区域态势信息的网络攻击后果动态定量评估方法,结合工业关键基础设施输送网络的拓扑结构的特征、分析物质流的流动过程,提出一种用于分析站点异常在整个输送网络中扩散过程的模型一多层图模型;通过多层图模型分析网络攻击对整个输送网络的产生影响,获得输送网络中所有站点的物质服务在未来某段时间内的分布信息,实现动态地态势预测; [0075] (2) the present invention provides a quantitative assessment of the dynamic area network attack situation information based on the consequences, the binding characteristics of the topology of the industrial critical infrastructure delivery network, the flow process material flow analysis, to provide a site for analysis a multi-layer model of anomalous diffusion process model diagram of the entire transport network; influence by multi-layered graph model to analyze network attacks on the entire transport network to produce, obtain distribution information delivery service network in substance all sites in the future a certain period of time , to achieve dynamic situation prediction;

[0076] (3)本发明提供的基于区域态势信息的网络攻击后果动态定量评估方法,实现了对网络攻击导致的各种类型损失后果的统一量化方法,不仅能对生产站点产能降低而造成的运营者的销售利润损失进行定量评估,而且能对工业关键基础设施输送网络所覆盖区域内的工业、商为、民用行业由于物质服务需求无法满足所造成的生产生活损失进行定量评估,提高了评估准确度。 [0076] (3) The present invention provides quantitative assessment of dynamic effects area network attack situation based on information, to achieve a unified method for all types quantization loss due to the consequences of network attacks, not only the production site capacity decrease caused by sales loss of profit operator of quantitative evaluation, but also to the industry within the coverage area of ​​the industrial critical infrastructure transport network, business for the loss of life and production of civilian industry due to material service requirements can not be met resulting quantitative assessment, improve assessment Accuracy.

附图说明 BRIEF DESCRIPTION

[0077] 图1是实施例中工业关键基础设施的拓扑结构示意图; [0077] FIG. 1 is a schematic diagram of the topology Example embodiment industrial critical infrastructure;

[0078] 图2是实施例中工业关键基础设施站点Gl的系统结构示意图; [0078] FIG. 2 is a diagram of a system structure of the industrial site critical infrastructure Gl embodiment;

[0079] 图3是实施例提供的网络攻击后果的动态定量评估方法的流程示意图; [0079] FIG. 3 is a consequence of a network attack according to an embodiment of the method for quantitative assessment of dynamic schematic flow chart;

[0080] 图4是实施例中工艺的信息流物质流耦合结构示意图; [0080] FIG. 4 is a schematic diagram of information flow in the material flow process embodiment of the coupling structure of the embodiment;

[0081] 图5是实施例中工业关键基础设施拓扑网络多层图模型。 [0081] FIG. 5 is a diagram of the critical industrial infrastructure network topology model of the multilayer embodiment of FIG.

具体实施方式 Detailed ways

[0082] 为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。 [0082] To make the objectives, technical solutions and advantages of the present invention will become more apparent hereinafter in conjunction with the accompanying drawings and embodiments of the present invention will be further described in detail. 应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。 It should be understood that the specific embodiments described herein are only intended to illustrate the present invention and are not intended to limit the present invention. 此外,下面所描述的本发明各个实施方式中所涉及到的技术特征只要彼此之间未构成冲突就可以相互组合。 Moreover, various embodiments of the invention described below involved the technical features as long as no conflict with one another can be configured in combination with each other.

[0083] 本发明所提供的基于区域态势信息的网络攻击后果动态定量评估方法,包括态势获取、态势理解、态势预测以及损失评估;以下结合图1所示的工业关键基础设施来具体阐述本发明提供的这种网络攻击后果动态定量评估方法。 [0083] The present invention provides a quantitative assessment of the dynamic area network attack situation information based on the consequences, including obtaining situation, the trend appreciated situation prediction and assessment of damage; critical industrial infrastructure below with FIG. 1 specifically illustrate the present invention this method of dynamic quantitative assessment of the consequences of cyber attacks provided.

[0084] 图1所示的工业关键基础设施,通过大量的站点与管道构成一个输送网络;其中站点包括生产站点、传输站点、消费站点;站点之间通过管道连接,将该工业关键基础设施网络定义为有向无环的复杂网络<G,E>,其中G表示站点集合,E表示站点间的管道连线集合; 将站点集合G分类,生产站点集合68= {G1,G6},传输站点集合Gt= {G2,G5,G7},消费站点集合Gc== {G3,G4,G8,G9};任意一个站点系统由多个工艺过程组合而成。 Industrial critical infrastructure shown in [0084] FIG 1, by constituting a large number of sites with a pipe distribution network; wherein the site comprises a production site, transmission sites, consumption site; sites are connected through a conduit between, the critical industrial infrastructure network is defined as a directed acyclic complex network <G, E>, wherein G represents a collection site, E denotes a set of pipes connecting between sites; G Category site collection, production site set 68 = {G1, G6}, transmission sites set Gt = {G2, G5, G7}, consumption site collection Gc == {G3, G4, G8, G9}; at any of these sites a system composed of several processes together.

[0085] 其中,站点Gl的结构如图2所示,包括两个工艺过程:工艺1和工艺2;这两个工艺过程是串联关系,工艺1的输出物质为工艺2的输入原材料。 [0085] wherein Gl site structure shown in Figure 2, includes two processes: Process 1 and Process 2; these two processes are series relationship, process output material 1 to material 2 of process inputs.

[0086] 基于上述典型的工业关键基础设施,实施例提供的基于区域态势信息的网络攻击后果动态定量评估方法,其流程如图3所示,具体如下: [0086] Based on the above typical industrial critical infrastructure, embodiments provide a quantitative assessment of the dynamic area network attack situation information based consequence, the process shown in Figure 3, as follows:

[0087] 态势获取:获取工业关键基础设施所有站点内部工艺的运行信息,包括控制过程以及物理过程的运行信息;对上述运行信息进行筛选,获得由网络攻击导致控制设备的异常发生的位置信息,以及物理设备当前的有用的运行状态信息; [0087] posture acquisition: acquiring industrial critical infrastructure all running internal information technology sites, including running information control processes and physical processes; for said operating information were screened to obtain location information of the abnormal occurrence by cyber attacks control equipment, and the current operation state information useful physical device;

[0088] 态势理解:利用多层流模型计算站点输出的物质流异常信息,并建立站点的输入输出物质流计算模型; [0088] Situation understood that: a multilayer material using a flow model to calculate a flow site abnormality information output, the input and output material flow is calculated to establish the site model;

[0089] 态势预测:根据由网络攻击导致的站点输出物质流异常信息,以及站点的输入输出物质流计算模型,以及输送网络的拓扑图模型,建立态势预测模型,以预测未来一段时间内整个工业关键基础设施输送网络中物质流的流动状态; [0089] Tendency Prediction: The topology model input output material stream computation model site output material abnormal traffic by the network attacks caused, and sites, and the transport network, the establishment of the state predicting model, to predict the entire industry for some time critical infrastructure network transporting material flow flowing state;

[0090] 损失评估:获取所有生产站点生产过程异常导致的经营者的利润损失,以及输送网络异常导致消费者物质需求缺口所造成的损失。 [0090] damage assessment: Get lost profits of all operators of the production site abnormalities caused by the production process, and transport network anomalies result in loss of consumer demand gap caused by the substance.

[0091] 以下以对图1所示的工业关键基础设施的生产站点Gl的工艺1的网络攻击为例,具体阐述上述网络攻击后果的动态定量评估方法:具体如下: [0091] In the process of network attacks Gl industrial production site critical infrastructure shown in FIG. 1, the detailed method of the above described dynamic network attacks quantitative assessment of the consequences: as follows:

[0092] 步骤I,态势获取:获取受到攻击的站点Gl以及未受到攻击的其它站点的态势,包括如下步骤: [0092] Step I, acquiring situation: Gl acquired attack sites and other sites are not subject to situational attack, comprising the steps of:

[0093] 步骤1.1:建立站点Gl的多层流模型,包括如下子步骤: [0093] Step 1.1: Gl establishing multilayered flow model of the site, including the sub-steps of:

[0094] (1.1.1)对工艺1进行结构建模: [0094] (1.1.1) The process for structural modeling:

[0095] 工艺1的多层流结构如图4所示,物理设备组合包括原材料输入设备、原材料和产品传输设备、原材料加工设备、产品接收设备;分别对应源功能角色soul、传输功能角色tral和tra2、反应功能角色coni、接收功能角色sinl;传感器、执行器、控制器分别对应感知功能角色senl、执行功能角色actl、决策功能角色decl; Flow multilayer structure [0095] The process as shown, comprises a combination of physical devices raw material feeding equipment, raw materials and products transmission equipment, raw material processing apparatus, the receiving apparatus 4 product; functional roles Soul source respectively, and the transmission function role tral TRA2, CoNi reaction functional roles, role reception sinl; sensors, actuators, controllers, respectively corresponding to sensing senl functional role, the role of executive function ACTL, decision function role decl;

[0096] 进行符号定义,本实施例中的符号定义具体如表5.1所示: [0096] Symbol definition, as shown in the specific symbols are as defined in Table 5.1 in the present embodiment:

[0097] 表5.1符号定义 [0097] symbols defined in Table 5.1

[0098] [0098]

Figure CN106559414BD00111

[0099] [0099]

Figure CN106559414BD00121

[0100] 根据符号定义建立工艺1的多层流模型,如下式(5.1)所示: [0100] The multilayer build process flow model according to the definition of symbols, the following expression (5.1) below:

[0101] [0101]

Figure CN106559414BD00131

[0102] (1. 1.2)采用步骤(I. 1.1)的方法建立Gl中工艺2的多层流模型;两个工艺的结构一致,工艺1的输出物质fprc^ssl(t)为工艺2的输入物质量,工艺2中的传输功能tral的输入物质值为工艺1的输出物质fprocessl⑴;站点Gl的输出物质Sevci⑴为Sevi (t) =fpr〇cess2 [0102] (1.2 1) using the method step (I. 1.1) Gl multilayer build process flow model 2; consistent with the structure of both processes, process output material 1 fprc ^ ssl (t) of the process 2 input of substance, in the transmission function tral process input material 2 is a process output material fprocessl⑴ 1; Gl site of the output material Sevci⑴ Sevi (t) = fpr〇cess2

[0103] 步骤1.2:筛选有用的信息,并判断网络攻击的对象:表5.1罗列了工艺1中所有功能角色属性中的参数类型,表现为各个功能角色经过的物质流和信息流,以及角色本身与流有关的值; [0103] Step 1.2: Screening of useful information, and determines the network attack objects: Table 5.1 lists the parameter types The process all the functional role properties, the performance of the various functional roles through the material and information flows, and the role itself a value related to the flow;

[0104] 通过站点布置的探针获取不同类型的数据信息,剔除其中与表5.1中参数类型不匹配的数据信息;对于图4所示的多层流结构,当攻击者对决策decl的输入数据inp⑴进行篡改,根据感知senl与决策decl的依赖关系inp⑴=iseni,。 [0104] Different types of data acquired by the probe station arrangement, wherein the reject data in Table 5.1 does not match the parameter type; multilayer stream structure shown in FIG. 4, when the input data of the attacker decision decl inp⑴ tampering, according to the perceptual and decision decl senl dependence inp⑴ = iseni ,. ⑴判断决策decl可能受到的攻击;当攻击者对感知sen 1采集到的物质流的数据进行篡改,譬如更改反应con 1的参数, 根据反应coni与传输tral、tra2的依赖关系判断攻击者对感知senl进行了攻击。 ⑴ Analyzing decision decl Possible attacks; when the data the attacker perception sen collected 1 to the material flow will be altered, for example to change the reaction parameters CON 1, according to the reaction coni transmission TRAL, dependencies tra2 judge attacker perception senl attacked.

[0105] 步骤2,态势理解:获取网络攻击对站点Gl的输出物质量Sevl⑴的影响,以及其它未受到攻击站点的物质量的输出值;站点Gl系统包括工艺1和工艺2,工艺1和工艺2的多层流的结构均如图4所示,只在反应设备中的反应过程不一样,表现为两个工艺的反应coni的动作函数不同;步骤2包括如下子步骤: [0105] Step 2, the trend is understood: Get the impact of network attacks on the output product quality Sevl⑴ site Gl's, and other output values ​​not subject of substance against the site; the site Gl system comprises a process 1 and process 2, process 1 and process the multilayer structure of 2 flow are shown in Figure 4, only the course of the reaction in the reaction apparatus is not the same, the performance of two different reactions of the process coni operation function; step 2 comprises the substeps of:

[0106] 步骤2.1,获取网络攻击对工艺过程1的输出影响:当执行功能角色senl遭受网络攻击,攻击者对将其输入数据信息isenl,p⑴篡改成isenl,p (t)'; [0106] Step 2.1, obtain an output process on the impact of network attacks 1: When performing functional role senl cyber attack, an attacker on the input data isenl, p⑴ tampered isenl, p (t) ';

[0107] 根据式(5.1)所示意的多层流模型的senl— (senl-decl) —decl —---->sinl的功能角色属性描述获取decl的接收物质量fsinl,P⑴为工艺I的输出物质量,等于工艺2的输入原材料的量;对其它信息流功能角色的不同类型攻击,如D0S,中间人、更改控制逻辑攻击, 最终结果都是使得被攻击的信息流功能角色的输出参数值发生变化,等价于篡改信息攻击。 [0107] According to formula (5.1) of the multi-layer flow model illustrated senl- (senl-decl) -decl -----> functional role sinl acquiring attribute description of a receiver quality fsinl decl, P⑴ to process the I output product quality, process input is equal to the amount of raw material 2; different types of attacks on the functional role of other traffic, such as D0S, middleman attack to change the control logic, the final result is that the output parameter values ​​attack traffic functional role of changes, equivalent to tamper with the information attack.

[0108] 步骤2.2,获取站点Gl的输出物质量;实施例中,工艺1和工艺2是串联结构;工艺1 为工艺2提供原料;工艺2中传输工艺tral的输入参数ftral,P(t)等于工艺1的输出fprcicessl ⑴; [0108] Step 2.2, obtain an output of substance site Gl; the embodiment, process 1 and process 2 is the series arrangement; Process 1 Process 2 to provide raw materials; input parameters ftral process 2 transmission process tral of, P (t) the process is equal to the output fprcicessl ⑴;

[0109] 根据其输入参数ftral,P⑴与多层流模型,按照式(5.1)中的tral— (tra-conl) 4 coni —---->sinl的顺序逐步计算这些功能角色的参数,获得工艺2的输出物质量fpr〇cess2 (t),即为站点Gl的输出物质量Sev1⑴。 [0109] The input parameters ftral, P⑴ multilayer flow model according to the formula tral- (5.1) in (tra-conl) 4 coni -----> sequence calculation parameters sinl gradually roles of these functions, is obtained process output product quality fpr〇cess2 2 (t), the output thereof is the domain of mass Sev1⑴ Gl.

[0110] 步骤2.3,根据多层流模型获取未受到网络攻击的站点当前时刻的输出物质量Sevi(t),2彡i彡9; [0110] Step 2.3, the multilayered flow model was obtained according to the quality of the output network attack site is not current time Sevi (t), 2 San i San 9;

[0111] 消费站点G。 [0111] G. Consumer Site 的输入物质量为相邻的传输站点的输出物质量;在t时刻,生产站点集合Gg的输出物质量为Sevg (t) = {Sevi (t),Sev6⑴};传输站点集合Gt输出物质量为Sevt⑴ ={Sev2⑴,Sevs⑴,Sev7⑴};消费站点集合G。 The mass of material adjacent to the input of the transmission quality of the output station thereof; at time t, the output was set Gg production site for mass Sevg (t) = {Sevi (t), Sev6⑴}; Gt-output transmission site collection quality Sevt⑴ = {Sev2⑴, Sevs⑴, Sev7⑴}; consumer site collection G. 的接收物质量为Sev。 The reception quality was Sev. ⑴={Sev3⑴,Sev4 (t),Sevs ⑴,Sevg (t)} 〇 ⑴ = {Sev3⑴, Sev4 (t), Sevs ⑴, Sevg (t)} square

[0112] 步骤3,态势预测:Gl受到网络攻击导致其输出的物质量异常,Gl为后续的所有传输站点和消费站点提供物质,而由于异常扩散过程存在着时延,态势预测即获得在未来各时间段内所有站点的物质量,包括如下子步骤: [0112] Step 3, the trend prediction: Gl network attack resulting in abnormal mass was output, of Gl provide material for subsequent transmission sites and all sites of consumption, and because there is an abnormal diffusion process delay, i.e. in the future trend prediction the quality of all sites were each period, comprises the substeps of:

[0113] 步骤3.1,对图1所示的工业关键基础设施网络建立多层图模型,图1所示的结构为一个有向无环的图<G,E>,其中站点集合G= {Gg,Gt,Gc},生产站点集合Gg= {G^Ge},传输站点集合Gt= {G2,G5,G7},消费站点集合Gc= {G3,G4,G8,G9},边集合E= E5,7, E6,7, Ε7,8, Ε7,9},物质流Gg通过Gt到达Gc; [0113] Step 3.1, the establishment of industrial critical infrastructure network shown in FIG. 1 FIG multilayer model, the configuration shown in FIG. 1 is a directed acyclic FIG <G, E>, wherein the site set G = {Gg , Gt, Gc}, the production site set Gg = {G ^ Ge}, transmission sites set Gt = {G2, G5, G7}, consumption site collection Gc = {G3, G4, G8, G9}, set of edges E = E5 , 7, E6,7, Ε7,8, Ε7,9}, Gt reaches the material flow through Gg Gc;

[0114] 分别建立以这两个消费站点为根节点的路径,具体如下: [0114] were established at two sites as the root of the consumer path, as follows:

[0115] Gl—Gc =〈 {Gl—G〗},{G2—G3,G2—G3,G2—G5},{G54G7},{G7—G8,G7—G9}〉;G6—Gc = 〈{G6—G7},{G7—G8,G7—G9}〉; [0115] Gl-Gc = <{Gl-G〗}, {G2-G3, G2-G3, G2-G5}, {G54G7}, {G7-G8, G7-G9}>; G6-Gc = <{ G6-G7}, {G7-G8, G7-G9}>;

[0116] 将上述两条树进行合并;合并的原则在于判断是否有重复的节点,如上面所述的两条树中,站点G7作为Gl—Gc和G6—G。 [0116] The above-described merge two trees; principle that determines whether the combined duplicate nodes, as described above, two tree, as Gl-Gc site G7 and G6-G. 的中间节点,因此,将这部分合并,并接照扩散过程时行分层,获得如图5所示多层图模型;在该图中,处于同一层次站点的所有传播过程处于同一时间段。 The intermediate node, so these fractions were combined, and then when the stratified according to the diffusion process, is obtained as shown in the multilayer model shown in FIG. 5; all propagation in the drawing process, at the same level at the same time these sites.

[0117] 步骤3.2,计算站点Gl物质输出异常在整个网络中的扩散过程;在t+ △ t时刻,计算层次LVo中的传播过程G1—G2;G1的输出Sev1⑴作为G2的输入; [0117] Step 3.2, material Gl is calculated outputs an abnormal site in the diffusion process across the entire network; at time t + △ t, calculating the propagation level LVo G1-G2; G1 G2 output Sev1⑴ as an input;

[0118] G2在该时刻的输出Sev2 (t+Δ t);而Sevi (t+Δ t) =Sevi ⑴; [0118] G2 at this time output Sev2 (t + Δ t); and Sevi (t + Δ t) = Sevi ⑴;

[0119] 在&amp;+2\八〇时刻计算层次1^1中的传播过程62463,62—64,62465;由此获得在(t+4 X Δ t)时刻所有站点的输入输出; [0119] In & amp; Spread calculated level 1 ^ 1 + 2 62463,62-64,62465 \ eighty time; thereby obtaining the input and output (t + 4 X Δ t) sites all the time;

[0120] 生产站点集合68的输出物质量为: [0120] mass production site was set output 68 is:

[0121] Sevg (t+4 XAt) = {Sevi (t+4 X Δ t) , Sev6t) +4 X Δ t)}; [0121] Sevg (t + 4 XAt) = {Sevi (t + 4 X Δ t), Sev6t) +4 X Δ t)};

[0122] 传输站点集合Gt输出物质量为: [0122] Gt-output transmission site collection quality:

[0123] Sevt (t+4 XAt) = {Sev2 (t+4 X Δ t) , Sevs (t+4 X Δ t) , Sev7 (t+4 X Δ t)}; [0123] Sevt (t + 4 XAt) = {Sev2 (t + 4 X Δ t), Sevs (t + 4 X Δ t), Sev7 (t + 4 X Δ t)};

[0124] 消费站点集合G。 [0124] consumer site collection G. 的接收物质量为: The quality of a receiver:

[0125] Sevc (t+4 Δ t) = {Sev3 (t+4 Δ t),Sev4 (t+4 Δ t) ,Sevs (t+4 Δ t),Sev9 (t+4 Δ t)}。 [0125] Sevc (t + 4 Δ t) = {Sev3 (t + 4 Δ t), Sev4 (t + 4 Δ t), Sevs (t + 4 Δ t), Sev9 (t + 4 Δ t)}.

[0126] 步骤4,损失评估:在未发生网络攻击的(t- △ t)时刻,各站点的输出物质为SeVi (t-Δ t) ,l^i^9; [0126] Step 4 - damage assessment: In (t- △ t) time network attack has not occurred, the respective output material for the site SeVi (t-Δ t), l ^ i ^ 9;

[0127] 在t时刻发生网络攻击,在(t+4 X At)时刻,系统在网络攻击后趋于稳定;在tn时刻修复完毕,各站点恢复到攻击发生前的状态;根据以下步骤计算本次网络攻击造成的损失值; [0127] network attacks occurring at time t, the (t + 4 X At) in time, the system tends to attack the network stable; repaired at time tn, restored to the state before the site of attack; calculated according to the steps of the present loss of value caused by second cyber attacks;

[0128] 步骤4.1,计算工业关键基础设施持有者的利润损失:对于市场售价为pe的单位物质,Gg= {G1,G6}的产能损失值Loss1如下式(5.2)所示: [0128] Step 4.1, loss of profit is calculated critical infrastructure holder industry: the market price of a unit of matter pe, Gg = {G1, G6} capacity loss values ​​shown Loss1 following formula (5.2):

[0129] [0129]

Figure CN106559414BD00151

[0130] 步骤4.2,计算消费者的生产生活损失;实施例中,消费站点Gi接收的物质服务Servi中提供给工业、商业、民用比重为{pi,i,pi,2,pi,3},pi,i+pi,2+pi,3 = 1,且站点Gi周围的工业、商业、民用利用单位物质服务创造的社会价值为{valuei,i,valuei,2,valuei,3},i = 3, 4,8,9; [0130] Step 4.2, calculation of the loss of production and life of consumers; embodiment, the material consumption of the service station Gi received Servi provided to industrial, commercial, residential specific gravity {pi, i, pi, 2, pi, 3}, pi, i + pi, 2 + pi, 3 = 1, and the site Gi around the industrial, commercial, residential use of the unit material services to create social value for {valuei, i, valuei, 2, valuei, 3}, i = 3 , 4,8,9;

[0131] 则消费者的损失值Loss2如下式(5.3)所示: [0131] the value of the loss Loss2 consumers following equation (5.3) below:

[0132] [0132]

Figure CN106559414BD00152

[0133] 本次网络攻击导致的工业关键基础设施的损失值Loss = LosS1+Loss2。 [0133] loss of critical infrastructure industry in this cyber attacks value Loss = LosS1 + Loss2.

[0134] 本领域的技术人员容易理解,以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。 [0134] Those skilled in the art will readily appreciate, the above-described preferred embodiment of the present invention only but are not intended to limit the present invention, any modifications within the spirit and principle of the present invention, equivalent substitutions, and improvements, etc., should be included within the scope of the present invention.

Claims (2)

1. 一种基于区域态势信息的网络攻击后果动态定量评估方法,其特征在于,包括如下步骤: (1)建立包括多个物质流和信息流耦合结构的站点的多层流模型;利用所述多层流模型的特征对站点内部信息进行筛选,获取当前有用的运行状态信息,并判断网络攻击的对象;所述步骤⑴包括如下子步骤: (1.1) 建立站点的多层流模型,包括站点与工艺的关系模型、工艺的物质流模型、物质流与功能角色关系模型、物质流功能角色模型、信息流与功能角色关系模型、以及信息流与物质流交互影响模型;所述步骤(1.1)包括如下子步骤: (1.1.1) 建立站点与工艺的关系模型:站点i在t时刻向外界提供的物质服务量数值 A quantitative assessment of the dynamic area network attack situation information based on the consequences of which, comprising the steps of: (1) establishing a multi-layer flow model sites comprises a plurality of material flow and the flow coupling structure information; using the the multilayer internal flow model of the site filtering information, obtain a useful current operating status information, and determines whether the object of network attacks; ⑴ said step comprises the substeps of: (1.1) establishing a multi-layer flow model of the site, including the site relationship between model and process, process material flow model, the role and function of the relationship between the material flow model, the role of the material flow model function, information and functional role relationship model, and information flow interaction with the material flow model; said step (1.1) comprises the substeps of: (1.1.1) and the relationship model site process: the amount of substance service value provided to the external station i at time t
Figure CN106559414BC00021
其中,站点i的系统由m个工艺親合而成;prci,j⑴是指站点1内部工艺j在t时刻的输出物质量, Wherein, i is the site engagement system formed by m process affinity; prci, j⑴ mass means 1 site was internal process output j at time t,
Figure CN106559414BC00022
;FSl是描述站点i内多工艺的关联关系的静态函数; (1.1.2) 建立工艺的物质流模型:站点i内部工艺j在t时刻提供的物质量prci, j (t)= flowi.j (t); 其中,flowi,j⑴是指物质流Mat-flowi,j在t时刻的输出物质量; (1.1.3) 建立物质流与功能角色关系模型:物质流Mat-f I owk输出的物质量f I owk (t)= Fmk (Parka (t),…,Park,s (t)); 其中,物质流k由s个功能角色构成,Park,。 ; FSl is a static function relationship of the plurality of processes described station i; material flow model (1.1.2) to establish a process: inside the process station i at time t j quality was provided prci, j (t) = flowi.j (t); wherein, flowi, j⑴ refers to a substance stream Mat-flowi, j in the quality of the output thereof at time t; (1.1.3) to establish the role and function of the relationship between the material flow model: mass flow Mat-f I owk output thereof quality f I owk (t) = Fmk (Parka (t), ..., Park, s (t)); wherein material flow is constituted by k s functional role, Park ,. ⑴是指物质流Mat-flowk中的第〇个功能角色在t时刻的参数值;其中 ⑴ is a parameter value of the square function characters Mat-flowk material flow in the time t; wherein
Figure CN106559414BC00023
(1.1.4) 建立物质流功能角色模型Fvc^paruCt),…,par〇,q(t)) =0; 其中,Fv。 (1.1.4) establishing the material flow model functional role Fvc ^ paruCt), ..., par〇, q (t)) = 0; wherein, Fv. 是描述功能角色运行过程的静态函数;par。 Functional role is to describe the process of running a static function; par. ,q(t)指第〇个功能角色第q个参数在t时刻的值; (1.1.5) 建立信息流与功能角色关系模型:信息流Inf-flowu的输出Ctlu (t) =Fwu (Piru,s (t) ,Piru,d(t) ,Piru,a(t)); 其中,ctlu (t)指所述信息流时刻输出的控制信息,Piru,s⑴为感知功能角色在t时刻的参数值,Piru,a (t)为执行功能角色在t时刻的参数值,Piru,d (t)为决策功能角色在t时刻的参数值;Fwu是描述信息流动过程的静态函数; (1.1.6) 建立信息流与物质流交互影响模型: , Q (t) refers to the value of the square of characters function q parameters at time t; (1.1.5) to establish the role and function information flow relationship model: Inf-flowu stream output Ctlu (t) = Fwu (Piru , s (t), Piru, d (t), Piru, a (t)); wherein, ctlu (t) refers to the control information output from the timing stream, Piru, s⑴ functional role for the parameter at time t perceive value, Piru, a (t) to perform the role of function parameter value at time t, Piru, d (t) is the value of the parameter decision function role at time t; Fwu static function describing the flow of information; and (1.1.6 ) establish information flow and material flow model interaction:
Figure CN106559414BC00024
其中,物质流有q个支撑功能角色,物质流Mat-f I owk与信息流I nf-f I Owu親合;函数Fau, k 代表信息流调控参数Ctlu⑴对物质流可控功能角色的参数Park,。 Wherein the material flow has a support function q characters, mass flow and Mat-f I owk stream I nf-f I Owu affinity; function Fau, k parameter representative of traffic regulation substance Park Ctlu⑴ parameter controlled stream role- . ⑴的影响;函数Fsu, 表物质流功能角色的参数Park,。 ⑴ the impact of; function Fsu, role-table material flow parameters Park ,. (t)对信息流感知功能角色参数Piru,s (t)的影响; (1.2)根据站点的多层流模型对站点内部信息进行筛选,获取与站点的物质服务输出计算有关的数据;并判断站点是否发生异常;所述步骤(1.2)包括如下子步骤: (1.2.1) 列举站点的多层流模型中所有功能角色,将站点内部信息集合中与功能角色无关的信息全部丢弃,获取与站点的物质服务输出计算有关的数据; (1.2.2) 从所述与站点的物质服务输出计算有关的数据中,将不符合物质流功能角色〇的状态描述函数、与相邻的功能角色P的关联关系函数的功能角色参数值提取出来,获得发生异常的物质流功能角色的信息; 将所述与站点的物质服务输出计算有关的数据中不符合信息流与物质流交互影响模型与不符合信息流与功能角色关系模型的信息流功能角色参数值提取出来,获得发生异常的信息流功能角色的信息; (T) effect on influenza-known functional role information parameters Piru, s (t); and (1.2) according to the internal information on the site model site multilayered flow filter, the material and the site outputting the acquired service data relating to the calculation; and Analyzing site is abnormal; said step (1.2) comprises the substeps of: (1.2.1) include all the functional role multilayered flow model site, the internal information collection site and functional roles discarding all irrelevant information, acquires substance site service output calculation data relating; substance calculated from the output of the service station and the data relating to (1.2.2), the flow of the material does not meet the functional role of the state description square function with the adjacent functional role P the functional role of the parameter values ​​extracted association functions, material flow information obtaining functional role of the exception; substance service station with an output of the calculations related to the data stream does not conform with the material flow model and does not meet the interaction functional role of information flow and information flow parameter value functional role of the relational model is extracted, to obtain information flow functional roles where the exception occurred; 根据发生异常的物质功能角色的信息和发生异常的信息流功能角色的信息确定受到网络攻击的站点; (2) 根据所述多层流模型获得站点输出的物质流异常信息,并建立站点的输入输出物质流计算模型;所述步骤⑵包括如下子步骤: (2.1) 根据多层流模型获取网络攻击对工艺的输出的影响的定量评估值; 具体地,当网络攻击导致信息流Inf-flowu中某个功能角色Iroleu,i异常,使其属性中的参数值错误;根据信息流与功能角色关系模型获取信息流Inf-Howu输出的异常控制值Ctlu ⑴; 并根据信息流调控参数对物质流可控功能角色的参数的影响,获得物质流Mat-flowk中各功能角色的参数值Pana (t); 并根据工艺Processi的物质流信息流親合模型获得工艺Processi的输出物质量prci (t),获得网络攻击对工艺运行过程产生影响的定量评估值; (2.2) 根据所述的定量评估值,以及站点的物 The occurrence of abnormality information and information flow of the functional role functional role of the material is determined by the abnormal site network attacks; and (2) obtained according to the multi-layer flow model site abnormality information output material stream, and to establish the input station calculating a model output material flow; ⑵ said step comprises the substeps of: (2.1) obtaining a quantitative evaluation value of the output network attacks affect the process of the multilayer flow model; specifically, when the cyber attacks in traffic Inf-flowu a functional role Iroleu, i abnormal, so the error parameter value attribute; obtaining abnormal traffic control value outputted Inf-Howu Ctlu ⑴ the information flow and functional role relationship model; and the information stream be controllable parameters of the material flow Effect of controlled functional role of parameters, to material flow Mat-flowk parameter values ​​for each role-Pana (t); and the process for obtaining Processi output product quality prci (t) in accordance with the material flow information process Processi stream affinity model, quantitative evaluation value obtained during network attacks affect the operation of the process; (2.2) according to the quantitative evaluation value, and the site was 质输出与工艺关系模型,获取当站点i受到网络攻击时,站点i在t时刻的物质输出量Servi (t); (2.3) 根据站点的多层流模型计算获取攻击发生时刻所有受到攻击和未受到攻击的站点的输出的物质量; (3) 根据由网络攻击导致的站点输出物质流异常信息、站点的输入输出物质流计算模型建立工业关键基础设施拓扑结构的多层图模型;根据所述多层图模型建立态势预测模型并进行态势预测;所述步骤⑶包括如下子步骤: (3.1) 建立工业关键基础设施的拓扑结构的多层图模型,将处于同一时刻的传播过程放在同一层次中;所述步骤(3.1)建立多层图模型的方法,包括如下子步骤: (3.1.1) 建立工业关键基础设施输送网络的拓扑结构图; 所述拓扑结构图为一个有向无环的复杂网络<G,E>;G表示站点集合,E表示站点间的管道连线集合;将站点集合G分为生产站点集合Gg、传输站 When the quality of the process output relationship model, acquired when the network attack site i, the output of station i at the time t matter Servi (t); (2.3) calculating and obtaining the multilayer flow model attack sites all the time and does not attack material quality of the output by the site of attack; (3) the abnormality information stream output material from the site of cyber attacks, the input and output material flow calculation model site model established industrial multilayer FIG critical infrastructure topology; according to the FIG multilayer situation prediction model and trend prediction model; ⑶ said step comprises the substeps of: (3.1) establishing a multi-layer model of FIG topology critical infrastructure industry, we will be in the same propagation time on the same level ; and the method of step (3.1) to establish a multi-layer model of FIG, comprises the substeps of: (3.1.1) to establish the topology of FIG industrial critical infrastructure transport network; the topology of a directed acyclic graph of complex network <G, E>; G represents a collection site, E denotes a set of pipes connecting between sites; production site collection site into the collection G Gg, transfer station 集合&amp;和消费站点集合G。 Collection & amp; G. and consumer site collections ; (3.1.2) 以生产站点为根节点,以传输站点为中间节点,以消费站点为叶节点建立树, 获得从生产站点到消费站点的路径集合; 以生产站点集合68中生产站点为根节点,以传输站点为中间节点,以消费站点为叶节点建立树;由1个生产站点建成1个树; (3.1.3) 按照路径分段的规则将1个树合并形成多层图,使得无环复杂网络<G,E>中的边E分成多个不同的集合、同一集合的边处于物质流动过程的同一时间段,将同一时间段的边归于多层图中的同一层次,获得工业关键基础设施拓扑网络的多层图模型; (3.2)根据网络攻击导致站点输出异常在多层图模型中的扩散过程建立态势预测模型并进行态势预测;所述步骤(3.2)包括如下子步骤: (3.2.1)根据站点输出物质异常在工业关键基础设施网络中的传播过程以及多层流模型计算单步过程各站点的物质输出量; (3.2.2) 根 ; (3.1.2) in the production site as the root node, intermediate nodes in a transmission site to the site of consumption build a tree leaf node, the path is obtained from the production site to the site of collection of consumption; production site to a collection site for production of the root 68 node, an intermediate node to transmit the site, establishing a consumption site tree leaf node; manufactured by a production site built a tree; (3.1.3) in accordance with the rules of a path segment will be combined to form a multi-layer tree diagram such that acyclic complex network <G, E> E into a plurality of different sides of the set, the set of edges of the same material at the same time the flow process, the time period attributed to the same side of the same level in a multilayer FIG obtain industrial FIG multilayer model critical infrastructure topology of the network; (3.2) the cyber attacks outputs an abnormal site based on the diffusion process in a multi-layer model of FIG state predicting model and predict the situation; said step (3.2) comprises the substeps of: (3.2.1) and the multilayered flow propagation model to calculate single-step process for each output substance on abnormal sites critical industrial infrastructure network station in accordance with output material; (3.2.2) root 多层图模型计算在网络攻击发生后的各个时段内工业关键基础设施各站点的物质输出状态; (3.2.3) 根据多层流模型获取系统稳定后各站点的输出; (4)根据态势预测信息计算所有生产站点生产过程异常导致的经营者利润损失、以及由输送网络异常导致的消费者物质需求缺口造成的损失,获取定量评估结果。 FIG multilayer material model calculates the output state in each period of the industrial network attack the site of critical infrastructure; (3.2.3) takes the output of each of these sites after the system is stable multilayer flow model; (4) The situation prediction information operators calculate the loss of profits all production sites abnormalities caused by the production process, as well as material losses consumer demand gap caused by the abnormal transport network caused by obtaining quantitative evaluation of the results.
2.如权利要求1所述的网络攻击后果动态定量评估方法,其特征在于,所述步骤(4)包括如下子步骤: (4.1) 获取工业关键基础设施持有人的利润损失 2. The network attacks quantitative evaluation method for dynamic effects according to claim 1, wherein said step (4) comprises the substeps of: (4.1) obtaining industrial loss of critical infrastructure holders profits
Figure CN106559414BC00041
Figure CN106559414BC00042
是指具有1个生产站点的工业关键基础设施在未受到网络攻击时所有生产站点的物质输出,Servg4 (t)指具有1个生产站点的工业关键基础设施在未受到网络攻击时第i个生产站点在t时刻的物质输出, Refers to the industrial critical infrastructure has a production site in the non-network attack all the material output production sites, Servg4 (t) refers to the industrial critical infrastructure has a production site in the non-network attack i-th production site material output at time t,
Figure CN106559414BC00043
Figure CN106559414BC00044
是指该工业关键系统在受到网络攻击后、系统稳定后所有生产站点的物质输出;U时刻是指受损的站点被全部修复的时刻, price为站点生产的物质的单价; (4.2) 计算工业关键基础设施覆盖区域内消费者的生产生活损失 It means a substance that output of all production sites after the industrial critical systems in the network attack, system stability; U refers to a monovalent time the site was damaged repaired all the time, price is the site of production of the substance; (4.2) Industrial computing loss of productive life in the area covered by the consumer's critical infrastructure
Figure CN106559414BC00045
其中,{Serv。 Wherein, {Serv. ,:!⑴,...,Servc^b (t)}是指消费站点集合G。 ,:! ⑴, ..., Servc ^ b (t)} refers to the consumption site collection G. 在t时刻接收的物质量;b是指工业关键基础设施的消费站点数量;&amp;以4^2 4以}是指消费站点6。 Quality was received at time t; b. Means that the number of sites industrial consumption critical infrastructure; & amp; 24 ^ 4 to 6} is the consumption site. ,1获得的物质56^^ ⑴中提供给工业、商业、民用的比重;其中Pi,i+Pi,2+Pi,3 = l; {valuei,i,valuei,2,valuei,3} 是指消费站点G。 , 56 ^^ ⑴ 1 material obtained is supplied to the industrial, commercial, residential proportion; wherein Pi, i + Pi, 2 + Pi, 3 = l; {valuei, i, valuei, 2, valuei, 3} means G. consumer site ,i附近的工业、商业、民用部分单位物质服务量能创造的社会经济价值;tn 是指受损的站点被全部修复的时刻; 受到网络攻击后各个消费站点接收的物质量由{Served (t-Λ t),...,Served (t-Λ t)} 变为 , I near the industrial, commercial, residential part of the material per unit of service can create social and economic value; tn refers to the time the site is fully repaired damaged; the quality of the network attack was various consumer sites received by the {Served (t -Λ t), ..., Served (t-Λ t)} becomes
Figure CN106559414BC00046
(4.3) 根据所述工业关键基础设施持有人和消费者的损失值获得由网络攻击导致的所有损失值L〇SS = L〇SSl+L〇SS2。 (4.3) to obtain all losses caused by the cyber attacks, according to the industry's critical infrastructure holders and consumers value loss of value L〇SS = L〇SSl + L〇SS2.
CN201610929385.9A 2016-10-31 2016-10-31 Quantitative assessment of dynamic consequences of network attacks based on the area information Situation CN106559414B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610929385.9A CN106559414B (en) 2016-10-31 2016-10-31 Quantitative assessment of dynamic consequences of network attacks based on the area information Situation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610929385.9A CN106559414B (en) 2016-10-31 2016-10-31 Quantitative assessment of dynamic consequences of network attacks based on the area information Situation

Publications (2)

Publication Number Publication Date
CN106559414A CN106559414A (en) 2017-04-05
CN106559414B true CN106559414B (en) 2018-02-27

Family

ID=58443166

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610929385.9A CN106559414B (en) 2016-10-31 2016-10-31 Quantitative assessment of dynamic consequences of network attacks based on the area information Situation

Country Status (1)

Country Link
CN (1) CN106559414B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436967A (en) * 2008-12-23 2009-05-20 北京邮电大学 Method and system for evaluating network safety situation
CN102355361A (en) * 2011-06-30 2012-02-15 南京大学 Security assessment method based on alarm information
WO2014066500A1 (en) * 2012-10-23 2014-05-01 Hassell Suzanne P Cyber analysis modeling evaluation for operations (cameo) simulation system
CN105375453A (en) * 2015-09-23 2016-03-02 国电南瑞科技股份有限公司 An emergency control method based on a cascading failure damage degree index

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436967A (en) * 2008-12-23 2009-05-20 北京邮电大学 Method and system for evaluating network safety situation
CN102355361A (en) * 2011-06-30 2012-02-15 南京大学 Security assessment method based on alarm information
WO2014066500A1 (en) * 2012-10-23 2014-05-01 Hassell Suzanne P Cyber analysis modeling evaluation for operations (cameo) simulation system
CN105375453A (en) * 2015-09-23 2016-03-02 国电南瑞科技股份有限公司 An emergency control method based on a cascading failure damage degree index

Also Published As

Publication number Publication date
CN106559414A (en) 2017-04-05

Similar Documents

Publication Publication Date Title
Lee et al. Recent advances and trends in predictive manufacturing systems in big data environment
Diabat et al. An analysis of the drivers affecting the implementation of green supply chain management
Yazdani et al. Resilience enhancing expansion strategies for water distribution systems: A network theory approach
Zheng et al. Urban link travel time estimation based on sparse probe vehicle data
Giustolisi et al. Identification of segments and optimal isolation valve system design in water distribution networks
Eusgeld et al. The role of network theory and object-oriented modeling within a framework for the vulnerability analysis of critical infrastructures
Dunkel et al. Event-driven architecture for decision support in traffic management systems
CN104035392B (en) Big data in Process Control System
Harmel et al. Modifying goodness-of-fit indicators to incorporate both measurement and model uncertainty in model calibration and validation
CN106104398B (en) Distributed big data in Process Control System
US10168691B2 (en) Data pipeline for process control system analytics
WO2009013788A1 (en) Information propagation analyzing system, information propagation analyzing apparatus, method of information propagation analysis and program therefor
Giustolisi et al. Development of rehabilitation plans for water mains replacement considering risk and cost-benefit assessment
Yazdani et al. Applying network theory to quantify the redundancy and structural robustness of water distribution systems
Ferrari et al. Graph-theoretic approach and sound engineering principles for design of district metered areas
Holden et al. A network flow model for interdependent infrastructures at the local scale
Waller et al. A chance-constrained based stochastic dynamic traffic assignment model: Analysis, formulation and solution algorithms
OBrien et al. Modeling same-direction two-lane traffic for bridge loading
Lin et al. A general framework for quantitative modeling of dependability in cyber-physical systems: a proposal for doctoral research
Cannella et al. Closed-loop supply chains: What reverse logistics factors influence performance?
Mckenney et al. Distributed and adaptive traffic signal control within a realistic traffic simulation
Laskowski et al. Anthropotechnical systems reliability
CN102646332B (en) Traffic state estimation device and method based on data fusion
Ouyang et al. Comparisons of complex network based models and real train flow model to analyze Chinese railway vulnerability
Burgholzer et al. Analysing the impact of disruptions in intermodal transport networks: A micro simulation-based model

Legal Events

Date Code Title Description
PB01
SE01
GR01