CN108183897B - Safety risk assessment method for information physical fusion system - Google Patents

Safety risk assessment method for information physical fusion system Download PDF

Info

Publication number
CN108183897B
CN108183897B CN201711459066.7A CN201711459066A CN108183897B CN 108183897 B CN108183897 B CN 108183897B CN 201711459066 A CN201711459066 A CN 201711459066A CN 108183897 B CN108183897 B CN 108183897B
Authority
CN
China
Prior art keywords
mcs
attack
safety
tree
probability
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711459066.7A
Other languages
Chinese (zh)
Other versions
CN108183897A (en
Inventor
徐丙凤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Forestry University
Original Assignee
Nanjing Forestry University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Forestry University filed Critical Nanjing Forestry University
Priority to CN201711459066.7A priority Critical patent/CN108183897B/en
Publication of CN108183897A publication Critical patent/CN108183897A/en
Application granted granted Critical
Publication of CN108183897B publication Critical patent/CN108183897B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a security risk assessment method for an information physical fusion system, belonging to the technical field of information physical fusion systems; constructing a dynamic fault tree of the information physical fusion system; constructing an attack tree model of the information physical fusion system; constructing an attack-fault mapping table; and integrating the dynamic fault tree model and the Attack tree model according to the Attack-fault mapping table to establish an attach-DFTs model. The invention solves the problem that the security risk in the information physical fusion system is difficult to evaluate, including the problem that the information system suffers from the physical system fault caused by the network attack.

Description

Safety risk assessment method for information physical fusion system
Technical Field
The invention relates to a security risk assessment method for an information physical fusion system, and belongs to the technical field of information physical fusion systems.
Background
Cyber Physical Systems (CPS) are multidimensional complex Systems integrating computer, network and Physical environment, and can realize real-time sensing, dynamic Control and information service of large-scale engineering Systems through organic fusion and deep cooperation of 3C (Communication) technology, and are currently widely applied to the industrial Control fields of electric power, petroleum and petrochemical, nuclear energy and the like. In these typical cyber-physical systems, there are a large number of information processing and network communication subsystems, so that an attacker may use faults in the software and communication components to gain control of the system, interfere with the correct behavior of the system, and thus destroy the critical infrastructure. In recent years, Ukran blackouts and seismograph events can also prove that network security attacks can cause CPS system failures and even endanger national security. Therefore, the safety risk assessment aiming at the CPS system has important theoretical and practical significance.
The existing CPS system security analysis modeling analysis is mainly divided into the following two categories: (1) modeling analysis is carried out on the danger prevention performance of the CPS; (2) and carrying out modeling analysis on the safety of the CPS. Modeling analysis of the criticality of CPS aims to protect the system from accidental faults to avoid danger, and fault tree based techniques are currently most widely used in the industry. And constructing a causal relationship graph of the fault tree from top to bottom according to the logical relationship. However, the method can only perform security analysis of the system, and does not consider system faults introduced by network security attacks in the CPS. Modeling analysis of the security of the CPS aims to protect the system from malicious attacks. The modeling analysis method only focuses on analyzing the network security attack, and does not focus on whether the attack can cause system failure. Therefore, it is necessary to perform safety and security integrated modeling of the CPS, and analyze and evaluate network attacks that can cause system failure.
Disclosure of Invention
The invention aims to provide a Security risk assessment method for an information physical fusion system, which aims to overcome the defects and shortcomings of the prior art, solves the problem that the Security risk assessment of the information physical fusion system is difficult to determine, comprises the influence on the Security (Safety) of the system when the information physical fusion system is attacked by network Security, can deduce the system failure caused by the Security attack of the information physical fusion system, supports the integrated analysis of the Security (Security) and the Security (Safety), supports graphical processing, is convenient to use, and has important practical value.
In order to achieve the purpose, the invention adopts the technical scheme that: it comprises the following steps:
1. constructing a dynamic fault tree of the information physical fusion system;
2. constructing an attack tree model of the information physical fusion system;
3. constructing an attack-fault mapping table;
4. integrating a dynamic fault tree model and an Attack tree model according to an Attack-fault mapping table, and establishing an attach-DFTs model;
5. and based on an Attack-DFTs model, the safety risk assessment of the information physical fusion system is realized.
Preferably, the method for establishing the dynamic fault tree in step 1 includes: firstly, taking a fault state which is most undesirable in an information physical fusion system as a target of logic analysis, namely determining a top event; secondly, finding out all possible direct reasons causing the current fault state, namely determining an intermediate event; thirdly, continuing to search for all possible direct causes causing these intermediate fault events until all component states causing the intermediate events are found, i.e. determining a bottom event; and finally, connecting the top event, the middle event and the bottom event into a tree-shaped logic diagram by adopting a logic gate in the dynamic fault tree to form a dynamic fault tree model of the information physical fusion system.
Preferably, the establishing of the attack tree model in step 2 includes the following steps:
2-1, taking the network threat as a starting point, refining the network threat until a specific behavior state is reached;
2-2, modeling the specific behaviors and states as atomic nodes.
Preferably, the step 3 specifically comprises the following steps:
3-1, numbering all nodes in the dynamic fault tree and recording as eiI is more than or equal to 1 and less than or equal to n, and n represents the total number of nodes in the dynamic fault tree.
3-2, numbering all attack tree vertices, e.g. ATGoaliI is more than or equal to 1 and less than or equal to n, and n represents the total number of the attack trees.
3-3, constructing an attack-fault mapping table according to the corresponding relation between the attack result of the top point in the attack tree and the node in the dynamic fault tree, wherein the table is a three-column table, the title of the first column is a serial number, the title of the second column is attack, the title of the third column is fault, and the corresponding relation between the attack tree model and the dynamic fault tree node is described.
Preferably, the specific modeling step in step 4 is as follows:
4-1, referring to the attack-fault mapping table established in the step (3), finding all attack tree models ATGoal causing system faultsiAnd corresponding dynamic fault tree node eiI is more than or equal to 1 and less than or equal to n, and n represents the total number of nodes in the dynamic fault tree.
4-2, will dynamic fault tree in eiThe subtree of nodes is separated from the dynamic fault tree and is marked as ei_subtree
4-3, connecting an OR logic gate with two inputs to ei_subtreeTo above, i.e. ei_subtreeAs one input to the OR logic gate.
4-4, mixing ATGoaliAs another input to the OR logic gate in step (4-3).
4-5, will add OR logic gate and ATGoaliConnecting new attack tree of subtree to dynamic fault tree eiThe location of the node.
Preferably, the evaluation process of step 5 is as follows:
5-1, probability distribution is carried out on all events in the attach-DFTs. The specific distribution process comprises the following steps: 01) distributing probability aiming at all the dangerous events, wherein the probability interval is [0,1 ]; 02) a probability rating (Likelihood) is assigned for all security events, with specific values: { low, middle, high }; 03) the probabilities are computed for all intermediate nodes by logic gates. Wherein, the AND gate takes the minimum probability in the child node, or the gate takes the maximum probability in the child node.
5-2, qualitative analysis was performed on the attach-DFTs. In this step, all the cut-ordered sets in the Attack-DFTs can be found with reference to the cut-ordered set generation method of the dynamic fault tree. The attach-DFTs may be converted to an intermediate model I/O automaton or the like at this step, and then qualitative analysis may be performed.
5-3, classifying the MCS for all MCSs from the perspective of safety and security. Specifically, the MCS is divided into a safety MCS, a safety MCS and a mixed MCS, wherein the safety MCS only contains safety events; only security events are contained in the security MCS; the hybrid MCS contains both the safety and the safety events.
And 5-4, calculating the risk parameters of all MCS.
a) For the safety MCS, the probability of occurrence is calculated, and the specific calculation rule is as follows:
Figure BDA0001529872320000041
i.e. the probability of a critical cut-set is the product of the probabilities of all events occurring in that cut-set, where m is the MCSiNumber of events in, P (MCS)i) Represents MCSiThe probability value of (2).
b) For the safety MCS, calculating the probability level of occurrence thereof, and the specific calculation rule is as follows:
Figure BDA0001529872320000042
i.e., the level of likelihood of occurrence of a security cut set and the maximum level of occurrence of all events in the cut setSame, wherein m is MCSiNumber of events in, L (MCS)i) Represents MCSiLikelihood class of L (e)i) Represents an event eiThe probability of occurrence grade, max represents taking the maximum value;
c) for a mixed MCS, its risk indicator is identified with (P, L), where the calculation rule of probability value of P refers to a in step (5-4) and the calculation rule of likelihood level L refers to b) in step (5-4).
And 5-5, giving a risk evaluation result according to the risk parameters of all the MCS, and giving a suggestion for relieving the danger prevention. From the controllability perspective, the controllability of the safety MCS is the strongest, and the controllability of the hybrid MCS is the worst. Therefore, all MCSs are ordered in the order of safety MCS, mixed MCS and safety MCS, wherein the high probability level is ranked in the front among all safety MCSs; in all mixed MCSs, rank high by L; in all safety MCSs, the high probability values rank in the top. All the MCSs are ordered according to the rule, and the MCS ordered at the top is taken to give an improvement proposal.
In order to analyze the safety risk of the information physical fusion system, the fault modeling of the information physical fusion system is firstly carried out. Constructing a failure causal chain according to typical faults of the cyber-physical system; constructing a network attack model of the information physical fusion system by using an attack tree model; in an information physical fusion system, a physical fault may be caused by a result caused by a network attack, and an attack-fault mapping table is constructed in order to better show the cause-effect relationship between the network attack and the physical fault; and obtaining an extended model Attack-DFTs of the dynamic fault tree, wherein the model enriches the semantics of the Attack tree on the basis of the dynamic fault tree, and the model can be used for determining how the network Attack causes the fault of the information physical fusion system.
After adopting the structure, the invention has the beneficial effects that: the invention relates to a security risk assessment method for an information physical fusion system, which solves the problem that the security risk in the information physical fusion system is difficult to assess, including the problem that the information system is subjected to network attack to cause physical system failure. The method establishes an attack-fault mapping table, and visually and vividly describes the direct relation between the network attack and the fault of the physical system in the information physical fusion system. Meanwhile, the invention carries out comprehensive evaluation on the attack-fault, and can accurately estimate the influence of the network attack on the physical system through the security risk evaluation and provide the improvement suggestion for avoiding the risk.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a detailed flow chart of the present invention;
FIG. 2 is a dynamic fault tree modeling of the cyber-physical fusion system of the present invention. Taking the chemical plant industrial control system as an example, the physical meaning of the dynamic fault tree is as follows: if and only if the sealing system fails (including the main sealing tank, the auxiliary sealing tank fails in sequence), and the pipeline breaks (pipeline overpressure, automatic protection system failure and remote shutdown command failure) happen simultaneously, a system fault that the factory releases toxic substances into the environment occurs;
FIG. 3 is an attack tree model of the cyber-physical system of the present invention. If the server is based on a Kernel of Kernel 2.6 Linux system without patches and the IPtable is in an active state, an attacker can forbid any network connection by sending data packets with wrong ad _ hoc format and utilizing bugs in Kernel 2.6. On the other hand, if the server has network access to a "zombie network," an attacker controlling the zombie can close the server network connection by executing Dos that simply consumes bandwidth.
FIG. 4 is a comprehensive security model of the cyber-physical fusion system of the present invention.
Detailed Description
The invention will be further described with reference to the accompanying drawings.
Referring to fig. 1-4, the present embodiment includes the following steps:
1. constructing a dynamic fault tree of the information physical fusion system; and constructing a failure causal chain of the information physical fusion system by adopting the dynamic fault tree.
The method specifically comprises the following steps:
the dynamic fault tree establishment method of the information physical fusion system is expressed as follows: firstly, taking a fault state which is most undesirable in an information physical fusion system as a target of logic analysis, namely determining a top event; secondly, finding out all possible direct reasons causing the current fault state, namely determining an intermediate event; thirdly, continuing to search for all possible direct causes causing these intermediate fault events until all component states causing the intermediate events are found, i.e. determining a bottom event; and finally, connecting the top event, the middle event and the bottom event into a tree-shaped logic diagram by adopting a logic gate in the dynamic fault tree to form a dynamic fault tree model of the information physical fusion system.
2. Constructing an attack tree model of the information physical fusion system; constructing an attack model of the information physical fusion system by using the attack tree model; the method specifically comprises the following steps:
2-1, taking the network threat as a starting point, refining the network threat until a specific behavior state is reached;
2-2, modeling the specific behaviors and states as atomic nodes. The atomic node is characterized by adopting the following graph: 21) the vulnerability nodes are represented by ellipses; 22) the operation nodes are represented by hexagons; 23) the predicate nodes are represented by rectangles. The relationship between the atomic nodes is characterized by the following relationship: 221) and relation, namely each child node must be completed to reach the parent node of the upper layer; 222) or relationship, i.e. the upper parent node can be reached as soon as any one child node is completed.
3. Constructing an attack-fault mapping table; constructing an attack-fault mapping table according to the dynamic fault tree and the attack tree; the method specifically comprises the following steps:
3-1 for dynamic fault treesAll nodes (including top node, middle node and leaf node) are numbered and marked as eiI is more than or equal to 1 and less than or equal to n, and n represents the total number of nodes in the dynamic fault tree.
3-2, numbering all attack tree vertices, e.g. ATGoaliI is more than or equal to 1 and less than or equal to n, and n represents the total number of the attack trees.
3-3, constructing an attack-fault mapping table according to the corresponding relation between the attack result of the top point in the attack tree and the node in the dynamic fault tree, wherein the table is a three-column table, the title of the first column is a serial number, the title of the second column is attack, the title of the third column is fault, and the corresponding relation between the attack tree model and the dynamic fault tree node is described
4. Integrating a dynamic fault tree model and an Attack tree model according to an Attack-fault mapping table, and establishing an attach-DFTs model; and integrating the dynamic fault tree and the Attack tree to construct an Attack-DET model according to the Attack-fault mapping table. The method specifically comprises the following steps:
4-1, referring to the attack-fault mapping table established in the step 3, finding all attack tree models ATGoal causing system faultsiAnd corresponding dynamic fault tree node eiI is more than or equal to 1 and less than or equal to n, and n represents the total number of nodes in the dynamic fault tree.
4-2, will dynamic fault tree in eiThe subtree of nodes is separated from the dynamic fault tree and is marked as ei_subtree
4-3, connecting an OR logic gate with two inputs to ei_subtreeTo above, i.e. ei_subtreeAs one input to the OR logic gate.
4-4, mixing ATGoaliAs another input to the OR logic gate in step 4-3.
4-5, will add OR logic gate and ATGoaliConnecting new attack tree of subtree to dynamic fault tree eiLocation of node
5. And based on an Attack-DFTs model, the safety risk assessment of the information physical fusion system is realized. The method specifically comprises the following steps:
5-1, probability distribution is carried out on all events in the attach-DFTs. The specific distribution process comprises the following steps: 1) distributing probability aiming at all the dangerous events, wherein the probability interval is [0,1 ]; 2) a probability rating (Likelihood) is assigned for all security events, with specific values: { low, middle, high }; 3) the probabilities are computed for all intermediate nodes by logic gates. Wherein, the AND gate takes the minimum probability in the child node, or the gate takes the maximum probability in the child node.
5-2, qualitative analysis was performed on the attach-DFTs. In this step, all the Cut-ordered sets in the attach-DFTs can be found with reference to the MCS (minimum Cut sequence) generation method of the dynamic fault tree. The attach-DFTs may be converted to an intermediate model I/O automaton or the like at this step, and then qualitative analysis may be performed.
5-3, classifying the MCS for all MCSs from the perspective of safety and security. Specifically, the MCS is divided into a safety MCS, a safety MCS and a mixed MCS, wherein the safety MCS only contains safety events; only security events are contained in the security MCS; the hybrid MCS contains both the safety and the safety events.
And 5-4, calculating the risk parameters of all MCS.
a) For the safety MCS, the probability of occurrence is calculated, and the specific calculation rule is as follows:
Figure BDA0001529872320000081
i.e. the probability of a critical cut-set is the product of the probabilities of all events occurring in that cut-set, where m is the MCSiNumber of events in, P (MCS)i) Represents MCSiThe probability value of (2).
b) For the safety MCS, calculating the probability level of occurrence thereof, and the specific calculation rule is as follows:
Figure BDA0001529872320000082
i.e., the probability level of occurrence of a security cut set is the same as the maximum level of occurrence of all events in the cut set, where m is the MCSiNumber of events in, L (MCS)i) Represents MCSiLikelihood class of L (e)i) Represents an event eiThe probability of occurrence grade, max represents taking the maximum value;
c) for a mixed MCS, its risk indicator is identified with (P, L), where the calculation rule of probability value of P refers to a in step (5-4) and the calculation rule of likelihood level L refers to b) in step (5-4).
And 5-5, giving a risk evaluation result according to the risk parameters of all the MCS, and giving a suggestion for relieving the danger prevention. From the controllability perspective, the controllability of the safety MCS is the strongest, and the controllability of the hybrid MCS is the worst. Therefore, all MCSs are ordered in the order of safety MCS, mixed MCS and safety MCS, wherein the high probability level is ranked in the front among all safety MCSs; in all mixed MCSs, rank high by L; in all safety MCSs, the high probability values rank in the top. All the MCSs are ordered according to the rule, and the MCS ordered at the top is taken to give an improvement proposal. For example: if a safety MCS exists, namely the system fault only depends on external influence and does not depend on the fault of an internal component, a corresponding countermeasure is added in the system for avoiding the fault; in the hybrid MCS, a security event and a security event exist at the same time, and occurrence of the security event can be alleviated by reducing the probability of the security event.
The above description is only for the purpose of illustrating the technical solutions of the present invention and not for the purpose of limiting the same, and other modifications or equivalent substitutions made by those skilled in the art to the technical solutions of the present invention should be covered within the scope of the claims of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (2)

1. A safety risk assessment method for an information physical fusion system is characterized by comprising the following steps: it comprises the following steps:
(1) constructing a dynamic fault tree of the information physical fusion system, wherein the method for establishing the dynamic fault tree comprises the following steps: firstly, taking a fault state which is most undesirable in an information physical fusion system as a target of logic analysis, namely determining a top event; secondly, finding out all possible direct reasons causing the current fault state, namely determining an intermediate event; thirdly, continuing to search for all possible direct causes causing these intermediate fault events until all component states causing the intermediate events are found, i.e. determining a bottom event; finally, connecting the top event, the middle event and the bottom event into a tree-shaped logic diagram by adopting a logic gate in the dynamic fault tree to form a dynamic fault tree model of the information physical fusion system;
(2) constructing an attack tree model of the information physical fusion system, wherein the establishment of the attack tree model comprises the following steps: (2-1) taking the network threat as a starting point, refining the network threat until a specific behavior state is reached; (2-2) modeling specific behaviors and states as atomic nodes;
(3) and constructing an attack-fault mapping table, which specifically comprises the following steps: (3-1) numbering all nodes in the dynamic fault tree and marking as eiI is more than or equal to 1 and less than or equal to n, and n represents the total number of nodes in the dynamic fault tree; (3-2) numbering all attack Tree vertices, e.g. ATGoaliI is more than or equal to 1 and less than or equal to n, and n represents the total number of the attack trees; (3-3) constructing an attack-fault mapping table according to the corresponding relation between the attack result of the top point in the attack tree and the node in the dynamic fault tree, wherein the table is a three-column table, the title of the first column is a serial number, the title of the second column is attack, the title of the third column is fault, and the corresponding relation between the attack tree model and the dynamic fault tree node is described;
(4) integrating a dynamic fault tree model and an Attack tree model according to an Attack-fault mapping table, and establishing an attach-DFTs model, wherein the specific modeling steps are as follows: (4-1) referring to the attack-fault mapping table established in the step (3), finding all attack tree models ATGoal causing system faultsiAnd corresponding dynamic fault tree node eiI is more than or equal to 1 and less than or equal to n, and n represents the total number of nodes in the dynamic fault tree; (4-2) will dynamic fault tree in eiThe subtree of nodes is separated from the dynamic fault tree and is marked as ei_subtree(ii) a (4-3) connecting an OR logic gate having two inputs to ei_subtreeTo above, i.e. ei_subtreeAs an input to the OR logic gate; (4-4) mixing ATGoaliAs another input to the OR logic gate in step (4-3); (4-5) to which OR logic gate and ATGoal are addediConnecting new attack tree of subtree to dynamic fault tree eiThe location of the node;
(5) based on the Attack-DFTs model, the safety risk assessment of the information physical fusion system is realized, and the assessment process is as follows: (5-1) carrying out probability distribution on all events in the attach-DFTs; the specific distribution process comprises the following steps: 01) distributing probability aiming at all the dangerous events, wherein the probability interval is [0,1 ]; 02) a probability rating (Likelihood) is assigned for all security events, with specific values: { low, middle, high }; 03) calculating the probability of all the intermediate nodes through logic gates; wherein, the AND gate takes the minimum probability in the child node, or the gate takes the maximum probability in the child node; (5-2) carrying out qualitative analysis on the attach-DFTs; in this step, all the cut-order sets in the attach-DFTs can be found by referring to the cut-order set generation method of the dynamic fault tree; in the step, Attack-DFTs can be converted into an intermediate model I/O automaton and the like, and then qualitative analysis is performed; (5-3) classifying the MCS from the perspective of safety and security for all MCSs; specifically, the MCS is divided into a safety MCS, a safety MCS and a mixed MCS, wherein the safety MCS only contains safety events; only security events are contained in the security MCS; the hybrid MCS contains both the safety and the safety events; (5-4) calculating risk parameters of all MCS; (5-5) according to the risk parameters of all the MCSs, giving a risk evaluation result and a suggestion for relieving danger prevention, sequencing from the perspective of controllability, wherein the controllability of the danger prevention MCS is strongest, and the controllability of the safety MCS is worst after the MCS is mixed; therefore, all MCSs are ordered in the order of safety MCS, mixed MCS and safety MCS, wherein the high probability level is ranked in the front among all safety MCSs; in all mixed MCSs, rank high by L; in all safety MCSs, the probability value is high and ranked in the front; all the MCSs are ordered according to the rule, and the MCS ordered at the top is taken to give an improvement proposal.
2. The cyber-physical system security risk assessment method according to claim 1, wherein: the risk parameter for calculating all MCS comprises the following steps:
(a) for the safety MCS, the probability of occurrence is calculated, and the specific calculation rule is as follows:
Figure FDA0002812250130000031
i.e. the probability of a critical cut-set is the product of the probabilities of all events occurring in that cut-set, where m is the MCSiNumber of events in, P (MCS)i) Represents MCSiA probability value of (d);
(b) for the safety MCS, calculating the probability level of occurrence thereof, and the specific calculation rule is as follows:
Figure FDA0002812250130000032
i.e., the probability level of occurrence of a security cut set is the same as the maximum level of occurrence of all events in the cut set, where m is the MCSiNumber of events in, L (MCS)i) Represents MCSiLikelihood class of L (e)i) Represents an event eiThe probability of occurrence grade, max represents taking the maximum value;
(c) for the mixed MCS, the risk index is identified by (P, L), wherein the calculation rule of the probability value of P refers to (a) in the step (5-4), and the calculation rule of the probability level L refers to (b) in the step (5-4).
CN201711459066.7A 2017-12-28 2017-12-28 Safety risk assessment method for information physical fusion system Active CN108183897B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711459066.7A CN108183897B (en) 2017-12-28 2017-12-28 Safety risk assessment method for information physical fusion system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711459066.7A CN108183897B (en) 2017-12-28 2017-12-28 Safety risk assessment method for information physical fusion system

Publications (2)

Publication Number Publication Date
CN108183897A CN108183897A (en) 2018-06-19
CN108183897B true CN108183897B (en) 2021-01-15

Family

ID=62548216

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711459066.7A Active CN108183897B (en) 2017-12-28 2017-12-28 Safety risk assessment method for information physical fusion system

Country Status (1)

Country Link
CN (1) CN108183897B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110083611B (en) * 2019-05-10 2021-04-06 南京航空航天大学 Random hybrid system security analysis method based on statistical model detection
CN113516325A (en) * 2020-04-10 2021-10-19 中国农业机械化科学研究院 Information fusion-based combine harvester manufacturing quality analysis decision method and system
CN112819310B (en) * 2021-01-25 2022-07-26 国网山东省电力公司 Photovoltaic information physical system security risk assessment method based on influence graph
CN113434866B (en) * 2021-06-30 2022-05-20 华中科技大学 Unified risk quantitative evaluation method for instrument function safety and information safety strategies
CN114666115B (en) * 2022-03-15 2023-02-24 中国科学院信息工程研究所 Integrated risk attack tree generation method and device, electronic equipment and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103729544A (en) * 2013-11-17 2014-04-16 芜湖大学科技园发展有限公司 Method for guaranteeing smart grid information safety on the basis of CPS
US10241852B2 (en) * 2015-03-10 2019-03-26 Siemens Aktiengesellschaft Automated qualification of a safety critical system
CN104915608B (en) * 2015-05-08 2018-07-27 南京邮电大学 A kind of information physical emerging system secret protection type data classification method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
动态故障树割序集分析的模块化方法;刘东等;《计算机工程》;20110430;第37卷(第7期);全文 *

Also Published As

Publication number Publication date
CN108183897A (en) 2018-06-19

Similar Documents

Publication Publication Date Title
CN108183897B (en) Safety risk assessment method for information physical fusion system
US11792229B2 (en) AI-driven defensive cybersecurity strategy analysis and recommendation system
CN112468347B (en) Security management method and device for cloud platform, electronic equipment and storage medium
Lemaire et al. A SysML extension for security analysis of industrial control systems
CN105807631B (en) Industry control intrusion detection method and intruding detection system based on PLC emulation
Gutiérrez‐Madroñal et al. Evolutionary mutation testing for IoT with recorded and generated events
CN112749097B (en) Performance evaluation method and device for fuzzy test tool
CN112100625B (en) Operating system access control vulnerability discovery method based on model detection
WO2021216163A2 (en) Ai-driven defensive cybersecurity strategy analysis and recommendation system
CN107302530B (en) Industrial control system attack detection device based on white list and detection method thereof
Chen et al. A security, privacy and trust methodology for IIoT
CN106997437A (en) A kind of system vulnerability means of defence and device
CN110798353B (en) Network behavior risk perception and defense method based on behavior characteristic big data analysis
CN116418653A (en) Fault positioning method and device based on multi-index root cause positioning algorithm
CN113965497B (en) Server abnormity identification method and device, computer equipment and readable storage medium
CN106920022B (en) Safety vulnerability assessment method, system and equipment for cigarette industrial control system
CN102982282B (en) The detection system of bug and method
CN114679335B (en) Power monitoring system network security risk assessment training method, assessment method and equipment
Liu et al. Node Importance Evaluation of Cyber‐Physical System under Cyber‐Attacks Spreading
JP2021022358A (en) Stand-alone sql injection protection analysis notification method based on php and system thereof
CN110995747A (en) Distributed storage security analysis method
CN114637664A (en) Detection method and device for android application program properties
Koucham et al. Cross-domain alert correlation methodology for industrial control systems
Rimsha et al. Database Design for Threat Modeling and Risk Assessment Tool of Automated Control Systems
Gao et al. An Intelligent Threat-Detection Method for Power Monitoring System Based on Attack Chain Knowledge

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20180619

Assignee: Nanjing Maoting Information Technology Co.,Ltd.

Assignor: NANJING FORESTRY University

Contract record no.: X2022980009942

Denomination of invention: A security risk assessment method for information physical fusion system

Granted publication date: 20210115

License type: Common License

Record date: 20220706

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20180619

Assignee: Nanjing gansijie Photoelectric Technology Co.,Ltd.

Assignor: NANJING FORESTRY University

Contract record no.: X2022980024612

Denomination of invention: A Security Risk Assessment Method for Information Physical Fusion System

Granted publication date: 20210115

License type: Common License

Record date: 20221207

EE01 Entry into force of recordation of patent licensing contract