CN108833416B - SCADA system information security risk assessment method and system - Google Patents

SCADA system information security risk assessment method and system Download PDF

Info

Publication number
CN108833416B
CN108833416B CN201810644006.0A CN201810644006A CN108833416B CN 108833416 B CN108833416 B CN 108833416B CN 201810644006 A CN201810644006 A CN 201810644006A CN 108833416 B CN108833416 B CN 108833416B
Authority
CN
China
Prior art keywords
vulnerability
risk
threat
factor
influence degree
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810644006.0A
Other languages
Chinese (zh)
Other versions
CN108833416A (en
Inventor
靳江红
熊文泽
史学玲
王晓冬
刘瑶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Municipal Institute of Labour Protection
Original Assignee
Beijing Municipal Institute of Labour Protection
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Municipal Institute of Labour Protection filed Critical Beijing Municipal Institute of Labour Protection
Priority to CN201810644006.0A priority Critical patent/CN108833416B/en
Publication of CN108833416A publication Critical patent/CN108833416A/en
Application granted granted Critical
Publication of CN108833416B publication Critical patent/CN108833416B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Resources & Organizations (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Economics (AREA)
  • Strategic Management (AREA)
  • Marketing (AREA)
  • Game Theory and Decision Science (AREA)
  • Educational Administration (AREA)
  • Development Economics (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides an SCADA system information security risk assessment method and a system, wherein the method comprises the following steps: combining each vulnerability factor and each threat factor according to the causal relationship between each vulnerability factor and each threat factor in the SCADA system to be evaluated to obtain a threat-vulnerability combination; combining each threat-vulnerability combination and each asset factor according to the corresponding relationship between each threat-vulnerability combination and each asset factor in the SCADA system to be evaluated to obtain each risk scene; and acquiring a risk evaluation result of the risk scene according to the first influence degree of the vulnerability risk index of the SCADA system to be evaluated by the vulnerability factor in each risk scene, the second influence degree of the threat factor on the threat risk index and the third influence degree of the asset factor on the asset risk index. The method and the device can quantitatively obtain the risk assessment result, so that the risk assessment result is more accurate.

Description

SCADA system information security risk assessment method and system
Technical Field
The invention belongs to the technical field of risk assessment, and particularly relates to an SCADA system information security risk assessment method and system.
Background
An SCADA (Supervisory Control And Data Acquisition System) System is a Data Acquisition, monitoring And Control System for a production System with a long distribution distance And distributed production units. The method is widely applied to the fields of electric power, metallurgy, petroleum, chemical industry, gas pipe networks, intelligent production workshops and the like. A typical SCADA system includes a human-machine interface, a monitoring system, a remote terminal control system, a field controller, and a communication network.
The SCADA system is a comprehensive system with high networking, automation and intelligence, and can simultaneously comprise a field communication network, a remote communication network, the Internet and the like, so that the SCADA system is extremely easy to attack information security. With the rise of intelligent manufacturing at present, interconnection and intercommunication of a traditional closed industrial SCADA system need to be realized, so that development of information security risk assessment of the SCADA system and realization of system reinforcement or leakage repair based on a conclusion of the risk assessment become more important.
The traditional information security risk assessment method facing the IT technology has been developed for many years, and the method cannot be carried out according to more SCADA systems applied to industry or production control because large differences exist between the two in some key points, as shown in Table 1. In recent years, research institutes at home and abroad research and study information security risk assessment of a SCADA system based on existing IT information security assessment technology or Functional security (Functional security) assessment technology, such as HAZOP/FTA/LOPA/FEMA and the like, to form some qualitative or quantitative methods, but the methods have many problems.
Qualitative methods, such as checklists, risk matrices, fuzzy decisions, etc., have better intuitiveness and operability, but cannot give more quantitative conclusions, the differences of the information security capabilities of the system are difficult to distinguish, and weak points or improved strategies cannot be put forward more specifically. The quantitative method is mainly based on a vulnerability tree or attack tree model, the two models use the thought of a classical fault tree for reference, the logical relationship between an attack event and a final attack target is analyzed by using AND and OR, and the overall possibility of the final attack target being attacked is estimated according to the original possibility of the attack event. These methods, however, only represent threats and vulnerabilities in a general way with the possibility of being attacked, leading to inaccurate risk assessment results. The tree model built for a large system is very complex, resulting in a large amount of computation. In addition, the fault tree model is premised on that the bottom events are independent enough, that is, there is no strong correlation, and the attack events of information security generally have correlation, for example, the same copper leakage, the same communication path or the same equipment is used), so that the risk assessment result is inaccurate.
TABLE 1 differences between IT information Security and Industrial control information Security
Figure BDA0001703079880000021
Disclosure of Invention
In order to overcome the problems of complex evaluation process, two large operations and inaccurate evaluation result of the conventional SCADA system information security risk evaluation method or at least partially solve the problems, the invention provides an SCADA system information security risk evaluation method and system.
According to a first aspect of the present invention, a method for evaluating SCADA system information security risk is provided, which includes:
combining each vulnerability factor and each threat factor according to the causal relationship between each vulnerability factor and each threat factor in the SCADA system to be evaluated to obtain a threat-vulnerability combination;
combining each threat-vulnerability combination and each asset factor according to the corresponding relationship between each threat-vulnerability combination and each asset factor in the SCADA system to be evaluated to obtain each risk scene;
and acquiring a risk evaluation result of each risk scene according to a first influence degree of the vulnerability factor on the vulnerability risk index of the SCADA system to be evaluated, a second influence degree of the threat factor on the threat risk index of the SCADA system to be evaluated and a third influence degree of the asset factor on the asset risk index of the SCADA system to be evaluated in each risk scene.
According to a second aspect of the present invention, there is provided a SCADA system information security risk assessment system, comprising:
the first combination module is used for combining each vulnerability factor and each threat factor according to the causal relationship between each vulnerability factor and each threat factor in the SCADA system to be evaluated to obtain a threat-vulnerability combination;
the second combination module is used for combining each threat-vulnerability combination and each asset factor according to the corresponding relation between each threat-vulnerability combination and each asset factor in the SCADA system to be evaluated to obtain each risk scene;
and the evaluation module is used for acquiring the risk evaluation result of each risk scene according to the first influence degree of the vulnerability factor on the vulnerability risk index of the SCADA system to be evaluated, the second influence degree of the threat factor on the threat risk index of the SCADA system to be evaluated and the third influence degree of the asset factor on the asset risk index of the SCADA system to be evaluated in each risk scene.
According to a third aspect of the invention there is provided an electronic device comprising:
at least one processor, at least one memory, and a bus; wherein the content of the first and second substances,
the processor and the memory complete mutual communication through the bus;
the memory stores program instructions executable by the processor, which when called by the processor are capable of performing the above-described methods.
According to a fourth aspect of the invention, there is provided a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the above method.
The invention provides an information security risk assessment method and system for an SCADA system, wherein each risk scene in the SCADA system to be assessed is determined according to the relationship among each vulnerability factor, each threat factor and each asset factor in the SCADA system to be assessed, and the influence information security risk is comprehensively analyzed according to the influence degree of each factor on the corresponding risk index, so that a quantitative risk assessment result is obtained, and the risk assessment result is more accurate.
Drawings
Fig. 1 is a schematic overall flow chart of an SCADA system information security risk assessment method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a hierarchical structure model of a vulnerability risk indicator in the SCADA system information security risk assessment method according to an embodiment of the present invention;
fig. 3 is a schematic view of an overall structure of an SCADA system information security risk assessment system according to an embodiment of the present invention;
fig. 4 is a schematic view of an overall structure of an electronic device according to an embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the present invention is provided in connection with the accompanying drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
In an embodiment of the present invention, a method for evaluating SCADA system information security risk is provided, and fig. 1 is a schematic overall flow chart of the method for evaluating SCADA system information security risk provided in the embodiment of the present invention, where the method includes: s101, combining each vulnerability factor and each threat factor according to the causal relationship between each vulnerability factor and each threat factor in the SCADA system to be evaluated to obtain a threat-vulnerability combination;
the SCADA system to be evaluated is the SCADA system which needs to carry out information security risk evaluation. In the information security risk model, the information security risk R is generally defined as a combination of a threat risk indicator T, a vulnerability risk indicator V and an asset risk indicator a, where R ═ T × V × a, indicates that the more threats, the more vulnerabilities, the greater the asset loss, and the greater the risk. It should be noted that there are typically already some information security measures at the time of evaluation, which effectively reduce the vulnerability exposure potential or reduce the asset loss, and for which the risk impact is not described by a separate parameter, but rather is reflected in the vulnerability and asset impact.
According to the configuration, software and hardware equipment, network conditions and the like of the SCADA system to be evaluated, vulnerability factors which may exist in the SCADA system are obtained, and a typical vulnerability factor check is shown in table 2. According to the application scenarios of the SCADA system to be evaluated, such as chemical production, pipeline transportation, gas pipeline network, manufacturing and processing production workshop and the like, possible threat factors are determined, and a typical threat factor list is shown in Table 3. After the vulnerability factors and the threat factors in the SCADA system to be evaluated are determined, the vulnerability factors and the threat factors are combined according to the cause-effect relationship between the vulnerability factors and the threat factors to obtain a threat-vulnerability combination. For example, vulnerability factors in the SCADA system to be evaluated include patch installation, user accounts, software security vulnerabilities, password protection, internal access control, and electromagnetic protection, and threat factors include physical intrusion, viruses, and device failure. The combinations of threat factors and vulnerability factors are shown in table 4, where an "x" in the table indicates a combination between causal and vulnerable factors. Patch installation, user accounts, software security vulnerabilities, password protection, and electromagnetic protection in table 4 do not cause physical intrusion, i.e., there is no causal relationship, and therefore they are not combined. Internal access controls cause physical intrusions, i.e. there is a causal relationship between internal access controls and physical intrusions, and they are therefore combined. The threat-vulnerability combination finally obtained is physical intrusion-internal access control, virus-patch installation, virus-user account, virus-software vulnerability, equipment failure-password protection and equipment failure-electromagnetic protection.
TABLE 2 vulnerability factor checklist
Figure BDA0001703079880000061
TABLE 3 list of threat factors
Figure BDA0001703079880000062
TABLE 4 combinations between threat factors and vulnerability factors
Figure BDA0001703079880000071
S102, combining each threat-vulnerability combination and each asset factor according to the corresponding relation between each threat-vulnerability combination and each asset factor in the SCADA system to be evaluated to obtain each risk scene;
the asset factors that may be affected are determined based on the configuration and application scenario of the SCADA system under evaluation, and a typical inventory of asset factors is shown in table 5.
TABLE 5 asset factor List
Figure BDA0001703079880000072
Figure BDA0001703079880000081
And recombining the threat-vulnerability combinations and the asset factors according to the determined corresponding relationship between the threat-vulnerability combinations and the asset factors. Wherein the corresponding relationship is determined according to the vulnerability and threat of each asset factor. For example, asset factors in the SCADA system to be evaluated include system configuration data, system control software, control system hardware, host software, host computer hardware, and operators. The determined threat-vulnerability combinations and the combinations of asset factors are shown in table 6, wherein "x" in the table indicates the combinations between the threat-vulnerability combinations and the asset factors having corresponding relationships. The combination between the threat-vulnerability combination and the asset factor will be denoted by "x" as one risk scenario.
TABLE 6 threat-vulnerability combinations and combinations between asset factors
Figure BDA0001703079880000082
S103, acquiring the risk evaluation result of each risk scene according to the first influence degree of the vulnerability risk index of the SCADA system to be evaluated by the vulnerability factor, the second influence degree of the threat risk index of the SCADA system to be evaluated by the threat factor and the third influence degree of the asset risk index of the SCADA system to be evaluated by the asset factor in each risk scene.
Each risk scenario is a combination of a threat factor, a vulnerability factor, and an asset factor. The method includes the steps of obtaining a first influence degree of a vulnerability factor on a vulnerability risk index, a second influence degree of a threat factor on the threat risk index and a third influence degree of an asset factor on the asset risk index in each risk scene, and the embodiment is not limited to the obtaining method of the first influence degree, the second influence degree and the third influence degree. And multiplying the first influence degree, the second influence degree and the third influence degree according to the R-T multiplied by V multiplied by A to obtain the risk evaluation result of each risk scene.
According to the method and the system, each risk scene in the SCADA system to be evaluated is determined according to the relationship among each vulnerability factor, each threat factor and each asset factor in the SCADA system to be evaluated, influence information safety risks are comprehensively analyzed according to the influence degree of each factor on corresponding risk indexes, quantitative risk evaluation results are obtained, and therefore the risk evaluation results are accurate.
On the basis of the above embodiment, step S103 in this embodiment further includes: according to all vulnerability factors and all threat factors in the SCADA system to be evaluated, constructing a first hierarchical structure model of the vulnerability risk index and a second hierarchical structure model of the threat risk index of the SCADA system to be evaluated based on an analytic hierarchy process;
the analytic hierarchy process is a decision process for decomposing elements related to decision into levels of target, criterion, scheme and the like, and carrying out qualitative and quantitative analysis on the basis. And constructing a first-level structure model of the vulnerability risk index of the SCADA system to be evaluated according to each vulnerability factor in the SCADA system to be evaluated based on an analytic hierarchy process. And dividing related contents of vulnerability risk index evaluation into a first target layer, a first rule layer and a first scheme layer. As shown in fig. 2, the first target tier is a vulnerability risk indicator. The first rule layer includes various vulnerability disclosure possibilities including a possibility that the vulnerability is known, a possibility that the vulnerability is exploited, and a possibility that the vulnerability is implemented by a corresponding carrier. The vulnerability is widely known or basically unknown, the vulnerability can be easily utilized or complex operations need to be implemented, and the vulnerability can be implemented by a corresponding carrier, such as remote invasion or complex internal relation access. The first scheme layer is a specific vulnerability factor such as user account, patch installation, data integrity and external access measurement, etc.
And constructing a second hierarchical structure model of the threat risk index of the SCADA system to be evaluated according to each threat factor in the SCADA system to be evaluated based on an analytic hierarchy process. And dividing the relevant content of the threat risk index evaluation into a second target layer, a second criterion layer and a second scheme layer. The second target tier is a threat risk indicator. The second level of criteria includes various threat possibilities, including the likelihood that the threat is known, the difficulty with which the threat is causing the intrusion, and the depth to which the threat is causing the intrusion. Wherein the likelihood of the threat being known is widely known or substantially unknown. The second scenario layer is a specific threat factor.
And acquiring a first influence degree of the vulnerability factors in each risk scene on the vulnerability risk indexes according to the first hierarchical structure model, and acquiring a second influence degree of the threat factors in each risk scene on the threat risk indexes according to the second hierarchical structure model.
On the basis of the foregoing embodiment, in this embodiment, the step of obtaining the first influence degree of the vulnerability factor on the vulnerability risk indicator in each risk scene according to the first hierarchical structure model specifically includes: acquiring a judgment matrix of a first criterion layer to a first target layer according to preset importance degrees of various vulnerability disclosure possibilities in a first criterion layer of the first hierarchical structure model, and acquiring influence degrees of various vulnerability disclosure possibilities on vulnerability risk indexes in the first target layer of the first hierarchical structure model according to the judgment matrix of the first criterion layer to the first target layer;
specifically, a first criterion of a first hierarchy model is setAnd comparing every two preset importance degrees of various vulnerability exposure possibilities in the layers to construct a judgment matrix of the first criterion layer to the first target layer, so that qualitative judgment is converted into quantitative judgment. Judgment matrix CBKThe composition of (A) is shown in Table 7.
TABLE 7 decision matrix CBKIs composed of
Figure BDA0001703079880000101
Wherein, c1、c2...cmThe predetermined importance level of the probability is revealed for the m vulnerabilities. And calculating the judgment matrix of the first target layer according to the first rule layer, so as to obtain the influence degree of various vulnerability disclosure possibilities on the vulnerability risk index in the first target layer of the first-level structure model.
Acquiring a judgment matrix of a first scheme layer to a first criterion layer according to the preset importance degree of each vulnerability factor in the first scheme layer of the first hierarchical structure model, and acquiring the influence degree of each vulnerability factor on various vulnerability exposure possibilities according to the judgment matrix of the first scheme layer to the first criterion layer;
specifically, the judgment matrix of the first scheme layer to the first rule layer is acquired by using the same acquisition method as the judgment matrix of the first rule layer to the first target layer. Calculating a judgment matrix of the first rule layer according to the first scheme layer to obtain the influence degree of each vulnerability factor on each vulnerability disclosure possibility in the first rule layer;
and acquiring the influence degree of the vulnerability factors in each risk scene on the vulnerability risk indexes according to the influence degree of each vulnerability factor on various vulnerability disclosure possibilities and the influence degree of each vulnerability disclosure possibility on the vulnerability risk indexes.
Specifically, the first scheme is obtained according to the influence degree of each vulnerability factor in the first scheme layer on each vulnerability disclosure possibility in the first criterion layer and the influence degree of each vulnerability disclosure possibility in the first criterion layer on the vulnerability risk index in the first target layerAnd the influence degree of each vulnerability factor in the layer on the vulnerability risk index in the target layer. Influence degree v of ith vulnerability factor on vulnerability risk index in target layeriThe calculation formula is as follows:
Figure BDA0001703079880000111
wherein n is the number of types of vulnerability disclosure possibility, wl is the influence degree of the first vulnerability disclosure possibility on the vulnerability risk index,
Figure BDA0001703079880000112
and obtaining the influence degree of the vulnerability factor on the vulnerability exposure possibility of the ith vulnerability factor, thereby obtaining the first influence degree of the vulnerability factor on the vulnerability risk index in each risk scene.
On the basis of the foregoing embodiment, in this embodiment, the step of obtaining the second influence degree of the threat factor on the threat risk indicator in each risk scenario according to the second hierarchical structure model specifically includes: acquiring a judgment matrix of a second criterion layer to a second target layer according to preset importance degrees of various threat implementation possibilities in the second criterion layer of the second hierarchical structure model, and acquiring influence degrees of various threat implementation possibilities on threat risk indexes in the second target layer of the second hierarchical structure model according to the judgment matrix of the second criterion layer to the second target layer; acquiring a judgment matrix of a second scheme layer to a second criterion layer according to the preset importance degree of each threat factor in the second scheme layer of the second hierarchical structure model, and acquiring the influence degree of each threat factor on the implementation possibility of each threat according to the judgment matrix of the second scheme layer to the second criterion layer; and acquiring a second influence degree of the threat factors in each risk scene on the threat risk indexes according to the influence degree of each threat factor on each threat implementation possibility and the influence degree of each threat implementation possibility on the threat risk indexes.
Specifically, the second influence degree of the threat factors in each risk scene on the threat risk index is obtained by using the obtaining method with the same first influence degree of the vulnerability factors in each risk scene on the vulnerability risk index.
On the basis of the foregoing embodiment, in this embodiment, the step of obtaining the determination matrix of the first criterion layer for the first target layer according to the preset importance degree of the disclosure possibility of various vulnerabilities in the first criterion layer of the first hierarchical structure model specifically includes: based on a 1-9 scaling method, preset importance degrees of any two vulnerability disclosure possibilities in the first criterion layer are compared, and a judgment matrix of the first criterion layer to the first target layer is constructed. The scale of the decision matrix is shown in table 8. For example, the determination matrix of the first rule layer to the first target layer is:
Figure BDA0001703079880000121
on the basis of the above embodiment, the influence degree of each vulnerability disclosure possibility on the vulnerability risk index in the first target layer of the first hierarchical structure model is obtained according to the judgment matrix of the first rule layer on the first target layer by the following formula:
CBKw=λw;
wherein, CBKA judgment matrix of the first criterion layer to the first target layer is set, wherein lambda is a characteristic root, and w is a characteristic vector; when C is presentBKWhen the consistency exists, taking w corresponding to the lambda as the influence degree of various vulnerability disclosure possibilities on vulnerability risk indexes in a first target layer of the first-level structure model; when C is presentBKAnd if the consistency is not available, taking w corresponding to the maximum lambda as the influence degree of various vulnerability disclosure possibilities on the vulnerability risk index in the first target layer of the first-level structure model.
TABLE 8 Scale of decision matrices
Figure BDA0001703079880000131
In particular, because of the decision matrix CBKIs a positive and reciprocal matrix. When C is presentBKThere is one and only one non-zero feature root λ, SunTe when it is a consistency matrixAnd taking w corresponding to the radix lambda as the influence degree of various vulnerability disclosure possibilities on the vulnerability risk index. When C is presentBKWhen the consistency is not satisfied or the consistency degree is not acceptable, normalizing the maximum characteristic root lambda of the processingmaxThe corresponding feature vector is used as the influence degree of various vulnerability disclosure possibilities on the vulnerability risk index. Lambda [ alpha ]maxThe corresponding feature vector can be calculated by matlab. Common calculation methods are the harmony method, the root method, the log least squares method, the least squares method, and the characteristic root method.
Due to the complexity of objective objects and the diversity of human knowledge about complex objects, the decision matrix is not strictly required to be consistent with consistency, but is only required to be consistent with the requirement of consistency. If a judgment matrix with a large degree of inconsistency is adopted to calculate the weight vector, the obtained weight ordering and final decision are completely meaningless. Therefore, when constructing the judgment matrix, it is necessary to perform a consistency check thereon. The test process is as follows:
(1) by maximum characteristic root λ of the decision matrixmaxAnd calculating the consistency index CI according to the order m of the sum matrix.
Figure BDA0001703079880000141
(2) And (3) searching for a random uniform consistency index RI, wherein the random uniform consistency index RI with 3-10 orders is given in a table 9.
TABLE 9 random uniformity index
Figure BDA0001703079880000142
(3) The consistency ratio CR is calculated. If the CR is smaller than the preset threshold value, judging that the consistency degree of the matrix is acceptable; otherwise, the judgment matrix needs to be adjusted again, then the consistency check is performed on the newly constructed judgment matrix again, and the above processes are repeated until the judgment matrix is smaller than the preset threshold value. Wherein the content of the first and second substances,
Figure BDA0001703079880000143
on the basis of the above embodiments, in this embodiment, before the step of obtaining the risk assessment result of each risk scenario, the step further includes: and taking the economic loss caused by damage of each asset factor in the SCADA system to be evaluated as a third influence degree of each asset factor on the asset risk index of the SCADA system to be evaluated.
Specifically, for each asset factor, the economic loss of the result sampling value quantification caused when the asset factor is damaged is used as a third influence degree of each production factor on the asset risk index of the SCADA system to be evaluated. The economic loss quantification method for each type of asset factor is shown in table 10. For example, the first degree of influence y1 is equal to (4.56194.40714.64284.68364.5450), and the second degree of influence y2 is equal to (4.62104.79014.7991). Normalized quantification of asset factors is shown in table 11. The risk assessment result of the physical intrusion-internal access control-control system information security risk scene is quantized into R0.2876 X0.2492X0.2564 0.01837. And performing similar calculation on each risk scene to obtain quantitative indexes of all information safety risks. Comparing the risk assessment result with a preset threshold value can realize risk classification. According to the evaluation result, corresponding targeted improvement opinions can be proposed.
TABLE 10 economic loss quantification method for asset factors
Figure BDA0001703079880000151
TABLE 11 asset factor normalization quantification
Assets Expected loss quantization Normalization
System configuration data 10 0.025641026
System control software 50 0.128205128
Control system hardware 100 0.256410256
Host software 10 0.025641026
Host computer hardware 20 0.051282051
Operator personnel 200 0.512820513
In another embodiment of the present invention, a system for evaluating information security risk of a SCADA system is provided, and fig. 3 is a schematic diagram of an overall structure of the system for evaluating information security risk of a SCADA system according to the embodiment of the present invention. The system is used for carrying out information security risk assessment on the SCADA system in the embodiment. Therefore, the description and definition in the SCADA system information security evaluation method in the foregoing embodiment may be used for understanding each execution module in the embodiment of the present invention. The system comprises a first combination module 301, a second combination module 302, and an evaluation module 303; wherein:
the first combination module 301 is configured to combine each vulnerability factor and each threat factor according to a causal relationship between each vulnerability factor and each threat factor in the SCADA system to be evaluated, so as to obtain a threat-vulnerability combination; the second combination module 302 is used for combining each threat-vulnerability combination and each asset factor according to the corresponding relationship between each threat-vulnerability combination and each asset factor in the SCADA system to be evaluated to obtain each risk scene; the evaluation module 303 is configured to obtain a risk evaluation result of each risk scene according to a first influence degree of a vulnerability risk index of the SCADA system to be evaluated by the vulnerability factor, a second influence degree of a threat risk index of the SCADA system to be evaluated by the threat factor, and a third influence degree of an asset risk index of the SCADA system to be evaluated by the asset factor in each risk scene.
According to the method and the system, each risk scene in the SCADA system to be evaluated is determined according to the relationship among each vulnerability factor, each threat factor and each asset factor in the SCADA system to be evaluated, influence information safety risks are comprehensively analyzed according to the influence degree of each factor on corresponding risk indexes, quantitative risk evaluation results are obtained, and therefore the risk evaluation results are accurate.
On the basis of the above embodiment, the embodiment further includes a first quantization module, configured to construct, according to each vulnerability factor and each threat factor in the SCADA system to be evaluated, a first hierarchical structure model of the vulnerability risk index and a second hierarchical structure model of the threat risk index of the SCADA system to be evaluated based on an analytic hierarchy process; and acquiring a first influence degree of the vulnerability factors in each risk scene on the vulnerability risk indexes according to the first hierarchical structure model, and acquiring a second influence degree of the threat factors in each risk scene on the threat risk indexes according to the second hierarchical structure model.
On the basis of the foregoing embodiment, in this embodiment, the first quantization module is specifically configured to: acquiring a judgment matrix of a first criterion layer to a first target layer according to preset importance degrees of various vulnerability disclosure possibilities in a first criterion layer of the first hierarchical structure model, and acquiring influence degrees of various vulnerability disclosure possibilities on vulnerability risk indexes in the first target layer of the first hierarchical structure model according to the judgment matrix of the first criterion layer to the first target layer; acquiring a judgment matrix of a first scheme layer to a first criterion layer according to the preset importance degree of each vulnerability factor in the first scheme layer of the first hierarchical structure model, and acquiring the influence degree of each vulnerability factor on various vulnerability exposure possibilities according to the judgment matrix of the first scheme layer to the first criterion layer; and acquiring the influence degree of the vulnerability factors in each risk scene on the vulnerability risk indexes according to the influence degree of each vulnerability factor on various vulnerability disclosure possibilities and the influence degree of each vulnerability disclosure possibility on the vulnerability risk indexes.
On the basis of the foregoing embodiment, in this embodiment, the first quantization module is specifically configured to: acquiring a judgment matrix of a second criterion layer to a second target layer according to preset importance degrees of various threat implementation possibilities in the second criterion layer of the second hierarchical structure model, and acquiring influence degrees of various threat implementation possibilities on threat risk indexes in the second target layer of the second hierarchical structure model according to the judgment matrix of the second criterion layer to the second target layer; acquiring a judgment matrix of a second scheme layer to a second criterion layer according to the preset importance degree of each threat factor in the second scheme layer of the second hierarchical structure model, and acquiring the influence degree of each threat factor on the implementation possibility of each threat according to the judgment matrix of the second scheme layer to the second criterion layer; and acquiring a second influence degree of the threat factors in each risk scene on the threat risk indexes according to the influence degree of each threat factor on each threat implementation possibility and the influence degree of each threat implementation possibility on the threat risk indexes.
On the basis of the foregoing embodiment, in this embodiment, the first quantization module is further specifically configured to: based on a 1-9 scaling method, preset importance degrees of any two vulnerability disclosure possibilities in the first criterion layer are compared, and a judgment matrix of the first criterion layer to the first target layer is constructed.
On the basis of the foregoing embodiment, in this embodiment, the first quantization module is further specifically configured to: obtaining the influence degree of various vulnerability disclosure possibilities on the vulnerability risk index in the first target layer of the first-level structure model according to the judgment matrix of the first rule layer to the first target layer by the following formula:
CBKw=λw;
wherein, CBKA judgment matrix of the first criterion layer to the first target layer is set, wherein lambda is a characteristic root, and w is a characteristic vector; when C is presentBKWhen the consistency exists, taking w corresponding to the lambda as the influence degree of various vulnerability disclosure possibilities on vulnerability risk indexes in a first target layer of the first-level structure model; when C is presentBKAnd if the consistency is not available, taking w corresponding to the maximum lambda as the influence degree of various vulnerability disclosure possibilities on the vulnerability risk index in the first target layer of the first-level structure model.
On the basis of the above embodiments, the present embodiment further includes a second quantification module, configured to use, as a third degree of influence of each asset factor on the asset risk indicator of the SCADA system to be evaluated, economic loss caused by damage of each asset factor in the SCADA system to be evaluated.
The embodiment provides an electronic device, and fig. 4 is a schematic view of an overall structure of the electronic device according to the embodiment of the present invention, where the electronic device includes: at least one processor 401, at least one memory 402, and a bus 403; wherein the content of the first and second substances,
the processor 401 and the memory 402 communicate with each other via a bus 403;
the memory 402 stores program instructions executable by the processor 401, and the processor calls the program instructions to perform the methods provided by the above method embodiments, for example, the methods include: combining each vulnerability factor and each threat factor according to the causal relationship between each vulnerability factor and each threat factor in the SCADA system to be evaluated to obtain a threat-vulnerability combination; combining each threat-vulnerability combination and each asset factor according to the corresponding relationship between each threat-vulnerability combination and each asset factor in the SCADA system to be evaluated to obtain each risk scene; and acquiring a risk evaluation result of the risk scene according to the first influence degree of the vulnerability risk index of the SCADA system to be evaluated by the vulnerability factor in each risk scene, the second influence degree of the threat factor on the threat risk index and the third influence degree of the asset factor on the asset risk index.
The present embodiments provide a non-transitory computer-readable storage medium storing computer instructions that cause a computer to perform the methods provided by the above method embodiments, for example, including: combining each vulnerability factor and each threat factor according to the causal relationship between each vulnerability factor and each threat factor in the SCADA system to be evaluated to obtain a threat-vulnerability combination; combining each threat-vulnerability combination and each asset factor according to the corresponding relationship between each threat-vulnerability combination and each asset factor in the SCADA system to be evaluated to obtain each risk scene; and acquiring a risk evaluation result of the risk scene according to the first influence degree of the vulnerability risk index of the SCADA system to be evaluated by the vulnerability factor in each risk scene, the second influence degree of the threat factor on the threat risk index and the third influence degree of the asset factor on the asset risk index.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The above-described embodiments of the electronic device are merely illustrative, and units illustrated as separate components may or may not be physically separate, and components displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods of the various embodiments or some parts of the embodiments.
Finally, the method of the present application is only a preferred embodiment and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (8)

1. A SCADA system information security risk assessment method is characterized by comprising the following steps:
combining each vulnerability factor and each threat factor according to the causal relationship between each vulnerability factor and each threat factor in the SCADA system to be evaluated to obtain a threat-vulnerability combination;
combining each threat-vulnerability combination and each asset factor according to the corresponding relationship between each threat-vulnerability combination and each asset factor in the SCADA system to be evaluated to obtain each risk scene;
acquiring a risk evaluation result of each risk scene according to a first influence degree of a vulnerability factor on a vulnerability risk index of the SCADA system to be evaluated, a second influence degree of a threat factor on the threat risk index of the SCADA system to be evaluated and a third influence degree of an asset factor on the asset risk index of the SCADA system to be evaluated in each risk scene;
the method comprises the following steps of obtaining a risk assessment result of each risk scene according to a first influence degree of a vulnerability factor on a vulnerability risk index of the SCADA system to be assessed, a second influence degree of a threat factor on a threat risk index of the SCADA system to be assessed and a third influence degree of an asset factor on an asset risk index of the SCADA system to be assessed in each risk scene, wherein the steps of obtaining the risk assessment result of each risk scene further comprise the following steps:
according to each vulnerability factor and each threat factor in the SCADA system to be evaluated, constructing a first hierarchical structure model of the vulnerability risk index and a second hierarchical structure model of the threat risk index of the SCADA system to be evaluated based on an analytic hierarchy process;
acquiring a first influence degree of a vulnerability factor in each risk scene on the vulnerability risk index according to the first hierarchical structure model, and acquiring a second influence degree of a threat factor in each risk scene on the threat risk index according to the second hierarchical structure model;
the step of obtaining a first influence degree of the vulnerability factor in each risk scene on the vulnerability risk index according to the first hierarchical structure model specifically includes:
acquiring a judgment matrix of a first target layer by a first criterion layer according to preset importance degrees of various vulnerability disclosure possibilities in the first criterion layer of the first hierarchical structure model, and acquiring influence degrees of various vulnerability disclosure possibilities on vulnerability risk indexes in the first target layer of the first hierarchical structure model according to the judgment matrix of the first criterion layer on the first target layer;
acquiring a judgment matrix of a first scheme layer to a first criterion layer according to a preset importance degree of each vulnerability factor in the first scheme layer of the first hierarchical structure model, and acquiring the influence degree of each vulnerability factor on each vulnerability exposure possibility according to the judgment matrix of the first scheme layer to the first criterion layer;
and acquiring the influence degree of the vulnerability factors in each risk scene on the vulnerability risk index according to the influence degree of each vulnerability factor on each vulnerability disclosure possibility and the influence degree of each vulnerability disclosure possibility on the vulnerability risk index.
2. The method according to claim 1, wherein the step of obtaining a second degree of influence of the threat factors in each of the risk scenarios on the threat risk indicator according to the second hierarchical structure model specifically includes:
acquiring a judgment matrix of a second criterion layer to a second target layer according to preset importance degrees of various threat implementation possibilities in the second criterion layer of the second hierarchical structure model, and acquiring influence degrees of various threat implementation possibilities on threat risk indexes in the second target layer of the second hierarchical structure model according to the judgment matrix of the second criterion layer to the second target layer;
acquiring a judgment matrix of a second scheme layer to a second criterion layer according to the preset importance degree of each threat factor in the second scheme layer of the second hierarchical structure model, and acquiring the influence degree of each threat factor on the implementation possibility of each threat according to the judgment matrix of the second scheme layer to the second criterion layer;
and acquiring a second influence degree of the threat factors in each risk scene on the threat risk indicator according to the influence degree of each threat factor on various threat implementation possibilities and the influence degree of each threat implementation possibility on the threat risk indicator.
3. The method according to claim 1, wherein the step of obtaining the judgment matrix of the first criterion layer for the first target layer according to the preset importance of the vulnerability disclosure possibility in the first criterion layer of the first hierarchical structure model specifically comprises:
and comparing preset importance degrees of any two vulnerability disclosure possibilities in the first criterion layer based on a 1-9 scaling method, and constructing a judgment matrix of the first criterion layer to the first target layer.
4. The method according to claim 1, wherein the influence degree of each vulnerability disclosure possibility on the vulnerability risk indicator in the first target layer of the first hierarchical structure model is obtained according to the judgment matrix of the first criterion layer to the first target layer by the following formula:
CBKw=λw;
wherein, CBKA judgment matrix of the first criterion layer to the first target layer is defined, wherein lambda is a characteristic root, and w is a characteristic vector;
when C is presentBKWhen the consistency exists, taking w corresponding to lambda as the influence degree of various vulnerability disclosure possibilities on vulnerability risk indexes in a first target layer of the first hierarchical structure model;
when C is presentBKAnd if the consistency is not available, taking w corresponding to the maximum lambda as the influence degree of various vulnerability disclosure possibilities on the vulnerability risk index in the first target layer of the first hierarchical structure model.
5. The method according to any one of claims 1 to 4, wherein the step of obtaining the risk assessment result of each risk scenario further includes, before the step of obtaining the risk assessment result of each risk scenario, a step of:
and taking the economic loss caused by damage of each asset factor in the SCADA system to be evaluated as a third influence degree of each asset factor on the asset risk index of the SCADA system to be evaluated.
6. An SCADA system information security risk assessment system, comprising:
the first combination module is used for combining each vulnerability factor and each threat factor according to the causal relationship between each vulnerability factor and each threat factor in the SCADA system to be evaluated to obtain a threat-vulnerability combination;
the second combination module is used for combining each threat-vulnerability combination and each asset factor according to the corresponding relation between each threat-vulnerability combination and each asset factor in the SCADA system to be evaluated to obtain each risk scene;
the evaluation module is used for acquiring a risk evaluation result of each risk scene according to a first influence degree of the vulnerability factor on the vulnerability risk index of the SCADA system to be evaluated, a second influence degree of the threat factor on the threat risk index of the SCADA system to be evaluated and a third influence degree of the asset factor on the asset risk index of the SCADA system to be evaluated in each risk scene;
the system comprises a SCADA system to be evaluated, a first quantification module, a second quantification module and a third quantification module, wherein the first quantification module is used for constructing a first hierarchical structure model of a vulnerability risk index and a second hierarchical structure model of a threat risk index of the SCADA system to be evaluated based on an analytic hierarchy process according to each vulnerability factor and each threat factor in the SCADA system to be evaluated;
acquiring a first influence degree of the vulnerability factors in each risk scene on the vulnerability risk indexes according to the first hierarchical structure model, and acquiring a second influence degree of the threat factors in each risk scene on the threat risk indexes according to the second hierarchical structure model;
wherein the first quantization module is specifically configured to:
acquiring a judgment matrix of a first criterion layer to a first target layer according to preset importance degrees of various vulnerability disclosure possibilities in a first criterion layer of the first hierarchical structure model, and acquiring influence degrees of various vulnerability disclosure possibilities on vulnerability risk indexes in the first target layer of the first hierarchical structure model according to the judgment matrix of the first criterion layer to the first target layer;
acquiring a judgment matrix of a first scheme layer to a first criterion layer according to the preset importance degree of each vulnerability factor in the first scheme layer of the first hierarchical structure model, and acquiring the influence degree of each vulnerability factor on various vulnerability exposure possibilities according to the judgment matrix of the first scheme layer to the first criterion layer;
and acquiring the influence degree of the vulnerability factors in each risk scene on the vulnerability risk indexes according to the influence degree of each vulnerability factor on various vulnerability disclosure possibilities and the influence degree of each vulnerability disclosure possibility on the vulnerability risk indexes.
7. An electronic device, comprising:
at least one processor, at least one memory, and a bus; wherein the content of the first and second substances,
the processor and the memory complete mutual communication through the bus;
the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of any of claims 1 to 5.
8. A non-transitory computer-readable storage medium storing computer instructions that cause a computer to perform the method of any one of claims 1 to 5.
CN201810644006.0A 2018-06-21 2018-06-21 SCADA system information security risk assessment method and system Active CN108833416B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810644006.0A CN108833416B (en) 2018-06-21 2018-06-21 SCADA system information security risk assessment method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810644006.0A CN108833416B (en) 2018-06-21 2018-06-21 SCADA system information security risk assessment method and system

Publications (2)

Publication Number Publication Date
CN108833416A CN108833416A (en) 2018-11-16
CN108833416B true CN108833416B (en) 2020-12-15

Family

ID=64141836

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810644006.0A Active CN108833416B (en) 2018-06-21 2018-06-21 SCADA system information security risk assessment method and system

Country Status (1)

Country Link
CN (1) CN108833416B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109840688A (en) * 2018-12-28 2019-06-04 全球能源互联网研究院有限公司 A kind of electric power mobile terminal security appraisal procedure and device
CN112257216B (en) * 2019-07-05 2024-03-08 中国石油化工股份有限公司 Method and device for evaluating failure probability of pipeline of oil delivery station
CN111444514B (en) * 2020-03-19 2023-04-07 腾讯科技(深圳)有限公司 Information security risk assessment method and device, equipment and storage medium
CN111507597A (en) * 2020-04-10 2020-08-07 南京源堡科技研究院有限公司 Network information security risk assessment model and method
CN111552973B (en) * 2020-06-02 2023-10-20 奇安信科技集团股份有限公司 Method and device for risk assessment of equipment, electronic equipment and medium
CN111723377B (en) * 2020-06-17 2023-02-07 中国电子信息产业集团有限公司第六研究所 Platform vulnerability assessment method and device, electronic equipment and storage medium
CN112232623A (en) * 2020-09-04 2021-01-15 浙江大华技术股份有限公司 Risk assessment method and related device
CN112291239B (en) * 2020-10-29 2021-09-07 东北大学 Network physical model facing SCADA system and intrusion detection method thereof
CN113065195B (en) * 2021-04-02 2023-04-14 中国第一汽车股份有限公司 Vehicle information security threat assessment method, device, medium and electronic equipment
CN113434866B (en) * 2021-06-30 2022-05-20 华中科技大学 Unified risk quantitative evaluation method for instrument function safety and information safety strategies
CN113660227B (en) * 2021-07-30 2022-11-29 北京天融信网络安全技术有限公司 Quantitative calculation method and device for network security vulnerability assessment
CN116094747B (en) * 2022-11-18 2023-10-20 北京卓识网安技术股份有限公司 Factorization-based risk assessment method and system
CN116405287B (en) * 2023-04-06 2023-12-26 浙江国利信安科技有限公司 Industrial control system network security assessment method, equipment and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436967A (en) * 2008-12-23 2009-05-20 北京邮电大学 Method and system for evaluating network safety situation
CN103400027A (en) * 2013-07-09 2013-11-20 贵州大学 Risk assessment algorithm for information system
CN106960269A (en) * 2017-02-24 2017-07-18 浙江鹏信信息科技股份有限公司 Safe emergence treating method and system based on analytic hierarchy process (AHP)
CN107491694A (en) * 2017-08-29 2017-12-19 西南交通大学 Method for quantitative evaluation SCADA system information security fragility

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140137257A1 (en) * 2012-11-12 2014-05-15 Board Of Regents, The University Of Texas System System, Method and Apparatus for Assessing a Risk of One or More Assets Within an Operational Technology Infrastructure

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436967A (en) * 2008-12-23 2009-05-20 北京邮电大学 Method and system for evaluating network safety situation
CN103400027A (en) * 2013-07-09 2013-11-20 贵州大学 Risk assessment algorithm for information system
CN106960269A (en) * 2017-02-24 2017-07-18 浙江鹏信信息科技股份有限公司 Safe emergence treating method and system based on analytic hierarchy process (AHP)
CN107491694A (en) * 2017-08-29 2017-12-19 西南交通大学 Method for quantitative evaluation SCADA system information security fragility

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
企业信息安全风险自评估模型研究;黄国忠;《中国优秀硕士学位论文全文数据库》;20090715;全文 *
基于AHP的应急平台信息安全风险评估;张永妹等;《北京师范大学学报(自然科学版)》;20090815;第363-366页 *

Also Published As

Publication number Publication date
CN108833416A (en) 2018-11-16

Similar Documents

Publication Publication Date Title
CN108833416B (en) SCADA system information security risk assessment method and system
CN109922069B (en) Multidimensional association analysis method and system for advanced persistent threats
CN105516130B (en) Data processing method and device
CN111444514B (en) Information security risk assessment method and device, equipment and storage medium
CN108881110B (en) Security situation assessment and defense strategy combined decision method and system
TW201629824A (en) Anomaly detection using adaptive behavioral profiles
Yang et al. A new cyber security risk evaluation method for oil and gas SCADA based on factor state space
CN108108624B (en) Product and service-based information security quality assessment method and device
CN113326508A (en) Method and device for evaluating platform security risk
Żebrowski et al. A Bayesian framework for the analysis and optimal mitigation of cyber threats to cyber‐physical systems
CN115713095A (en) Natural gas pipeline abnormity detection method and system based on hybrid deep neural network
CN115987544A (en) Network security threat prediction method and system based on threat intelligence
CN105262719A (en) Credit evaluation method of user behavior in Web environment
KR20040104853A (en) Risk analysis system for information assets
Wei Application of Bayesian algorithm in risk quantification for network security
Kim et al. Prediction on the Distributions of the Strength and Toughness of Thick Steel Plates Based on Bayesian Neural Network
CN114039837B (en) Alarm data processing method, device, system, equipment and storage medium
Krundyshev Neural network approach to assessing cybersecurity risks in large-scale dynamic networks
Kuzmina et al. Building an Attack Tree for Analysis of Information Security Risks
Kiran et al. A Critical study of information security risk assessment using fuzzy and entropy methodologies
CN114124526B (en) Threat complexity analysis method combining multi-level and entropy weight method
Azarov et al. Randomized General Indices for Evaluating Damage through Malefactor Social Engineering Attacks
Qi et al. A combined prediction method of industrial internet security situation based on time series
Normatov et al. Application of intellectual analysis to protect information in corporate systems
Ye et al. A Hybrid Model of RST and DST with its Application in Intrusion Detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant