Quantitative vulnerability assessment method for industrial control system based on fuzzy attack-defense tree and entropy weight method

System Development & Application

App. Res. of Comp. Printed Article

Vol. 37, 2020 No. 8

2409-2412,2416

Gong Tianyu^1,2,3,4

Shang Wenli^2,3,4,5

Hou Jing¹

Chen Chunyu^2,3,4

Zeng Peng^2,3,4,5

1. Faculty of Information & Control Engineering, Shenyang Jianzhu University, Shenyang 110168, China

2. Shenyang Institute of Automation, Chinese Academy of Sciences, Shenyang 110016, China

3. Institutes for Robotics & Intelligent Manufacturing, Chinese Academy of Sciences, Shenyang 110016, China

4. Key Laboratory of Networked Control Systems, Chinese Academy of Sciences, Shenyang 110016, China

5. University of Chinese Academy of Sciences, Beijing 100049, China

DOI: 10.19734/j.issn.1001-3695.2019.03.0088

Abstract

In order to improve the reliability of the results of vulnerability quantitative assessment, this paper proposed a vulnerability quantitative assessment method for industrial control system based on fuzzy attack and defense tree and entropy weight method. Firstly, it combined the fuzzy set theory with expert evaluation. Then, it gathered multiple experts' fuzzy eva-luation on the same security attributes. To improve the reliability of fuzzy aggregation, it used fuzzy distance to calculate the deviation degree of expert fuzzy evaluation in the process of fuzzy aggregation to improve the reliability of fuzzy aggregation, and used entropy weight method to determine the weight of each safety attribute in the process of leaf node quantization. Finally, it calculated the leaf nodes and the probability of the attack sequence. The case study shows that this method can effectively improve the reliability of evaluation results, and provides an important basis for information security protection of industrial control system.

Key Words

fuzzy attack-defense tree fuzzy aggregation entropy weight method industrial control system quantitative assessment of vulnerability

Foundation Support

国家重点研发计划资助项目(2018YFB2004200)

中国科学院战略性先导科技专项资助项目(XDC02020200)

国家自然科学基金资助项目(61773368)

Publish Information

DOI: 10.19734/j.issn.1001-3695.2019.03.0088

Publish at: Application Research of Computers Printed Article, Vol. 37, 2020 No. 8

Section: System Development & Application

Pages: 2409-2412,2416

Serial Number: 1001-3695(2020)08-035-2409-04

Publish History

[2020-08-05] Printed Article

Cite This Article

巩天宇, 尚文利, 侯静, 等. 基于模糊攻防树和熵权法的工控系统脆弱性量化评估方法 [J]. 计算机应用研究, 2020, 37 (8): 2409-2412,2416. (Gong Tianyu, Shang Wenli, Hou Jing, et al. Quantitative vulnerability assessment method for industrial control system based on fuzzy attack-defense tree and entropy weight method [J]. Application Research of Computers, 2020, 37 (8): 2409-2412,2416. )

Abstract Key Words Foundation Support Publish Information Publish History Cite This Article

About the Journal

Application Research of Computers Monthly Journal
Journal ID ISSN 1001-3695
CN 51-1196/TP

Application Research of Computers, founded in 1984, is an academic journal of computing technology sponsored by Sichuan Institute of Computer Sciences under the Science and Technology Department of Sichuan Province.

Aiming at the urgently needed cutting-edge technology in this discipline, Application Research of Computers reflects the mainstream technology, hot technology and the latest development trend of computer application research at home and abroad in a timely manner. The main contents of the journal include high-level academic papers in this discipline, the latest scientific research results and major application results. The contents of the columns involve new theories of computer discipline, basic computer theory, algorithm theory research, algorithm design and analysis, blockchain technology, system software and software engineering technology, pattern recognition and artificial intelligence, architecture, advanced computing, parallel processing, database technology, computer network and communication technology, information security technology, computer image graphics and its latest hot application technology.

Application Research of Computers has many high-level readers and authors, and its readers are mainly senior and middle-level researchers and engineers engaged in the field of computer science, as well as teachers and students majoring in computer science and related majors in colleges and universities. Over the years, the total citation frequency and Web download rate of Application Research of Computers have been ranked among the top of similar academic journals in this discipline, and the academic papers published are highly popular among the readers for their novelty, academics, foresight, orientation and practicality.

Indexed & Evaluation

The Second National Periodical Award 100 Key Journals
Double Effect Journal of China Journal Formation
the Core Journal of China (Peking University 2023 Edition)
the Core Journal for Science
Chinese Science Citation Database (CSCD) Source Journals
RCCSE Chinese Core Academic Journals
Journal of China Computer Federation
2020-2022 The World Journal Clout Index (WJCI) Report of Scientific and Technological Periodicals
Full-text Source Journal of China Science and Technology Periodicals Database
Source Journal of China Academic Journals Comprehensive Evaluation Database
Source Journals of China Academic Journals (CD-ROM Version), China Journal Network
2017-2019 China Outstanding Academic Journals with International Influence (Natural Science and Engineering Technology)
Source Journal of Top Academic Papers (F5000) Program of China's Excellent Science and Technology Journals
Source Journal of China Engineering Technology Electronic Information Network and Electronic Technology Literature Database
Source Journal of British Science Digest (INSPEC)
Japan Science and Technology Agency (JST) Source Journal
Russian Journal of Abstracts (AJ, VINITI) Source Journals
Full-text Journal of EBSCO, USA
Cambridge Scientific Abstracts (Natural Sciences) (CSA(NS)) core journals
Poland Copernicus Index (IC)
Ulrichsweb (USA)