云环境下工业信息物理系统现场层安全策略决策方法
CSTR:
作者:
作者单位:

1. 华中科技大学 人工智能与自动化学院,武汉 430070;2. 华中科技大学 网络空间安全学院,武汉 430070

作者简介:

通讯作者:

E-mail: cjiezhou@hust.edu.cn.

中图分类号:

TP273

基金项目:

国家自然科学基金项目(61873103,62127808,61433006).


A security decision-making approach for field layer of cloud-integrated industrial cyber-physical systems
Author:
Affiliation:

1. School of Artificial Intelligence and Automation,Huazhong University of Sicience and Technology,Wuhan 430070,China;2. School of Cyber Science and Engineering,Huazhong University of Sicience and Technology,Wuhan 430070,China

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    云环境下工业信息物理系统架构的转变使得工业现场设备更加暴露于网络攻击下,对工业现场层提出更高的安全需求.随着系统结构愈渐复杂,网络攻击更加智能,系统难以准确获取安全状态,传统的基于状态的安全决策方法将不能实现有效防护,对此提出一种工业信息物理系统现场层安全策略决策方法.首先,根据功能结构划分现场区域,分析潜在的攻击目标、攻击事件与系统防御策略间的关联性,构建攻击防御树;然后,从攻击和防护属性的视角,利用模糊层次分析法量化防御策略收益;接着,结合部分攻击状态构建部分可观的马尔可夫决策过程模型,通过求解模型得到最优安全策略;最后,以简化的田纳西-伊斯曼过程控制系统为对象验证所提出方法能够有效地决策出最优安全策略.

    Abstract:

    The transformation of the cloud-integrated industrial cyber-physical systems' architecture makes industrial field equipment more exposed to the cyber-attacks, which puts forward higher security requirements for the industrial field layer. As the structure becomes more complex and cyber-attacks become more intelligent, it is difficult to accurately obtain the security state, and the traditional state-based security decision-making method will not achieve effective protection. This paper proposes a security decision-making approach for the field layer of industrial cyber-physical systems. First, the field area is divided according to the functional structure, and then the attack defense tree is constructed by analyzing the potential correlation between attack goals, attack events and defense strategies. Then, from the perspective of attack and defense attributes, the fuzzy analytic hierarchy process is used to quantify the payoff of the defense strategy. Combined with part of the attack state to construct the partially observable Markov decision process model, and the optimal security strategy is obtained by solving the model. Finally, a simplified Tennessee-Eastman process control system is used to verify that the proposed method can effectively decide the optimal security stategy.

    参考文献
    相似文献
    引证文献
引用本文

朱美潘,杨健晖,李欣格,等.云环境下工业信息物理系统现场层安全策略决策方法[J].控制与决策,2024,39(1):281-290

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:
  • 最后修改日期:
  • 录用日期:
  • 在线发布日期: 2023-12-14
  • 出版日期: 2024-01-20
文章二维码