现有的网络安全态势评估方法没有考虑到工业控制系统(industrial control system,ICS)网络安全需求的特殊性,无法实现准确的评估.此外,ICS传输大量异构数据,容易受到网络攻击,现有的分类方法无法有效处理多类别不平衡数据.针对该问题,本文首先分析了工控系统的特点,提出了基于层次分析法的工控系统安全态势量化评估方法,该方法可以更准确地反映ICS网络安全状况;然后针对多攻击类型数据不平衡问题,提出了平均欠过采样方法,以平衡数据并且不会导致数据量过大;最后基于极限梯度提升(extreme gradient boosting,XGBoost)算法构建了 ICS网络态势评估分类器,实验表明,本文设计的分类模型相较于传统分类算法支持向量机、K近邻以及随机森林可以实现更好的精度.
Network situation assessment on industrial control system based on analytic hierarchy process
Existing network security situation assessment methods do not take into account the particularity of industrial control system(ICS)network security requirements,and they cannot achieve accurate assessment.In addition,ICS transmits a large amount of heterogeneous data,which is vulnerable to network attacks,and the existing classification methods cannot effectively deal with multi-class unbalanced data.To address this problem,this paper first analyzes the characteristics of industrial control systems and proposes a quantitative assessment method for in-dustrial control system security posture based on analytic hierarchy process,which can more ac-curately represent the ICS network security status;it proposes an average under-over sampling method for the problem of data imbalance of multiple attack types,which balances the data and does not lead to excessive data volume;finally,based on the extreme gradient boosting(XG-Boost)it is used to construct a classifier for ICS network situational assessment,with experi-ments showing that the classification model designed in this paper can achieve better accuracy than the traditional classification algorithms of support vector machine,K-nearest neighbor and random forest.
国家科技期刊平台
NSTL
万方数据
