煤矿企业工业控制系统入侵检测算法

Intrusion detection algorithm for industrial control system of coal mine enterprise

  • 摘要: 针对现有煤矿企业工业控制系统入侵检测算法未考虑防御因素影响、实现复杂等问题,从攻击进程和防御体系2个方面,提出了一种基于攻防树模型的煤矿企业工业控制系统入侵检测算法。首先,通过对攻击叶节点的攻击属性进行量化并构建指标体系得到攻击叶节点被攻击概率,进而得出攻击路径的入侵成功率,并结合攻击路径的入侵回报率得到攻击路径的入侵概率;然后,引入基于漏报率和误报率的入侵报警率,得到被动防御概率,通过漏洞发现率和漏洞修复率得到主动防御概率;最后,根据攻击路径的入侵概率、被动防御概率和主动防御概率,得出攻击路径最终入侵概率。实例结果表明,该算法能有效检测煤矿企业工业控制系统入侵概率,提高入侵检测的准确性。

     

    Abstract: In view of problems that existing intrusion detection algorithms for industrial control system(ICS) of coal mine enterprise failed to consider impact of defense factors and complexity of implementation, from two aspects of attack process and defense system, an intrusion detection algorithm for ICS of coal mine enterprise based on attack—defense tree model was proposed. Firstly, probability of attack leaf node being attacked is obtained by quantifying attack attribute of the attack leaf node and constructing index system, then intrusion success rate of attack path can be obtained, and intrusion probability of the attack path is obtained by combining the intrusion success rate and intrusion return rate of the attack path. Then, intrusion alarm rate based on false negative rate and false positive rate is introduced to obtain passive defense probability. Active defense probability is obtained through bug discovery rate and bug repair rate. Finally, final intrusion probability of the attack path is obtained according to the intrusion probability of the attack path, the passive defense probability and the active defense probability. The example results show that the algorithm can effectively detect ICS intrusion probability of coal mine enterprise with higher accuracy of intrusion detection.

     

/

返回文章
返回