Research On ICS Information Security Situation Assessment Algorithm

With the rapid development of informationization and intelligence,the Industrial Control System(ICS)has gradually changed from the original closed isolation to the open interconnection.The information security problem is a problem that such enterprises are often ignored,and once a security incident breaks out,that it often causes huge economic losses.Therefore,the research on ICS information security has become a problem that must be solved in the operation of enterprise information systems.It is related to national security and social stability,and is highly valued by governments,enterprises and individuals.The ICS information security situation assessment is the premise and basis for ensuring the safe operation of ICS.However,the current ICS information security situation assessment algorithm is inefficient and the evaluation results are not accurate enough.Therefore,it is of great significance to study the ICS information security situation assessment algorithm.Based on a large number of researches on the status quo of development at home and abroad,the paper analyzes the data collected in the ICS by using the Artificial filling method and maximum and minimum standardization method to pre-process the existing data,which saves the situation evaluation time;combined with the ICS security event's own attributes The expert experience and Delphi method were used to extract and quantify the situation indicators,and the index system of situation assessment was constructed.For the problem of finite and diversity of ICS data,the SVM algorithm was applied for the first time to analyze the ICS information security events.Compared with the traditional Drool inference engine algorithm,an improved algorithm based on the attack and defense tree model is proposed for the information security attack and defense.It is compared with the attack tree model and the traditional attack and defense tree model algorithm,and the situation of ICS information security situation is carried out.Evaluation.Finally,the simulation verification is carried out in combination with specific cases.The experimental simulation proves that the SVM algorithm makes the event correlation analysis accuracy 10% higher than the Drool inference engine algorithm.The proposed attack and defense tree model algorithm not only solves the attack process but only considers the attack success rate without considering the attack return rate.Theproblem is also improved by the traditional defense system and the passive defense algorithm.The attack and defense tree model in this paper,compared with the attack tree model and the traditional attack and defense tree model,the ICS information security situation assessment algorithm not only shows the actual situation of the ICS attack and defense more clearly,but also the evaluation result is closer to reality.