Research On Risk Assessment Method Of Industrial Control System

Industrial Control System(ICS),as the "core" of the country's key infrastructure,is widely used in a variety of industries such as transportation,electric power,petroleum and petrochemicals.With the full advancement of China Manufacturing 2025,the isolation and closure of ICS has been broken,leaving ICS with more threats from the Internet.In recent years,the cyber attack methods for ICS have become more and more complicated.If an attacker attacks ICS,it will lead to a large-scale embarrassment of the industrial control network,which will have a great impact on the country's politics and economy.Risk assessment is an effective means to ensure the safe and stable operation of ICS.Therefore,this paper studies the safety of ICS from the perspective of risk assessment.The main work is as follows:First of all,this paper sorts out the research status of ICS risk assessment,and clarifies ICS architecture,the difference between ICS and traditional IT(Information Technology)system,and the security features of ICS,and identifies the evaluation factors of ICS.Then,from the perspective of mathematical modeling,an ICS grey risk assessment model based on fuzzy set and information entropy is proposed.The model firstly establishes a risk assessment index system based on the threat types and security objectives of ICS;then introduces fuzzy sets and information entropy to improve the weight calculation method to ensure the objectivity of weight selection;finally,the gray theory is used in risk assessment,and then calculate the risks of the ICS as a whole,the risks of each component,and the different risks faced by the component in terms of availability,integrity and confidentiality.Finally,from the perspective of graphical risk modeling,a risk assessment method based on attack graph is proposed.The method first establishes the ICS attack graph model;then proposes two indicators of vulnerability exploit probability and vulnerability value,and combines ICS defense strength,vulnerability attack patterns and other aspects to give the indicator quantization method;finally,according to the correlation between the vulnerabilities in the attack graph,the actual utilization probability of the vulnerability is calculated,and the risk assessment of ICS is completed from three dimensions: vulnerability risk,component risk and system risk.