Quantitative Evaluation Method for Industrial Control System Vulnerability Based on Improved Expert Elicitation and Fuzzy Set Method

Autor: Wenli Shang, Tianyu Gong, Jing Hou, Jiayue Lu, Zhong Cao
Jazyk: angličtina
Rok vydání: 2023
Předmět:
Zdroj: IEEE Access, Vol 11, Pp 101007-101019 (2023)
Druh dokumentu: article
ISSN: 2169-3536
DOI: 10.1109/ACCESS.2023.3314629
Popis: For the problems of scientificity and reliability of vulnerability quantitative assessment method based on attack tree model, we propose an improved expert decision method based on attack tree model to improve the reliability of expert decision aggregation and solve the problem of insufficient evaluation data for the vulnerability quantitative evaluation method. Firstly, based on the expert decision aggregation method, the concept of deviation degree is proposed, and the maximum deviation degree method is innovatively proposed to screen fuzzy evaluations of experts. Then the deviation degree is taken as one of the influencing factors of fuzzy evaluations aggregation, and the expert fuzzy evaluations are aggregated to solve the problem of insufficient evaluation data. Finally, the improved expert decision aggregation method is combined with the vulnerability quantitative evaluation method based on the attack tree model to quantify the leaf nodes, security events, and attack sequence events. Using the ship industry control system as an illustration, we analyze and evaluate the feasibility and scientific validity of the proposed method. This analysis effectively enhances the reliability of the expert’s fuzzy evaluation summary, solves the problem of insufficient evaluation data, and provides an important basis for the information security protection of the industrial control system.
Databáze: Directory of Open Access Journals