摘要
石油化工行业上下游产业链应用复杂,装置设备规模大,核心资产如果遭到破坏将严重影响生产安全,造成重大损失。为实现快速识别网络安全风险并决策,针对当前攻击图模型较少考虑网络环境动态变化和资产价值的问题,提出了一种动态攻击图概率计算模型。通过计算原子攻击相对于观测事件的后验概率,拟合脆弱性风险随时间变化的衰减函数,结合攻击图中属性节点的资产价值,动态计算攻击图中的最大累积概率路径和最大风险点。结果表明,所提动态攻击图评估技术更具有合理性和时效性,对制定网络安全策略和实施防护措施具有重要意义。
The upstream and downstream industrial chain of the petrochemical industry is characterized by complex applications and large-scale devices,and if the core assets are damaged,it will seriously affect production safety and cause significant losses.In order to quickly recognize network security risks and make decisions,this paper proposes a dynamic attack graph probability computation model for the problem that current attack graph models less consider the dynamic changes of the network environment and the value of assets.By calculating the a posterior probability of atomic attack relative to the observed event,fitting changes of vulnerability risk over time,and considering the asset values of the attribute nodes in the attack graph,the paper dynamically calculates the maximum cumulative probability paths and maximum risk points in the attack graph.Experimental results indicate that the proposed method is more reasonable and effective,and has important value for developing network security strategies and implementing protective measures.
作者
韩百然
刘雷刚
郭长杰
高翔
HAN Bairan;LIU Leigang;GUO Changjie;GAO Xiang(China Petroleum Planning and Engineering Institute,Beijing 100083,China)
出处
《通信技术》
2025年第1期99-106,共8页
Communications Technology
关键词
风险评估
网络安全度量
网络安全运营
脆弱性
risk assessment
network security measurement
network security operation
vulnerability
