攻击图与HMM工业控制网络安全风险评估

为了准确评估工业控制系统的网络安全风险，实现工业控制系统的有效防御，提出攻击图与HMM的工业控制系统风险评估方法，根据攻击行为的变化描述网络安全状态。首先建立工业控制网络攻击图模型，将网络攻击转化为网络状态转换问题，引入网络节点关联性（NNC），对工业控制网络节点关联性进行研究，进一步分析网络的安全风险。然后HMM建立网络观测与攻击状态之间的关系，引入CVSS评价系统对工业控制系统的安全状态进行评价。最后，以火电厂集中控制系统为实验背景，进行案例分析。分析结果表明，该方法能够较全面分析工业控制系统的安全隐患，为安全管理人员采取有效的防范措施提供依据。

Security Risk Assessmenton of Attack Graph and HMM Industrial Control Network

In order to evaluate the network security risk of industrial control system and realize the effective defense of industrial control system, a risk assessment method based on attack graph and HMM is proposed to describe the network security status according to the change of attack behavior. Firstly, the industrial control network attack graph model is established, and the network attack is transformed into the network state migration problem. The network node association (NNC) is introduced to study the association of the industrial control network nodes, and further analyze the network security risks. Then the HMM establishes the relationship between network observation and attack state, and introduces the CVSS evaluation system to evaluate the security status of the industrial control system. Finally, a case study is carried out with the centralized control system of thermal power plant as the experimental background. The analysis results show that the method can comprehensively analyze the safety hazards of industrial control systems and provide a basis for safety management personnel to take effective preventive measures.