基于攻防博弈的SCADA系统信息安全评估方法

信息安全评估是保障SCADA系统正常工作的基础性工作。现有各类评估方法都未考虑攻击者与防御者双方之间的相互影响及经济效益。为了解决这一问题,提出了一种基于攻击防御树和博弈论的评估方法。该方法以攻击防御树为基础,计算攻击者和防御者各自的期望收益函数,并建立系统的攻防博弈模型,求解该完全信息静态博弈模型的混合策略纳什均衡,得到攻防双方的策略选择概率分布结果。针对一个SCADA系统主从站的信息攻防实例进行计算分析,说明了该方法的具体应用。评估结果表明,该方法合理可行,能够帮助风险管理者评估现有系统信息安全防御措施的投资效益,有针对性地重点部署防御措施,实现收益最大化。

Cyber security assessment for SCADA systems based on attack defense game model

SCADA system cyber security assessment is an important basic work to ensure the reliable work of the system. Existing evaluation methods do not take the mutual influence between the attacker and the defender and the economic effect into account. In order to solve this problem, we propose an assessment method based on attack defense tree and game theory. Based on the attack defense tree, this method calculates the expected payoff function of the attacker and the defender, and establishes the system's attack and defense game model. The mixed strategy Nash equilibrium of the complete information static game model is solved, and the probability distribution of the attack and defense strategy is obtained. We describe the application of the method in a case study. The evaluation results show that the method is reasonable and feasible, which can help risk managers to evaluate the investment benefit of the existing system information security and defense measures. So they can deploy the defensive measures focusing on some particular attack events to achieve maximum return of investment.