Advertisement

Cluster Computing

, Volume 22, Supplement 3, pp 5491–5503 | Cite as

A novel intelligent assessment method for SCADA information security risk based on causality analysis

  • Li YangEmail author
  • Xiedong Cao
  • Xinyu Geng
Article
  • 121 Downloads

Abstract

At present, the oil and gas SCADA system is facing severe information security threats, and the information security assessment for the existing SCADA system is an important response measure. In order to solve the problem that the standard of information security assessment of industrial control system are not perfect and the evaluation objects are fuzzy, this study put forward a novel method of oil and gas SCADA security assessment based on causality analysis. Firstly, defense security assessment technology route with pre-defense,post-defense was introduced and the evaluation indexes were mapped to the pre-defense and post-defense factors, and the pre-defense and post-defense scoring tables for oil and gas SCADA system information security were developed, the evaluation factors were formed as causality diagram table; then the factor space theory was used to evaluate and model the information security of oil and gas SCADA system, and the model was formally described. Finally causality analysis evaluation method of fuzzy Mamdani reasoning was adopted to evaluate factors neurons in the proposed model. The results show that the average accuracy of the causality analysis and the decision tree algorithm is 92.06 and 91.45% respectively. The causality analysis method based on factor space has a good effect on SCADA information security assessment. The conclusions of this study can not only be applied to oil and gas SCADA security risk assessment, but also provide a reference for other industry security assessment.

Keywords

Oil and gas SCADA system Decision tree Factor space Fuzzy reasoning Causality Analysis 

References

  1. 1.
    Knapp, Eric D.: Industrial Network Security: securing critical infrastructure networks for smart grid, SCADA and other industrial control system [M]., pp. 30–152. Elsevier Inc, Waltham (2014)Google Scholar
  2. 2.
    Zhao, H.: Research on anomaly detection algorithm for industrial control systems[D]. Autom. Rese. Des. Inst. Metall. Ind., pp. 9–10 (2014)Google Scholar
  3. 3.
    Office of Electricity Delivery and Energy Reliability, US Department of Energy. NSTB fact sheet, national SCADA test bed, enhancing control systems security in the energy sector [Z/OL]. (2012-06-16). http://www.inl.gov/scada/factsheets/d/nstb.pdf
  4. 4.
    US-CERT.ICS-CERT[Z/OL].(2012-06-20). http://www.us-cert.gov/control_system
  5. 5.
    Commission of the European Communities. Communication from the Commissionto the Council and the European Parliament: Critical Infrastructure Protection in the Fight Against Terrorism, COM(2004)702 Final. Commission of the European Communities, Brussels (2004)Google Scholar
  6. 6.
    Commission of the European Communities: Communication from the Commission on a European Programme for Critical Infrastructure Protection, COM(2006) 786 Final. Commission of the European Communities, Brussels (2006)Google Scholar
  7. 7.
    Commission of the European Communities, Communication from the Commission to the European Parliament, the Council: The European Economic and Social Committee and the Committee of the Regions-on Critical Information Infrastructure Protection, COM(2009)149 Final. Commission of the European Communities, Brussels (2009)Google Scholar
  8. 8.
    Commission of the European Communities, Communication from the Commission to the European Parliament, the Council: The European Economic and Social Committee and the Committee of the Regions-A Digital Agenda for Europe, COM(2010)245. Commission of the European Communities, Brussels (2010)Google Scholar
  9. 9.
    The European Network and Information Security Agency (ENISA) Protecting Industrial Control Systems: Recommendations for Europe and Member States. Recommendations for Europe and Member States, Heraklion (2011)Google Scholar
  10. 10.
    Anderson, J.P.: Computer Security Threat Monitoring and Surveillance [R]. Fort Washington, Pennsylvania (1980)Google Scholar
  11. 11.
    Li, Y., Cao, X., Li, J.: A new cyber security risk evaluation method for oil and gas SCADA based on factor state space. Chaos Solitons Fract. 89, 203–209 (2015)Google Scholar
  12. 12.
    Yu, Y., Lin, W.-M.: Study on industrial control SCADA system’s information security protection system. Netinfo Secur. 5, 74–77 (2012)Google Scholar
  13. 13.
    Wu, Y.: SCADA system information security technology. Autom. Panor. 2013(2), 98–100 (2013)Google Scholar
  14. 14.
    Meng, C.J.: Research on Dynamic and Static Risk Assessment for Power Information System. East China University of Science And Technology, Shanghai (2015)Google Scholar
  15. 15.
    Wang, Y.: Study on Theories and Application of Industrial Control System Security Assessment. Chongqing University, Chongqing (2014)Google Scholar
  16. 16.
    Li, hongxing: Factor spaces and mathematical frame of knowledge representation(I)-axiomatic definition of factor spaces and description frames. J. Beijing Norm. Univ 32(4), 470–475 (1996)MathSciNetzbMATHGoogle Scholar
  17. 17.
    Wang, H.-D., Guo, S.-Z.: Feedback extension-enveloping in factor spaces and its improvements. Fuzzy Syst. Math. 29(1), 83–90 (2015)Google Scholar
  18. 18.
    Ling, W., Geng, H., Xie, Y.: Framework for factor description of product performance. J. Comput. Aided Des. Comput. Gr. 15(2), 144–149 (2003)Google Scholar
  19. 19.
    Wang, P.: Factor space and description of concepts. J. Softw. 3(1), 30–40 (1992)Google Scholar
  20. 20.
    Hongxing, L.: Factor spaces and mathematical frame of knowledge representation(XI)-basic concepts of factor spaces canes. Fuzzy Syst. Math. 11(1), 1–9 (1997)Google Scholar
  21. 21.
    Yang, Li, Geng, Xinyu, Cao, X.: A novel knowledge representation model based on factor state space. Opt. Int. J. Light Electron Opt. 127(12), 5141–5147 (2016)CrossRefGoogle Scholar
  22. 22.
    Wang, P., Guo, S., Bao, Y., et al.: Causality analysis in factor space. J. Liaoning Tech. Univ. 33(7), 865–870 (2014)Google Scholar
  23. 23.
    Ganter, B., Wille, R.: Formal Concept Analysis. Springer, Berlin (1999)CrossRefGoogle Scholar
  24. 24.
    Liu, H., Guo, S.: Reasoning model of causality analysis. J. Liaoning Tech. Univ. 34(1), 124–128 (2015)MathSciNetGoogle Scholar
  25. 25.
    Zhang, R., Wang, S., Li, J.: Research on landslide susceptibility based on Mamdani-FIS model. Rock Soil Mech. 35(S2), 437–444 (2014)Google Scholar
  26. 26.
    Bao, Y., Ru, H., Jin, S.: A new algorithm of knowledge mining in factor space. J. Liaoning Tech. Univ. 33(8), 1141–1144 (2014)Google Scholar
  27. 27.
    Yang, J., Zhang, N.N., Jian, L.I., et al.: Research and application of decision tree algorithm [J]. Comput. Technol. Dev. 2, 031 (2010)Google Scholar
  28. 28.
    Kong, Y., Jing, M.: Research of the classification mehtod based on confusion matrixes and ensemble learning. Comput. Eng. Sci. 34(6), 111–117 (2012)Google Scholar
  29. 29.
    Yang, L., Geng, X., Liao, H.: A web sentiment analysis method on fuzzy clustering for mobile social media users. Eurasip J. Wirel. Commun. Netw. 2016(1), 1–13 (2016)CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2017

Authors and Affiliations

  1. 1.School of Computer ScienceSouthwest Petroleum UniversityChengduChina
  2. 2.School of Electrical Engineering and Information Southwest Petroleum UniversityChengduChina

Personalised recommendations