Multi-dimensional attribute analysis of industrial control system vulnerability

Computer Engineering & Science ›› 2023, Vol. 45 ›› Issue (02): 261-268.

• Computer Network and Znformation Security • Previous Articles Next Articles

Multi-dimensional attribute analysis of industrial control system vulnerability

LI Tong-tong1,3,WANG Shi-rui2,ZHANG Yao-fang1,3，WANG Bai-ling1,3,WANG Zi-bo1,3,LIU Hong-ri1,4

(1.School of Computer Science and Technology,Harbin Institute of Technology(Weihai),Weihai 264209;
2.China Industrial Control Systems Cyber Emergency Response Team,Beijing 100040;
3.School of Cyberspace Science,Harbin Institute of Technology,Harbin 150001;
4.Weihai Cyberguard Technologies Co.,Ltd.,Weihai 264209,China)

Received:2022-03-01 Revised:2022-09-02 Accepted:2023-02-25 Online:2023-02-25 Published:2023-02-15

Abstract

Abstract: In order to solve the problem that the industrial control system vulnerability risk assessment is simple and not closely related to the industrial control environment, a multi-dimensional attri- bute analysis method of industrial control system vulnerability is proposed. Firstly, a template for discriminating vulnerability attack effectiveness and risk category attributes is established, and multi- dimensional evaluation indicators for the degree of risk vulnerability are defined. Secondly, an automat- ed prediction model of risk level based on ernieCat is proposed, which uses the fusion features of vulnerability text descriptions and the intrinsic evaluation attributes of vulnerabilities to predict the seriousness level, hazard level and exploitability level of industrial vulnerabilities. Besides, this paper combines device-level critical information of industrial control system with vulnerability-level risk situations, and establishes multi-dimensional quantitative evaluation indicators to quantitatively assess the risk hazard level for industrial control system vulnerabilities. Experimental results show that the ernieCat model is superior for predicting vulnerability risk level.

Key words: industrial control system vulnerability, discrimination of attribute, ERNIE model, risk assessment metrics, quantitative assessment

LI Tong-tong, WANG Shi-rui, ZHANG Yao-fang, WANG Bai-ling, WANG Zi-bo, LIU Hong-ri, . Multi-dimensional attribute analysis of industrial control system vulnerability[J]. Computer Engineering & Science, 2023, 45(02): 261-268.

Multi-dimensional attribute analysis of industrial control system vulnerability

PDF

Knowledge

Abstract

Cite this article

share this article

Related Articles 0

Recommended Articles

Metrics

Comments