| Summary: | In view of problems that existing intrusion detection algorithms for industrial control system(ICS) of coal mine enterprise failed to consider impact of defense factors and complexity of implementation, from two aspects of attack process and defense system, an intrusion detection algorithm for ICS of coal mine enterprise based on attack—defense tree model was proposed. Firstly, probability of attack leaf node being attacked is obtained by quantifying attack attribute of the attack leaf node and constructing index system, then intrusion success rate of attack path can be obtained, and intrusion probability of the attack path is obtained by combining the intrusion success rate and intrusion return rate of the attack path. Then, intrusion alarm rate based on false negative rate and false positive rate is introduced to obtain passive defense probability. Active defense probability is obtained through bug discovery rate and bug repair rate. Finally, final intrusion probability of the attack path is obtained according to the intrusion probability of the attack path, the passive defense probability and the active defense probability. The example results show that the algorithm can effectively detect ICS intrusion probability of coal mine enterprise with higher accuracy of intrusion detection.
|
|---|