Journal of Computer Applications ›› 2019, Vol. 39 ›› Issue (6): 1735-1741.DOI: 10.11772/j.issn.1001-9081.2018122601

• Cyber security • Previous Articles     Next Articles

Risk analysis of cyber-physical system based on dynamic fault trees

XU Bingfeng1, ZHONG Zhicheng1, HE Gaofeng2   

  1. 1. College of Information Science and Technology, Nanjing Forestry University, Nanjing Jiangsu 210037, China;
    2. College of Internet of Things, Nanjing University of Posts and Telecommunications, Nanjing Jiangsu 210003, China
  • Received:2018-12-20 Revised:2019-02-13 Online:2019-06-17 Published:2019-06-10
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61802192, 61702282), the Natural Science Research Project of Universities of Jiangsu Province (18KJB520024, 17KJB520023), the Youth Innovation Foundation of Nanjing Forestry University (CX2016026, GXL016), the Startup Foundation of Nanjing University of Posts and Telecommunications (NY217143), the Undergraduate Innovation Training Program of Nanjing Forestry University (2018NFUSPITP475, 2018NFUSPITP457).


徐丙凤1, 钟志成1, 何高峰2   

  1. 1. 南京林业大学 信息科学技术学院, 南京 210037;
    2. 南京邮电大学 物联网学院, 南京 210003
  • 通讯作者: 何高峰
  • 作者简介:徐丙凤(1986-),女,安徽安庆人,讲师,博士,CCF会员,主要研究方向:信息物理融合系统安全、软件工程;钟志成(1998-),男,江苏东台人,主要研究方向:信息物理融合系统安全;何高峰(1984-),男,安徽安庆人,讲师,博士,CCF会员,主要研究方向:网络安全、信息物理融合系统安全。
  • 基金资助:

Abstract: In order to solve the problem that network security attacks against the Cyber-Physical System (CPS) will cause a system failure, a CPS risk modeling and analysis method based on dynamic fault tree was proposed. Firstly, the integrated modeling was performed to dynamic fault tree and dynamic attack tree to build the Attack-Dynamic Fault Trees (Attack-DFTs) model. Then, the formal models of static subtree and dynamic subtree in Attack-DFTs were given by binary decision graph and input-out Markov chain respectively. On this basis, the qualitative analysis method of Attack-DFTs was given to analyze the basic event path of the system failure caused by network security attacks. Finally, the effectiveness of the proposed method was verified by the typical case study of a pollution system. The case analysis results show that, the proposed method can analyze the event sequence of system failure caused by network security attack in CPS, and effectively realize the formal safety assessment of CPS.

Key words: Cyber-Physical System (CPS), dynamic fault tree, attack tree, risk analysis, binary decision diagram

摘要: 针对信息物理融合系统(CPS)中的网络安全攻击会导致系统失效的问题,提出一种基于动态故障树的CPS风险建模及分析方法。首先,对动态故障树和攻击树集成建模,构建攻击-动态故障树(Attack-DFTs)模型;然后,分别采用二元决策图和输入输出马尔可夫链给出攻击-动态故障树中的静态子树和动态子树的形式化模型,并在此基础上给出攻击-动态故障树的定性分析方法,即分析网络安全攻击导致系统失效的基本事件路径;最后,通过一个典型的排污系统应用实例对方法的有效性进行验证。案例分析结果表明,所提方法能够分析CPS中由于网络安全攻击导致系统失效的事件序列,有效实现了CPS的综合安全评估。

关键词: 信息物理融合系统, 动态故障树, 攻击树, 风险分析, 二元决策图

CLC Number: