TY - JOUR
AU - Huijuan Guo
AU - Lei Ding
AU - Wenchao Xu
AB - With the increasing deployment of network technologies in industrial control systems (ICSs), cybersecurity has become a challenge in ICSs. Cybersecurity risk assessment (CRA) plays an important role in cybersecurity protection of ICSs. However, the weights of risk indices are constants in traditional CRA methods, and they do not fully consider the requirements of risk identification. In this paper, we define a novel order-α divergence measure for interval-valued intuitionistic fuzzy numbers (IVIFNs) and further develop a novel CRA approach for ICSs based on the proposed divergence measure under an interval-valued intuitionistic fuzzy environment to contribute to the research gap. First, an order-α divergence measure for IVIFNs is defined considering flexibility and robustness of divergence measures with the parameter. Next, a variable weight-based CRA approach for ICSs is developed. In this approach, IVIFNs are adopted to describe evaluation values of risk indices. The weights of risk indices are variable weight vectors and they are determined by the relative divergence closeness. Integration approaches of each node and each attack path in attack-defense trees (ADTs) are proposed based on the operations of IVIFNs, and risk scores of each attack path are calculated by using the score function. Finally, we apply the proposed method to the CRA of a civil aviation fuel supply automatic control system and verify its effectiveness and advantages by comparing it with other methods. This method can dynamically adjust the weights of risk indices considering the relationship between each risk index and the highest risk, and therefore, it can more effectively recognize the highest risk of ICSs than the traditional CRA method. In addition, it can also match the risk attitude of decision-makers by adjusting the parameter α.  © 2013 IEEE.
BT - Institute of Electrical and Electronics Engineers (IEEE)
DA - 2022
DO - 10.1109/ACCESS.2022.3169133
N1 - In this paper, we de ne an order- divergence measure for IVIFNs and develop a novel CRA method for ICSs under an interval-valued intuitionistic fuzzy environment. Finally, we apply the proposed method to the CRA of a civil aviation fuel supply automatic control system, verify its effectiveness and demonstrate its advantages. In summary, our research has three main contributions: 1. We define an order- divergence measure for IVIFNs, which can make up for the gap that there is no divergence measure with the parameter for IVIFNs. 2.We expand IVIFS to the CRA of ICSs and formulate integration approaches of all nodes and attack paths with IVIFNs in the ADT model. 3.We propose a novel CRA method for ICSs. In our method, we regard the weights of risk indices as variable weight vectors and develop a new technology to determine the weights of risk indices based on the proposed divergence measure. The proposed method can effectively avoid irrationality in the results of risk assessment compared with traditional CRA methods. However, the proposed method also has its limitations: 1. It is only applicable to CRA problems in which evaluation values are expressed in the form of IVIFS. 2. The risk indices are regarded as independent without considering their mutual interaction in the integration process of leaf nodes. In future research, we are committed to the following two aspects: 1. We will extend other fuzzy sets to the CRA of ICSs, for instance, interval-valued q-rung orthopair fuzzy sets. 2. We will advance some novel CRA methods for ICSs considering the interactions among risk indices.
N2 - With the increasing deployment of network technologies in industrial control systems (ICSs), cybersecurity has become a challenge in ICSs. Cybersecurity risk assessment (CRA) plays an important role in cybersecurity protection of ICSs. However, the weights of risk indices are constants in traditional CRA methods, and they do not fully consider the requirements of risk identification. In this paper, we define a novel order-α divergence measure for interval-valued intuitionistic fuzzy numbers (IVIFNs) and further develop a novel CRA approach for ICSs based on the proposed divergence measure under an interval-valued intuitionistic fuzzy environment to contribute to the research gap. First, an order-α divergence measure for IVIFNs is defined considering flexibility and robustness of divergence measures with the parameter. Next, a variable weight-based CRA approach for ICSs is developed. In this approach, IVIFNs are adopted to describe evaluation values of risk indices. The weights of risk indices are variable weight vectors and they are determined by the relative divergence closeness. Integration approaches of each node and each attack path in attack-defense trees (ADTs) are proposed based on the operations of IVIFNs, and risk scores of each attack path are calculated by using the score function. Finally, we apply the proposed method to the CRA of a civil aviation fuel supply automatic control system and verify its effectiveness and advantages by comparing it with other methods. This method can dynamically adjust the weights of risk indices considering the relationship between each risk index and the highest risk, and therefore, it can more effectively recognize the highest risk of ICSs than the traditional CRA method. In addition, it can also match the risk attitude of decision-makers by adjusting the parameter α.  © 2013 IEEE.
PY - 2022
T2 - Institute of Electrical and Electronics Engineers (IEEE)
TI - Cybersecurity Risk Assessment of Industrial Control Systems Based on Order-α Divergence Measures Under an Interval-Valued Intuitionistic Fuzzy Environment
UR - https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9761209
SN - 2169-3536
ER -