中图分类号：TP309 文献标识码：ADOI:10.19358/j.issn.2097-1788.2024.04.001
引用格式：刘子龙，周纯杰，胡晓娅,等.基于贝叶斯攻击图的油气生产物联网系统风险评估［J］.网络安全与数据治理，2024，43（4）：3-11，23.

Risk assessment of oil and gas production IoT system based on Bayesian attack graph

Abstract： Aiming at the dynamic risk assessment of oil and gas production IoT system, a risk assessment model of oil and gas production IoT system based on Bayesian attack graph was proposed. Firstly, through the risk analysis of the system, the intrusion evidence and system vulnerabilities are obtained, combined with the intrusion evidence and the success probability of vulnerability exploitation, the EM algorithm is used to complete the data of the training data and dynamically update the conditional probability parameter table of the Bayesian attack graph, the prior probability can be calculated through the conditional probability table, and the posterior probability of the node is calculated by combining the intrusion evidence, then the risk value of the system is obtained, and the risk value is finally corrected considering the correlation of resource utilization. The simulation results have proved the effectiveness and accuracy of the model.

Key words : Bayesian attack diagram; Bayesian parameter learning; valueatrisk calculation; risk value correction