基于攻击树模型的数传电台传输安全性评估

数传电台在数据采集与监视控制系统中广泛应用，其传输安全也受到越来越大的挑战。文章为了系统分析评估数据采集与监视控制系统中数传电台传输的安全性，针对数传电台传输阶段可能存在的风险，采用攻击树建模方法，对传统攻击树进行改进，重新定义了攻击节点，量化了叶子节点的攻击风险，建立了以威胁数据采集与监视控制系统安全为攻击目标的攻击树模型，在攻击树的基础上可以直观地反映各种可能的攻击图景。并根据攻击树计算出了各攻击图景发生的概率，根据多攻击图景考虑系统总的安全性。最后利用安全性灵敏度，定量分析各攻击方式发生概率变化对系统安全性的影响，找出对系统安全性影响较大的关键方式，提出提高系统安全水平的措施。文中攻击树模型可以用于评估系统风险，区分不同攻击方式对系统的不同安全威胁程度，由此为决策者采取相应的数传电台传输保护措施提供依据。

Safety Assessment on Digital Radio Transmission based on Attack Tree Model

Digital radio is widely used in supervisory control and data acquisition system, and the transmission security is increasingly challenged. In order to systematically analyze and assess the digital radio transmission security in supervisory control and data acquisition system, this paper uses attack tree modeling method for the existing risk in the digital radio transmission stage, improves the traditional attack tree, refines attack nodes, quantifies the attack risk of leaf nodes, and establishes an attack tree model in which threats to the supervisory control and data acquisition system is the target. And it directly relfects the various possible attack picture based on the attack tree. This paper calculates the probability of the occurrence of each attack picture based on attack tree, and considers the overall safety of the system under various attack pictures. Finally, it analyzes quantitatively the impact of each change in the probability of attacks on the system security based on security sensitivity. And it identiifes the key way which has a greater impact on system security, and proposes measures to improve the system security level. This attack tree model can be used to assess systemic risk and to distinguish different security threat levels of different attacks to the system, thus to provide a basis for decision-makers to take appropriate protective measures for the digital radio transmission.