- 學位論文
基於層級分析法的工業物聯網雲端平台之風險評估模型
An AHP-based Risk Assessment Model for Industrial IoT Platforms
摘要
工業物聯網 (IIoT) 是物聯網技術在工業與製造業領域的應用,包含了機器人、醫療設備和軟體定義生產流程。 IIoT工廠將所有的裝置與感測器連上網路讓資料的蒐集、交換自動化,並使用機器學習、雲端運算與邊緣運算等技術進行大數據分析,讓工業運作有更高的效率與可靠性。 然而,許多舊工廠使用的舊工業控制系統並沒有考慮到引入資訊技術 (IT) 時所帶來的安全性漏洞。 在整合工廠系統與工業物聯網的同時,可能會遭遇到安全性的問題。 近年來,許多研究提出許多基於不同資訊安全技術所發展的工業物聯網之風險評估方法。 多數的風險評估方式是聘請資安專家與工廠專業人士分析靜態的工廠資訊,進行一次性的評估。 由於靜態評估耗費許多人力與時間,每一次評估與下次再評估之間都會相隔一段時間,因此在工廠上線運行時,一次性的靜態評估並無法針對工廠當下所面臨的風險,即時地對工廠管理員提出警告。 在本篇論文中,我們提出了基於層級分析法的風險評估模型 (HiRAM) 對工業物聯網雲端平台進行動態的風險評估。 HiRAM 使用探針程式 (Probes) 自動蒐集工廠多種類的即時資訊,並使用分析程式 (Analysers) 對蒐集到的工廠資訊進行初步分析。 因為工業物聯網的異質性與缺少統一的標準,HiRAM 透過層級分析法 (AHP) 與反饋系統 (Feedback system) 整合工廠管理員的專業知識與自動化分析的結果,產生最終的綜合風險評估結果。 資安專家與工廠專業人士可以根據應用工廠的場域不同,客製化HiRAM 的評估標準與項目。 由於工業物聯網具有可擴展性,在大規模的工廠場域使用層級分析法會面臨權重稀釋 (Weighting-dilute) 的問題。 因此我們加入了事件增益器 (Incident Amplifier) 來使HiRAM的評估結果更加具有合理性與一致性。 最後,我們設計了多項實驗來驗證 HiRAM 的功能性與合理性,包括個別驗證分析程式、事件增益器與反饋系統的合理性、功能性與一致性。 我們並驗證 HiRAM 面對Denial of Service 與Sybil Attack時的風險評估反應。 實驗結果顯示 HiRAM 可以在工廠上線運行時,整合工廠場域專家的知識與即時蒐集的工廠資訊,合理地評估系統當下所面臨的風險,並即時對工廠管理員提出警告。
並列摘要
Industrial internet of things (IIoT) is an application of IoT on the industrial and manufacturing field. IIoT factories connect machines and sensors to the Internet for automatic data acquirement and exchange. Technologies such as machine learning are used for big data analysis, making the industrial operation more efficient and reliable. However, many industrial control systems (ICS) do not expect for the security vulnerabilities caused by newly-introduced information technologies (IT). Security threats may appear when integrating traditional factories and IIoT. Recently, many researches have proposed risk assessment methods for IIoT based on different information security technologies. Most of the methods hire security experts and factory specialists to assess the factory with its static information. Since this assessment requires time and human efforts, there is a period of time between each assessment and its next reassessment. When the factory is operating, this assessing results can not alert the factory administrator when there is an immediate risk. In this thesis, we propose an AHP-based risk assessment model for IIoT platform called (HiRAM). HiRAM uses probes to collect security information, and uses analysers to evaluate the collected information. Due to the Heterogeneity of IIoT environments, HiRAM integrates factory's domain knowledge and the analysers to generate an overall risk assessment for a system. Security experts and factory administrators can customize the HiRAM to meet the characteristics of a factory domain. We design Incident Amplifier to deal with weighting-dilute problems, which may happen when factory machines operating on a very large scale. We design multiple experiments to verify the rationality and functionality of HiRAM, including verification of probes, analysers, Incident Amplifier and feedback system. We test the responsiveness of HiRAM by launching Denial of Service attacks and sybil attacks. The experimental results show that HiRAM can integrate the knowledge of factory experts, reasonably assess the current risks, and warn the factory administrator in real time.
參考文獻
延伸閱讀
- 王平、柯文長、蕭雅文(2013)。企業導入雲端服務專案之風險評估。商管科技季刊,14(2),143-164。https://www.airitilibrary.com/Article/Detail?DocID=19948107-201306-201306210019-201306210019-143-164
- 葉鎰維(2012)。基於雲端運算的飛航作業風險評估架構〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2012.00984
- 賴森堂(2015)。以安全風險量測模式評估雲端運算的安全性。電腦稽核,(32),31-44。https://www.airitilibrary.com/Article/Detail?DocID=2073090X-201508-201508140007-201508140007-31-44
- Kim, M. K., La, H. J., & Kim, S. D. (2014). A Software Framework for Efficient IoT Contexts Acquisition and Big Data Analytics. 網際網路技術學刊, 15(6), 939-947. https://doi.org/10.6138/JIT.2014.15.6.06
- 邱禹翔(2018)。Constructing the Innovative Business Model of IoT Technology Application–Manufacturing Case〔碩士論文,逢甲大學〕。華藝線上圖書館。https://doi.org/10.6341/fcu.M0500950