{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T06:51:19Z","timestamp":1777704679065,"version":"3.51.4"},"reference-count":34,"publisher":"SAGE Publications","issue":"6","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IFS"],"published-print":{"date-parts":[[2021,6,21]]},"abstract":"Cybersecurity risk assessment is an important means of effective response to network attacks on industrial control systems. However, cybersecurity risk assessment process is susceptible to subjective and objective effects. To solve this problem, this paper introduced cybersecurity risk assessment method based on fuzzy theory of Attack-Defense Tree model and probability cybersecurity risk assessment technology, and applied it to airport automatic fuel supply control system. Firstly, an Attack-Defense Tree model was established based on the potential cybersecurity threat of the system and deployed security equipment. Secondly, the interval probability of the attack path was calculated using the triangular fuzzy quantification of the interval probabilities of the attack leaf nodes and defensive leaf nodes. Next, the interval probability of the final path was defuzzified. Finally, the occurrence probability of each final attack path was obtained and a reference for the deployment of security equipment was provided. The main contributions of this paper are as follows: (1) considering the distribution of equipment in industrial control system, a new cybersecurity risk evaluation model of industrial control system is proposed. (2) The experimental results of this article are compared with other assessment technologies, and the trend is similar to that of other evaluation methods, which proves that the method was introduced in this paper is scientific. However, this method reduces the subjective impact of experts on cybersecurity risk assessment, and the assessment results are more objective and reasonable. (3) Applying this model to the airport oil supply automatic control system can comprehensively evaluate risk, solve the practical problems faced by the airport, and also provide an important basis for the cybersecurity protection scheme of the energy industry.<\/jats:p>","DOI":"10.3233\/jifs-201126","type":"journal-article","created":{"date-parts":[[2021,4,9]],"date-time":"2021-04-09T12:12:48Z","timestamp":1617970368000},"page":"10475-10488","source":"Crossref","is-referenced-by-count":13,"title":["Cybersecurity risk assessment method of\u00a0ICS based on attack-defense tree model"],"prefix":"10.1177","volume":"40","author":[{"given":"Shuang","family":"Wang","sequence":"first","affiliation":[{"name":"Evaluation Center of Civil Aviation University of China, China"}]},{"given":"Lei","family":"Ding","sequence":"additional","affiliation":[{"name":"School of Computer Science and Technology, Civil Aviation University of China, China"}]},{"given":"He","family":"Sui","sequence":"additional","affiliation":[{"name":"Aeronautical Engineering Institute, Civil Aviation University of China, China"}]},{"given":"Zhaojun","family":"Gu","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Technology, Civil Aviation University of China, China"}]}],"member":"179","reference":[{"issue":"10","key":"10.3233\/JIFS-201126_ref1","first-page":"1396","article-title":"Research progress on information security of industrial control systems [J]","volume":"52","author":"Yong","year":"2012","journal-title":"Journal of Tsinghua University (Science and Technology)"},{"key":"10.3233\/JIFS-201126_ref2","doi-asserted-by":"crossref","unstructured":"Abe S. , Fujimoto M. , Horata S. , Uchida Y. and Mitsunaga T. , Security threats of Internet-reachable ICS, 2016 55th Annual Conference of the Society of Instrument and Control Engineers of Japan (SICE), Tsukuba, 2016, pp. 750\u2013755.","DOI":"10.1109\/SICE.2016.7749239"},{"issue":"10","key":"10.3233\/JIFS-201126_ref3","first-page":"2433","article-title":"Common Reference Architecture and Standard System Fusion of Two Industries [J]","volume":"25","author":"Jian","year":"2019","journal-title":"Computer Integrated Manufacturing System"},{"key":"10.3233\/JIFS-201126_ref4","unstructured":"The State Council printed and issued, Made in China 2025 [J], Automation of Electric Power Systems 39(12) (2015), 61."},{"issue":"12","key":"10.3233\/JIFS-201126_ref5","first-page":"2123","article-title":"Vulnerability analysis of industrial control systems based on attack graphs [J]","volume":"48","author":"Mengzhou","year":"2014","journal-title":"Journal of Zhejiang University (Engineering Science)"},{"key":"10.3233\/JIFS-201126_ref6","doi-asserted-by":"crossref","first-page":"89507","DOI":"10.1109\/ACCESS.2019.2925838","article-title":"HML-IDS: A Hybrid-Multilevel Anomaly Prediction Approach for Intrusion Detection in SCADA Systems, in","volume":"7","author":"Khan","year":"2019","journal-title":"IEEE Access"},{"issue":"01","key":"10.3233\/JIFS-201126_ref7","first-page":"54","article-title":"A Preliminary Study on the Offensive Mechanism in Cyberspace [J]","volume":"10","author":"Shizhong","year":"2015","journal-title":"Journal of China Academy of Electronics and Information Technology"},{"issue":"05","key":"10.3233\/JIFS-201126_ref10","first-page":"145","article-title":"Comprehensive Safety Evaluation of Information Energy System from the Blackout in Ukraine [J]","volume":"40","author":"Qinglai","year":"2016","journal-title":"Automation of Electric Power Systems"},{"key":"10.3233\/JIFS-201126_ref13","doi-asserted-by":"crossref","unstructured":"Barik M.S. , AGQL: A Query Language for Attack Graph based Network Vulnerability Analysis, 2018 Fifth International Conference on Emerging Applications of Information Technology (EAIT), Kolkata, 2018, pp. 1\u20134.","DOI":"10.1109\/EAIT.2018.8470430"},{"key":"10.3233\/JIFS-201126_ref14","doi-asserted-by":"crossref","unstructured":"Bogaard D. , Goel S. , Kandari S. , Johnson D. , Markowsky G. and Stackpole B. , Producing and evaluating crowdsourced computer security attack trees, 2016 IEEE Symposium on Technologies for Homeland Security (HST), Waltham, MA, 2016, pp. 1\u20134.","DOI":"10.1109\/THS.2016.7568951"},{"key":"10.3233\/JIFS-201126_ref15","doi-asserted-by":"crossref","unstructured":"Didier J. , Djafri B. and Klaudel H. , MIRELA: A Language for Modeling and Analyzing Mixed Reality Applications Using Timed Automata, 2008 IEEE Virtual Reality Conference, Reno, NE, 2008, pp. 249\u2013250.","DOI":"10.1109\/VR.2008.4480785"},{"issue":"10","key":"10.3233\/JIFS-201126_ref16","first-page":"3022","article-title":"Assessment of Information Security Risk of Industrial Control System Based on Attack Tree [J]","volume":"32","author":"Huiping","year":"2015","journal-title":"Application Research of Computers"},{"key":"10.3233\/JIFS-201126_ref17","doi-asserted-by":"crossref","unstructured":"Kumar R. and Marielle S. , Quantitative Security and Safety Analysis with Attack-Fault Trees[C], IEEE International Symposium on High Assurance Systems Engineering, Jan12\u201314, 2017, Singapore, IEEE, 2017.","DOI":"10.1109\/HASE.2017.12"},{"key":"10.3233\/JIFS-201126_ref19","unstructured":"Su H. and Li Q. , Transformer Insulation Fault Diagnosis Method Based on Rough Set and Fuzzy Set and Evidence Theory, 2006 6thWorld Congress on Intelligent Control and Automation, Dalian, 2006, pp. 5442\u20135446."},{"issue":"08","key":"10.3233\/JIFS-201126_ref22","first-page":"157","article-title":"Quantitative risk assessment method for information security of SCADA system [J]","volume":"29","author":"Wenze","year":"2019","journal-title":"Chinese Journal of Safety Science"},{"issue":"04","key":"10.3233\/JIFS-201126_ref23","first-page":"107","article-title":"A large-scale computer-oriented monitoring and management system [J]","volume":"42","author":"Mingling","year":"2015","journal-title":"Journal of Hunan University (Natural Science)"},{"issue":"03","key":"10.3233\/JIFS-201126_ref24","first-page":"63","article-title":"Modeling and Verification of IoT Gateway Security System Based on Time Automata [J]","volume":"39","author":"Guoqing","year":"2018","journal-title":"Journal of Communications"},{"issue":"5","key":"10.3233\/JIFS-201126_ref25","doi-asserted-by":"crossref","first-page":"1110","DOI":"10.1109\/TIFS.2017.2771238","article-title":"An Empirical Evaluation of the Effectiveness of Attack Graphs and Fault Trees in Cyber-Attack Perception, in","volume":"13","author":"Lallie","year":"2018","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"10.3233\/JIFS-201126_ref26","doi-asserted-by":"crossref","unstructured":"Ji X. , Yu H. , Fan G. and Fu W. , Attack-defense trees based cyber security analysis for CPSs, 2016 17th IEEE\/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel\/Distributed Computing (SNPD), Shanghai, 2016, pp. 693\u2013698.","DOI":"10.1109\/SNPD.2016.7515980"},{"key":"10.3233\/JIFS-201126_ref30","doi-asserted-by":"crossref","unstructured":"Petrucci L. , Knapik M. , Penczek W. and Sidoruk T. , Squeezing State Spaces of (Attack-Defence) Trees, 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS), Guangzhou, China, 2019, pp. 71\u201380.","DOI":"10.1109\/ICECCS.2019.00015"},{"issue":"07","key":"10.3233\/JIFS-201126_ref31","first-page":"116","article-title":"Vulnerability assessment of WAMS communication system based on attack tree model [J]","volume":"41","author":"Kailun","year":"2013","journal-title":"Power System Protection and Control"},{"issue":"3","key":"10.3233\/JIFS-201126_ref32","first-page":"235","article-title":"Review of a mathematical theory of evidence","volume":"5","author":"Zadeh","year":"1984","journal-title":"Ai Magazine"},{"key":"10.3233\/JIFS-201126_ref33","doi-asserted-by":"crossref","unstructured":"Huang T. , Chen L. , Wang Y. and Su Y. , Design of Fuzzy Quality Control Charts for Attributes Based on Triangular Fuzzy Numbers, 2012 Sixth International Conference on Genetic and Evolutionary Computing, Kitakushu, 2012, pp. 449\u2013452.","DOI":"10.1109\/ICGEC.2012.79"},{"issue":"06","key":"10.3233\/JIFS-201126_ref35","first-page":"1501","article-title":"Attack tree model based on fuzzy analytic hierarchy process [J]","volume":"39","author":"Zongping","year":"2008","journal-title":"Computer Engineering and Design"},{"key":"10.3233\/JIFS-201126_ref36","doi-asserted-by":"crossref","unstructured":"Ji X. , Yu H. , Fan G. and Fu W. , Attack-defense trees based cyber security analysis for CPSs, 2016 17th IEEE\/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel\/Distributed Computing (SNPD), Shanghai, 2016, pp. 693\u2013698.","DOI":"10.1109\/SNPD.2016.7515980"},{"issue":"04","key":"10.3233\/JIFS-201126_ref37","first-page":"759","article-title":"Safety assessment of industrial control system based on fuzzy analytic hierarchy process [J]","volume":"50","author":"Chiqian","year":"2016","journal-title":"Journal of Zhejiang University (Engineering Edition)"},{"key":"10.3233\/JIFS-201126_ref38","doi-asserted-by":"crossref","unstructured":"Ru Y. , et al., 2016, Risk assessment of cyber attacks in ECPS based on attack tree and AHP, 2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD), Changsha, 2016, pp. 465\u2013470.","DOI":"10.1109\/FSKD.2016.7603218"},{"key":"10.3233\/JIFS-201126_ref41","doi-asserted-by":"crossref","unstructured":"Ko\u00e7ak S. , T\u00f3th-Laufer E. and Pokor\u00e1di L. , Comparison of the Defuzzification Methods in Risk Assessment Applications, 2018 IEEE 18th International Symposium on Computational Intelligence and Informatics (CINTI), Budapest, Hungary, 2018, pp. 000229\u2013000234.","DOI":"10.1109\/CINTI.2018.8928196"},{"key":"10.3233\/JIFS-201126_ref42","doi-asserted-by":"crossref","unstructured":"Malik K.M. , Malik H. and Baumann R. , Towards Vulnerability Analysis of Voice-Driven Interfaces and Countermeasures for Replay Attacks, 2019 IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), San Jose, CA, USA, 2019, pp. 523\u2013528.","DOI":"10.1109\/MIPR.2019.00106"},{"key":"10.3233\/JIFS-201126_ref43","doi-asserted-by":"crossref","unstructured":"Zhang M. , Bi J. , Bai J. and Li G. , FloodShield: Securing the SDN Infrastructure Against Denial-of-Service Attacks, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications\/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom\/BigDataSE), New York, NY, 2018, pp. 687\u2013698.","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00101"},{"issue":"11","key":"10.3233\/JIFS-201126_ref44","doi-asserted-by":"crossref","first-page":"2715","DOI":"10.1109\/TAC.2013.2266831","article-title":"Attack Detection and Identification in Cyber-Physical Systems [J]","volume":"58","author":"Pasqualetti","year":"2013","journal-title":"IEEE Transactions on Automatic Control"},{"key":"10.3233\/JIFS-201126_ref45","doi-asserted-by":"crossref","unstructured":"Younis A.A. and Malaiya Y.K. , Using Software Structure to Predict Vulnerability Exploitation Potential, 2014 IEEE Eighth International Conference on Software Security and Reliability-Companion, San Francisco, CA, 2014, pp. 13\u201318.","DOI":"10.1109\/SERE-C.2014.17"},{"key":"10.3233\/JIFS-201126_ref46","doi-asserted-by":"crossref","unstructured":"Fei Y. , Ning J. and Jiang W. , A quantifiable Attack-Defense Trees model for APT attack, 2018 IEEE 3rd Advanced Information Technology, Electronic and Automation Control Conference (IAEAC), Chongqing, 2018, pp. 2303\u20132306.","DOI":"10.1109\/IAEAC.2018.8577817"},{"issue":"03","key":"10.3233\/JIFS-201126_ref47","first-page":"167","article-title":"Influencing Factors of Maintenance Personnel Fatigue Based on WLSM and Entropy Weight Method [J]","volume":"23","author":"Ruishan","year":"2016","journal-title":"Safety and Environmental Engineering"}],"container-title":["Journal of Intelligent & Fuzzy Systems"],"original-title":[],"link":[{"URL":"https:\/\/content.iospress.com\/download?id=10.3233\/JIFS-201126","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T09:41:46Z","timestamp":1777455706000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/full\/10.3233\/JIFS-201126"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,6,21]]},"references-count":34,"journal-issue":{"issue":"6"},"URL":"https:\/\/doi.org\/10.3233\/jifs-201126","relation":{},"ISSN":["1064-1246","1875-8967"],"issn-type":[{"value":"1064-1246","type":"print"},{"value":"1875-8967","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,6,21]]}}}