Research and Application of the Network Security Monitoring Capability Evaluation Model of Power Control System Based on AHP and Fuzzy Comprehensive Evaluation

In recent years, China’s cyberspace security is facing increasingly severe challenges. As the national key basic information infrastructure, power control system is very important which is related to the national economy and the people’s livelihood. So network security of power control system should be taken seriously. The network security monitoring capability of power control system has a direct impact on the security of power business such as power production and supply. However, there are few studies on the evaluation of its network security monitoring capability. This paper puts forward the network security monitoring capability evaluation model of power control system based on AHP and fuzzy comprehensive evaluation, according to the research of public network security management capability evaluation, the particularity of network security monitoring system of power control system and the investigation opinions of 20 expert teams in power industry’s network security field. Then, the model is used to evaluate the network security monitoring capability of three municipal power control systems, and the final scores are 93.09, 88.65 and 90.17 respectively. The model established in this paper realizes the quantitative evaluation of the network security monitoring capability of the power control system. And it will help the power company to carry out targeted rectification and improvement according to the calculating result of this model. So the research and application in this paper has a certain practical engineering significance.


Introduction
With the rapid development of China's power industry, the business scope of power system is expanding and the new technologies are widely used. The power dispatching data network is gradually integrated in all links of power generation, transmission, transformation, distribution and power consumption, and it has become a key component of power system [1][2]. However, the current network security situation at home and abroad is grim. Organized network attacks such as the infection of Stuxnet in Iran's nuclear power plant and the infection of blackmail virus in the largest natural gas and diesel transportation pipeline company in the United States occur frequently. In particular, attacks against power, oil and other energy industries are increasing year by year [3]. As the first batch of national key basic information infrastructure, the network security of power control system has attracted more and more attention. With the massive access of photovoltaic, wind power and other new energy stations in recent years, the network space of power dispatching data network has expanded rapidly. Now, the network 2022 8th International Symposium on Sensors, Mechatronics and Automation System Journal of Physics: Conference Series 2246 (2022) 012046 IOP Publishing doi: 10.1088/1742-6596/2246/1/012046 2 security of power control system is facing unprecedented pressure with the rapid change of network attack means. However, there are few studies and applications on the evaluation of network security monitoring capability of power control system. Therefore, the research on this topic has certain engineering significance and can provide quantitative basis for the evaluation of network security monitoring capability of power control system. So, this paper studies the evaluation of network security monitoring capability of power control system comprehensively considering the AHP and fuzzy comprehensive evaluation widely used in the evaluation of public network security management ability and the power control system is different from public network security, has the characteristics of complex structure, wide boundary and special service[4].

Evaluation indexes
This section introduces the relevant theories and technologies of the network security monitoring system and network security management platform of the power control system. Then the evaluation index of the network security monitoring capability will be determined according to the expert experience, and the specific meaning of each index will be expounded.
2.1. The network security monitoring system of electric power control system As a national key information infrastructure, the network security monitoring system of power control system is also relatively complete [5]. At present, according to the design principle of "self perception, distributed collection and unified management", the network security monitoring system of power control system has built a complete system that can perceive, collect and manage its own network security information. Figure 1. The network security monitoring system of electric power control system • Self perception. The monitoring system relies on the network security monitoring device to monitor and report the network security alarm information of servers, workstations, switches, vertical encryption devices, network security isolation devices and other equipment deployed in the master station of power dispatch system, substations and power plants in real time. • Distributed acquisition. Relying on the power dispatching data network to transmit, communicate and interact the network security data of all master stations, power plants, substations, power distribution systems and load control systems. • Unified management. Relying on the network security management platform, all data in the network security monitoring system can be summarized, analyzed and calculated, and the functions of real-time monitoring, alarm, analysis, audit and verification can be realized. At the same time, the network security management platforms deployed in national, provincial and 3 municipal master stations can be cascaded and accessed to each other, so as to realize the full coverage of network security monitoring of power control system.

The evaluation indexes of network security monitoring capability
Compared with the public network security monitoring system, the network security monitoring system of power control system has the characteristics of large system, large amount of equipment, high reliability and real-time performance in data transmission. Therefore, it is necessary to design a series of evaluation indexes that can reflect the network security monitoring capability of power control system more accurately. Considering the requirements for network security of power control system in various laws and standards [6], and the investigation opinions of 20 experts in power industry's network security field, this paper finally proposes 3 aspects and 12 indexes for the evaluation of network security monitoring capability of power control system, as shown in table 1. Table 1. The evaluation indexes of network security monitoring capability

Aspects Indexes
The integrity of system The safety protection hardware The safety protection software The external physical protection The emergency safeguards The compliance rate of index The encryption rate of data communication The reliability of network security management platform The reliability of safety protection equipment The timeliness rate of alarm response The effectiveness of management The management system of network security Implement safety protection measures totally Organize emergency drill regularly The network security ability of staff

The meaning of evaluation indexes
The evaluation of network security monitoring capability of power control system mainly involves three aspects: the integrity of system, the compliance rate of index and the effectiveness of management. Each aspect has four evaluation indexes, and the specific meanings of the indexes are as follows: • The safety protection hardware. It refers to whether the network security protection hardware such as network security isolation device, vertical encryption authentication device and network security monitoring device deployed by the monitoring system are complete. • The safety protection software.It refers to whether the network security protection software such as anti-virus software, malicious code monitoring system, intrusion detection system and other network security protection software deployed by the monitoring system are complete. • The external physical protection. It refers to whether the access control system and security measures of important places such as monitoring hall and equipment room meet the requirements. • The emergency safeguards. It refers to whether the emergency safeguards such as disaster recovery, data recovery and major risk safeguards are complete. • The encryption rate of data communication. It refers to the encryption rate of data transmission between the master stations and power plant and substation. • The reliability of network security management platform. It refers to whether the server and workstation of the network security management platform operate reliably, and whether the cascade and access communication of the upper and lower platforms are reliable. • The reliability of safety protection equipment. It refers to whether the security equipment connected to the network security management platform is online and working normally. • The timeliness rate of alarm response. It refers to the compliance rate that when the network security management platform monitors the security alarm, the attendant can handle it in time. • The management system of network security. It refers to whether the security equipment management, personnel on duty management, operation monitoring management and other management systems of the monitoring system are complete. • Implement safety protection measures totally. It refers to whether the network security protection requirements such as network security vulnerability rectification, security equipment upgrading and special security inspection required by the superior are totally implemented. • Organize emergency drill regularly.It refers to whether emergency drills for network security of power control system are organized regularly. • The network security ability of staff. It refers to the network security ability of staff engaged in network security monitoring , such as malicious virus blocking and emergency disposal.

Evaluation model
According to the evaluation indexes of network security monitoring capability proposed above, this paper establishes the evaluation model of network security monitoring capability by using AHP and fuzzy comprehensive evaluation. The model combines the advantages of AHP and fuzzy comprehensive evaluation [7][8], and it can comprehensively calculate the evaluation score of monitoring capability according to the opinions of expert team, so as to realize the comprehensive evaluation of network security monitoring capability of power control system.

The hierarchy structure
As the evaluation indexes of network security monitoring capability have been purposed above, the hierarchy structure can be established according to AHP. In the hierarchy structure, the network security monitoring capability is taken as the target layer, The integrity of system, the compliance rate of index and the effectiveness of management are taken as the criterion layer, and 12 indexes such as security protection hardware and security protection software are taken as the index layer, as shown in figure 2.

Calculation of index weight
The hierarchy structure defines the subordinate relationship among target layer, criterion layer and index layer. Now it is necessary to calculate the weight matrix of the criterion layer according to the contribution of criterion layer elements to target layer and calculate the weight matrix of the index layer according to the contribution of index layer elements to criterion layer.

The pairwise comparison matrix.
Experts evaluate the importance of each element of the criterion layer and the index layer according to their own work experience and professional knowledge. According to the scoring results of experts, the pairwise comparison matrix A that can reflect the degree of interaction between two elements can be calculated based on the Saaty scale [9].
In the above formula (1), a ij represents the scale value of the element.

Normalization of pairwise comparison matrix.
The pairwise comparison matrix A is normalized to the transition matrix B. And the element b ij in the transition matrix B is calculated by the following formula: In the above formula (2), ∑ represents the sum of each column in matrix A.

Calculation of weight matrix
The weight matrix W can be obtained by normalizing the eigenvector of matrix B, and the element of the weight matrix w i is calculated by the following formula:

Consistency test
In order to test the effectiveness of expert evaluation results and eliminate the differences caused by subjective opinions, it is necessary to test the consistency of calculation results. First, the value of the weight matrix W's maximum eigenvalue λ max can be calculated using the formula (4). And the consistency index C.I. and consistency ratio C.R. are also calculated with λ max by formula (5) In the above formula (6), R.I. takes different values with the order of the matrix [10]. If the consistency ratio C.R. is less than 0.1, it indicates that the calculation result is acceptable, otherwise it indicates that the result is unacceptable.

Fuzzy comprehensive evaluation
Since many evaluation indexes of network security monitoring capability of power control system can not be obtained by quantification, this paper adopts fuzzy comprehensive evaluation method to realize the quantitative evaluation of network security monitoring capability by establishing factor set, weight set and comment set.

Factor set, weight set and comment set
The factor set can be established according to the hierarchy structure determined in section 3.1, and the weight set can be established according to the weight matrix in section 3.2. The monitoring capability is divided into five levels. The comment set V = {excellent, good, medium, poor, very poor}. The score vector is set as V T ={95，85，75，65，50} T .

Fuzzy evaluation matrix
According to the evaluation results of the expert team on the factors of index layer, an evaluation matrix will be established. After normalizing the evaluation matrix, the first-order fuzzy evaluation matrix R is obtained.
In the above formula (7), r ij represents the normalized evaluation results of the index layer elements.

Results of fuzzy evaluation
From the first-order fuzzy matrix R and the index layer weight matrix W i , the first-order fuzzy evaluation result C i can be calculated. Then, according to three first-order fuzzy evaluation results C 1 , C 2 , C 3 and the criterion layer weight matrix W P , the second-order fuzzy evaluation result D can be calculated.

Calculating the final score
The final score of the network security monitoring capability S can be calculated by using the secondorder fuzzy evaluation result D and the score vector V T . = (10)

Application of the model
In this paper, a expert team composed of 20 network security experts of power control system is established, and the expert team are invited to determine the weight matrix of criterion layer and index layer by anonymous scoring and evaluation. At the same time, three municipal power control systems are selected, and the expert team are invited to evaluates the network security monitoring capability of these three systems respectively. The calculation results are as follows.

Calculation of index weight
According to the evaluation model established above, the expert team evaluate the importance of criteria layer elements and index layer elements. Taking the evaluation results of the criterion layer as example, the paired comparison matrix A 1 calculated by using the expert scoring results which are shown in table 2. The compliance rate of index 1/2 1 2 The effectiveness of management 1/3 1/2 1 The criterion layer's normalized transition matrix B 1 and weight matrix W p can be calculated by using formula (2) and (3). The results are shown in  λ max is calculated as 3.0097 according to formula (4). Since it is a third-order matrix, R.I. is taken as 0.58, and C.R. is calculated as 0.0079 according to formula (5) and formula (6). Through the consistency test, C.R. is less than 0.1, so the calculation results are acceptable.
Similarly, using the calculation process above, the weight matrix of each index layer can be calculated according to the evaluation results of the expert team, as shown in table 4. Through the consistency test, the C.R. are 0.0328, 0.0533 and 0.0622 respectively, which are both less than 0.1, so all calculation results are acceptable.

Fuzzy comprehensive evaluation
The expert team scores 12 indexes of three municipal power control systems. Taking the calculation process of city A as example, according to the expert team's evaluation results, the fuzzy evaluation matrix R i of each index layer can be calculated by formula (7). The integrity of system's fuzzy evaluation matrix R 1 . According to the second-order fuzzy evaluation D and score vector V T , the final evaluation score of the city is calculated by formula (10). The score S 1 is 93.09, indicating that the network security monitoring capability of power control system in city A is excellent.
Similarly, the expert team evaluate the network security monitoring capability of the power control system in city B and C. And the final score is 88.65 and 90.17, which can objectively reflect the network security monitoring capability of the power control system in city B and C.

Summary
This paper puts forward the network security monitoring capability evaluation model of power control system based on AHP and fuzzy comprehensive evaluation, according to the research of public network security management capability evaluation, the particularity of network security monitoring system of power control system and the investigation opinions of 20 expert teams in power industry's network security field. In order to verify the effectiveness of the model, the model is used to evaluate the network security monitoring capability of three municipal power control systems. After the expert team's evaluation and model calculation, the final scores are 93.09, 88.65 and 90.17 respectively, which can objectively reflect its network security monitoring capability.
The model established in this paper realizes the quantitative evaluation of the network security monitoring capability of the power control system. And it will help the power company to carry out targeted rectification and improvement according to the calculating result of this model. So the research and application in this paper has a certain practical engineering significance.
However, there are still some deficiencies in this model. The evaluation indexes and index weights in the model are easily affected by the subjective opinions of the expert team. In the future, scholars can establish a expert team with more quantity and higher level to conduct research, or adopt more advanced theories and methods to study the network security monitoring capability evaluation model of power control system.