Nuclear regulatory guidelines require all nuclear facilities to establish sufficient prevention and response capabilities against cyber-attacks. In this study, an integrated cyber-attack response process at NPPs is analyzed. The integrated response process includes a safety-response security analysis that enacts a safety response against unperceived damage, as well as against potential damage. To help operators conduct the safety-related security analysis, a security state estimation method is developed. A knowledge-based hidden Markov modeling method is developed to model a probabilistic transition process of a security state. The constructed HMMs can be updated online for optimized security state estimation. The developed security state estimation method can help operators conduct a cause analysis and security impact analysis. By integrating with the probabilistic safety assessment method, the developed method can also be applied to a functional impact analysis. A case study was conducted to prove the validity of the developed method using a hardware-in-the-loop system.

核监管准则要求所有核设施建立足够的防范和应对网络攻击的能力。在这项研究中，分析了核电厂的综合网络攻击响应过程。集成响应过程包括安全响应安全性分析，该安全性分析针对未觉察到的损坏以及潜在损坏执行安全响应。为了帮助操作员进行安全相关的安全分析，开发了一种安全状态估计方法。提出了一种基于知识的隐马尔可夫建模方法来对安全状态的概率转移过程进行建模。可以在线更新构建的HMM，以优化安全状态估计。所开发的安全状态估计方法可以帮助运营商进行原因分析和安全影响分析。通过与概率安全评估方法集成，开发的方法也可以应用于功能影响分析。进行了案例研究，以证明使用硬件在环系统的方法的有效性。