An Empirical Evaluation of the Effectiveness of Attack Graphs and Fault Trees in Cyber-Attack Perception

Lallie, Harjinder Singh; Debattista, Kurt; Bal, Jay

doi:10.1109/tifs.2017.2771238

Cited by 50 publications

(29 citation statements)

References 73 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Current attack modeling techniques (e.g., attack graphs [21]) focus on representing and analyzing how a traditional cyber attack (e.g., denial of service) can occur. As these techniques do not account for the interactions between cyber and physical components, they may not be suitable to represent and analyze cyber-physical incidents [22].…”

Section: Related Workmentioning

confidence: 99%

Incidents are Meant for Learning, Not Repeating: Sharing Knowledge About Security Incidents in Cyber-Physical Systems

Alrimawi

Pasquale

Mehta

et al. 2022

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Cyber-physical systems (CPSs) are part of most critical infrastructures such as industrial automation and transportation systems. Thus, security incidents targeting CPSs can have disruptive consequences to assets and people. As prior incidents tend to re-occur, sharing knowledge about these incidents can help organizations be more prepared to prevent, mitigate or investigate future incidents. This paper proposes a novel approach to enable representation and sharing of knowledge about CPS incidents across different organizations. To support sharing, we represent incident knowledge (incident patterns) capturing incident characteristics that can manifest again, such as incident activities or vulnerabilities exploited by offenders. Incident patterns are a more abstract representation of specific incident instances and, thus, are general enough to be applicable to various systems -different than the one in which the incident occurred. They can also avoid disclosing potentially sensitive information about an organization's assets and resources. We provide an automated technique to extract an incident pattern from a specific incident instance. To understand how an incident pattern can manifest again in other cyberphysical systems, we also provide an automated technique to instantiate incident patterns to specific systems. We demonstrate the feasibility of our approach in the application domain of smart buildings. We evaluate correctness, scalability, and performance using two substantive scenarios inspired by real-world systems and incidents.

show abstract

Section: Related Workmentioning

confidence: 99%

Incidents are Meant for Learning, Not Repeating: Sharing Knowledge About Security Incidents in Cyber-Physical Systems

Alrimawi

Pasquale

Mehta

et al. 2022

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

show abstract

“…The AT was first proposed by Schneier [16]. In the structure of an AT, the root node represents the target of the attack [17]. The characteristics of system security are described on the basis of the AT.…”

Section: Das At Modelmentioning

confidence: 99%

Quantitative Model of Attacks on Distribution Automation Systems Based on CVSS and Attack Trees

Kang

Huang

et al. 2019

Information

View full text Add to dashboard Cite

This study focuses on the problem of attack quantification in distribution automation systems (DASs) and proposes a quantitative model of attacks based on the common vulnerability scoring system (CVSS) and attack trees (ATs) to conduct a quantitative and systematic evaluation of attacks on a DAS. In the DAS security architecture, AT nodes are traversed and used to represent the attack path. The CVSS is used to quantify the attack sequence, which is the leaf node in an AT. This paper proposes a method to calculate each attack path probability and find the maximum attack path probability in DASs based on attacker behavior. The AT model is suitable for DAS hierarchical features in architecture. The experimental results show that the proposed model can reduce the influence of subjective factors on attack quantification, improve the probability of predicting attacks on the DASs, generate attack paths, better identify attack characteristics, and determine the attack path and quantification probability. The quantitative results of the model's evaluation can find the most vulnerable component of a DAS and provide an important reference for developing targeted defensive measures in DASs. these attack quantification results can also provide an important reference for security technicians to implement the DAS defense system.Quantification of the probability of an attack on a DAS directly affects the in-depth analysis of the system's security. Wang et al. [9] proposed a multilevel analysis and modeling method for a power system's communication network. Their case study showed that this method can be used to evaluate the static and dynamic relationships among power networks. Kateb et al. [10] developed an optimal structure tree method for risk assessment in a wide-area power system that can minimize the spread of network attacks. The authors in [9,10] provided a well-optimized evaluation of a specific power network. However, these evaluation neither reflected the attacker's behavior in terms of quantification of the probability of an attack nor provided suggestions for the protection of specific parts of the power system. The authors in [11] and the authors in [12] presented an attack assessment framework based on Bayes attributes-a stochastic game model and a fast modeling method for input data, respectively-which included network connection relationship and vulnerability information. However, the proposed methods were found to be inefficient when applied in DASs due to DAS architecture complexity and expansibility, and they could not generate attack path. The authors in [13] proposed a method for modeling network attacks with a multilevel-layered attack tree (MLL-AT), presented a description language based on the MLL-AT for attacks, and quantified the leaf nodes. This attack tree (AT) was found to be able to accurately model the attacks, especially multilevel network attacks, and can be used to assess system risks. However, the research is mainly based on cyberattacks, and there is no physical attacks involved. Besides, th...

show abstract

“…Current Attack Modeling Techniques (e.g., attack graphs [7]) focus on representing how a traditional cyber-attack (e.g., denial of service attack) can occur. Resources available are also focusing on sharing information about cyber attacks.…”

Section: Related Workmentioning

confidence: 99%

“…Although commonalities between these incidents can be observed, these have not been captured and used systematically to enhance security and support incident investigations [6]. Current attack modeling techniques (e.g., attack graphs [7]) focus on representing how a traditional cyber attack (e.g., denial of service) can occur. As these techniques do not account for the interactions between cyber and physical components, they are not suitable to represent cyber-physical incidents [8].…”

Section: Introductionmentioning

confidence: 99%

I've seen this before

Alrimawi

Pasquale

Mehta

et al. 2018

Proceedings of the 1st International Workshop on Security Awareness From Design to Deployment

View full text Add to dashboard Cite

An increasing number of security incidents in cyber-physical systems (CPSs) arise from the exploitation of cyber and physical components of such systems. Knowledge about how such incidents arose is rarely captured and used systematically to enhance security and support future incident investigations. In this paper, we propose an approach to represent and share incidents knowledge. Our approach captures incident patterns -common aspects of incidents occurring in different CPSs. Our approach then allows incident patterns to be instantiated for different systems to assess if and how such patterns can manifest again. To support our approach, we provide two meta-models that represent, respectively, incident patterns and the cyber-physical systems themselves. The incident meta-model captures the characteristics of incidents, such as assets and activities. The system meta-model captures cyber and physical components and their interactions, which may be exploited during an incident. We demonstrate the feasibility of our approach in the application domain of smart buildings, by tailoring the system meta-model to represent components and interactions in this domain. CCS CONCEPTS• Software and its engineering → Model-driven software engineering KEYWORDS

show abstract

An Empirical Evaluation of the Effectiveness of Attack Graphs and Fault Trees in Cyber-Attack Perception

Cited by 50 publications

References 73 publications

Incidents are Meant for Learning, Not Repeating: Sharing Knowledge About Security Incidents in Cyber-Physical Systems

Incidents are Meant for Learning, Not Repeating: Sharing Knowledge About Security Incidents in Cyber-Physical Systems

Quantitative Model of Attacks on Distribution Automation Systems Based on CVSS and Attack Trees

I've seen this before

Contact Info

Product

Resources

About