Combinatorial Analysis for Securing IoT-Assisted Industry 4.0 Applications From Vulnerability-Based Attacks

George, Gemini; Thampi, Sabu M.

doi:10.1109/tii.2020.3045393

Cited by 13 publications

(1 citation statement)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The minimum number of labels was obtained by a set of backward reachable strongly connected components. George and Thampi focused on the vulnerability-based assessment for edge devices of the IoT-assisted networks [18,19]. A graphical model was formulated to isolate target devices from the attackers by a minimum cut set of vulnerabilities.…”

Section: Related Workmentioning

confidence: 99%

A Prioritizing Interdiction Surface-Based Vulnerability Remediation Composite Metric for Industrial Control Systems

Wang

Zhang

Liu

et al. 2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Recently, industrial control system (ICS) has gradually been a primary attack target. The main reason is that increasing vulnerabilities exposed provide opportunities for launching multistep and multihost attacks to breach security policies. To that end, vulnerability remediations are crucial for the ICS. However, there exist three problems to be tackled in a sound way. First of all, it is impractical to remove all vulnerabilities for preventing the multistep and multihost attacks in the consideration of the actual ICS demands. Secondly, ranking vulnerability remediations lacks a guidance. The last problem is that there is a lack of a metric for qualifying the security level after each remediation. In this paper, an ICS-oriented assessment methodology is proposed for the vulnerability remediations. It consists of three phases corresponding to the above problems, including (1) prioritizing Interdiction Surfaces, (2) ranking vulnerability remediations, and (3) calculating composite metrics. The Interdiction Surface describes a minimum set of vulnerabilities of which the complete removal may interdict all discovered attack paths in the system. Particularly, it innovates to take the urgent security demands of the ICS into account. Subsequently, ranking the vulnerability in the optimal Interdiction Surface is conducive to guide the remediations with the priority. A composite metric is ultimately given to assess the security level after vulnerability remediations. The effectiveness of the proposed methodology is validated in an ICS scenario which is similar to the real-world practice. Results show that the entire procedure is suitable for the context of the ICS. Simultaneously, the composite metric enhances both the comprehensiveness and the compatibility in contrast with attack path-based metrics. Hence, it overcomes the shortcomings when they are used in isolation.

show abstract

Section: Related Workmentioning

confidence: 99%