Exploring security metrics for electric grid infrastructures leveraging attack graphs

Patapanchala, Panini Sai; Huo, Chen; Bobba, Rakesh B.; Cotilla‐Sanchez, Eduardo

doi:10.1109/sustech.2016.7897148

Cited by 7 publications

(5 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The results show that out of all 1,260 authors that published the 312 papers, only 2 authors (i.e., Nian Liu 109,124,128,134 and Manimaran Govindarasu 79,93,135,136 ) published 4 articles, 7 authors (i.e., Tansu Alpcan, 24,85,137 Aditya Ashok, 79,93,136 Quanyan Zhu, 24,66,138 Yingmeng Xiang, 109,124,128 Mohammad Shahidehpour, 126,139,140 John Hird, 91,141,142 and Lingfeng Wang 109,124,128 ) published 3 articles, and 70 authors published 2 articles. However, the rest of the authors are there with single entries.…”

Section: Findings Of Our Reviewmentioning

confidence: 99%

Security risks in cyber physical systems—A systematic mapping study

Zahid

Inayat

Daneva

et al. 2021

J Software Evolu Process

View full text Add to dashboard Cite

The increased need for constant connectivity and complete automation of existing systems fuels the popularity of Cyber Physical Systems (CPS) worldwide. Increasingly more, these systems are subjected to cyber attacks. In recent years, many major cyber‐attack incidents on CPS have been recorded and, in turn, have been raising concerns in their users' minds. Unlike in traditional IT systems, the complex architecture of CPS consisting of embedded systems integrated with the Internet of Things (IoT) requires rather extensive planning, implementation, and monitoring of security requirements. One crucial step to planning, implementing, and monitoring of these requirements in CPS is the integration of the risk management process in the CPS development life cycle. Existing studies do not clearly portray the extent of damage that the unattended security issues in CPS can cause or have caused, in the incidents recorded. An overview of the possible risk management techniques that could be integrated into the development and maintenance of CPS contributing to improving its security level in its actual environment is missing. In this paper, we are set out to highlight the security requirements and issues specific to CPS that are discussed in scientific literature and to identify the state‐of‐the‐art risk management processes adopted to identify, monitor, and control those security issues in CPS. For that, we conducted a systematic mapping study on the data collected from 312 papers published between 2000 and 2020, focused on the security requirements, challenges, and the risk management processes of CPS. Our work aims to form an overview of the security requirements and risks in CPS today and of those published contributions that have been made until now, towards improving the reliability of CPS. The results of this mapping study reveal (i) integrity authentication and confidentiality as the most targeted security attributes in CPS, (ii) model‐based techniques as the most used risk identification and assessment and management techniques in CPS, (iii) cyber‐security as the most common security risk in CPS, (iv) the notion of “mitigation measures” based on the type of system and the underline internationally recognized standard being the most used risk mitigation technique in CPS, (v) smart grids being the most targeted systems by cyber‐attacks and thus being the most explored domain in CPS literature, and (vi) one of the major limitations, according to the selected literature, concerns the use of the fault trees for fault representation, where there is a possibility of runtime system faults not being accounted for. Finally, the mapping study draws implications for practitioners and researchers based on the findings.

show abstract

Section: Findings Of Our Reviewmentioning

confidence: 99%

Security risks in cyber physical systems—A systematic mapping study

Zahid

Inayat

Daneva

et al. 2021

J Software Evolu Process

View full text Add to dashboard Cite

show abstract

“…Pendleton et al [1] made a survey focusing on the state-of-the-art existing metrics in terms of their advantages/disadvantages and they designed a security metric framework to measure systemlevel security by aggregating vulnerabilities, defense power, attack/threat severity, and situations. Patapanchala et al [21] computed the cumulative probability that an attacker could succeed in gaining a specific privilege or carrying out an attack in the network by aggregating vulnerability metrics. Compared with the above methods, Fredj [22] vulnerable especially for sophisticated attack scenarios with multiple targets.…”

Section: Related Workmentioning

confidence: 99%

“…It is reflected that the sum of every row of the matrix P must be equal to 1. Thus, we convert the frequency of transitions between attack types into transition probabilities in lines (16)- (21). In other words, we assign the weight of the edge based on the number of frequencies of the transition from an alert to another.…”

Section: Definition 2 a Markov Chainmentioning

confidence: 99%

Security Metric Methods for Network Multistep Attacks Using AMC and Big Data Correlation Analysis

Liu

Zhang

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Network security metrics allow quantitatively evaluating the overall resilience of networked systems against attacks. From this aim, security metrics are of great importance to the security-related decision-making process of enterprises. In this paper, we employ absorbing Markov chain (AMC) to estimate the network security combining with the technique of big data correlation analysis. Specifically, we construct the model of AMC using a large amount of alert data to describe the scenario of multistep attacks in the real world. In addition, we implement big data correlation analysis to generate the transition probability matrix from alert stream, which defines the probabilities of transferring from one attack action to another according to a given scenario before reaching one of some attack targets. Based on the probability reasoning, two metric algorithms are designed to estimate the attack scenario as well as the attackers, namely, the expected number of visits (ENV) and the expected success probability (ESP). The superiority is that the proposed model and algorithms assist the administrator in building new scenarios, prioritizing alerts, and ranking them.

show abstract

“…Subs 30bus = (2,4,6,7,8,22) Subs 118bus = (11,15,27,42,49,54,59,60,62,68,78,80,110,116) We allocated those substations according to 'Gordon-Loeb' model which shows that it is uneconomical to invest >37% of the expected loss of load from the occur by the entire security breach.…”

Section: Analysis Of Physical Systemmentioning

confidence: 99%

“…The lack of strong and well accepted metrics is currently a key challenging to the area of cybersecurity [5]. In recent days, many new metrics have been proposed to access the security risk of the traditional network [6,7]. However, improved cyber-physical security metrics are needed to help determine the most appropriate placement of security mechanisms to protect the grid.…”

Section: Introductionmentioning

confidence: 99%