I-HMM-Based Multidimensional Network Security Risk Assessment

Zhang, Qikun; Guo, S.; Kuang, Xiaohui; Meng, Fankun; Hu, Dongsheng; Shi, Zhiyu

doi:10.1109/access.2019.2961997

Cited by 13 publications

(8 citation statements)

References 38 publications

(33 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hu et al [ 68 ] propose a network security risk assessment method that is based on the Improved Hidden Markov Model (I-HMM). The proposed model reflects the security risk status in a timely and intuitive manner, and it detects the degree of risk that different hosts pose to the network.…”

Section: Related Workmentioning

confidence: 99%

A Novel Model for Vulnerability Analysis through Enhanced Directed Graphs and Quantitative Metrics

Longueira-Romero

Iglesias

Flores

et al. 2022

Sensors

View full text Add to dashboard Cite

The rapid evolution of industrial components, the paradigm of Industry 4.0, and the new connectivity features introduced by 5G technology all increase the likelihood of cybersecurity incidents. Such incidents are caused by the vulnerabilities present in these components. Designing a secure system is critical, but it is also complex, costly, and an extra factor to manage during the lifespan of the component. This paper presents a model to analyze the known vulnerabilities of industrial components over time. The proposed Extended Dependency Graph (EDG) model is based on two main elements: a directed graph representation of the internal structure of the component, and a set of quantitative metrics based on the Common Vulnerability Scoring System (CVSS). The EDG model can be applied throughout the entire lifespan of a device to track vulnerabilities, identify new requirements, root causes, and test cases. It also helps prioritize patching activities. The model was validated by application to the OpenPLC project. The results reveal that most of the vulnerabilities associated with OpenPLC were related to memory buffer operations and were concentrated in the libssl library. The model was able to determine new requirements and generate test cases from the analysis.

show abstract

Section: Related Workmentioning

confidence: 99%

A Novel Model for Vulnerability Analysis through Enhanced Directed Graphs and Quantitative Metrics

Longueira-Romero

Iglesias

Flores

et al. 2022

Sensors

View full text Add to dashboard Cite

show abstract

“…Network security situation prediction means predicting the future network situation according to the current network state and historical data. In recent years, the rapid development of machine learning provides a new solution for network situation prediction, such as the support vector machine (SVM) [ 12 ] and hidden Markov model (HMM) [ 13 ]. Then, deep learning applies to network security situation assessment: for example, [ 14 ] summarizes the artificial intelligence related to network security as well as the progress and challenges of current research; [ 15 ] studies the performance of different neural networks in the NSSP; and [ 16 ] proposes an LSTM network security situation prediction model based on the sigmoid weighted reinforcement mechanism, which can improve the convergence rate.…”

Section: Related Workmentioning

confidence: 99%

“…In the training process of the dataset, the loss function is used to measure the difference between the estimated value and the observed value of the model. The formula is as follows: loss : L(ŷ, y) = ω(θ)(ŷ − y) 2 (13) where ω(Θ) is the weight of the real value, y is the real value, andŷ is the output of the model. Figure 5 shows the image of the loss function when training the dataset after applying the LSTM model.…”

Section: Network Attack Probability Analysismentioning

confidence: 99%

Research on Network Security Situation Awareness Based on the LSTM-DT Model

Zhang

Kang

Xiao

2021

Sensors

View full text Add to dashboard Cite

To better understand the behavior of attackers and describe the network state, we construct an LSTM-DT model for network security situation awareness, which provides risk assessment indicators and quantitative methods. This paper introduces the concept of attack probability, making prediction results more consistent with the actual network situation. The model is focused on the problem of the time sequence of network security situation assessment by using the decision tree algorithm (DT) and long short-term memory(LSTM) network. The biggest innovation of this paper is to change the description of the network situation in the original dataset. The original label only has attack and normal. We put forward a new idea which regards attack as a possibility, obtaining the probability of each attack, and describing the network situation by combining the occurrence probability and attack impact. Firstly, we determine the network risk assessment indicators through the dataset feature distribution, and we give the network risk assessment index a corresponding weight based on the analytic hierarchy process (AHP). Then, the stack sparse auto-encoder (SSAE) is used to learn the characteristics of the original dataset. The attack probability can be predicted by the processed dataset by using the LSTM network. At the same time, the DT algorithm is applied to identify attack types. Finally, we draw the corresponding curve according to the network security situation value at each time. Experiments show that the accuracy of the network situation awareness method proposed in this paper can reach 95%, and the accuracy of attack recognition can reach 87%. Compared with the former research results, the effect is better in describing complex network environment problems.

show abstract

“…Risk assessment plays an important role in understanding and evaluating risks [14] to ensure cybersecurity and to calculate impacts caused by undesired events [15]. Therefore, risk assessment for cybersecurity comprises identifying threats, vulnerabilities, and property assets available within the attack targets [58] and is intended to minimize the negative impacts of potential threats. As the demands for cybersecurity increase to secure data, peripherals, and systems, the need for risk assessment on cybersecurity, especially those implemented at critical infrastructures, including nuclear facilities, also increases.…”

Section: A Cybersecurity Risk Assessment In Nuclear Facilitiesmentioning

confidence: 99%

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Setianingsih¹,

Pulungan²,

Putra³

et al. 2021

IJACSA

View full text Add to dashboard Cite

As strategic infrastructures, nuclear facilities are considered attractive targets for attackers to commit their malicious intention. At the same time, for efficiency, those infrastructures are increasingly implemented, equipped with, and managed by digitally computerized systems. Attackers, therefore, try to realign their attack scenarios through such cyber systems. It is crucial to understand various existing risk assessment methods for cybersecurity in nuclear facilities to prevent such attacks. Risk assessment is designed to study the nature of the originated attack threats and the consequences implied. This paper studies a series of risk assessment methods implemented for security related to cybersecurity of strategic infrastructures, including nuclear facilities. Extended from cybersecurity, the required concepts in nuclear security cover defense-in-depth, synergy of safety and security, and probabilistic safety/risk assessment. Selecting cybersecurity risk assessment methods should integrate these three essential concepts in their evaluation. This paper highlights the suitable and appropriate risk assessment methods that meet security requirements in the nuclear industry as specified in the national and international regulations.

show abstract

I-HMM-Based Multidimensional Network Security Risk Assessment

Cited by 13 publications

References 38 publications

A Novel Model for Vulnerability Analysis through Enhanced Directed Graphs and Quantitative Metrics

A Novel Model for Vulnerability Analysis through Enhanced Directed Graphs and Quantitative Metrics

Research on Network Security Situation Awareness Based on the LSTM-DT Model

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Contact Info

Product

Resources

About