Using an Extended Attack Defense Graph Model to Estimate the Risk of a Successful Attack on an IT Infrastructure

Karg, Christoph; Hänisch, Till

doi:10.30958/ajte.6-4-2

Cited by 3 publications

(3 citation statements)

References 6 publications

(5 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The cybersecurity for critical infrastructures is analyzed in [ 31 , 32 ] or [ 33 ]. These papers primarily focused on the negative consequences of cybersecurity threats to the whole system and its operational costs.…”

Section: Cyber Risk In the Mining Industry—related Workmentioning

confidence: 99%

“…In [ 32 ], the authors compared the unit commitments models to tackle renewable uncertainty in power systems. The authors of [ 33 ] focused on information technology (IT) infrastructure and its resilience to cyber threats. Later, the authors in [ 34 ] defined three main areas characteristic for cybersecurity studies: Technology, i.e., development of technological solutions that are aimed at reducing or identifying threats and attacks; Investments in cybersecurity; Risk assessment models focused on measuring the risk of cyberattack occurrence.…”

Section: Cyber Risk In the Mining Industry—related Workmentioning

confidence: 99%

See 1 more Smart Citation

Cyber-Attacks Risk Analysis Method for Different Levels of Automation of Mining Processes in Mines Based on Fuzzy Theory Use

Tubis

Werbińska-Wojciechowska

Góralczyk

et al. 2020

Sensors

View full text Add to dashboard Cite

The rising automation level and development of the Industry 4.0 concept in the mining sector increase the risk of cyber-attacks. As a result, this article focuses on developing a risk analysis method that integrates Kaplan’s and Garrick’s approach and fuzzy theory. The proposed approach takes into account the level of automation of the operating mining processes. Moreover, it follows five main steps, including identifying the automation level in a selected mine, definition of cyber-attack targets, identification of cyber-attack techniques, definition of cyber-attack consequences, and risk ratio assessment. The proposed risk assessment procedure was performed according to three cyber-attack targets (databases, internal networks, machinery) and seven selected types of cyber-attack techniques. The fuzzy theory is implemented in risk parameter estimation for cyber-attack scenario occurrence in the mining industry. To illustrate the given method’s applicability, seven scenarios for three levels of mine automation are analyzed. The proposed method may be used to reveal the current cybersecurity status of the mine. Moreover, it will be a valuable guide for mines in which automation is planned in the near future.

show abstract

Section: Cyber Risk In the Mining Industry—related Workmentioning

confidence: 99%

Section: Cyber Risk In the Mining Industry—related Workmentioning

confidence: 99%

Cyber-Attacks Risk Analysis Method for Different Levels of Automation of Mining Processes in Mines Based on Fuzzy Theory Use

Tubis

Werbińska-Wojciechowska

Góralczyk

et al. 2020

Sensors

View full text Add to dashboard Cite

show abstract

“…This is basically a roulette wheel selection as used in genetic optimization; see for example (Lipowski and Lipowska 2012) or (Goldberg 1989). More details on the final implementation can be found in (Karg and Hänisch 2019).…”

Section: Table 1 Definition Of Probability Scale Values the Same Vamentioning

confidence: 99%

Untitled

2019

AJTE

View full text Add to dashboard Cite

Mission ATINER is a World Non-Profit Association of Academics and Researchers based in Athens. ATINER is an independent Association with a Mission to become a forum where Academics and Researchers from all over the world can meet in Athens, exchange ideas on their research and discuss future developments in their disciplines, as well as engage with professionals from other fields. Athens was chosen because of its long history of academic gatherings, which go back thousands of years to Plato's Academy and Aristotle's Lyceum. Both these historic places are within walking distance from ATINER"s downtown offices. Since antiquity, Athens was an open city. In the words of Pericles, Athens"…is open to the world, we never expel a foreigner from learning or seeing". ("Pericles" Funeral Oration", in Thucydides, The History of the Peloponnesian War). It is ATINER"s mission to revive the glory of Ancient Athens by inviting the World Academic Community to the city, to learn from each other in an environment of freedom and respect for other people"s opinions and beliefs. After all, the free expression of one"s opinion formed the basis for the development of democracy, and Athens was its cradle. As it turned out, the Golden Age of Athens was in fact, the Golden Age of the Western Civilization. Education and (Re)searching for the "truth" are the pillars of any free (democratic) society. This is the reason why Education and Research are the two core words in ATINER"s name.

show abstract

Estimating the Success of IT Security Measures in Industry 4.0 Environments using Monte Carlo Simulation on Attack Defense Trees

Hänisch¹,

Karg²

2019

AJTE

View full text Add to dashboard Cite

The choice of defense strategies in IT-security is often guided by qualitative methods only. For common scenarios like securing desktop computers, web servers, or extranets, there are well accepted best practices for establishing a secure environment. For other scenarios like computers in production environments (often referred as "Industry 4.0") this is not the case. To secure such systems, there are a number of options, but their relevance for a certain application is less clear and is specific for the situation. Especially, for small and medium enterprises it is often unclear, which security measures to apply in their production. This paper describes a method based on attack defense trees, which allows to assess the value of defense measures based on simulated attacks.

show abstract

Using an Extended Attack Defense Graph Model to Estimate the Risk of a Successful Attack on an IT Infrastructure

Cited by 3 publications

References 6 publications

Cyber-Attacks Risk Analysis Method for Different Levels of Automation of Mining Processes in Mines Based on Fuzzy Theory Use

Cyber-Attacks Risk Analysis Method for Different Levels of Automation of Mining Processes in Mines Based on Fuzzy Theory Use

Untitled

Estimating the Success of IT Security Measures in Industry 4.0 Environments using Monte Carlo Simulation on Attack Defense Trees

Contact Info

Product

Resources

About