Top

The Journal of Supercomputing

Published in:

22-04-2023

A risk assessment model for similar attack scenarios in industrial control system

Authors: Yaofang Zhang, Zibo Wang, Yingzhou Wang, Kuan Lin, Tongtong Li, Hongri Liu, Chao Li, Bailing Wang

Published in: The Journal of Supercomputing | Issue 14/2023

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Although the expansion of attack types against industrial control systems is limited, the available means that violate the same security strategy emerge endlessly. However, the high availability and real-time requirements of industrial control systems restrict the application of some countermeasures that require massive resources. To solve this problem, this paper proposes a low learning-cost risk assessment model for similar scenarios, which enables the formulation of defense strategies for system risks in advance. To lay the foundation for this method, we firstly aggregate the attack means into limited attack types according to word clustering to address the classification challenge caused by unknown attacks. Then, similarity and statistical methods are combined to predict the next attack type. Subsequently, the hidden Markov model is used to map attack types and security states to obtain the forecasting results of the next security state. Based on this, the risk value is calculated through these prediction and forecasting results, and the system relevance and alert timeliness are considered in the assessment stage. We break the scenario limitations and verify the advantages of our model in a known scenario and another similar scenario with unknown attacks. The experimental results show that our model can deal with unknown attacks in similar scenarios and has excellent scenario migration ability. Meanwhile, the changing trend of the risk value is in consistence with the actual data, which also confirms that the assessment model can forecast the future risk situation of the system accurately and comprehensively.

previous article Multiresource fair allocation with time window constraints

next article On forcibly k-edge-connected and forcibly super edge-connected uniform hypergraphic sequences

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Zhou C, Hu B, Shi Y, Tian Y-C, Li X, Zhao Y (2021) A unified architectural approach for cyberattack-resilient industrial control systems. Proc IEEE 109(4):517–541. https://doi.org/10.1109/JPROC.2020.3034595CrossRef

Ahmadian MM, Shajari M, Shafiee MA (2020) Industrial control system security taxonomic framework with application to a comprehensive incidents survey. Int J Crit Infrastruct Prot 29:100356. https://doi.org/10.1016/j.ijcip.2020.100356CrossRef

Lee S, Lee S, Yoo H, Kwon S, Shon T (2018) Design and implementation of cybersecurity testbed for industrial iot systems. J Supercomput 74:4506–4520CrossRef

Bhamare D, Zolanvari M, Erbad A, Jain R, Khan K, Meskin N (2020) Cybersecurity for industrial control systems: a survey. Comput Secur 89:101677. https://doi.org/10.1016/j.cose.2019.101677CrossRef

Alladi T, Chamola V, Zeadally S (2020) Industrial Control Systems: Cyberattack trends and countermeasures. Comput Commun 155:1–8. https://doi.org/10.1016/j.comcom.2020.03.007CrossRef

Asghar MR, Hu Q, Zeadally S (2019) Cybersecurity in industrial control systems: issues, technologies, and challenges. Comput Netw 165:106946. https://doi.org/10.1016/j.comnet.2019.106946CrossRef

Qassim QS, Jamil N, Daud M, Patel A, Ja’affar N (2019) A review of security assessment methodologies in industrial control systems. Inform Comput Secur 27(1):47–61. https://doi.org/10.1108/ICS-04-2018-0048CrossRef

Wang Z, Zhang Y, Liu Z, Li T, Chen Y, Yang C, Wang B, Liu Z (2022) A prioritizing interdiction surface-based vulnerability remediation composite metric for industrial control systems. Wirel Commun Mob Comput 2022:1–16. https://doi.org/10.1155/2022/6442778CrossRef

Shinde PS, Ardhapurkar SB (2016) Cyber security analysis using vulnerability assessment and penetration testing. In: 2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave), pp. 1–5. IEEE, Coimbatore, India. https://doi.org/10.1109/STARTUP.2016.7583912

10.

Muhati E, Rawat DB (2022) Hidden-Markov-model-enabled prediction and visualization of cyber agility in IoT era. IEEE Internet Things J 9(12):9117–9127. https://doi.org/10.1109/JIOT.2021.3056118CrossRef

11.

Hu H, Liu Y, Zhang H, Zhang Y (2018) Security metric methods for network multistep attacks using AMC and big data correlation analysis. Secur Commun Netw 2018:1–14. https://doi.org/10.1155/2018/5787102CrossRef

12.

Zhan M, Li Y, Yang X, Cui W, Fan Y (2020) NSAPs: a novel scheme for network security state assessment and attack prediction. Comput Secur 99:102031. https://doi.org/10.1016/j.cose.2020.102031CrossRef

13.

Albasheer H, Md Siraj M, Mubarakali A, Elsier Tayfour O, Salih S, Hamdan M, Khan S, Zainal A, Kamarudeen S (2022) Cyber-attack prediction based on network intrusion detection systems for alert correlation techniques: a survey. Sensors 22(4):1494. https://doi.org/10.3390/s22041494CrossRef

14.

Wu M, Moon YB (2020) Alert correlation for detecting cyber-manufacturing attacks and intrusions. J Comput Inf Sci Eng 20(1):011004CrossRef

15.

Sun J, Gu L, Chen K (2020) An efficient alert aggregation method based on conditional rough entropy and knowledge granularity. Entropy 22(3):324MathSciNetCrossRef

16.

Hu H, Liu J, Zhang Y, Liu Y, Xu X, Tan J (2020) Attack scenario reconstruction approach using attack graph and alert data mining. J Inform Secur Appl 54:102522. https://doi.org/10.1016/j.jisa.2020.102522CrossRef

17.

Mao B, Liu J, Lai Y, Sun M (2021) MIF: a multi-step attack scenario reconstruction and attack chains extraction method based on multi-information fusion. Comput Netw 198:108340. https://doi.org/10.1016/j.comnet.2021.108340CrossRef

18.

Melo RV, de Macedo DDJ, Kreutz D, De Benedictis A, Fiorenza MM (2022) ISM-AC: an immune security model based on alert correlation and software-defined networking. Int J Inf Secur 21(2):191–205. https://doi.org/10.1007/s10207-021-00550-xCrossRef

19.

Ahmadian Ramaki A, Rasoolzadegan A, Javan Jafari A (2018) A systematic review on intrusion detection based on the Hidden Markov model. Stat Anal Data Min ASA Data Sci J 11(3):111–134. https://doi.org/10.1002/sam.11377MathSciNetCrossRefMATH

20.

Ahmadian Ramaki A, Rasoolzadegan A (2016) Causal knowledge analysis for detecting and modeling multi-step attacks. Secur Commun Netw 9(18):6042–6065. https://doi.org/10.1002/sec.1756CrossRef

21.

Wang W, Jiang R, Jia Y, Li A, Chen Y (2017) Kgbiac: knowledge graph based intelligent alert correlation framework. In: Cyberspace Safety and Security: 9th International Symposium, CSS 2017, Xi’an China, October 23–25, 2017, Proceedings, pp. 523–530. Springer

22.

Liang W, Long J, Chen Z, Yan X, Li Y, Zhang Q, Li K-C (2018) A Security Situation Prediction Algorithm Based on HMM in Mobile Network. Wirel Commun Mob Comput 2018:1–11. https://doi.org/10.1155/2018/5380481CrossRef

23.

Wang C, Li K, He X (2021) Network risk assessment based on baum welch algorithm and HMM. Mobile Netw Appl 26(4):1630–1637. https://doi.org/10.1007/s11036-019-01500-7CrossRef

24.

Holgado P, Villagra VA, Vazquez L (2020) Real-time multistep attack prediction based on hidden Markov Models. IEEE Trans Dependable Secure Comput 17(1):134–147. https://doi.org/10.1109/TDSC.2017.2751478CrossRef

25.

Li T, Liu Y, Liu Y, Xiao Y, Nguyen NA (2020) Attack plan recognition using hidden Markov and probabilistic inference. Comput Secur 97:101974. https://doi.org/10.1016/j.cose.2020.101974CrossRef

26.

Lee C, Ho Chae Y, Hyun Seong P (2021) Development of a method for estimating security state: supporting integrated response to cyber-attacks in NPPs. Ann Nucl Energy 158:108287. https://doi.org/10.1016/j.anucene.2021.108287CrossRef

27.

Khan MA, Abuhasel KA (2021) An evolutionary multi-hidden markov model for intelligent threat sensing in industrial internet of things. J Supercomput 77(6):6236–6250CrossRef

28.

Wang T, Zeng P, Zhao J, Liu X, Zhang B (2022) Identification of influential nodes in industrial networks based on structure analysis. Symmetry 14(2):211CrossRef

29.

Qin Y, Peng Y, Huang K, Zhou C, Tian Y-C (2021) Association analysis-based cybersecurity risk assessment for industrial control systems. IEEE Syst J 15(1):1423–1432. https://doi.org/10.1109/JSYST.2020.3010977CrossRef

30.

Li S, Zhao S, Yuan Y, Sun Q, Zhang K (2018) Dynamic security risk evaluation via hybrid bayesian risk graph in cyber-physical social systems. IEEE Transact Comput Soc Syst 5(4):1133–1141. https://doi.org/10.1109/TCSS.2018.2858440CrossRef

31.

Ma Y, Wu Y, Yu D, Ding L, Chen Y (2022) Vulnerability association evaluation of Internet of thing devices based on attack graph. Int J Distrib Sens Netw 18(5):155013292210978. https://doi.org/10.1177/15501329221097817CrossRef

32.

Hu H, Zhang H, Liu Y, Wang Y (2017) Quantitative method for network security situation based on attack prediction. Secur Commun Netw 2017:1–19. https://doi.org/10.1155/2017/3407642CrossRef

33.

Humeau-Heurtier A (2015) The multiscale entropy algorithm and its variants: a review. Entropy 17(5):3110–3123. https://doi.org/10.3390/e17053110MathSciNetCrossRef

34.

Lorbeer B, Kosareva A, Deva B, Softić D, Ruppel P, Küpper A (2018) Variations on the clustering algorithm BIRCH. Big Data Res 11:44–53. https://doi.org/10.1016/j.bdr.2017.09.002CrossRef

35.

Mor B, Garhwal S, Kumar A (2021) A systematic review of hidden Markov models and their applications. Archives Comput Methods Eng 28(3):1429–1448. https://doi.org/10.1007/s11831-020-09422-4MathSciNetCrossRef

Title: A risk assessment model for similar attack scenarios in industrial control system
Authors: Yaofang Zhang
Zibo Wang
Yingzhou Wang
Kuan Lin
Tongtong Li
Hongri Liu
Chao Li
Bailing Wang
Publication date: 22-04-2023
Publisher: Springer US
Published in: The Journal of Supercomputing / Issue 14/2023
Print ISSN: 0920-8542
Electronic ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-023-05269-1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Other articles of this Issue 14/2023

BejaGNN: behavior-based Java malware detection via graph neural network

Adaptive trajectory prediction without catastrophic forgetting

CovSumm: an unsupervised transformer-cum-graph-based hybrid document summarization model for CORD-19

A novel cloud model based on multiplicative unbalanced linguistic term set

The HSGWO-MPIO algorithm based on improved search capability

Blockchain-enabled healthcare monitoring system for early Monkeypox detection

Premium Partner