Method for quantitative risk assessment of cyber-physical systems based on vulnerability analysis

Rasim Alguliyev; Ramiz Aliguliyev; Lyudmila Sukhostat

Kybernetika (2024)

  • Volume: 60, Issue: 6, page 779-796
  • ISSN: 0023-5954

Abstract

top
Cyber-physical system protection against cyber-attacks is a serious problem that requires methods for assessing the cyber security risks. This paper proposes a quantitative metric to evaluate the risks of cyber-physical systems using the fuzzy Sugeno integral. The simulated attack graph, consisting of vulnerable system components, allows for obtaining various parameters for assessing the risks of attack paths characterizing the elements in the cyber and physical environment and are combined into a single quantitative assessment. Experiments are performed on a threat model using the example of a cyber-physical system for wind energy generation. The model integrates a cyber-physical network's topology and vulnerabilities, proving the proposed method's effectiveness in ensuring cyber resilience.

How to cite

top

Alguliyev, Rasim, Aliguliyev, Ramiz, and Sukhostat, Lyudmila. "Method for quantitative risk assessment of cyber-physical systems based on vulnerability analysis." Kybernetika 60.6 (2024): 779-796. <http://eudml.org/doc/299889>.

@article{Alguliyev2024,
abstract = {Cyber-physical system protection against cyber-attacks is a serious problem that requires methods for assessing the cyber security risks. This paper proposes a quantitative metric to evaluate the risks of cyber-physical systems using the fuzzy Sugeno integral. The simulated attack graph, consisting of vulnerable system components, allows for obtaining various parameters for assessing the risks of attack paths characterizing the elements in the cyber and physical environment and are combined into a single quantitative assessment. Experiments are performed on a threat model using the example of a cyber-physical system for wind energy generation. The model integrates a cyber-physical network's topology and vulnerabilities, proving the proposed method's effectiveness in ensuring cyber resilience.},
author = {Alguliyev, Rasim, Aliguliyev, Ramiz, Sukhostat, Lyudmila},
journal = {Kybernetika},
keywords = {cyber-physical system; risk assessment; attack graph; graph centrality measures; Sugeno $\lambda $‐measure; fuzzy Sugeno integral; attack path},
language = {eng},
number = {6},
pages = {779-796},
publisher = {Institute of Information Theory and Automation AS CR},
title = {Method for quantitative risk assessment of cyber-physical systems based on vulnerability analysis},
url = {http://eudml.org/doc/299889},
volume = {60},
year = {2024},
}

TY - JOUR
AU - Alguliyev, Rasim
AU - Aliguliyev, Ramiz
AU - Sukhostat, Lyudmila
TI - Method for quantitative risk assessment of cyber-physical systems based on vulnerability analysis
JO - Kybernetika
PY - 2024
PB - Institute of Information Theory and Automation AS CR
VL - 60
IS - 6
SP - 779
EP - 796
AB - Cyber-physical system protection against cyber-attacks is a serious problem that requires methods for assessing the cyber security risks. This paper proposes a quantitative metric to evaluate the risks of cyber-physical systems using the fuzzy Sugeno integral. The simulated attack graph, consisting of vulnerable system components, allows for obtaining various parameters for assessing the risks of attack paths characterizing the elements in the cyber and physical environment and are combined into a single quantitative assessment. Experiments are performed on a threat model using the example of a cyber-physical system for wind energy generation. The model integrates a cyber-physical network's topology and vulnerabilities, proving the proposed method's effectiveness in ensuring cyber resilience.
LA - eng
KW - cyber-physical system; risk assessment; attack graph; graph centrality measures; Sugeno $\lambda $‐measure; fuzzy Sugeno integral; attack path
UR - http://eudml.org/doc/299889
ER -

References

top
  1. Akbarzadeh, A., Katsikas, S., , In: IEEE/ACM 42nd International Conference on Software Engineering Workshops (ICSEW), IEEE 2020, pp. 230-236. DOI
  2. Alhomidi, M., Reed, M., , Int. J. Netw. Secur. Appl. 6 (2014), 3, 31-43. DOI
  3. Beyza, J., Yusta, J. M., , Energies 14 (2021), 7, 1-18. DOI
  4. Bhuiyan, M. Z. A., Anders, G. J., Philhower, J., Du, S., , IET Cyper-Phys. Syst.: Theory Appl. 4 (2019), 3, 233-239. DOI
  5. Chermitti, A., Bencherif, M., Nakoul, Z., Bibitriki, N., Benyoucef, B., , Physics Procedia 55 (2014), 192-198. DOI
  6. Chen, B., Yang, Z., Zhang, Y., Chen, Y., Zhao, J., , IEEE Access 8 (2020), 8, 148331-148344. DOI
  7. Cheng, Y., Elsayed, E., Chen, X., , Reliab. Eng. Syst. Safe. 209 (2021), 1-13. DOI
  8. CVSS, , 2020. DOI
  9. Fang, D. Z., David, A. K., Kai, C., Yunli, C., , IEE Proc., Gener. Transm. Distrib. 152 (2005), 2, 201-207. DOI
  10. Freeman, L. C., , Sociometry 40 (1977), 35-41. DOI
  11. FVL, , 2022. DOI
  12. Henneaux, P., Labeau, P. E., Maun, J. C., Haarla, L., , IEEE Trans. Power Syst. 31 (2015), 2393-2403. DOI
  13. Kartli, N., Bostanci, E., Guzel, M.S., , Computing 106 (2024), 3195-3227. MR4794582DOI
  14. Katz, L., , Psychometrika 18 (1953), 39-43. MR0058182DOI
  15. Leao, B. P., Vempati, J., Bhela, S., Ahlgrim, T., Arnold, D., , In: arXiv preprint: DOI
  16. Li, X., Zhou, C., Tian, Y. C., Xiong, N., Qin, Y., , IEEE Trans. Ind. Inf. 14 (2018), 608-618. DOI
  17. Liu, C., Alrowaili, Y., Saxena, N., Konstantinou, C., , Energies 14 (2021), 1-19. DOI
  18. Liu, K., Xie, Y., Xie, S., Sun, L., , J. Process Control 132 (2023), 1-10. DOI
  19. Lyu, X., Ding, Y., Yang, S. H., , IEEE Access 8 (2020), 88506-88517. DOI
  20. Martínez, G.E., Gonzalez, C.I., Mendoza, O., Melin, P., , J. Imaging 5 (2019), 8, 1-20. DOI
  21. Mason, O., Verwoerd, M., , IET Syst. Boil. 1 (2007), 89-119. DOI
  22. Murofushi, T., Sugeno, M., , J. Math. Anal. Appl. 159 (1991), 2, 532-549. MR1120951DOI
  23. Nourian, A., Madnick, S., , IEEE Trans. Dependable Secur. Comput. 15 (2018), 1, 2-13. DOI
  24. Ou, X., Singhal, A., Quantitative Security Risk Assessment of Enterprise Networks., Springer, 2011. 
  25. Qu, Z., Sun, W., Dong, J., Zhao, J., Li, Y., , Front. Energy Res. 10 (2023), 1-12. DOI
  26. Rahman, I., Mohamad-Saleh, J., , Appl. Soft Comput. 69 (2018), 72-130. DOI
  27. Salayma, M., , Front. Internet of Things 3 (2024), 1-25. DOI
  28. Semertzis, I., Rajkumar, V. S., Ştefanov, A., Fransen, F., Palensky, P., Quantitative risk assessment of cyber-attacks on cyber-physical systems using attack graphs., In: 10th IEEE Workshop on Modelling and Simulation of Cyber-Physical Energy Systems (MSCPES), IEEE 2022, pp. 1-6. 
  29. Shen, Y., Lin, L., , Kybernetika 58 (2022), 4, 637-660. MR4521860DOI
  30. Shikhaliyev, R., , Probl. Inf. Technol. 15 (2024), 1, 37-43. DOI
  31. Suh-Lee, C., Jo, J., Quantifying security risk by measuring network risk conditions., In: IEEE/ACIS 14thInternational Conference on Computer and Information Science (ICIS), IEEE 2015, pp. 9-14. 
  32. Wang, Z., Zhai, C., Zhang, H., Xiao, G., Chen, G., Xu, Y., , Kybernetika 58 (2022), 2, 218-236. DOI
  33. Xiao, F., McCalley, J. D., , IEEE Trans. Power Syst. 24 (2009), 1, 78-85. DOI
  34. Zhang, Q., Zhou, C., Tian, Y. C., Xiong, N., Qin, Y., Hu, B., , IEEE Trans. Ind. Inf. 14 (2018), 6, 2497-2506. DOI

NotesEmbed ?

top

You must be logged in to post comments.

To embed these notes on your page include the following JavaScript code on your page where you want the notes to appear.

Only the controls for the widget will be shown in your chosen language. Notes will be shown in their authored language.

Tells the widget how many notes to show per page. You can cycle through additional notes using the next and previous controls.

    
                

Note: Best practice suggests putting the JavaScript code just before the closing </body> tag.