| 1. |
- Jiang, Yuning, 1993-, et al.
(författare)
-
Towards automatic discovery and assessment of vulnerability severity in cyber-physical systems
- 2022
-
Ingår i: Array. - : Elsevier. - 2590-0056. ; 15
-
Tidskriftsartikel (refereegranskat)abstract
- Despite their wide proliferation, complex cyber–physical systems (CPSs) are subject to cybersecurity vulnerabilities and potential attacks. Vulnerability assessment for such complex systems are challenging, partly due to the discrepancy among mechanisms used to evaluate their cyber-security weakness levels. Several sources do report these weaknesses like the National Vulnerability Database (NVD), as well as manufacturer websites besides other security scanning advisories such as Cyber Emergency Response Team (CERT) and Shodan databases. However, these multiple sources are found to face inconsistency issues, especially in terms of vulnerability severity scores. We advocate an artificial intelligence based approach to streamline the computation of vulnerability severity magnitudes. This approach decreases the error rate induced by manual calculation processes, that are traditionally used in cybersecurity analysis. Popular repositories such as NVD and SecurityFocus are employed to validate the proposed approach, assisted with a query method to retrieve vulnerability instances. In doing so, we report discovered correlations among reported vulnerability scores to infer consistent magnitude values of vulnerability instances. The method is applied to a case study featuring a CPS application to illustrate the automation of the proposed vulnerability scoring mechanism, used to mitigate cybersecurity weaknesses.
|
|
| 2. |
- Jiang, Yuning, 1993-
(författare)
-
Vulnerability Analysis for Critical Infrastructures
- 2022
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The rapid advances in information and communication technology enable a shift from diverse systems empowered mainly by either hardware or software to cyber-physical systems (CPSs) that are driving Critical infrastructures (CIs), such as energy and manufacturing systems. However, alongside the expected enhancements in efficiency and reliability, the induced connectivity exposes these CIs to cyberattacks exemplified by Stuxnet and WannaCry ransomware cyber incidents. Therefore, the need to improve cybersecurity expectations of CIs through vulnerability assessments cannot be overstated. Yet, CI cybersecurity has intrinsic challenges due to the convergence of information technology (IT) and operational technology (OT) as well as the crosslayer dependencies that are inherent to CPS based CIs. Different IT and OT security terminologies also lead to ambiguities induced by knowledge gaps in CI cybersecurity. Moreover, current vulnerability-assessment processes in CIs are mostly subjective and human-centered. The imprecise nature of manual vulnerability assessment operations and the massive volume of data cause an unbearable burden for security analysts. Latest advances in machine-learning (ML) based cybersecurity solutions promise to shift such burden onto digital alternatives. Nevertheless, the heterogeneity, diversity and information gaps in existing vulnerability data repositories hamper accurate assessments anticipated by these ML-based approaches. Therefore, a comprehensive approach is envisioned in this thesis to unleash the power of ML advances while still involving human operators in assessing cybersecurity vulnerabilities within deployed CI networks.Specifically, this thesis proposes data-driven cybersecurity indicators to bridge vulnerability management gaps induced by ad-hoc and subjective auditing processes as well as to increase the level of automation in vulnerability analysis. The proposed methodology follows design science research principles to support the development and validation of scientifically-sound artifacts. More specifically, the proposed data-driven cybersecurity architecture orchestrates a range of modules that include: (i) a vulnerability data model that captures a variety of publicly accessible cybersecurity-related data sources; (ii) an ensemble-based ML pipeline method that self-adjusts to the best learning models for given cybersecurity tasks; and (iii) a knowledge taxonomy and its instantiated power grid and manufacturing models that capture CI common semantics of cyberphysical functional dependencies across CI networks in critical societal domains. This research contributes data-driven vulnerability analysis approaches that bridge the knowledge gaps among different security functions, such as vulnerability management through related reports analysis. This thesis also correlates vulnerability analysis findings to coordinate mitigation responses in complex CIs. More specifically, the vulnerability data model expands the vulnerability knowledge scope and curates meaningful contexts for vulnerability analysis processes. The proposed ML methods fill information gaps in vulnerability repositories using curated data while further streamlining vulnerability assessment processes. Moreover, the CI security taxonomy provides disciplined and coherent support to specify and group semanticallyrelated components and coordination mechanisms in order to harness the notorious complexity of CI networks such as those prevalent in power grids and manufacturing infrastructures. These approaches learn through interactive processes to proactively detect and analyze vulnerabilities while facilitating actionable insights for security actors to make informed decisions.
|
|
