| 1. |
- Atif, Yacine, 1967-, et al.
(författare)
-
Cyber-threat analysis for Cyber-Physical Systems : Technical report for Package 4, Activity 3 of ELVIRA project
- 2018
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- Smart grid employs ICT infrastructure and network connectivity to optimize efficiency and deliver new functionalities. This evolu- tion is associated with an increased risk for cybersecurity threats that may hamper smart grid operations. Power utility providers need tools for assessing risk of prevailing cyberthreats over ICT infrastructures. The need for frameworks to guide the develop- ment of these tools is essential to define and reveal vulnerability analysis indicators. We propose a data-driven approach for design- ing testbeds to evaluate the vulnerability of cyberphysical systems against cyberthreats. The proposed framework uses data reported from multiple components of cyberphysical system architecture layers, including physical, control, and cyber layers. At the phys- ical layer, we consider component inventory and related physi- cal flows. At the control level, we consider control data, such as SCADA data flows in industrial and critical infrastructure control systems. Finally, at the cyber layer level, we consider existing secu- rity and monitoring data from cyber-incident event management tools, which are increasingly embedded into the control fabrics of cyberphysical systems.
|
|
| 2. |
- Atif, Yacine, 1967-, et al.
(författare)
-
Multi-agent Systems for Power Grid Monitoring : Technical report for Package 4.1 of ELVIRA project
- 2018
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- This document reports a technical description of ELVIRA project results obtained as part of Work- package 4.1 entitled “Multi-agent systems for power Grid monitoring”. ELVIRA project is a collaboration between researchers in School of IT at University of Skövde and Combitech Technical Consulting Company in Sweden, with the aim to design, develop and test a testbed simulator for critical infrastructures cybersecurity. This report outlines intelligent approaches that continuously analyze data flows generated by Supervisory Control And Data Acquisition (SCADA) systems, which monitor contemporary power grid infrastructures. However, cybersecurity threats and security mechanisms cannot be analyzed and tested on actual systems, and thus testbed simulators are necessary to assess vulnerabilities and evaluate the infrastructure resilience against cyberattacks. This report suggests an agent-based model to simulate SCADA- like cyber-components behaviour when facing cyber-infection in order to experiment and test intelligent mitigation mechanisms.
|
|
| 3. |
- Jiang, Yuning, 1993-, et al.
(författare)
-
A Language and Repository for Cyber Security of Smart Grids
- 2018
-
Ingår i: 2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC 2018). - Los Alamitos, CA : IEEE. - 9781538641392 ; , s. 164-170
-
Konferensbidrag (refereegranskat)abstract
- Power grids form the central critical infrastructure in all developed economies. Disruptions of power supply can cause major effects on the economy and the livelihood of citizens. At the same time, power grids are being targeted by sophisticated cyber attacks. To counter these threats, we propose a domain-specific language and a repository to represent power grids and related IT components that control the power grid. We apply our tool to a standard example used in the literature to assess its expressiveness.
|
|
| 4. |
- Jiang, Yuning, 1993-, et al.
(författare)
-
A selective ensemble model for cognitive cybersecurity analysis
- 2021
-
Ingår i: Journal of Network and Computer Applications. - : Elsevier. - 1084-8045 .- 1095-8592. ; 193
-
Tidskriftsartikel (refereegranskat)abstract
- Dynamic data-driven vulnerability assessments face massive heterogeneous data contained in, and produced by SOCs (Security Operations Centres). Manual vulnerability assessment practices result in inaccurate data and induce complex analytical reasoning. Contemporary security repositories’ diversity, incompleteness and redundancy contribute to such security concerns. These issues are typical characteristics of public and manufacturer vulnerability reports, which exacerbate direct analysis to root out security deficiencies. Recent advances in machine learning techniques promise novel approaches to overcome these notorious diversity and incompleteness issues across massively increasing vulnerability reports corpora. Yet, these techniques themselves exhibit varying degrees of performance as a result of their diverse methods. We propose a cognitive cybersecurity approach that empowers human cognitive capital along two dimensions. We first resolve conflicting vulnerability reports and preprocess embedded security indicators into reliable data sets. Then, we use these data sets as a base for our proposed ensemble meta-classifier methods that fuse machine learning techniques to improve the predictive accuracy over individual machine learning algorithms. The application and implication of this methodology in the context of vulnerability analysis of computer systems are yet to unfold the full extent of its potential. The proposed cognitive security methodology in this paper is shown to improve performances when addressing the above-mentioned incompleteness and diversity issues across cybersecurity alert repositories. The experimental analysis conducted on actual cybersecurity data sources reveals interesting tradeoffs of our proposed selective ensemble methodology, to infer patterns of computer system vulnerabilities.
|
|
| 5. |
- Jiang, Yuning, 1993-, et al.
(författare)
-
A Semantic Framework With Humans in the Loop for Vulnerability-Assessment in Cyber-Physical Production Systems
- 2020
-
Ingår i: Risks and Security of Internet and Systems. - Cham : Springer. - 9783030415679 - 9783030415686 ; , s. 128-143
-
Konferensbidrag (refereegranskat)abstract
- Criticalmanufacturingprocessesinsmartnetworkedsystems such as Cyber-Physical Production Systems (CPPSs) typically require guaranteed quality-of-service performances, which is supported by cyber- security management. Currently, most existing vulnerability-assessment techniques mostly rely on only the security department due to limited communication between di↵erent working groups. This poses a limitation to the security management of CPPSs, as malicious operations may use new exploits that occur between successive analysis milestones or across departmental managerial boundaries. Thus, it is important to study and analyse CPPS networks’ security, in terms of vulnerability analysis that accounts for humans in the production process loop, to prevent potential threats to infiltrate through cross-layer gaps and to reduce the magnitude of their impact. We propose a semantic framework that supports the col- laboration between di↵erent actors in the production process, to improve situation awareness for cyberthreats prevention. Stakeholders with dif- ferent expertise are contributing to vulnerability assessment, which can be further combined with attack-scenario analysis to provide more prac- tical analysis. In doing so, we show through a case study evaluation how our proposed framework leverages crucial relationships between vulner- abilities, threats and attacks, in order to narrow further the risk-window induced by discoverable vulnerabilities.
|
|
| 6. |
- Jiang, Yuning, 1993-, et al.
(författare)
-
Agent Based Testbed Design for Cyber Vulnerability Assessment in Smart-Grids
- 2018
-
Konferensbidrag (övrigt vetenskapligt/konstnärligt)abstract
- Smart grid employs Information and Communication Technology (ICT) infrastructure and network connectivity to optimize efficiency and deliver new functionalities. This evolution is associated with an increased risk for cybersecurity threats that may hamper smart grid operations. Power utility providers need tools for assessing risk of prevailing cyberthreats over ICT infrastructures. The need for frameworks to guide the development of these tools is essential to define and reveal vulnerability analysis indicators. We propose a data-driven approach for designing testbeds to allow the simulation of cyberattacks in order to evaluate the vulnerability and the impact of cyber threat attacks. The proposed framework uses data reported from multiple smart grid components at different smart grid architecture layers, including physical, control, and cyber layers. The multi-agent based framework proposed in this paper would analyze the conglomeration of these data reports to assert malicious attacks.
|
|
| 7. |
- Jiang, Yuning, 1993-, et al.
(författare)
-
An Approach to Discover and Assess Vulnerability Severity Automatically in Cyber-Physical Systems
- 2020
-
Ingår i: Proceedings of the 13th International Conference on Security of Information and Networks. - New York, NY, USA : Association for Computing Machinery (ACM). - 9781450387514
-
Konferensbidrag (refereegranskat)abstract
- Current vulnerability scoring mechanisms in complex cyber-physical systems (CPSs) face challenges induced by the proliferation of both component versions and recurring scoring-mechanism versions. Different data-repository sources like National Vulnerability Database (NVD), vendor websites as well as third party security tool analysers (e.g. ICS CERT and VulDB) may provide conflicting severity scores. We propose a machine-learning pipeline mechanism to compute vulnerability severity scores automatically. This method also discovers score correlations from established sources to infer and enhance the severity consistency of reported vulnerabilities. To evaluate our approach, we show through a CPS-based case study how our proposed scoring system automatically synthesises accurate scores for some vulnerability instances, to support remediation decision-making processes. In this case study, we also analyse the characteristics of CPS vulnerability instances.
|
|
| 8. |
- Jiang, Yuning, 1993-, et al.
(författare)
-
Complex Dependencies Analysis : Technical Description of Complex Dependencies in Critical Infrastructures, i.e. Smart Grids. Work Package 2.1 of the ELVIRA Project
- 2018
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- This document reports a technical description of ELVIRA project results obtained as part of Work-package 2.1 entitled “Complex Dependencies Analysis”. In this technical report, we review attempts in recent researches where connections are regarded as influencing factors to IT systems monitoring critical infrastructure, based on which potential dependencies and resulting disturbances are identified and categorized. Each kind of dependence has been discussed based on our own entity based model. Among those dependencies, logical and functional connections have been analysed with more details on modelling and simulation techniques.
|
|
| 9. |
- Jiang, Yuning, 1993-, et al.
(författare)
-
Cyber-Physical Systems Security Based on A Cross-Linked and Correlated Vulnerability Database
- 2019
-
Ingår i: Critical Information Infrastructures Security. - Cham : Springer. - 9783030376697 - 9783030376703 ; , s. 71-82
-
Bokkapitel (refereegranskat)abstract
- Recent advances in data analytics prompt dynamic datadriven vulnerability assessments whereby data contained from vulnerabilityalert repositories as well as from Cyber-physical System (CPS) layer networks and standardised enumerations. Yet, current vulnerability assessment processes are mostly conducted manually. However, the huge volume of scanned data requires substantial information processing and analytical reasoning, which could not be satisfied considering the imprecision of manual vulnerability analysis. In this paper, we propose to employ a cross-linked and correlated database to collect, extract, filter and visualise vulnerability data across multiple existing repositories, whereby CPS vulnerability information is inferred. Based on our locally-updated database, we provide an in-depth case study on gathered CPS vulnerability data, to explore the trends of CPS vulnerability. In doing so, we aim to support a higher level of automation in vulnerability awareness and back risk-analysis exercises in critical infrastructures (CIs) protection.
|
|
| 10. |
- Jiang, Yuning, 1993-, et al.
(författare)
-
Data Fusion Framework for Cyber Vulnerability Assessment in Smart Grid
- 2018
-
Annan publikation (övrigt vetenskapligt/konstnärligt)abstract
- Smart grid adopts ICT to enhance power-delivery management. However, these advanced technologies also introduce an increasing amount of cyber threats. Cyber threats occur because of vulnerabilities throughout smart-grid layers. Each layer is distinguished by typical data flows. For example, power-data stream flows along the physical layer; command data are pushed to and pulled from sensor-control devices, such as RTUs and PLCs. Vulnerabilities expose these data flows to cyber threat via communication networks, such as local control network, vendor network, corporate network and the wider internet. Thus, these data could be used to analyse vulnerabilities against cyber threats. After data collection, data analysis and modelling techniques would be used for vulnerability assessment.
|
|
