Rongyao Cai,Xiao Xv,Zhengming Lu,Kexin Zhang,Yong Liu

DOI: https://doi.org/10.1109/isas61044.2024.10552597

2024-01-01

Abstract:Fault tree analysis is the most commonly used methodology in industrial safety analysis to predict the probability or frequency of system failure. Although fault tree analysis has been proposed for more than six decades, the assumptions used in most commercial fault tree analysis codes have not changed significantly, which limits the ability of the method to represent design, operation, and maintenance characteristics in the context of the increasing complexity and specialization of modern industrial systems. The basic setup of traditional fault trees is unable to include dependencies between events, time-varying failures, and repair rate realities to explain complex maintenance strategies. To address the above shortcomings, we propose a fusion tree model combining fault tree and attack tree, and simplify the causal structure of the fusion tree by modularization, and utilize the dynamic Markov model to represent the complex coupling relationship between components or nodes. Finally, we demonstrate the calculation process of fusion tree in pressure vessel systems with temporal control.

Xiu-Zhen Chen,Qing-Hua Zheng,Xiao-Hong Guan,Chen-Guang Lin,Jie Sun

DOI: https://doi.org/10.1016/j.cose.2004.08.009

IF: 5.105

2005-01-01

Computers & Security

Abstract:How to evaluate network security threat quantitatively is one of key issues in the field of network security, which is vital for administrators to make decision on the security of computer networks. A novel model of security threat evaluation with a series of quantitative indices is proposed on the analysis of prevalent network intrusions. This model is based on multiple behavior information fusion and two indices of privilege validity and service availability that are proposed to evaluate the impact of prevalent network intrusions on system security, so as to provide security evolution over time, i.e., monitor security changes with respect to modification of security factors. The Markov model and the algorithm of D-S evidence reasoning are proposed to measure these two indices, respectively. Compared with other methods, this method mitigates the impact of unsuccessful intrusions on threat evaluation. It evaluates the impact of important intrusions on system security comprehensively and helps administrators to insight into intrusion steps, determine security state and identify dangerous intrusion traces. Testing in a real network environment shows that this method is reasonable and feasible in alleviating the tremendous task of data analysis and facilitating the understanding of the security evolution of the system for its administrators.

Hao Hu,Hongqi Zhang,Yingjie Yang

DOI: https://doi.org/10.1007/s11042-017-5602-0

IF: 2.577

2018-01-15

Multimedia Tools and Applications

Abstract:Multimedia communication network has gained remarkable popularity by a wide spectrum of users nowadays. It is easier that the potential threats conceal within the large-scale net flow of multimedia communication traffic. Once vulnerability exploitation occurs, the latent risk will be brought to the surface, causing a series of safety problems. Thus, the vulnerability analysis and threat prediction are becoming critical issues. Recently years, many investigations have been made. However, they are not sufficient. To provide a comprehensive view of the threat scenario and present a quantitative risk-aware approach, we propose a novel method for threat identification, and further we build a quantitative security risk model with it. Actually, two algorithms are proposed, namely dynamic Bayesian attack graph based threat prediction algorithm, and threat prediction based security risk quantification algorithm. The first algorithm aims to provide full prediction information with threat scenario. The second algorithm quantifies the threat in the first algorithm into the security risk from two levels: host and network. The examples indicate that our method is feasible and scalable, which enables a manager to quantify the risks of any identified threat or ongoing attack and to recognize the vulnerable multimedia devices to keep secure multimedia communication.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Xiaoli Lin,Yu Yao,Bo Hu,Wei Yang,Xiaoming Zhou,Wenjie Zhang

DOI: https://doi.org/10.1016/j.segan.2024.101325

2024-02-25

Sustainable Energy, Grids and Networks

Abstract:Risk assessment is an effective way to counter cyber-attacks on the power communication network. However, many existing methods are imbalanced and overlook the security state of the attack source, leading to inaccuracies. To address these shortcomings, this paper presents a cyber risk visual analytics framework that effectively combines cyber risk assessment with network alarm visual analytics. For the imbalanced assessment, we propose a weighted risk expectation that considers the security states of the attack sources as well as multiple significant attack factors. We introduce a new node centrality called directed weighted degree (DW-Degree), which considers not only the heterogeneity of edge directions, but also the impact propagated from/to the non-adjacent reachable nodes. Combining weighted risk expectation (WRE) and DW-Degree centrality (DC), we present an improved risk assessment method (WRE-DC) for network nodes and perform real-time risk assessment using WRE-DC and sliding window technique. In addition, a novel visual analysis system based on the real-time WRE-DC results and network alarms has been developed to improve the analysis of complex network risks. The experimental results obtained from real network alarm data confirm the effectiveness of the proposed method in significantly improving the accuracy of network node risk assessment.

energy & fuels,engineering, electrical & electronic

Yikun Zhu,Zhiling Du

DOI: https://doi.org/10.1155/2021/5527746

2021-05-31

Scientific Programming

Abstract:In today’s increasingly severe network security situation, network security situational awareness provides a more comprehensive and feasible new idea for the inadequacy of various single solutions and is currently a research hotspot in the field of network security. At present, there are still gaps or room for improvement in network security situational awareness in terms of model scheme improvement, comprehensive and integrated consideration, algorithm design optimization, etc. A lot of scientific research investments and results are still needed to improve the form of network security in a long and solid way. In this paper, we propose a network security posture assessment model based on time-varying evidence theory for the existing multisource information fusion technology that lacks consideration of the problem of threat occurrence support rate over time and make the threat information reflect the law of time change by introducing a time parameter in the basic probability assignment value. Thus, the existing hierarchical threat posture quantitative assessment technique is improved and a hierarchical multisource network security threat posture assessment model based on time-varying evidence theory is proposed. Finally, the superiority of the proposed model is verified through experiments.

computer science, software engineering

Yuanjie Zhou,Guomin Zhang,Qingyi Li,Weiming Teng,Qinmin Yang

DOI: https://doi.org/10.1109/iccss52145.2020.9336888

2020-01-01

Abstract:Long-distance pipeline is the important way for transporting resources such as oil and natural gas. At present, construction activities along the pipeline have become one of the important threats for pipeline security. In this paper, by laying distributed optical fiber sensors along the pipeline, the phase-sensitive optical time domain reflectometer (φ-OTDR) technology is utilized to monitor the vibration signal along the pipeline. A data-driven warming scheme is designed based on multi-model fusion to decrease the false alarm rate resulted from the complex environment and external disturbances. The scheme consists of data preprocessing, feature extraction and multi-model fusion method. By this means, a more accurate warning system of distributed optical fibers is realized. Experimental studies have also been conducted to validate its practicability.

Guangjie Zhang,Xiaobo Tan

DOI: https://doi.org/10.1117/12.2675117

2023-05-25

Abstract:In the research of network security situational awareness, an important problem that needs to be solved urgently is that in the face of a large number of noisy multi-source data, the accuracy of obtaining network security situational awareness indicators will be affected. This paper proposes a data fusion processing method based on deep neural network to solve the above problems, which first uses natural language processing technology to process high-noise data in the data, and does a good job of word reduction of the data through the WordNetLemmatizer module. The TF-IDF feature extraction algorithm is applied to extract features through the frequency of data occurrence and the weight of the data. The experimental results show that the accuracy of obtaining network security situational awareness indicators by using the data fusion method based on deep neural network reaches more than 85% compared with the data fusion methods of other machine learning algorithms, and can be applied to the network security situational awareness model.

Computer Science,Engineering

XiaoLin Cui,Xiaobin Tan,Yong Zhang,Hongsheng Xi

DOI: https://doi.org/10.1109/CSSE.2008.949

2008-01-01

Abstract:Risk assessment is a very important tool to acquire a present and future security status of the network information system. Many risk assessment approaches consider the present system security status, while the future security status, which also has an impact on assessing the system risk, is not taken into consideration. In this paper we propose a novel risk assessment model based on Markov game theory. In this model, all of the possible risk in the future will impact on the present risk assessment. The farther away from now, the smaller impact on the risk assessment it has. After acquiring the system security status, we proposed an automatic generated reinforcement scheme which will provide a great convenience to the system administrator. A software tool is developed to demonstrate the performance of the risk assessment of a network information system and a simulation example shows the effectiveness of the proposed model. © 2008 IEEE.

Rong Zeng,Yijia Cao,Yong Li,Sijia Hu,Xia Shao,Liwei Xie,Liang Hou,Long Zhao,Mohammad Shahidehpour

DOI: https://doi.org/10.1109/tsg.2023.3302287

IF: 10.275

2023-01-01

IEEE Transactions on Smart Grid

Abstract:The power system has become the key target of national cyber confrontation. To enhance the risk management capability of the distribution network (DN) while assessing the cyberattack risk quickly and accurately, this paper proposes a general real-time cyberattack risk assessment method for DN involving the influence of distributed feeder automation systems (DFAs). In particular, to clarify the quantitative relationship between cyberattack intrusion and DN state deterioration, we constructed the quantitative model of the cyber physical distribution network (CPDN) under cyberattack, which involves the influence of DFAs’ behavior. In addition, in order to intuitively demonstrate the cyberattack risk, we developed a novel entropy-like risk assessment system upon the quantitative model of CPDN. The real two-feeder test platform with cyberattack simulation devices is used to verify the correctness and practicality of the proposed method. In this process, a digital cyberattack risk assessment unit is created, contributing to the system-level application of risk management.

engineering, electrical & electronic

Xunjia Zheng,Bin Huang,Daiheng Ni,Qing Xu

DOI: https://doi.org/10.1108/jicv-02-2018-0004

2018-01-01

Journal of Intelligent and Connected Vehicles

Abstract:Purpose - The purpose of this paper is to accurately capture the risks which are caused by each road user in time. Design/methodology/approach - The authors proposed a novel risk assessment approach based on the multi-sensor fusion algorithm in the real traffic environment. Firstly, they proposed a novel detection-level fusion approach for multi-object perception in dense traffic environment based on evidence theory. This approach integrated four states of track life into a generic fusion framework to improve the performance of multi-object perception. The information of object type, position and velocity was accurately obtained. Then, they conducted several experiments in real dense traffic environment on highways and urban roads, which enabled them to propose a novel road traffic risk modeling approach based on the dynamic analysis of vehicles in a variety of driving scenarios. By analyzing the generation process of traffic risks between vehicles and the road environment, the equivalent forces of vehicle–vehicle and vehicle–road were presented and theoretically calculated. The prediction steering angle and trajectory were considered in the determination of traffic risk influence area. Findings - The results of multi-object perception in the experiments showed that the proposed fusion approach achieved low false and missing tracking, and the road traffic risk was described as a field of equivalent force. The results extend the understanding of the traffic risk, which supported that the traffic risk from the front and back of the vehicle can be perceived in advance. Originality/value - This approach integrated four states of track life into a generic fusion framework to improve the performance of multi-object perception. The information of object type, position and velocity was used to reduce erroneous data association between tracks and detections. Then, the authors conducted several experiments in real dense traffic environment on highways and urban roads, which enabled them to propose a novel road traffic risk modeling approach based on the dynamic analysis of vehicles in a variety of driving scenarios. By analyzing the generation process of traffic risks between vehicles and the road environment, the equivalent forces of vehicle–vehicle and vehicle–road were presented and theoretically calculated.

Kunfu Wang,Wei Feng,Xing Li

DOI: https://doi.org/10.12783/dtcse/ccnt2020/35444

2021-01-01

DEStech Transactions on Computer Science and Engineering

Abstract:In order to assist network administrators to assess network security risks, a new Bayesian model of network risk assessment method is proposed. Firstly, the model designs the quantitative method of attack revenue and attack cost index, introduces the atomic attack efficiency variable, and integrates the variable into the calculation of probability, obtains the prior risk probability of each node in the network, so as to carry out the static evaluation of network risk. Secondly, DNO_Alg of deleting node order is proposed to determine the order of eliminating elements, so that Bayesian model can be transformed into cluster tree. Finally, combined with the detected attacks, the cluster tree propagation algorithm is used to dynamically calculate the posterior risk probability of nodes, so as to evaluate the network risk in real time.

Yaofang Zhang,Zibo Wang,Yingzhou Wang,Kuan Lin,Tongtong Li,Hongri Liu,Chao Li,Bailing Wang

DOI: https://doi.org/10.1007/s11227-023-05269-1

IF: 3.3

2023-04-22

The Journal of Supercomputing

Abstract:Although the expansion of attack types against industrial control systems is limited, the available means that violate the same security strategy emerge endlessly. However, the high availability and real-time requirements of industrial control systems restrict the application of some countermeasures that require massive resources. To solve this problem, this paper proposes a low learning-cost risk assessment model for similar scenarios, which enables the formulation of defense strategies for system risks in advance. To lay the foundation for this method, we firstly aggregate the attack means into limited attack types according to word clustering to address the classification challenge caused by unknown attacks. Then, similarity and statistical methods are combined to predict the next attack type. Subsequently, the hidden Markov model is used to map attack types and security states to obtain the forecasting results of the next security state. Based on this, the risk value is calculated through these prediction and forecasting results, and the system relevance and alert timeliness are considered in the assessment stage. We break the scenario limitations and verify the advantages of our model in a known scenario and another similar scenario with unknown attacks. The experimental results show that our model can deal with unknown attacks in similar scenarios and has excellent scenario migration ability. Meanwhile, the changing trend of the risk value is in consistence with the actual data, which also confirms that the assessment model can forecast the future risk situation of the system accurately and comprehensively.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Weijian Li,Qianqian Jin,Bo Zhang,Qiang Liu,Yuanyi Xia

DOI: https://doi.org/10.1109/iaeac.2018.8577470

2018-01-01

Abstract:With the rapid development of Internet, the occurrence of information security events is having been more and more frequent, and the impact of the events is becoming more and more serious. The linkage policy decision facing the alert of security events is widely concerned, and it's also a difficult problem. In this paper, a multi factor linkage policy decision model is proposed. First, base on the given network configuration, system setting, and vulnerability information, the network attack graph is generated by MulVAL multi-stage and multi-step security analyzer. Then, the combination of attack graph and alert information to generate candidate linkage policy is further integrated. The attack chain after the enforcement of the assumed linkage policy is given, and the security risk of the system is calculated based on the popularity, ease and influence of the vulnerability. Finally, a reasonable security linkage policy is given in combination with the enforcement of the linkage policy and the impact on the security risk of the system. The experimental test results show that the method can analyze the influence of security policy from the overall system, and provide a feasible and effective security linkage policy for security administrators, which makes the administrator get rid of the problem of the decision of the linkage response policy of security events.

LIU Jie-ling,LING Xiao-bo,ZHANG Lei,WANG Bo,WANG Zhi-liang,LI Zi-mu,ZHANG Hui,YANG Jia-hai,WU Cheng-nan

DOI: https://doi.org/10.11896/jsjkx.210600171

2022-01-01

Computer Science

Abstract:Power system network is one of the important targets of cyber attack.In order to ensure the safe operation of power system,network managers need to evaluate the network security risk.Usually,existing network security risk assessment framework only aims at a single scenario,and can not find the strategic attackers who use a variety of low-risk methods to achieve high-risk threat targets from large quantities of network security alerts.In order to meet the above challenges,this paper proposes a network security risk assessment method based on tactical correlation.In this method,the warning information generated on va-rious network security detection devices when an attacker implements a multi-step attack is associated to form an attack chain,and the security risk of the organization intranet is evaluated by calculating the threat,vulnerability,impact score of each node in the attack chain and the risk score of the whole attack chain.In order to verify the effectiveness and robustness of the proposed method,this paper selects a representative example to illustrate the specific implementation process of the proposed method for network security risk assessment in the organizational intranet.The example shows that the network security risk assessment framework based on the tactical association can correctly assess the harm of multi-step attack caused by low-risk alarm association to achieve high-risk targets,and is more robust than the traditional single scenario analysis method,which can better provide decision-making basis for organization decision-makers in network security risk management.

Donghang Liu,Lihua Dong,Shaoqing Lv,Ying Dong,Fannv He,Chensi Wu,Yuqing Zhang,Hua Ma

DOI: https://doi.org/10.1007/978-3-319-64701-2_33

2017-01-01

Abstract:As an active topic in the research field, network security situation assessment can reflect the security situation from a global perspective. However, existing assessment approaches rely on detection threshold to make decisions, leading to massive false positives and false negatives. This paper proposes a confidence-based network security situation assessment approach that preserves the probability information in attack detection. We use the ensemble learning algorithm and D-S evidence theory to obtain the attack confidence, and calculate the network security situation value through the situation elements fusion. Experiment results demonstrate that this approach is effective and accurate.

Jun-Zheng Yang,Feng Liu,Yuan-Jie Zhao,Lu-Lu Liang,Jia-Yin Qi

DOI: https://doi.org/10.1109/dsc55868.2022.00010

2022-01-01

Abstract:Cybersecurity insurance is one of the important means of cybersecurity risk management and the development of cyber insurance is inseparable from the support of cyber risk assessment technology. Cyber risk assessment can not only help governments and organizations to better protect themselves from related risks, but also serve as a basis for cybersecurity insurance underwriting, pricing, and formulating policy content. Aiming at the problem that cybersecurity insurance companies cannot conduct cybersecurity risk assessments on policyholders before the policy is signed without the authorization of the policyholder or in legal, combining with the need that cybersecurity insurance companies want to obtain network security vulnerability risk profiles of policyholders conveniently, quickly and at low cost before the policy signing, this study proposed a non-intrusive network security vulnerability risk assessment method based on ensemble machine learning. Our model uses only open source intelligence and publicly available network information data to rate cyber vulnerability risk of an organization, achieving an accuracy of 70.6% compared to a rating based on comprehensive information by cybersecurity experts.

Fu-Hong Yang,Chi-Hung Chi,Lin Liu

DOI: https://doi.org/10.1007/11839569_28

2006-01-01

Abstract:A formal model of security risk assessment for an enterprise information security is developed. The model, called the Graph Model, is constructed based on the mapping of an enterprise IT infrastructure and networks/systems onto a graph. Components of the model include the nodes which represent hosts in enterprise network and their weights of importance and security, the connections of the nodes, and the safeguards used with their costs and effectiveness. The model can assist to identify inappropriate, insufficient or waste protector resources like safeguards that are relative to the needs of the protected resources, and then reallocates the funds or protector resources to minimize security risk. An example is provided to represent the optimization method and process. The goal of using Graph Model is to help enterprise decision makers decide whether their security investment is consistent with the expected risks and how to allocate the funds or protector resources.

Jian Jiao,Wenhao Li,Dongchao Guo

DOI: https://doi.org/10.3390/electronics13173350

IF: 2.9

2024-08-25

Electronics

Abstract:Network risk assessment should include the impact of the relationship between vulnerabilities, in order to conduct a more in-depth and comprehensive assessment of vulnerabilities and network-related risks. However, the impact of extracting the relationship between vulnerabilities mainly relies on manual processes, which are subjective and inefficient. To address these issues, this paper proposes a dual-layer knowledge representation model that combines various attributes and structural information of entities. This article first constructs a vulnerability knowledge graph and proposes a two-layer knowledge representation learning model based on it. Secondly, in order to more accurately assess the actual risk of vulnerabilities in specific networks, this paper proposes a vulnerability risk calculation model based on impact relationships, which realizes the risk assessment and ranking of vulnerabilities in specific network scenarios. Finally, based on the research on automatic prediction of the impact relationship between vulnerabilities, this paper proposes a new Bayesian attack graph network risk assessment model for inferring the possibility of device intrusion in the network. The experimental results show that the model proposed in this study outperforms traditional evaluation methods in relationship prediction tasks, demonstrating its efficiency and accuracy in complex network environments. This model achieves efficient resource utilization by simplifying training parameters and reducing the demand for computing resources. In addition, this method can quantitatively evaluate the success probability of attacking specific devices in the network topology, providing risk assessment and defense strategy support for network security managers.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yongqing Huang,Jin Gou,Zongwen Fan,Yongxin Liao,Yanmin Zhuang

DOI: https://doi.org/10.1016/j.jisa.2024.103790

IF: 4.96

2024-05-24

Journal of Information Security and Applications

Abstract:The diversification and complexity of network attacks pose a serious challenge to network security and lead to the phenomenon of overlapping attributes of network attack behaviors. In this context, traditional network attack detection methods are limited to single-label learning, which cannot effectively deal with complex and diverse network attacks. To better understand the relation between network attack behaviors and improve the effect of network security protection, we first analyze the well-known network attack datasets (UNSW-NB15 and CCCS-CIC-AndMal-2020) according to the proposed multi-label metrics. Subsequently, we propose a multi-label cyber-attack detection method based on two-stage model fusion. In the first stage, a category is selected based on the analysis of multi-label metrics, and binary classification is performed. In the second stage, the binary labels generated in the first stage are added to the feature space for the multi-label categorization. Experimental results show that the two-stage model fusion method effectively improves the performance of the baseline methods. In addition, we analyze the impact of different categories and binary classification performance for the multi-label detection. The experimental results show that, theoretically, when the binary classification accuracy of Normal and Adware reaches 77% and 95% respectively, the performance of the two-stage multi-label detection method exceeds the state-of-the-art methods. This indicates the effectiveness of the two-stage strategy used in our proposed method for improving the ability of multi-label network attack detection.

computer science, information systems

Yinfei Lv,Huorong Ren,Xuefeng Gao,Tong Sun,Haopeng Zhang,Xinyu Guo

DOI: https://doi.org/10.1007/978-3-030-65955-4_19

2020-01-01

Abstract:As the problem of network security becomes more and more serious, how to accurately perceive the current network security situation and discover the attack behavior in time has become the focus of research in the field of network security. This paper proposes a multi-scale risk assessment model for network security based on Long Short Term Memory neural network (LSTM). The model utilizes the wavelet transform to decompose network traffic time series into sub-sequences of various scales. The LSTM network is used to predict the sub-sequence of wavelet decomposition. By comparing the difference between the actual sub-sequence and the predicted sub-sequence, the model determines whether there is “anomaly” in the network traffic time series. The anomaly detection results of each sub-sequence are summarized into a network security risk value to assess the risk of network security. The introduction of the multi-scale technology improves the detection accuracy of network traffic time series anomaly detection and effectively enhances the reliability of the risk value.