Rongyao Cai,Xiao Xv,Zhengming Lu,Kexin Zhang,Yong Liu

DOI: https://doi.org/10.1109/isas61044.2024.10552597

2024-01-01

Abstract:Fault tree analysis is the most commonly used methodology in industrial safety analysis to predict the probability or frequency of system failure. Although fault tree analysis has been proposed for more than six decades, the assumptions used in most commercial fault tree analysis codes have not changed significantly, which limits the ability of the method to represent design, operation, and maintenance characteristics in the context of the increasing complexity and specialization of modern industrial systems. The basic setup of traditional fault trees is unable to include dependencies between events, time-varying failures, and repair rate realities to explain complex maintenance strategies. To address the above shortcomings, we propose a fusion tree model combining fault tree and attack tree, and simplify the causal structure of the fusion tree by modularization, and utilize the dynamic Markov model to represent the complex coupling relationship between components or nodes. Finally, we demonstrate the calculation process of fusion tree in pressure vessel systems with temporal control.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

Daojing He,Sammy Chan,Yan Zhang,Chunming Wu,Bing Wang

DOI: https://doi.org/10.1109/mis.2013.105

IF: 6.744

2014-01-01

IEEE Intelligent Systems

Abstract:Attack-defense models play an important role in the design of cybersecurity systems. Here, the authors review some traditional and prevailing attack-defense models along with their weaknesses. Then, they survey some recently proposed paradigm shifts to these models based on which more effective security strategies can be designed. Further, they provide some suggestions on how to adopt the new models, and present challenges that need to be addressed in this field.

张恺伦,江全元

2013-01-01

Abstract:With the promotion and application of wide area measurement systems (WAMS) in power system, the security of its communication system is attracting a growing body of research. To analyze the vulnerability of WAMS communication infrastructures when facing network intrusions, an assessing method of vulnerability based on attack tree model is proposed. First, the attack tree model of WAMS communication system is established, which directly reflects the intrusion scenarios when the system is maliciously attacked. Second, a more reasonable assessing method for the vulnerability of passwords and ports is proposed, as well as the vulnerability of the system with all scenarios taken into consideration. Finally, the paper puts forth the concept of vulnerability sensitivity, which can quantitatively evaluate the effect of changes in the leaf vulnerability on the system, so as to find out the critical port.

Yuehai Wang,Menghan Xu,Hongling Zhao,Jiaojiao Li

DOI: https://doi.org/10.2991/meic-15.2015.136

2015-01-01

Abstract:In analog circuit automatic generating fault tree field, several problems are as below: currently the fault tree model had not strong structural to provide the detail realization method to automatic generating fault tree and only used Support Vector Machine algorithm to automatic generating fault tree the accuracy and stability are insufficient, the generating fault tree method is non-portable. Paper combines the SVM algorithm and the fault tree model based on IEEE 1232, analyzes the characteristics of the new fault tree model, designs and put forwards the automatic generating fault tree method, the stability and the accuracy of the generated fault tree are improved, and the portability of the automatic generating fault tree method is strengthened. Paper designs and implements the automatic generating fault tree model based on IEEE1232; the results show that the feasibility of the plan, the accuracy and the stability of the new fault tree model are improved.

Yan Luo,Qinghua Liu,Yuelei Xie

DOI: https://doi.org/10.3969/j.issn.1673-808X.2014.02.011

2014-01-01

Abstract:In order to ensure the safety of the running train,fault tree analysis is applied into the early warning (EW)module of the train data showing center.A fault tree of equipment system is established,then the quantitative and qualitative analy-sis of the fault tree model is carried out,and the equivalent model of the system and fault probability is obtained.The DS system will make the corresponding alert by comparing the failure probability with the prior warning threshold.The applica-tion result shows that FTA is an effective way to diagnose system fault for the security of the running train.

Xueqin Gao,Tao Shang,Da Li,Jianwei Liu

DOI: https://doi.org/10.1109/pst55820.2022.9851965

2022-01-01

Abstract:SCADA systems are one of the critical infrastructures and face many security threats. Attackers can control SCADA systems through network attacks, destroying the normal operation of the power system. It is important to conduct a risk assessment of security threats on SCADA systems. However, existing models for risk assessment using attack trees mainly focus on describing possible intrusions rather than the interaction between threats and defenses. In this paper, we comprehensively consider intrusion likelihood and defense capability and propose a quantitative risk assessment model of security threats based on attack countermeasure tree (ACT). Each leaf node in ACT contains two attributes: exploitable vulnerabilities and defense countermeasures. An attack scenario can be constructed by means of traversing the leaf nodes. We set up six indicators to evaluate the impact of security threats in attack scenarios according to NISTIR 7628 standard. Experimental results show the attack probability of security threats and high-risk attack scenarios in SCADA systems. We can improve defense countermeasures to protect against security threats corresponding to high-risk scenarios. In addition, the model can continually update risk assessments based on the implementation of the system’s defensive countermeasures.

Zhen Li,Zhengqi Jiang,Dongsheng Wang,Zhaobin Wang

DOI: https://doi.org/10.1109/access.2020.3022016

IF: 3.9

2020-01-01

IEEE Access

Abstract:With the increasing scale and complexity of system, it is very necessary to analyze the safety of complex system. Fault tree is an effective method to safety analysis. However, traditional fault tree relies on manual construction and analysis. When fault nodes and systems are complex, the efficiency and correctness of manual analysis can hardly be guaranteed. To the varied understanding of analysts, it is difficult to ensure the consistency of failure mode and system architecture due to the different understanding from safety analysts and system designers. The same node needs fault analysis again in different systems, which has poor reusability and low efficiency. AltaRica is a fault-oriented Safety Modeling Language. It takes the guard transformation system(GTS) as its core, describes nodes and faults with a style of reusable object-oriented language, and describes information of interaction between nodes and systems through interface connections between nodes and nested systems. Therefore, this paper proposed an automatic system modeling and fault analysis method and its detailed computer algorithm on single class node, multiple nodes and nodes with subsystems based on AltaRica. Finally we developed a software prototype and carry out the automatic modeling and fault analysis in a detailed example. The results showed that the proposed method, algorithm and software prototype can realize automatic graphical modeling of the system on AltaRica, the automatic fault analysis is correct and efficient, has reusability of modeling and fault analysis, and greatly improve the accuracy, objectivity and efficiency of fault modeling and analysis.

Thi Kim Nhung Dang,Milan Lopuhaä-Zwakenberg,Mariëlle Stoelinga

2024-01-23

Abstract:Attack trees are important for security, as they help to identify weaknesses and vulnerabilities in a system. Quantitative attack tree analysis supports a number security metrics, which formulate important KPIs such as the shortest, most likely and cheapest attacks.

Cryptography and Security

yan fen,yin xinchun,huang hao

DOI: https://doi.org/10.1016/j.phpro.2012.02.260

2012-01-01

Physics Procedia

Abstract:In this paper, the method of modeling attack using attack tree is researched. The main goal is effectively using attack tree to model and express multi-stage network attacks. We expand and improve the traditional attack tree. The attack nodes in traditional attack tree are redefined, and the attack risk of leaf node is quantified. On those basis, the mentality and method of building MLL-AT (Multi-Level & Layer Attack Tree) are proposed. The improved attack tree can model attack more accurately, in particular to multi-stage network attacks. And the new model can also be used to evaluate system's risk, to distinguish between varying system security threat degrees caused by different attack sequences.

Tao Feng,Yanxia Shi,Renbin Gong,Qianchuan Zhao

DOI: https://doi.org/10.1109/icpics47731.2019.8942463

2019-01-01

Abstract:The information security problem of the industrial control system (ICS) has become prominent increasingly with the advancement of industry 4.0. The programmable logic controller (PLC) is the basic control device in the supervisory control and data acquisition (SCADA) of ICS. The stable operation of ICS is limited by the safety of PLC. In this paper, the PLC attack tree model, which targets the PLC equipment security, is built to analyze and evaluate the safety of PLC systematically. First, the attack path of the PLC has been analyzed. The attack nodes have been defined by employing the attack tree model. Second, the fuzzy analytic hierarchy process has been introduced to calculate the security attribute weight and quantify the attack probability of the leaf nodes. The Shapiro-Wilk test has been employed to ensure the normality of data. Finally, the attack probability of different attack paths has been calculated as the PLC attack tree model. The PLC attack tree model which proposed in this paper is employed to distinguish the probability of different attack paths. The proposed attack tree model provides a basis for decision- makers to take appropriate protective measures.

Simon Yusuf Enoch,Mengmeng Ge,Jin B. Hong,Dong Seong Kim

DOI: https://doi.org/10.1109/rams48097.2021.9605784

2021-05-24

Abstract:Summary & Conclusions Model-based evaluation in cybersecurity has a long history. Attack Graphs (AGs) and Attack Trees (ATs) were the earlier developed graphical security models for cybersecurity analysis. However, they have limitations (e.g., scalability problem, state-space explosion problem, etc.) and lack the ability to capture other security features (e.g., countermeasures). To address the limitations and to cope with various security features, a graphical security model named attack countermeasure tree (ACT) was developed to perform security analysis by taking into account both attacks and countermeasures. In our research, we have developed different variants of a hierarchical graphical security model to solve the complexity, dynamicity, and scalability issues involved with security models in the security analysis of systems. In this paper, we summarize and classify security models into the following; graph-based, tree-based, and hybrid security models. We discuss the development of a hierarchical attack representation model (HARM) and different variants of the HARM, its applications, and usability in a variety of domains including the Internet of Things (IoT), Cloud, Software- Defined Networking, and Moving Target Defenses. Moreover, we discuss the pros and cons of each variant of HARM based on its applications and usage. Furthermore, several security metrics have been developed to be used with the graphical security model (including HARMs) to analyze the security posture of the systems and evaluate the effectiveness of defense mechanisms which is also being taken as input into optimization algorithms to compute optimal defense deployment. Thus, we provide the classification of the security metrics, including their discussions. Finally, we highlight existing problems and suggest future research directions in the area of graphical security models and applications. As a result of this work, a decision-maker can understand which type of HARM will suit their network or security analysis requirements.

Changyong Chu,Weikang Yang,Yajun Chen

DOI: https://doi.org/10.3390/s24186021

IF: 3.9

2024-09-19

Sensors

Abstract:As embedded systems become increasingly complex, traditional reliability analysis methods based on text alone are no longer adequate for meeting the requirements of rapid and accurate quantitative analysis of system reliability. This article proposes a method for automatically generating and quantitatively analyzing dynamic fault trees based on an improved system model with consideration for temporal characteristics and redundancy. Firstly, an "anti-semantic" approach is employed to automatically explore the generation of fault modes and effects analysis (FMEA) from SysML models. The evaluation results are used to promptly modify the system design to meet requirements. Secondly, the Profile extension mechanism is used to expand the SysML block definition diagram, enabling it to describe fault semantics. This is combined with SysML activity diagrams to generate dynamic fault trees using traversal algorithms. Subsequently, parametric diagrams are employed to represent the operational rules of logic gates in the fault tree. The quantitative analysis of dynamic fault trees based on probabilistic models is conducted within the internal block diagram of SysML. Finally, through the design and simulation of the power battery management system, the failure probability of the top event was obtained to be 0.11981. This verifies that the design of the battery management system meets safety requirements and demonstrates the feasibility of the method.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Carlos E. Budde,Mariëlle Stoelinga

DOI: https://doi.org/10.1109/CSF51468.2021.00041

2021-05-22

Abstract:Numerous analysis methods for quantitative attack tree analysis have been proposed. These algorithms compute relevant security metrics, i.e. performance indicators that quantify how good the security of a system is, such as the most likely attack, the cheapest, or the most damaging one. This paper classifies attack trees in two dimensions: proper trees vs. directed acyclic graphs (i.e. with shared subtrees); and static vs. dynamic gates. For each class, we propose novel algorithms that work over a generic attribute domain, encompassing a large number of concrete security metrics defined on the attack tree semantics. We also analyse the computational complexity of our methods.

Cryptography and Security,Data Structures and Algorithms

陈秀真,郑庆华,管晓宏,林晨光

DOI: https://doi.org/10.3321/j.issn:0253-987X.2004.12.005

2004-01-01

Abstract:Aiming at the weakness of being unable to evaluate the threat of combination of vulnerabilities on network security for most systems of security evaluation, a novel model of security evaluation based on rough set theory was put forward. This model considered the vulnerability as a security factor and the security evaluation model was built from historical evaluation records by using attribute reduction. Further, the measurement model of hierarchical security risk with three levels: security factor, service and host computer, was built, which calculated the security risk of the host by weighting the importance of service and security factor, then the security situation of the system was analyzed and evaluated. Compared with other evaluation methods, this method can create a rule-based model of security evaluation automatically and has advantage of evaluating threat of isolated security factor and combination of security factors on the same host. It can also monitor the impact of changes of the system configuration on system security. Nine useful rules for security evaluation were discovered from 7 days' evaluation records and security situation curves were established through simulation experiment, which shows that evaluation results by our method are more accurate and intuitive than others.

Guodong Chen,Yanyi Huang

DOI: https://doi.org/10.1109/CSSS.2011.5974699

2011-01-01

Abstract:To resolve this issue of the documentation description and refined extent of the enhanced attack tree model, defined and formated to the type and the properties of the enhanced attack tree nodes, by the inductive analysis of the attack behavior, determined the level of abstraction of the enhanced attack tree model, achieved the format description of the attack behavior, established an effective attack pattern library; Moreover, by the classification of the attack behavior from the attack phase, the type of attacked operating system and the type of attacked target, achieved a pre-compiled attacks, reduced the search space of the attack pattern and improved the network attack graph generation speed and efficiency.

Raffaela Groner,Thomas Witte,Alexander Raschke,Sophie Hirn,Irdin Pekaric,Markus Frick,Matthias Tichy,Michael Felderer

DOI: https://doi.org/10.1007/978-3-031-40923-3_9

2023-09-19

Abstract:Joint safety and security analysis of cyber-physical systems is a necessary step to correctly capture inter-dependencies between these properties. Attack-Fault Trees represent a combination of dynamic Fault Trees and Attack Trees and can be used to model and model-check a holistic view on both safety and security. Manually creating a complete AFT for the whole system is, however, a daunting task. It needs to span multiple abstraction layers, e.g., abstract application architecture and data flow as well as system and library dependencies that are affected by various vulnerabilities. We present an AFT generation tool-chain that facilitates this task using partial Fault and Attack Trees that are either manually created or mined from vulnerability databases. We semi-automatically create two system models that provide the necessary information to automatically combine these partial Fault and Attack Trees into complete AFTs using graph transformation rules.

Cryptography and Security,Formal Languages and Automata Theory,Software Engineering

CHEN Chun-xia,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.07.040

2005-01-01

Abstract:It needs to further investigate t echnology of network attack to protect the network security. Attack models can help in describing and analyzing the course of attack structurely and effectively, further more, they can help in sharing the security knowledge and improving the efficiency of attack detectio n and security prediction. This article analyzes and compares several attack mod els in common use at present,and then prospects the future directions of attack model research in the end.

Wei Wang,Guangsong Li,Keke Gai,Yazhe Tang,Benchao Yang,Xueming Si

DOI: https://doi.org/10.1002/CPE.6035

2022-01-01

Concurrency and Computation: Practice and Experience

Abstract:With the development and popularization of Internet technology, network security has become the focus of attention. Vulnerabilities and back doors are regarded as two of the main reasons of network security problems. Dynamic heterogeneous redundant (DHR) architecture is a typical framework of cyberspace mimic defense. It can make use of untrusted hardware and software components to construct a high reliable and high security information system. In this article, a mathematical model is set up for the DHR architecture, and the system security is characterized by vulnerability consistency rate and success rate of system attack. The antiattack ability of the DHR system is analyzed using the mathematical model.

Milan Lopuhaä-Zwakenberg

2024-08-13

Abstract:Adequate risk assessment of safety critical systems needs to take both safety and security into account, as well as their interaction. A prominent methodology for modeling safety and security are attack-fault trees (AFTs), which combine the well-established fault tree and attack tree methodologies for safety and security, respectively. AFTs can be used for quantitative analysis as well, capturing the interplay between safety and security metrics. However, existing approaches are based on modeling the AFT as a priced-timed automaton. This allows for a wide range of analyses, but Pareto analsis is still lacking, and analyses that exist are computationally expensive. In this paper, we combine safety and security analysis techniques to introduce a novel method to find the Pareto front between the metrics reliability (safety) and attack cost (security) using Markov decision processes. This gives us the full interplay between safety and security while being considerably more lightweight and faster than the automaton approach. We validate our approach on a case study of cyberattacks on an oil pipe line.

Cryptography and Security