Nianhua Yang,Huiqun Yu,Zhilin Qian,Hua Sun

DOI: https://doi.org/10.1016/j.mcm.2011.01.055

2012-01-01

Mathematical and Computer Modelling

Abstract:To quantitatively predict software security in the design phase, hierarchical software security modeling and evaluation methods are proposed based on Stochastic Petri Nets (SPNs). Hierarchical methods mitigate the state-space explosion problem in SPNs. An isomorphic Markov Chain (MC) is obtained from the component SPN model. The security prediction value is calculated based on the probability distribution of the MC in the steady state. A sensitivity analysis method is proposed through evaluating the derivative of the security evaluation prediction equation. It provides a means to identify and trace back to the critical components for security enhancing. Security prediction and sensitivity analysis in the design phase provide the possibility to investigate and compare different solutions to the target system before realization. A case study shows the applicability and feasibility of our method.

Juan Zou,Yong Wei,Weimin Wu

DOI: https://doi.org/10.1109/icnsc.2012.6204933

2012-01-01

Abstract:An emergency control system for shipping is an indispensable part of the modern maritime operation system. Petri nets are useful for describing and studying information processing systems that are characterized as being concurrent, distributed parallel and asynchronous. In this paper, a generalized stochastic Petri net with finite capacity and inhibitor arc is exploited to model the emergency control system for shipping. The obtained model is analyzed using the software of PIPE. The analyzed results on modeling time and resource performance show that the obtained model is able to describe well the real physics system and provide some suggestion on improving the performance of the emergency control system for shipping.

Jiajun Shen,Dongqin Feng

DOI: https://doi.org/10.1109/hpcc.2014.115

2014-01-01

Abstract:With the development of the industrial informatization, the problems of security in field device layer have been gradually exposed, which mainly involves specified industrial communication protocols. Clock synchronization protocol, as one of the most important industrial communication protocols, ensures the real-time performance of industrial control system. Considering that the related researches have not yet formed a mature system, we propose a new method for analyzing the vulnerability of clock synchronization protocol in this article. In this method, SPN(stochastic petri net) is introduced as a modeling tool, while IEEE 1588 PTP clock synchronization protocol is regarded as the research object. An SPN(stochastic petri net) model is strictly built according to the protocol. Then, steady-state probability expressions are obtained by the isomorphic Markov chain. Through changing trigger rate of transitions of several pivotal states which are related to vulnerability, the influences of each parameter has on the model could be quantitatively reflected in the result of simulation in order to analyze vulnerability of clock synchronization protocol by determining the critical factors that affect protocol's vulnerability.

LI Hongyu,JU Ping,YU Yiping,HUANG Xiaoming,LOU Boliang,HUANG Hongyang

DOI: https://doi.org/10.13334/j.0258-8013.pcsee.160261

2017-01-01

Abstract:With the growing penetration of renewable power generation and electric vehicles, stochastic excitation has increased gradually in power systems, exerting a noteworthy impact on the system frequency dynamic security. This paper put forward the intra-region probability (the probability of system frequency being within the security region) as a quantitative assessment index. A semi-analytical method as a fast solution to intra-region probability was proposed based on the Kolmogorov's backward equation. The effectiveness and rapidity of the proposed method were verified by comparison with the Monte Carlo method. From the perspective of stochastic differential equations, this paper revealed the impact mechanism of stochastic excitation on system frequency dynamic security, which may provide a novel analysis approach for the system frequency dynamic security under stochastic excitation.

Xiaohu Li,Timothy Paul Parker,Shouhuai Xu

DOI: https://doi.org/10.1109/tdsc.2008.75

2011-01-01

Abstract:Traditional security analyses are often geared toward cryptographic primitives or protocols. Although such analyses are necessary, they cannot address a defender's need for insight into which aspects of a networked system having a significant impact on its security, and how to tune its configurations or parameters so as to improve security. This question is known to be notoriously difficult to answer, and the state of the art is that we know little about it. Toward ultimately addressing this question, this paper presents a stochastic model for quantifying security of networked systems. The resulting model captures two aspects of a networked system:1) the strength of deployed security mechanisms such as intrusion detection systems and 2) the underlying vulnerability graph, which reflects how attacks may proceed. The resulting model brings the following insights: 1) How should a defender “tune” system configurations (e.g., network topology) so as to improve security? 2) How should a defender “tune” system parameters (e.g., by upgrading which security mechanisms) so as to improve security? 3) Under what conditions is the steady-state number of compromised entities of interest below a given threshold with a high probability? Simulation studies are conducted to confirm the analytic results, and to show the tightness of the bounds of certain important metric that cannot be resolved analytically.

Meng-zhou Gao,Dong-qin Feng

DOI: https://doi.org/10.1631/fitee.1700334

IF: 2.526

2018-01-01

Frontiers of Information Technology & Electronic Engineering

Abstract:Security issues in networked control systems (NCSs) have received increasing attention in recent years. However, security protection often requires extra energy consumption, computational overhead, and time delays, which could adversely affect the real-time and energy-limited system. In this paper, random cryptographic protection is implemented. It is less expensive with respect to computational overhead, time, and energy consumption, compared with persistent cryptographic protection. Under the consideration of weak attackers who have little system knowledge, ungenerous attacking capability and the desire for stealthiness and random zero-measurement attacks are introduced as the malicious modification of measurements into zero signals. NCS is modeled as a stochastic system with two correlated Bernoulli distributed stochastic variables for implementation of random cryptographic protection and occurrence of random zero-measurement attacks; the stochastic stability can be analyzed using a linear matrix inequality (LMI) approach. The proposed stochastic stability analysis can help determine the proper probability of running random cryptographic protection against random zero-measurement attacks with a certain probability. Finally, a simulation example is presented based on a vertical take-off and landing (VTOL) system. The results show the effectiveness, robustness, and application of the proposed method, and are helpful in choosing the proper protection mechanism taking into account the time delay and in determining the system sampling period to increase the resistance against such attacks.

XianJun Sun,Chuang Lin,Weidong Liu,Yanping Xiao

DOI: https://doi.org/10.1109/CHINACOM.2009.5339706

2009-01-01

Abstract:We present a quantitative method based on stochastic Petri net (SPN) to evaluate the survivability of distributed service. Three types of combination service models: one-to-one, one-to-N, and M-to-N are studied, which can reflect survivability of distributed service from a different perspective. Absorbing-state reliability, maintainability and steady-state availability are considered as measures of survivability, and calculated by reduced SPN models and underlying Markov chains (MC). In terms of this method, we make a survivability evaluation systematically by taking finance service network (FSN) as an example. Numerical results indicate that the approach of this paper is effective and efficient for evaluation the survivability of distributed service.

Xiao Ming Li,Ying Luo Wang,Lin Yan Sun,Ling Li

DOI: https://doi.org/10.1111/j.1468-0394.2006.00411.x

IF: 3.3

2006-01-01

Expert Systems

Abstract:Due to the rapid growth of the IT industry as well as the high failure rate of software development projects, it is highly desirable to develop a qualitative approach for dealing with uncertainties in the software development process. In order to manage risk and uncertainty, a software project uncertainty management approach based on a generalized stochastic Petri net is proposed. It consists of two main components: model building based on a Petri net and a Markov process algorithm. The technique is presented with an example. Finally, the proposed model is demonstrated with a real-world case.

Xin XU,Huiqun YU,Junhu HUANG

DOI: https://doi.org/10.3778/j.issn.1002-8331.1208-0523

2014-01-01

Abstract:Cyber-Physical System has been widely used in different areas and security has been the core problem of recent researches. The traditional security analysis measurements are inadequate in CPS because of the interaction of discrete cyber events and continuous physical world. In this paper, a quantitative security analysis model based on the combination of Petri net and game theory is proposed to reflect not only the hybrid of cyber and physical world but the behaviors of attackers and defenders. Based on this model, from the reliability, vulnerability and risk effect, the security of CPS is analysed. A case study of airplane collision avoidance system shows the model and analysis approach is feasible and effective.

Maochao Xu,Shouhuai Xu

DOI: https://doi.org/10.48550/arXiv.1603.08304

2016-03-28

Abstract:Quantitative security analysis of networked computer systems is one of the decades-long open problems in computer security. Recently, a promising approach was proposed in \cite{XuTDSC11}, which however made some strong assumptions including the exponential distribution of, and the independence between, the relevant random variables. In this paper, we substantially weaken these assumptions while offering, in addition to the same types of analytical results as in \cite{XuTDSC11}, methods for obtaining the desired security quantities in practice. Moreover, we investigate the problem from a higher-level abstraction, which also leads to both analytical results and practical methods for obtaining the desired security quantities. These would represent a significant step toward ultimately solving the problem of quantitative security analysis of networked computer systems.

Cryptography and Security

Yuanzhuo Wang,Chuang Lin,Peter D. Ungsunan,Xiaomeng Huang

DOI: https://doi.org/10.1007/s11227-009-0343-0

IF: 3.3

2009-01-01

The Journal of Supercomputing

Abstract:In this paper, we propose a service composition model method that supports quantitative computation based on Stochastic Petri Nets (SPN). It can capture the semantics of complex service combinations and their respective specifications. In this method, services are divided into interior services and exterior services. The exterior services will be published to the users, while the interior ones do not need to be published. Six equivalent simplified theorems which can be used to simplify the complex models of interior services to simple models of exterior services are presented. They enable the minimization of the state space of the model and make quantitative computation feasible. In addition, since Grid services are always affected by all kinds of churns in actual applications, we also research survivability and its main attributes for Grid service composition. The definition and computational methods based on the model are put forward. In the end, we use the method presented above to describe and analyze an example of travel Grid services successfully.

Rongfei Zeng,Yixin Jiang,Chuang Lin,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/wcsp.2011.6096966

IF: 5.3

2012-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:As an indispensable infrastructure for the future life, smart grid is being implemented to save energy, reduce costs and increase reliability. In smart grid, control center networks have attracted a great number of attentions, because their security and dependability issues are critical to the entire smart grid. Several studies have been conducted in the field of security, but few work focuses on the dependability analysis of control center networks. In this paper, we adopt a concise mathematic tool, stochastic Petri nets (SPNs), to analyze the dependability of control center networks in smart grid. With the proposed SPNs model, we can measure the dependability from two metrics, i.e., the reliability and availability, through analyzing the transient probability. We also study a specific case to demonstrate the feasibility and efficiency of the proposed model in the dependability analysis of control center networks in smart grid.

SUN Xian-jun,ZHU Liang,GAO Zhi-min,LIN Chuang,LIU Wei-dong

2008-01-01

Abstract:Our society is heavily dependent on a wide variety of distributed information system.The essential service of distributed information system must be available even when undesirable events such as attack,network failures,or natural disasters happen.In this paper we assess the survivability of distributed information with essential service exposed to failures.We have developed analytic models using stochastic Petri net.In order to avoid state space explosion while addressing large networks we reduce our models firstly,then give a composite model by combining performance and recovery models.The modeling approaches are applied to an information system example.Finally,the simulation by Matlab shows us the measures of survivability varying with repair rate and failure rate clearly.

Yinqian Zhang,Xun Fan,Zhi Xue,Hao Xu

DOI: https://doi.org/10.1109/icycs.2008.406

2008-01-01

Abstract:Multiple-prerequisite graph (MP graph) is a type of attack graph that has been developed to help defending large scale enterprise network. As a middle-level attack graph, it has its unique advantages. However, quantitative security evaluations based on MP graph has not been proposed yet. In this paper, we present two stochastic models for quantitative security evaluation using MP graphs. These models are constructed based on the use of Markov Decision Process to model the attackerpsilas behaviors. The network administrators can use these two models respectively to evaluate security metrics at network designing stage and network defending stage.

Xin YANG,Hui LI,Jiangxing WU,Peng YI

DOI: https://doi.org/10.1360/ssi-2019-0224

2020-01-01

Abstract:Cyber mimic defenses have recently emerged as a dynamic heterogeneity redundancy architecture, which adjust the asymmetry between defenders and attackers by reconfiguring the system according to the network scenario. Some studies have investigated the effectiveness of security models, however, there is still a lack of convincing and practical methods to assess CMD networks quantitatively. Thus, in this paper, we propose a two-dimension model that calculates those details as a digital result to compare different CMD networks. In addition, the proposed method demonstrates good scalability in different networks. Specifically, in the first dimension, i.e., attacking a single node, we elaborate on system configurations and employ the Generalized Stochastic Petri net model to capture the effectiveness of different behaviors from gamers. To quantify the impacts of those behaviors, we parameterized them using a Poisson process, common vulnerabilities and exposures, and the common vulnerability scoring system. In the second dimension, we adopt Markov chains and the Martingale theory to analyze the attack process along the attack chain. Finally, security metrics and countermeasures under different scenarios are presented to verify the effectiveness of CMD, which provides some guidance for designing future systems with acceptable cost.

Xiaohu Li,T. Paul Parker,Shouhuai Xu

DOI: https://doi.org/10.1109/aina.2007.138

2007-01-01

Abstract:Traditional security analyses are often geared towards cryptographic primitives or protocols. Although such analyses are absolutely necessary, they do not provide much insight for answering an equally important question: what is the security assurance of a physically or logically networked system when we consider it as a whole? This question is known to be notoriously difficult, and the state-of-the-art is that we know very little about it. In this paper, we make a step towards resolving it with a new modeling approach.

Zenan Wu,Liqin Tian,Yi Zhang,Yan Wang,Yuquan Du

DOI: https://doi.org/10.1155/2021/4005877

IF: 1.968

2021-11-13

Security and Communication Networks

Abstract:At present, most network security analysis theory assumes that the players are completely rational. However, this is not consistent with the actual situation. In this paper, based on the effectiveness constraints on both sides with network attack and defense, with the help of stochastic Petri net and evolutionary game theory, the Petri net model of network attack and defense stochastic evolutionary game is reconstructed, the specific definition of the model is given, and the modeling method is given through the network connection relationship and attack and defense strategy set. Using this model, a quantitative analysis of network attack events is carried out to solve a series of indicators related to system security, namely, attack success rate, average attack time, and average system repair time. Finally, the proposed model and analysis method are applied to a classic network attack and defense process for experimental analysis, and the results verify the rationality and accuracy of the model and analysis method.

computer science, information systems,telecommunications

Chuang Lin,Yuanzhuo Wang,Yang Wang,Haiyi Zhu

2008-01-01

Abstract:In this paper, we propose a novel modeling method, Stochastic Game Nets(SGN). SGN is an good method to model and deal with the game issues, which takes advantages of both stochastic game theory and Stochastic Petri Nets. The SGN could inherit the efficient and flexible modeling approach of Stochastic Petri Nets, and also make well use of the game-theoretical framework from game theory. Meanwhile, we apply the SGN method to model and analyze the network attacks, compute the Nash equilibrium and best-response strategies to defend the attacks. We believe that the SGN opens a new avenue to deal with the game issues in computer networks.

Raj Pokhrel Nawa,P. Tsokos Chris,Nawa Raj Pokhrel,Chris P. Tsokos

DOI: https://doi.org/10.4236/jis.2017.82007

2017-01-01

Journal of Information Security

Abstract:There are several security metrics developed to protect the computer networks. In general, common security metrics focus on qualitative and subjective aspects of networks lacking formal statistical models. In the present study, we propose a stochastic model to quantify the risk associated with the overall network using Markovian process in conjunction with Common Vulnerability Scoring System (CVSS) framework. The model we developed uses host access graph to represent the network environment. Utilizing the developed model, one can filter the large amount of information available by making a priority list of vulnerable nodes existing in the network. Once a priority list is prepared, network administrators can make software patch decisions. Gaining in depth understanding of the risk and priority level of each host helps individuals to implement decisions like deployment of security products and to design network topologies.

蒋乐天,徐国治,应忍冬,张昊

DOI: https://doi.org/10.3969/j.issn.1004-731x.2002.06.031

2002-01-01

Abstract:Since presented in 1962, Petri Net is generally focused by academy and industry. In this paper, the application of stochastic Petri net on system availability analysis is mainly discussed. With the beginning of the basic concepts and models of Petri net, stochastic Petri net (SPN), general stochastic Petri net (GSPN) and stochastic reward model (SRN) are illustrated. The application of stochastic Petri net on system availability analysis and analysis of stochastic Petri net model is discussed with the example of standby systems. In the end, the advantages of using stochasticPetri net to model a practical system are discussed comparing to other modeling methods.