WUChunming

DOI: https://doi.org/10.3969/j.issn.1009-6868.2016.01.009

2016-01-01

Abstract:Dynamic network proactive security defence is an effective method for solving the unknown vulnerabilities and back door attacks in the information system. In this paper, the evolution defense mechanism (EDM) is proposed. According to the security status, network system security needs, EDM can select the best network configuration change elements to deal with potential attacks and ensure the safety requirements of a specific level. Dynamic reconfiguration and changes of the network need to be considered in accordance with the security situation of the system and the possible network attacks. The key is how to detect and the security situation and network attacks. It proposes that study on dynamic network proactive security defense in China is in the initial stage, and there is stil much work to do.

Xiaochun Xiao,Huan Wang,Gendu Zhang

DOI: https://doi.org/10.1109/fcst.2008.26

2008-01-01

Abstract:The risk assessment for network information system has experienced a stage from rule-based questionnaire investigation to model-based assessment. Many graph-based models have been proposed and applied to risk assessment. Attack Graph is widely used one. But attack graphs grow exponentially with the size of the network. In this paper, we propose a comprehensive framework for network vulnerabilities modeling and risk assessment by policy rules violations based on the access graph. As a complement to the attack graph approach, the access graph grows polynomially with the number of hosts and so has the benefit of scaling better to more practical, realistic size networks. This paper presents a novel risk assessment model for network information system based access graph. Compared with related works, our approach improves the performance and reduces the computational cost.

Wencong Cheng,Xishan Xu,Yan Jia,Peng Zou

DOI: https://doi.org/10.1109/waim.2008.65

2008-01-01

Abstract:This paper considers the problem of the dynamic risk assessment for the network based on the threat stream analysis. We analyze the general approach to do the network dynamic risk assessment. A stream based cube model is built to analyze the characteristics of the threat stream. Then combining with the research about the description and analysis of the threat effect, we propose the architecture of the network dynamic risk assessment.

Zheng Tang,Xiao-Guang Gao,Ying Zhang

DOI: https://doi.org/10.1109/ICAL.2007.4338726

2007-01-01

Abstract:Evaluating radiant threat rank is an important part of situation assessment and attack decision. All factors which would affect the assessment are analyzed. The advantages of experts system based on dynamic Bayesian network are given. After that, the theoretical model and its algorithm based on dynamic Bayesian network are presented and discussed. Finally, the model is established and simulated according to the algorithm. The simulation results are discussed and the model shows that it is effective and it can reflect the real threat rank.

LIU Jie-ling,LING Xiao-bo,ZHANG Lei,WANG Bo,WANG Zhi-liang,LI Zi-mu,ZHANG Hui,YANG Jia-hai,WU Cheng-nan

DOI: https://doi.org/10.11896/jsjkx.210600171

2022-01-01

Computer Science

Abstract:Power system network is one of the important targets of cyber attack.In order to ensure the safe operation of power system,network managers need to evaluate the network security risk.Usually,existing network security risk assessment framework only aims at a single scenario,and can not find the strategic attackers who use a variety of low-risk methods to achieve high-risk threat targets from large quantities of network security alerts.In order to meet the above challenges,this paper proposes a network security risk assessment method based on tactical correlation.In this method,the warning information generated on va-rious network security detection devices when an attacker implements a multi-step attack is associated to form an attack chain,and the security risk of the organization intranet is evaluated by calculating the threat,vulnerability,impact score of each node in the attack chain and the risk score of the whole attack chain.In order to verify the effectiveness and robustness of the proposed method,this paper selects a representative example to illustrate the specific implementation process of the proposed method for network security risk assessment in the organizational intranet.The example shows that the network security risk assessment framework based on the tactical association can correctly assess the harm of multi-step attack caused by low-risk alarm association to achieve high-risk targets,and is more robust than the traditional single scenario analysis method,which can better provide decision-making basis for organization decision-makers in network security risk management.

FU Xiao-wei,LI Jin-liang,GAO Xiao-guang

DOI: https://doi.org/10.3969/j.issn.1000-1093.2013.07.017

2013-01-01

Abstract:The effect of connectivity between air defense units on the kill probability of penetration target is researched from the aspects of communication command and control structure and firepower collaboration.An air defense unit is used as a threat unit to create a threat netting model.A interconnectivity model for the threat units,the reliability of information routing in the network and the connectivity between the threat units.An information fusion model is established for target designation probability and radar detection probability.Based on the joint detection probability of multiple threat units which infers from the principle of radar networking using the networking fire control technology for multiple intercepting and coordinate attack on the penetration target,an final threat netting model is established.Finally,the simulating result in the C+ +6.0 environment proves the validity of the threat netting model.

Xiaochun Xiao,Tiange Zhang,Gendu Zhang

DOI: https://doi.org/10.1109/sectech.2008.18

2008-01-01

Abstract:Currently, the risk analysis for network Information system has experienced a stage from rule-based questionnaire investigation to model-based assessment. Many graph-based models have been proposed and applied to risk analysis. Attack Graph is widely used one. But attack graphs grow exponentially with the size of the network. In this paper, we propose a comprehensive framework for network vulnerabilities modeling and risk analysis based on the access graph. As a complement to the attack graph approach, the access graph is host-centric approach, which grows polynomially with the number of hosts and so has the benefit of being computationally feasible on large networks. Compared with related works, our approach improves in both performance and computational cost.

Ming-rui Xiao,Yun-wei Dong,Qian-wen Gou,Feng Xue,Yong-hua Chen

DOI: https://doi.org/10.1631/FITEE.2000428

IF: 2.526

2020-01-01

Frontiers of Information Technology & Electronic Engineering

Abstract:Cyber-physical systems (CPSs) are becoming increasingly important in safety-critical systems. Particular risk analysis (PRA) is an essential step in the safety assessment process to guarantee the quality of a system in the early phase of system development. Human factors like the physical environment are the most important part of particular risk assessment. Therefore, it is necessary to analyze the safety of the system considering human factor and physical factor. In this paper, we propose a new particular risk model (PRM) to improve the modeling ability of the Architecture Analysis and Design Language (AADL). An architecture-based PRA method is presented to support safety assessment for the AADL model of a cyber-physical system. To simulate the PRM with the proposed PRA method, model transformation from PRM to a deterministic and stochastic Petri net model is implemented. Finally, a case study on the power grid system of CPS is modeled and analyzed using the proposed method.

LIANG Li,YANG Jun-gang,ZHU Guang-liang,ZHANG Qian

DOI: https://doi.org/10.4156/jcit.vol8.issue2.41

2013-01-01

Abstract:To exactly assess the security risk of a network and enhance the performance,a hierarchical risk assessment method for network security based on real-time warning is presented.Firstly,a hierarchical risk assessment model for computer networks is developed.This model can provide three hierarchies: services,hosts and local networks.IDS(intrusion detection system) is as a data source.Then,the risk indexes of at service level,host level and local network level is calculated by weighting based on the value of threat object,attack frequency and vulnerability severity.Finally,the accuracy and validity of the proposed method are demonstrated by the experiments.

Zhang Yan,Huang Shuguang,Wang Yongyi

DOI: https://doi.org/10.3969/j.issn.1000-386X.2011.11.075

2011-01-01

Abstract:In order to automatically assess the present network security situation,the authors propose a hierarchical network security risk assessment methodology.Its principles are as follows:first,DS theory is laid as the foundation for correlatively fusing alert data;then,based on weight value analytical methodology and hierarchical analysis technique,from bottom to top and from local to global,it calculates the security situation value for every hierarchical layer.Experiments based on real network environment illustrate that the assessment results are more accurate;furthermore,the hierarchical methodology based security situation presentation methodology is more straightforward and understandable. Compared with existing methods,the proposed method not only intensifies the evidence about alert data but also overcomes the weakness of present hierarchical assessment systems at fuzzy treating.

LI Peikai,LIU Yun,XIN Huanhai,QI Donglian

DOI: https://doi.org/10.7500/AEPS20170705002

2018-01-01

Abstract:Distributed cooperative control mode is an effective approach to overcome the problem of integrating multiple and strongly random distributed generators (DGs) into cyber physical system in distribution network.However,due to the integration between cyber and physical layers,cyber attacks could threat the safe and stable operation of power system through invading the cyber system.A dynamic attack-defense game model based vulnerability assessment of cyber-physical system (CPS)in distribution network is proposed.Firstly,a cooperative control strategy of DGs is described,and its convergence property is analyzed and summarized.Then,a risk assessment of CPS in distribution network is developed,which integrates the risk assessment method,the cooperative control strategy of DGs and strategies of attacker and defender.After that,the dynamic attack-defense game function and its solving steps are designed,which achieves the vulnerability assessment of CPS in distribution network with distributed cooperative control mode.Finally,the effectiveness of the proposed method is verified through simulations involving the IEEE 34-bus distribution network.

Kunfu Wang,Wei Feng,Xing Li

DOI: https://doi.org/10.12783/dtcse/ccnt2020/35444

2021-01-01

DEStech Transactions on Computer Science and Engineering

Abstract:In order to assist network administrators to assess network security risks, a new Bayesian model of network risk assessment method is proposed. Firstly, the model designs the quantitative method of attack revenue and attack cost index, introduces the atomic attack efficiency variable, and integrates the variable into the calculation of probability, obtains the prior risk probability of each node in the network, so as to carry out the static evaluation of network risk. Secondly, DNO_Alg of deleting node order is proposed to determine the order of eliminating elements, so that Bayesian model can be transformed into cluster tree. Finally, combined with the detected attacks, the cluster tree propagation algorithm is used to dynamically calculate the posterior risk probability of nodes, so as to evaluate the network risk in real time.

Jian Jiao,Wenhao Li,Dongchao Guo

DOI: https://doi.org/10.3390/electronics13173350

IF: 2.9

2024-08-25

Electronics

Abstract:Network risk assessment should include the impact of the relationship between vulnerabilities, in order to conduct a more in-depth and comprehensive assessment of vulnerabilities and network-related risks. However, the impact of extracting the relationship between vulnerabilities mainly relies on manual processes, which are subjective and inefficient. To address these issues, this paper proposes a dual-layer knowledge representation model that combines various attributes and structural information of entities. This article first constructs a vulnerability knowledge graph and proposes a two-layer knowledge representation learning model based on it. Secondly, in order to more accurately assess the actual risk of vulnerabilities in specific networks, this paper proposes a vulnerability risk calculation model based on impact relationships, which realizes the risk assessment and ranking of vulnerabilities in specific network scenarios. Finally, based on the research on automatic prediction of the impact relationship between vulnerabilities, this paper proposes a new Bayesian attack graph network risk assessment model for inferring the possibility of device intrusion in the network. The experimental results show that the model proposed in this study outperforms traditional evaluation methods in relationship prediction tasks, demonstrating its efficiency and accuracy in complex network environments. This model achieves efficient resource utilization by simplifying training parameters and reducing the demand for computing resources. In addition, this method can quantitatively evaluate the success probability of attacking specific devices in the network topology, providing risk assessment and defense strategy support for network security managers.

engineering, electrical & electronic,computer science, information systems,physics, applied

ZHOU Yuyang,CHENG Guang,GUO Chunsheng

DOI: https://doi.org/10.11959/j.issn.2096-109x.2018053

2018-01-01

Abstract:Aiming at the lack of objective risk assessment for the network attack surface on moving target defense,in order to realize the security risk assessment for the network system,and calculate the potential attack paths,a risk assessment method for network attack surface based on Bayesian attack graph was proposed.The network system resources,vulnerability and dependencies between them were used to establish Bayesian attack graph.Considering dependencies between nodes,the correlation between the resource and the influence of attacks on the attack path,the probability of each state that attackers can reach and the maximum probability attack path can be inferred.The experimental results prove the feasibility and effectiveness of the proposed network attack surface risk assessment method,which can provide a good support for the selection of dynamic defensive measures of attack surface.

Sheng Qian,Shibin Bai,Qi Wang

DOI: https://doi.org/10.1109/ispec53008.2021.9736063

2021-01-01

Abstract:With the construction of the security and stability control system(SSCS) in the cross-regional AC and DC power system, the SSCS presents a larger, wider and more complicated trend. Due to the large number of control nodes and long control chain, if the security and stability services encounters cyber attacks, it will cause serious harm to the operation of the power network. Firstly, the hierarchical structure of security device ontology is analyzed. Secondly, the risk points of cyber attack between security device ontology and security device station are analyzed from the Angle of attack channel, attack object and attack consequence. Then, the probability model of FDIA attack success is established by using fuzzy analytic hierarchy process and Petri net. Finally, a standard system example is given to verify the effectiveness of the risk assessment model.

Shancang Li,Shanshan Zhao,Yong Yuan,Qindong Sun,Kewang Zhang

DOI: https://doi.org/10.1109/tcss.2018.2858440

2018-01-01

IEEE Transactions on Computational Social Systems

Abstract:Cyber-physical social system (CPSS) plays an important role in both the modern lifestyle and business models, which significantly changes the way we interact with the physical world. The increasing influence of cyber systems and social networks is also a high risk for security threats. The objective of this paper is to investigate associated risks in CPSS, and a hybrid Bayesian risk graph (HBRG) model is proposed to analyze the temporal attack activity patterns in dynamic cyber-physical social networks. In the proposed approach, a hidden Markov model is introduced to model the dynamic influence of activities, which then be mapped into a Bayesian risks graph (BRG) model that can evaluate the risk propagation in a layered risk architecture. Our numerical studies demonstrate that the framework can model and evaluate risks of user activity patterns that expose to CPSSs.

Chun Shan,Jie Gao,Changzhen Hu,Fang Guan,Xiaolin Zhao

DOI: https://doi.org/10.1007/978-981-13-5913-2_5

2019-01-01

Abstract:In order to enhance the security of network operations, establish effective security measures, prevent the destruction of security incidents, and reduce or eliminate the losses caused by threats through network risk assessment is of important practical significance. However, most risk assessment methods focus on the research of threats and vulnerabilities. There are relatively few researches on risk based on network assets and there is a lack of accuracy in risk assessment. Therefore, this paper proposes a network risk assessment method based on asset association graphs. The method first describes the network from the perspective of asset interconnection and builds an asset association graph; secondly, it builds a threat scenario based on the asset association graph, identifies a threat event, and uses the probability of a threat event and the loss caused by the asset to obtain a quantitative description of the risk assessment; Different network risk levels and make decisions. Experiments show that the method of network risk assessment based on asset association proposed in this paper can realize the risk assessment of all assets, hosts and entire network system in the network, and provide effective guidance for network security protection.

Shuheng Wei,Zaijun Wu,Junjun Xu,Yanzhe Cheng,Qinran Hu

DOI: https://doi.org/10.35833/mpce.2024.000288

IF: 4.469

2024-01-01

Journal of Modern Power Systems and Clean Energy

Abstract:With the proliferation of advanced communication technologies and the deepening interdependence between cyber and physical components, power distribution networks are subject to miscellaneous security risks induced by malicious attackers. To address the issue, this paper proposes a security risk assessment method and a risk-oriented defense resource allocation strategy for cyber-physical distribution networks (CPDNs) against coordinated cyber attacks. First, an attack graph-based CPDN architecture is constructed, and representative cyber-attack paths are drawn considering the CPDN topology and the risk propagation process. The probability of a successful coordinated cyber attack and incurred security risks are quantitatively assessed based on the absorbing Markov chain model and National Institute of Standards and Technology (NIST) standard. Next, a risk-oriented defense resource allocation strategy is proposed for CPDNs in different attack scenarios. The tradeoff between security risk and limited resource budget is formulated as a multi-objective optimization (MOO) problem, which is solved by an efficient Pareto optimal solution generation approach. By employing a generational distance metric, the optimal solution is prioritized from the optimal Pareto set of the MOO and leveraged for subsequent atomic allocation of defense resources. Several case studies on a modified IEEE test feeder substantiate the efficacy of the proposed security risk assessment method and risk-oriented defense resource allocation strategy.

LI Jia-rui,LING Xiao-bo,LI Chen-xi,LI Zi-mu,YANG Jia-hai,ZHANG Lei,WU Cheng-nan

DOI: https://doi.org/10.11896/jsjkx.210800107

2022-01-01

Computer Science

Abstract:In order to overcome the difficulties that current attack graph model cannot reflect real-time network attack events,a method is proposed including a forward risk probability update algorithm and a forward-backward combined risk probability update algorithm,which meets the needs of real-time analyzing network security.It first performs specific quantitative analysis on the uncertainty of each node in the graph,and uses Bayesian networks to calculate their static probabilities.After that,it updates the dynamic probability of each node along the forward and backward paths according to the real-time network security events,instantly reflecting the changes of external conditions and assessing real-time risk levels across the network.Experimental results show that the method can calibrate and adjust the risk probability of each node according to the actual situation,which helps the network operator correctly understand the dangerous levels of the network and make better decision for defense and prevention of the next attack.

Lina Zhu,Guoen Xia,Zuochang Zhang,Jianhua Li,Renjie Zhou

DOI: https://doi.org/10.14257/ijsia.2016.10.11.14

2016-01-01

International Journal of Security and Its Applications

Abstract:Network security situation awareness is vital important for network security supervision. In order to obtain the network security situation effectively, a multidimensional assessment method is proposed in this paper. The method is composed of three dimensions at different levels, namely vulnerability, threat and basic operation, with quantitative calculation method for each index. In the service layer, CVSS standard is adopted to assess the vulnerability situation, and simplified DREAD model is chosen for the threat situation. In the node layer, the vulnerability situation in the service layer is added with a weight, the threat situation in the service layer is accumulated according to attack paths based on Markov model, and the basic operation situation is evaluated by DS evidence fusion of several host and network performance index. In the network layer, each situation equals to weighted summation of corresponding situation in the node layer. Experimental results show the ease of use of this method, and multi-dimensional situation depicts the overall safety evolution process of network system accurately and intuitively.