Generation of cyber-security reinforcement strategies for smart grid based on the attribute-based attack graph

• Autorzy: Zhang B. , Li Q. , Zhang Y. , Liu X. , Ni Z.
• Języki publikacji: EN

Abstrakty

EN

A smart grid is a kind of energy cyber-physical system (ECPS) with the interdependency of information and physicality. A cyber-attack gravely threatens the safe and stable operation of a physical power grid. Cyber-security reinforcement of smart grid has become a research issue. However, the information network scale of a smart grid is massive, and the generation of security reinforcement strategies has become a problem. Therefore, a generation method of security reinforcement strategies based on an attribute-based attack graph was proposed in this study. The method defined a smart grid based on premise and consequence attributes to form an attribute-based attack graph. With this graph, the method for the generation of security reinforcement strategies was transferred to the minimum dominating set of the attribute-based attack graph and solved to realize space reduction in the security reinforcement strategies. An algorithm for the generation of security reinforcement strategies was designed based on the greedy algorithm, and strategies for large-scale cyber security reinforcement of the smart grid were determined to eliminate the complexity and difficulty of this problem effectively. Through a simulation analysis of a large-scale node network, the efficiency of the generation method of reinforcement strategies based on the attribute based attack graph and minimum dominating set was verified. Results show that the proposed method can be used for security reinforcement of large-scale complicated networks of a smart grid.

Słowa kluczowe

EN

attribute-based attack graph; reinforcement strategies; cyber security; dominating set; smart grid

PL

strategia wzmacniająca; cyberbezpieczeństwo; bezpieczeństwo cybernetyczne; zbiór dominujący; sieć inteligentna

• Wydawca: Institute of Heat Engineering, Warsaw University of Technology
• Czasopismo: Journal of Power Technologies
• Rocznik: 2016
• Tom: Vol. 96, nr 3
• Strony: 170--177
• Opis fizyczny: Bibliogr. 15 poz., rys., tab.

Twórcy

autor

Zhang B.

• School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China
• Global energy interconnection research institute, Nanjing 210003, China

autor

Li Q.

• School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China

autor

Zhang Y.

• School of Resources & Safety Engineering, China University of Mining & Technology, Beijing, 100083, China

autor

Liu X.

• Illinois Institute of Technology, 10 w 35th st, Chicago, IL, USA

autor

Ni Z.

• School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China

Bibliografia

• [1] Chen F., Liu D., Zhang Y., and Su J. A scalable approach to analyzing network security using compact attack graphs. Journal of Networks, 5 (5):543–550, 2010.
• [2] Spanos G. and Angelis L. Impact metrics of security vulnerabilities: Analysis and weighing. Information Security Journal: A Global Perspective, pages 1–15, 2015.
• [3] Wang L., Yao C., Singhal A., and Jajodia S. Implementing interactive analysis of attack graphs using relational database. Journal of Computer Security, 16(4):419–437, 2008.
• [4] Xu L., Li Y.P., Li Q.M., Yang Y.W., Tang Z.M., and Zhang X.F. Proportional fair resource allocation based on hybrid ant colony optimization for slow adaptive ofdma system. Information Science, 293:1–10, 2015.
• [5] Alhomidi M. and Reed M. Risk assessment and analysis through population–based attack graph modelling. World Congress in Internet Security (WorldCIS), pages 19–24, 2013.
• [6] Idika N. and Bhargava B. Extending attack graph-based security metrics and aggregating their application. IEEE Transactions on Dependable & Secure Computing, 9(1):75–85, 2012.
• [7] Poolsappasit N., Dewri R., and Ray I. Dynamic security risk management using bayesian attack graphs. IEEE Transactions on Dependable and Secure Computing, 9(1):61–74, 2012.
• [8] Li Q. Multiple qos constraints finding paths algorithm in tmn. Information, 14(3):731–737, 2011.
• [9] Li Q.M. and Zhang. H. Information security risk assessment technology of cyberspace: a review. International Journal on Information, 15 (11):4677–4683, 2012.
• [10] Xia R., Xu F., Zong C.Q., Li Q., Qi Y., and Li T. Dual sentiment analysis: Considering two sides of one review. IEEE Transactions on Knowledge and Data Engineering, 27(8):2120–2133, 2015.
• [11] Noel S. and Jajodia S. Metrics suite for network attack graph analytics. Proceedings of the 9th Annual Cyber and Information Security Research Conference ACM, pages 5–8, 2014.
• [12] Roschke S., Cheng F., and Meinel C. High-quality attack graph-based ids correlation. Logic Journal of IGPL, 21(4):571–591, 2013.
• [13] Saurabh S. and Sairam A.S. A more accurate completion condition for attack-graph reconstruction in probabilistic packet marketing algorithm. National Conference on Communications (NCC) IEEE, pages 1–5, 2013.
• [14] Chen X.J., Fang B.X., and Zhang H.L. Inferring attack intent of malicious insider based on probabilistic attack graph model. Chinese Journal of Computers, 37(1):62–72, 2014.
• [15] Yun Y., Xishan X., Yan J., and Chang Q. Z. An attack graph-based probabilistic computing approach of network security. Chinese Journal of Computers, 33(10):1987–1996, 2010.

Uwagi

PL

Opracowanie ze środków MNiSW w ramach umowy 812/P-DUN/2016 na działalność upowszechniającą naukę.