Högskolan i Skövde

his.sePublications
Change search
Link to record
Permanent link

Direct link
Publications (10 of 17) Show all publications
Jiang, Y., Jeusfeld, M. A., Ding, J. & Sandahl, E. (2023). Model-Based Cybersecurity Analysis: Extending Enterprise Modeling to Critical Infrastructure Cybersecurity. Business & Information Systems Engineering, 65(6), 643-676
Open this publication in new window or tab >>Model-Based Cybersecurity Analysis: Extending Enterprise Modeling to Critical Infrastructure Cybersecurity
2023 (English)In: Business & Information Systems Engineering, ISSN 2363-7005, E-ISSN 1867-0202, Vol. 65, no 6, p. 643-676Article in journal (Refereed) Published
Abstract [en]

Critical infrastructure (CIs) such as power grids link a plethora of physical components from many different vendors to the software systems that control them. These systems are constantly threatened by sophisticated cyber attacks. The need to improve the cybersecurity of such CIs, through holistic system modeling and vulnerability analysis, cannot be overstated. This is challenging since a CI incorporates complex data from multiple interconnected physical and computation systems. Meanwhile, exploiting vulnerabilities in different information technology (IT) and operational technology (OT) systems leads to various cascading effects due to interconnections between systems. The paper investigates the use of a comprehensive taxonomy to model such interconnections and the implied dependencies within complex CIs, bridging the knowledge gap between IT security and OT security. The complexity of CI dependence analysis is harnessed by partitioning complicated dependencies into cyber and cyber-physical functional dependencies. These defined functional dependencies further support cascade modeling for vulnerability severity assessment and identification of critical components in a complex system. On top of the proposed taxonomy, the paper further suggests power-grid reference models that enhance the reproducibility and applicability of the proposed method. The methodology followed was design science research (DSR) to support the designing and validation of the proposed artifacts. More specifically, the structural, functional adequacy, compatibility, and coverage characteristics of the proposed artifacts are evaluated through a three-fold validation (two case studies and expert interviews). The first study uses two instantiated power-grid models extracted from existing architectures and frameworks like the IEC 62351 series. The second study involves a real-world municipal power grid.

Place, publisher, year, edition, pages
Springer Nature Switzerland AG, 2023
Keywords
critical infrastructure, domain-specific language, cybersecurity, power grids
National Category
Information Systems
Research subject
Distributed Real-Time Systems; Information Systems
Identifiers
urn:nbn:se:his:diva-22495 (URN)10.1007/s12599-023-00811-0 (DOI)000982391100001 ()2-s2.0-85158156411 (Scopus ID)
Funder
University of Skövde
Note

CC BY 4.0

© 2023 Springer Nature Switzerland AG. Part of Springer Nature.

Paper is partly based on the results of the EU ISF project ELVIRA, his.se/elvira

We thank the colleagues from the ELVIRA project for their contributions to earlier versions of the taxonomy. We are in particular grateful to Yacine Atif for his support and encouragement. Many thanks also to the interview partners for helping to validate the usefulness of our approach. Finally, we thank the anonymous reviewers for their diligent and constructive evaluations

Open access funding provided by University of Skövde.

Available from: 2023-05-07 Created: 2023-05-07 Last updated: 2023-12-13Bibliographically approved
Jiang, Y. & Atif, Y. (2022). Towards automatic discovery and assessment of vulnerability severity in cyber-physical systems. Array, 15, Article ID 100209.
Open this publication in new window or tab >>Towards automatic discovery and assessment of vulnerability severity in cyber-physical systems
2022 (English)In: Array, ISSN 2590-0056, Vol. 15, article id 100209Article in journal (Refereed) Published
Abstract [en]

Despite their wide proliferation, complex cyber–physical systems (CPSs) are subject to cybersecurity vulnerabilities and potential attacks. Vulnerability assessment for such complex systems are challenging, partly due to the discrepancy among mechanisms used to evaluate their cyber-security weakness levels. Several sources do report these weaknesses like the National Vulnerability Database (NVD), as well as manufacturer websites besides other security scanning advisories such as Cyber Emergency Response Team (CERT) and Shodan databases. However, these multiple sources are found to face inconsistency issues, especially in terms of vulnerability severity scores. We advocate an artificial intelligence based approach to streamline the computation of vulnerability severity magnitudes. This approach decreases the error rate induced by manual calculation processes, that are traditionally used in cybersecurity analysis. Popular repositories such as NVD and SecurityFocus are employed to validate the proposed approach, assisted with a query method to retrieve vulnerability instances. In doing so, we report discovered correlations among reported vulnerability scores to infer consistent magnitude values of vulnerability instances. The method is applied to a case study featuring a CPS application to illustrate the automation of the proposed vulnerability scoring mechanism, used to mitigate cybersecurity weaknesses.

Place, publisher, year, edition, pages
Elsevier, 2022
Keywords
Cybersecurity, Text-mining, Cyber-physical system, Vulnerability analysis, CVSS
National Category
Computer Engineering
Research subject
Distributed Real-Time Systems
Identifiers
urn:nbn:se:his:diva-21409 (URN)10.1016/j.array.2022.100209 (DOI)2-s2.0-85133584882 (Scopus ID)
Note

CC BY 4.0

This research has been supported in part by EU ISF (Internal Security Fund) in the context of Project Grant #A431.678/2016.

Available from: 2022-06-27 Created: 2022-06-27 Last updated: 2022-07-21Bibliographically approved
Jiang, Y. (2022). Vulnerability Analysis for Critical Infrastructures. (Doctoral dissertation). Skövde: University of Skövde
Open this publication in new window or tab >>Vulnerability Analysis for Critical Infrastructures
2022 (English)Doctoral thesis, monograph (Other academic)
Abstract [en]

The rapid advances in information and communication technology enable a shift from diverse systems empowered mainly by either hardware or software to cyber-physical systems (CPSs) that are driving Critical infrastructures (CIs), such as energy and manufacturing systems. However, alongside the expected enhancements in efficiency and reliability, the induced connectivity exposes these CIs to cyberattacks exemplified by Stuxnet and WannaCry ransomware cyber incidents. Therefore, the need to improve cybersecurity expectations of CIs through vulnerability assessments cannot be overstated. Yet, CI cybersecurity has intrinsic challenges due to the convergence of information technology (IT) and operational technology (OT) as well as the crosslayer dependencies that are inherent to CPS based CIs. Different IT and OT security terminologies also lead to ambiguities induced by knowledge gaps in CI cybersecurity. Moreover, current vulnerability-assessment processes in CIs are mostly subjective and human-centered. The imprecise nature of manual vulnerability assessment operations and the massive volume of data cause an unbearable burden for security analysts. Latest advances in machine-learning (ML) based cybersecurity solutions promise to shift such burden onto digital alternatives. Nevertheless, the heterogeneity, diversity and information gaps in existing vulnerability data repositories hamper accurate assessments anticipated by these ML-based approaches. Therefore, a comprehensive approach is envisioned in this thesis to unleash the power of ML advances while still involving human operators in assessing cybersecurity vulnerabilities within deployed CI networks.Specifically, this thesis proposes data-driven cybersecurity indicators to bridge vulnerability management gaps induced by ad-hoc and subjective auditing processes as well as to increase the level of automation in vulnerability analysis. The proposed methodology follows design science research principles to support the development and validation of scientifically-sound artifacts. More specifically, the proposed data-driven cybersecurity architecture orchestrates a range of modules that include: (i) a vulnerability data model that captures a variety of publicly accessible cybersecurity-related data sources; (ii) an ensemble-based ML pipeline method that self-adjusts to the best learning models for given cybersecurity tasks; and (iii) a knowledge taxonomy and its instantiated power grid and manufacturing models that capture CI common semantics of cyberphysical functional dependencies across CI networks in critical societal domains. This research contributes data-driven vulnerability analysis approaches that bridge the knowledge gaps among different security functions, such as vulnerability management through related reports analysis. This thesis also correlates vulnerability analysis findings to coordinate mitigation responses in complex CIs. More specifically, the vulnerability data model expands the vulnerability knowledge scope and curates meaningful contexts for vulnerability analysis processes. The proposed ML methods fill information gaps in vulnerability repositories using curated data while further streamlining vulnerability assessment processes. Moreover, the CI security taxonomy provides disciplined and coherent support to specify and group semanticallyrelated components and coordination mechanisms in order to harness the notorious complexity of CI networks such as those prevalent in power grids and manufacturing infrastructures. These approaches learn through interactive processes to proactively detect and analyze vulnerabilities while facilitating actionable insights for security actors to make informed decisions.

Place, publisher, year, edition, pages
Skövde: University of Skövde, 2022. p. xxv, 278
Series
Dissertation Series ; 46
Keywords
critical infrastructure cybersecurity, vulnerability assessment, vulnerability quantification, computational intelligence in cybersecurity, cyber-physical system
National Category
Computer Systems Embedded Systems Communication Systems Other Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
INF303 Information Security; INF301 Data Science; Distributed Real-Time Systems
Identifiers
urn:nbn:se:his:diva-21546 (URN)978-91-987906-0-3 (ISBN)
Public defence
2022-09-05, Portalen, Insikten, Kanikegränd 3A, Skövde, 13:00
Opponent
Supervisors
Available from: 2022-07-14 Created: 2022-07-04 Last updated: 2022-09-05Bibliographically approved
Jiang, Y. & Atif, Y. (2021). A selective ensemble model for cognitive cybersecurity analysis. Journal of Network and Computer Applications, 193, Article ID 103210.
Open this publication in new window or tab >>A selective ensemble model for cognitive cybersecurity analysis
2021 (English)In: Journal of Network and Computer Applications, ISSN 1084-8045, E-ISSN 1095-8592, Vol. 193, article id 103210Article in journal (Refereed) Published
Abstract [en]

Dynamic data-driven vulnerability assessments face massive heterogeneous data contained in, and produced by SOCs (Security Operations Centres). Manual vulnerability assessment practices result in inaccurate data and induce complex analytical reasoning. Contemporary security repositories’ diversity, incompleteness and redundancy contribute to such security concerns. These issues are typical characteristics of public and manufacturer vulnerability reports, which exacerbate direct analysis to root out security deficiencies. Recent advances in machine learning techniques promise novel approaches to overcome these notorious diversity and incompleteness issues across massively increasing vulnerability reports corpora. Yet, these techniques themselves exhibit varying degrees of performance as a result of their diverse methods. We propose a cognitive cybersecurity approach that empowers human cognitive capital along two dimensions. We first resolve conflicting vulnerability reports and preprocess embedded security indicators into reliable data sets. Then, we use these data sets as a base for our proposed ensemble meta-classifier methods that fuse machine learning techniques to improve the predictive accuracy over individual machine learning algorithms. The application and implication of this methodology in the context of vulnerability analysis of computer systems are yet to unfold the full extent of its potential. The proposed cognitive security methodology in this paper is shown to improve performances when addressing the above-mentioned incompleteness and diversity issues across cybersecurity alert repositories. The experimental analysis conducted on actual cybersecurity data sources reveals interesting tradeoffs of our proposed selective ensemble methodology, to infer patterns of computer system vulnerabilities.

Place, publisher, year, edition, pages
Elsevier, 2021
Keywords
Information security, Vulnerability analysis, Data correlation, Machine learning, Ensemble, Data mining, Database management
National Category
Other Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Distributed Real-Time Systems
Identifiers
urn:nbn:se:his:diva-20524 (URN)10.1016/j.jnca.2021.103210 (DOI)000709557700008 ()2-s2.0-85114497022 (Scopus ID)
Note

CC BY 4.0

Available online 4 September 2021, 103210

This research has been supported in part by EU ISF (Internal Security Fund) in the context of Project Grant # A431.678/2016.

Available from: 2021-09-06 Created: 2021-09-06 Last updated: 2021-11-11Bibliographically approved
Jiang, Y., Jeusfeld, M. A. & Ding, J. (2021). Evaluating the Data Inconsistency of Open-Source Vulnerability Repositories. In: ARES 2021: The 16th International Conference on Availability, Reliability and Security. Paper presented at 4th International Workshop on Cyber Threat Intelligence Management (CyberTIM 2021), August 17 – August 20, 2021, held in conjunction with ARES 2021: The 16th International Conference on Availability, Reliability and Security, Vienna, Austria, August 17 - 20, 2021 (pp. 1-10). Association for Computing Machinery (ACM), Article ID 86.
Open this publication in new window or tab >>Evaluating the Data Inconsistency of Open-Source Vulnerability Repositories
2021 (English)In: ARES 2021: The 16th International Conference on Availability, Reliability and Security, Association for Computing Machinery (ACM), 2021, p. 1-10, article id 86Conference paper, Published paper (Refereed)
Abstract [en]

Modern security practices promote quantitative methods to provide prioritisation insights and support predictive analysis, which is supported by open-source cybersecurity databases such as the Common Vulnerabilities and Exposures (CVE), the National Vulnerability Database (NVD), CERT, and vendor websites. These public repositories provide a way to standardise and share up-to-date vulnerability information, with the purpose to enhance cybersecurity awareness. However, data quality issues of these vulnerability repositories may lead to incorrect prioritisation and misemployment of resources. In this paper, we aim to empirically analyse the data quality impact of vulnerability repositories for actual information technology (IT) and operating technology (OT) systems, especially on data inconsistency. Our case study shows that data inconsistency may misdirect investment of cybersecurity resources. Instead, correlated vulnerability repositories and trustworthiness data verification bring substantial benefits for vulnerability management. 

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2021
Keywords
Cybersecurity, Data Inconsistency, Vulnerability Analysis
National Category
Computer Systems Information Systems
Research subject
Distributed Real-Time Systems; Information Systems
Identifiers
urn:nbn:se:his:diva-19849 (URN)10.1145/3465481.3470093 (DOI)000749539200136 ()2-s2.0-85113197148 (Scopus ID)978-1-4503-9051-4 (ISBN)
Conference
4th International Workshop on Cyber Threat Intelligence Management (CyberTIM 2021), August 17 – August 20, 2021, held in conjunction with ARES 2021: The 16th International Conference on Availability, Reliability and Security, Vienna, Austria, August 17 - 20, 2021
Note

©2021 Copyright held by the owner/author(s). Publication rights licensed to ACM.

Available from: 2021-06-24 Created: 2021-06-24 Last updated: 2022-02-22Bibliographically approved
Jiang, Y., Atif, Y., Ding, J. & Wang, W. (2020). A Semantic Framework With Humans in the Loop for Vulnerability-Assessment in Cyber-Physical Production Systems. In: Slim Kallel, Frédéric Cuppens, Nora Cuppens-Boulahia, Ahmed Hadj Kacem (Ed.), Risks and Security of Internet and Systems: 14th International Conference, CRiSIS 2019, Hammamet, Tunisia, October 29–31, 2019, Proceedings. Paper presented at The 14th International Conference on Risks and Security of Internet and Systems, Hammamet, Tunisia, October 29-31, 2019 (pp. 128-143). Springer, 12026
Open this publication in new window or tab >>A Semantic Framework With Humans in the Loop for Vulnerability-Assessment in Cyber-Physical Production Systems
2020 (English)In: Risks and Security of Internet and Systems: 14th International Conference, CRiSIS 2019, Hammamet, Tunisia, October 29–31, 2019, Proceedings / [ed] Slim Kallel, Frédéric Cuppens, Nora Cuppens-Boulahia, Ahmed Hadj Kacem, Springer, 2020, Vol. 12026, p. 128-143Conference paper, Published paper (Refereed)
Abstract [en]

Criticalmanufacturingprocessesinsmartnetworkedsystems such as Cyber-Physical Production Systems (CPPSs) typically require guaranteed quality-of-service performances, which is supported by cyber- security management. Currently, most existing vulnerability-assessment techniques mostly rely on only the security department due to limited communication between di↵erent working groups. This poses a limitation to the security management of CPPSs, as malicious operations may use new exploits that occur between successive analysis milestones or across departmental managerial boundaries. Thus, it is important to study and analyse CPPS networks’ security, in terms of vulnerability analysis that accounts for humans in the production process loop, to prevent potential threats to infiltrate through cross-layer gaps and to reduce the magnitude of their impact. We propose a semantic framework that supports the col- laboration between di↵erent actors in the production process, to improve situation awareness for cyberthreats prevention. Stakeholders with dif- ferent expertise are contributing to vulnerability assessment, which can be further combined with attack-scenario analysis to provide more prac- tical analysis. In doing so, we show through a case study evaluation how our proposed framework leverages crucial relationships between vulner- abilities, threats and attacks, in order to narrow further the risk-window induced by discoverable vulnerabilities.

Place, publisher, year, edition, pages
Springer, 2020
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 12026
Keywords
Cyber-Physical Production System Security, Human-in-the-Loop, Vulnerability Assessment, Semantic Model, Reference Model
National Category
Embedded Systems Other Electrical Engineering, Electronic Engineering, Information Engineering Information Systems Human Computer Interaction
Research subject
Distributed Real-Time Systems; Production and Automation Engineering
Identifiers
urn:nbn:se:his:diva-17754 (URN)10.1007/978-3-030-41568-6_9 (DOI)2-s2.0-85082136847 (Scopus ID)978-3-030-41567-9 (ISBN)978-3-030-41568-6 (ISBN)
Conference
The 14th International Conference on Risks and Security of Internet and Systems, Hammamet, Tunisia, October 29-31, 2019
Projects
ELVIRA
Note

Also part of the Information Systems and Applications, incl. Internet/Web, and HCI book sub series (LNISA, volume 12026)

EU ISF Project A431.678/2016 ELVIRA

Available from: 2019-10-03 Created: 2019-10-03 Last updated: 2021-06-24Bibliographically approved
Jiang, Y. & Atif, Y. (2020). An Approach to Discover and Assess Vulnerability Severity Automatically in Cyber-Physical Systems. In: Berna Örs, Atilla Elçi (Ed.), Proceedings of the 13th International Conference on Security of Information and Networks: November 4-6, 2020, virtual, Istanbul, Turkey. Paper presented at 13th International Conference on Security of Information and Networks, SIN 2020, November 4-6, 2020, virtual, Istanbul, Turkey. New York, NY, USA: Association for Computing Machinery (ACM), Article ID 9.
Open this publication in new window or tab >>An Approach to Discover and Assess Vulnerability Severity Automatically in Cyber-Physical Systems
2020 (English)In: Proceedings of the 13th International Conference on Security of Information and Networks: November 4-6, 2020, virtual, Istanbul, Turkey / [ed] Berna Örs, Atilla Elçi, New York, NY, USA: Association for Computing Machinery (ACM), 2020, article id 9Conference paper, Published paper (Refereed)
Abstract [en]

Current vulnerability scoring mechanisms in complex cyber-physical systems (CPSs) face challenges induced by the proliferation of both component versions and recurring scoring-mechanism versions. Different data-repository sources like National Vulnerability Database (NVD), vendor websites as well as third party security tool analysers (e.g. ICS CERT and VulDB) may provide conflicting severity scores. We propose a machine-learning pipeline mechanism to compute vulnerability severity scores automatically. This method also discovers score correlations from established sources to infer and enhance the severity consistency of reported vulnerabilities. To evaluate our approach, we show through a CPS-based case study how our proposed scoring system automatically synthesises accurate scores for some vulnerability instances, to support remediation decision-making processes. In this case study, we also analyse the characteristics of CPS vulnerability instances. 

Place, publisher, year, edition, pages
New York, NY, USA: Association for Computing Machinery (ACM), 2020
Series
ACM International Conference Proceedings Series (ICPS)
Keywords
Cybersecurity, Text-Mining, Cyber-Physical System, Vulnerability Analysis, CVSS, Decision making, Embedded systems, Turing machines, Current vulnerabilities, Cyber physical systems (CPSs), Data repositories, National vulnerability database, Remediation decision, Scoring systems, Security tools, Third parties, Network security
National Category
Embedded Systems Computer Systems
Research subject
Distributed Real-Time Systems
Identifiers
urn:nbn:se:his:diva-19500 (URN)10.1145/3433174.3433612 (DOI)2-s2.0-85100625302 (Scopus ID)978-1-4503-8751-4 (ISBN)
Conference
13th International Conference on Security of Information and Networks, SIN 2020, November 4-6, 2020, virtual, Istanbul, Turkey
Note

Permission to make digital or hard copies of all or part of this work for personal orclassroom use is granted without fee provided that copies are not made or distributedfor profit or commercial advantage and that copies bear this notice and the full citationon the first page. Copyrights for components of this work owned by others than ACMmust be honored. Abstracting with credit is permitted. To copy otherwise, or republish,to post on servers or to redistribute to lists, requires prior specific permission and/or afee. Request permissions from permissions@acm.org.SIN 2020, November 4–7, 2020, Merkez, Turkey© 2020 Association for Computing Machinery.

Available from: 2021-02-25 Created: 2021-02-25 Last updated: 2021-08-20Bibliographically approved
Jiang, Y., Atif, Y. & Ding, J. (2019). Cyber-Physical Systems Security Based on A Cross-Linked and Correlated Vulnerability Database. In: Simin Nadjm-Tehrani (Ed.), Simin Nadjm-Tehrani (Ed.), Critical Information Infrastructures Security: 14th International Conference, CRITIS 2019, Linköping, Sweden, September 23–25, 2019, Revised Selected Papers. Paper presented at the 14th International Conference on Critical Information Infrastructures Security, Linköping, Sweden, 23-25 September 2019 (pp. 71-82). Paper presented at the 14th International Conference on Critical Information Infrastructures Security, Linköping, Sweden, 23-25 September 2019. Springer, 11777
Open this publication in new window or tab >>Cyber-Physical Systems Security Based on A Cross-Linked and Correlated Vulnerability Database
2019 (English)In: Critical Information Infrastructures Security: 14th International Conference, CRITIS 2019, Linköping, Sweden, September 23–25, 2019, Revised Selected Papers / [ed] Simin Nadjm-Tehrani, Springer, 2019, Vol. 11777, p. 71-82Chapter in book (Refereed)
Abstract [en]

Recent advances in data analytics prompt dynamic datadriven vulnerability assessments whereby data contained from vulnerabilityalert repositories as well as from Cyber-physical System (CPS) layer networks and standardised enumerations. Yet, current vulnerability assessment processes are mostly conducted manually. However, the huge volume of scanned data requires substantial information processing and analytical reasoning, which could not be satisfied considering the imprecision of manual vulnerability analysis. In this paper, we propose to employ a cross-linked and correlated database to collect, extract, filter and visualise vulnerability data across multiple existing repositories, whereby CPS vulnerability information is inferred. Based on our locally-updated database, we provide an in-depth case study on gathered CPS vulnerability data, to explore the trends of CPS vulnerability. In doing so, we aim to support a higher level of automation in vulnerability awareness and back risk-analysis exercises in critical infrastructures (CIs) protection.

Place, publisher, year, edition, pages
Springer, 2019
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 11777
Keywords
Cyber-Physical System Security, Vulnerability Analysis, Correlated Database Management, SCADA
National Category
Other Electrical Engineering, Electronic Engineering, Information Engineering Computer Sciences
Research subject
Distributed Real-Time Systems
Identifiers
urn:nbn:se:his:diva-17753 (URN)10.1007/978-3-030-37670-3_6 (DOI)000612959400006 ()2-s2.0-85077502760 (Scopus ID)978-3-030-37669-7 (ISBN)978-3-030-37670-3 (ISBN)
Conference
the 14th International Conference on Critical Information Infrastructures Security, Linköping, Sweden, 23-25 September 2019
Projects
EU ISF Project A431.678/2016 ELVIRA
Note

Also part of the Security and Cryptology book sub series (LNSC, volume 11777)

Funded by EU Internal Security Funds

Available from: 2019-10-03 Created: 2019-10-03 Last updated: 2022-04-12Bibliographically approved
Jiang, Y. (2019). Dynamic and Automatic Vulnerability Assessment for Cyber-Physical System. In: : . Paper presented at 19th Seminar within the Framework of a Swedish IT Security Network for PhD students, Karlstad, Sweden, June 3-4, 2019.
Open this publication in new window or tab >>Dynamic and Automatic Vulnerability Assessment for Cyber-Physical System
2019 (English)Conference paper, Poster (with or without abstract) (Other academic)
Abstract [en]

Assessing vulnerabilities supports analytics-based decision-making processes to protect Critical Infrastructures (CIs), in order to focus on specific risks rising from threat-exploitability with varying degrees of impact-severity. The notion of risk remains elusive, as evidenced by the increasing investigations on CIs security operations centres (SOCs) where analysts employ various detection, assessment, and defence mechanisms to monitor security events. Normally, SOCs involve advances of multiple automated security tools such as network vulnerability scanners and Common Vulnerability Scoring System (CVSS), combined with analysis of data contained and produced by cyber-physical system (CPS) as well as alarms retrieved from vulnerability repositories such as Common Vulnerability Exposure (CVE). The security operators need further to forecast the match between these vulnerabilities and the state of intricate CIs layer networks, while prioritising patching investments using vulnerability-scoring mechanisms. This process shows the central role of security operators in SOCs and their need for support to keep pace with dynamically evolving vulnerability-alert repositories. Recent advances in data analytics also prompt dynamic data-driven vulnerability assessments whereby data contained and produced by CPS include hidden traces of vulnerability fingerprints. However, the huge volume of scanned data requires high capability of information processing and analytical reasoning, which could not be satisfied considering the imprecise nature of manual vulnerability assessment.

A knowledge-base system that consolidates both sides into empirical rules appears to be missing, yet it promises to offer a suitable level of decision-support. In our research, we propose a dynamic and automated vulnerability-assessment approach. The proposed streamlined approach employs computational intelligence techniques to analyse data retrieved from vulnerability-alert repositories and CPS layer networks within an innovative accurate and automatic scoring system, away from traditional manual and highly subjective mechanisms. Our approach suggests to substitute offline, costly, error-prone and pure subjective vulnerability assessment processes with an automatic, accurate and data-evidenced approach, to improve situation awareness and to support security decision making. In doing so, we investigate judicious computational-intelligence techniques such as fuzzy-logic, machine learning and data mining, applied to vulnerability assessment problems.

Keywords
Cyber-Physical System Security, Vulnerability Assessment
National Category
Embedded Systems Computer Sciences
Research subject
Distributed Real-Time Systems
Identifiers
urn:nbn:se:his:diva-17752 (URN)
Conference
19th Seminar within the Framework of a Swedish IT Security Network for PhD students, Karlstad, Sweden, June 3-4, 2019
Projects
ELVIRA
Note

A short presentation was given during SWITS'2019 workshop for the poster.

Available from: 2019-10-03 Created: 2019-10-03 Last updated: 2019-10-04Bibliographically approved
Jiang, Y. (2019). Dynamic Vulnerability Analysis in Cyberphysical Systems. Skövde: University of Skövde
Open this publication in new window or tab >>Dynamic Vulnerability Analysis in Cyberphysical Systems
2019 (English)Report (Other academic)
Abstract [en]

The growth and the complexity scale of Cyber-Physical Systems (CPSs) are ever-evolving due to the fast expansion of networked applications in smart-x systems, which are overseeing critical infrastructures such as the smart-grid. These smart networked systems use a network of embedded sensors, platforms and actuators to perceive and affect a physical process that typically requires guaranteed quality-of-service performances provided by safety-critical applications. The confluence of sensors, platforms and networks is also nourishing the expansion of the emerging Internet of Things (IoT) area. However, these developments lead to increased surfaces that are vulnerable to cyberattacks.Since the capability of attackers and the trust in networked-components are subject to substantial variability, a dynamic-vulnerability assessment is advocated in this study, in contrast to traditional static-approaches. 

Recent advances in data analytics prompt dynamic data-driven vulnerability assessments, whereby data contained and produced by CPS cyber-components include hidden traces of vulnerability fingerprints. However, the imprecise nature of vulnerability assessment and the huge volume of scanned data call for computational intelligence techniques to analyse such data. We first investigate computational models to capture semantic properties related to vulnerability concepts revolving around CPS components. This study reveals salient metrics and related measurements used to quantify CPS component vulnerabilities. We show the potential of applying fuzzy-logic techniques to diagnose vulnerability, and infer objective vulnerability scores. Then, we examine computational methods to extract meaning from text by mining online public-repositories of published vulnerabilities and discovering potential vulnerability-matches in a given CPS infrastructure. Graph-mining techniques are also explored to identify critical-assets of CPS infrastructure to weigh vulnerabilities, considering topological structures and functional features. 

In this proposal, we explore the state of the art and highlight the drawbacks of current research approaches in CPS vulnerability assessment area, based on which, we build our research questions with the purpose to piece together solution elements for the stated problem. In doing so, computational intelligence techniques such as fuzzy-logic and machine-learning, are investigated in order (a) to reduce existing security management gaps induced by ad-hoc and subjective vulnerability auditing processes, (b) to narrow further the risk window induced by discoverable vulnerabilities, and (c) to increase the level of automation in vulnerability analysis, at various levels of the CPS architecture.

Place, publisher, year, edition, pages
Skövde: University of Skövde, 2019. p. 56
Keywords
Cyber-Physical System Security, Vulnerability Assessment, Vulnerability Quantification, Cybersecurity Analysis Automation, Computational Intelligence in Security
National Category
Computer Sciences
Research subject
Distributed Real-Time Systems
Identifiers
urn:nbn:se:his:diva-16802 (URN)
Projects
ELVIRA project
Note

Research proposal, PhD programme, University of Skövde

Available from: 2019-04-23 Created: 2019-04-23 Last updated: 2019-04-23Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-4791-8452

Search in DiVA

Show all publications