Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Vulnerability Analysis for Critical Infrastructures
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Distribuerade realtidssystem (DRTS), Distributed Real-Time Systems)ORCID iD: 0000-0003-4791-8452
2022 (English)Doctoral thesis, monograph (Other academic)
Abstract [en]

The rapid advances in information and communication technology enable a shift from diverse systems empowered mainly by either hardware or software to cyber-physical systems (CPSs) that are driving Critical infrastructures (CIs), such as energy and manufacturing systems. However, alongside the expected enhancements in efficiency and reliability, the induced connectivity exposes these CIs to cyberattacks exemplified by Stuxnet and WannaCry ransomware cyber incidents. Therefore, the need to improve cybersecurity expectations of CIs through vulnerability assessments cannot be overstated. Yet, CI cybersecurity has intrinsic challenges due to the convergence of information technology (IT) and operational technology (OT) as well as the crosslayer dependencies that are inherent to CPS based CIs. Different IT and OT security terminologies also lead to ambiguities induced by knowledge gaps in CI cybersecurity. Moreover, current vulnerability-assessment processes in CIs are mostly subjective and human-centered. The imprecise nature of manual vulnerability assessment operations and the massive volume of data cause an unbearable burden for security analysts. Latest advances in machine-learning (ML) based cybersecurity solutions promise to shift such burden onto digital alternatives. Nevertheless, the heterogeneity, diversity and information gaps in existing vulnerability data repositories hamper accurate assessments anticipated by these ML-based approaches. Therefore, a comprehensive approach is envisioned in this thesis to unleash the power of ML advances while still involving human operators in assessing cybersecurity vulnerabilities within deployed CI networks.Specifically, this thesis proposes data-driven cybersecurity indicators to bridge vulnerability management gaps induced by ad-hoc and subjective auditing processes as well as to increase the level of automation in vulnerability analysis. The proposed methodology follows design science research principles to support the development and validation of scientifically-sound artifacts. More specifically, the proposed data-driven cybersecurity architecture orchestrates a range of modules that include: (i) a vulnerability data model that captures a variety of publicly accessible cybersecurity-related data sources; (ii) an ensemble-based ML pipeline method that self-adjusts to the best learning models for given cybersecurity tasks; and (iii) a knowledge taxonomy and its instantiated power grid and manufacturing models that capture CI common semantics of cyberphysical functional dependencies across CI networks in critical societal domains. This research contributes data-driven vulnerability analysis approaches that bridge the knowledge gaps among different security functions, such as vulnerability management through related reports analysis. This thesis also correlates vulnerability analysis findings to coordinate mitigation responses in complex CIs. More specifically, the vulnerability data model expands the vulnerability knowledge scope and curates meaningful contexts for vulnerability analysis processes. The proposed ML methods fill information gaps in vulnerability repositories using curated data while further streamlining vulnerability assessment processes. Moreover, the CI security taxonomy provides disciplined and coherent support to specify and group semanticallyrelated components and coordination mechanisms in order to harness the notorious complexity of CI networks such as those prevalent in power grids and manufacturing infrastructures. These approaches learn through interactive processes to proactively detect and analyze vulnerabilities while facilitating actionable insights for security actors to make informed decisions.

Place, publisher, year, edition, pages
Skövde: University of Skövde , 2022. , p. xxv, 278
Series
Dissertation Series ; 46
Keywords [en]
critical infrastructure cybersecurity, vulnerability assessment, vulnerability quantification, computational intelligence in cybersecurity, cyber-physical system
National Category
Computer Systems Embedded Systems Communication Systems Other Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
INF303 Information Security; INF301 Data Science; Distributed Real-Time Systems
Identifiers
URN: urn:nbn:se:his:diva-21546ISBN: 978-91-987906-0-3 (print)OAI: oai:DiVA.org:his-21546DiVA, id: diva2:1680358
Public defence
2022-09-05, Portalen, Insikten, Kanikegränd 3A, Skövde, 13:00
Opponent
Supervisors
Available from: 2022-07-14 Created: 2022-07-04 Last updated: 2022-09-05Bibliographically approved

Open Access in DiVA

fulltext(21668 kB)1555 downloads
File information
File name FULLTEXT05.pdfFile size 21668 kBChecksum SHA-512
c0406b35894351c79e03c287ec203084016fe7e5deddc8222fc6a6a23889870bf72b15aadd2dc55c4dcb5c210712d1d052f7d434784c7253b68b1d7439969945
Type fulltextMimetype application/pdf

Authority records

Jiang, Yuning

Search in DiVA

By author/editor
Jiang, Yuning
By organisation
School of InformaticsInformatics Research Environment
Computer SystemsEmbedded SystemsCommunication SystemsOther Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 1709 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 2442 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf