scholarly journals Hierarchical Multi-Stage Cyber Attack Scenario Modeling Based on G&E Model for Cyber Risk Simulation Analysis

2020 ◽  
Vol 10 (4) ◽  
pp. 1426
Author(s):  
Myung Kil Ahn ◽  
Yong Hyun Kim ◽  
Jung-Ryun Lee
Keyword(s):  
Large Scale ◽  
Simulation Analysis ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Scenario Modeling ◽  
Course Of Action ◽  
Multi Stage ◽  
Attack Scenario ◽  
Analysis System ◽  
Large Scale Networks

With the advancement in cyber-defense capabilities, cyber attacks have continued to evolve like living creatures to breach security. Assuming the possibility of various enemy attacks, it is necessary to select an appropriate course of action by proactively analyzing and predicting the consequences of a particular security event. Cyber attacks, especially in large-scale military network environments, have a fatal effect on security; therefore, various experiments and analyses must be conducted to establish the necessary preparations. Herein, we propose a hierarchical multi-stage cyber attack scenario modeling based on the goal and effect (G&E) model and analysis system, which enables expression of various goals of attack and damage effects without being limited to specific type. The proposed method is applicable to large-scale networks and can be utilized in various scenario-based cyber combat experiments.

scholarly journals Comparative Study between Big Data Analysis Techniques in Intrusion Detection

2018 ◽  
Vol 3 (1) ◽  
pp. 1 ◽  
Author(s):  
Mounir Hafsa ◽  
Farah Jemili
Keyword(s):  
Intrusion Detection ◽  
Real Time ◽  
Large Scale ◽  
Fault Tolerant ◽  
Time Frame ◽  
Cyber Attacks ◽  
Sensitive Information ◽  
Cyber Attack ◽  
Processing Power ◽  
Damage Costs

Cybersecurity ventures expect that cyber-attack damage costs will rise to $11.5 billion in 2019 and that a business will fall victim to a cyber-attack every 14 seconds. Notice here that the time frame for such an event is seconds. With petabytes of data generated each day, this is a challenging task for traditional intrusion detection systems (IDSs). Protecting sensitive information is a major concern for both businesses and governments. Therefore, the need for a real-time, large-scale and effective IDS is a must. In this work, we present a cloud-based, fault tolerant, scalable and distributed IDS that uses Apache Spark Structured Streaming and its Machine Learning library (MLlib) to detect intrusions in real-time. To demonstrate the efficacy and effectivity of this system, we implement the proposed system within Microsoft Azure Cloud, as it provides both processing power and storage capabilities. A decision tree algorithm is used to predict the nature of incoming data. For this task, the use of the MAWILab dataset as a data source will give better insights about the system capabilities against cyber-attacks. The experimental results showed a 99.95% accuracy and more than 55,175 events per second were processed by the proposed system on a small cluster.

Cyber threat assessment via attack scenario simulation using an integrated adversary and network modeling approach

2017 ◽  
Vol 15 (1) ◽  
pp. 13-29 ◽  
Author(s):  
Stephen Moskal ◽  
Shanchieh Jay Yang ◽  
Michael E Kuhl
Keyword(s):  
Network Security ◽  
Threat Assessment ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Network Defense ◽  
Knowledge Based ◽  
Attack Scenario ◽  
Cyber Threat ◽  
Scenarios Simulation ◽  
System Configurations

Existing research on cyber threat assessment focuses on analyzing the network vulnerabilities and producing possible attack graphs. Cyber attacks in real-world enterprise networks, however, vary significantly due to not only network and system configurations, but also the attacker’s strategies. This work proposes a cyber-based attacker behavior model (ABM) in conjunction with the Cyber Attack Scenario and Network Defense Simulator to model the interaction between the network and the attackers. The ABM leverages a knowledge-based design and factors in the capability, opportunity, intent, preference, and Cyber Attack Kill Chain integration to model various types of attackers. By varying the types of attackers and the network configurations, and simulating their interactions, we present a method to measure the overall network security against cyber attackers under different scenarios. Simulation results based on four attacker types on two network configurations are shown to demonstrate how different attacker behaviors may lead to different ways to penetrate a network, and how a single misconfiguration may impact network security.

Optimization of Operational Large-Scale (Cyber) Attacks by a Combinational Approach

2017 ◽  
Vol 7 (3) ◽  
pp. 29-43
Author(s):  
Éric Filiol ◽  
Cécilia Gallais
Keyword(s):  
Distribution System ◽  
Large Scale ◽  
Power Transmission ◽  
Vertex Cover ◽  
Electrical Power ◽  
The United States ◽  
Cyber Attacks ◽  
Attack Scenario ◽  
Critical Components ◽  
Transmission And Distribution

Recent attacks against critical infrastructures have shown that it is possible to take down an entire infrastructure by targeting only a few of its components. To prevent or minimize the effects of this kind of attacks, it is necessary to identify these critical components whose disruption, damage or destruction can lead to the paralysis of an infrastructure. This paper shows that the identification of critical components can be made thanks to a particular pattern of the graph theory: the vertex cover. To illustrate how the vertex cover can be useful for the identification of critical components, the electrical power transmission and distribution system of the United States is used as an example. It is shown how it is possible to build an attack scenario against an infrastructure with the results of a vertex cover algorithm.

scholarly journals Security Risk Analysis of Active Distribution Networks with Large-Scale Controllable Loads under Malicious Attacks

Complexity ◽  
2021 ◽  
Vol 2021 ◽  
pp. 1-12
Author(s):  
Jiaqi Liang ◽  
Yibei Wu ◽  
Jun’e Li ◽  
Xiong Chen ◽  
Heqin Tong ◽  
...  
Keyword(s):  
Large Scale ◽  
Distribution Networks ◽  
Cyber Attacks ◽  
Stable Operation ◽  
Cyber Attack ◽  
Distributed Energy ◽  
Protection Measures ◽  
Attack Model ◽  
The Impact ◽  
Active Distribution Networks

With the development of distributed networks, the remote controllability of the distributed energy objects and the vulnerability of user-side information security protection measures make distributed energy objects extremely vulnerable to malicious control by attackers. Hence, the large-scale loads may produce abnormal operation performance, such as load casting/dropping synchronously or frequent and synchronous casting and dropping, and hence, it can threaten the security and stable operation of the distribution networks. First, we analyze the security threats faced by industrial controllable load, civil controllable load, and the gains and losses of attacks on the distribution networks. Considering the factors of cyber attacks, we propose a control model and cyber attack model in active distribution networks (ADNs). And, three types of attacks that the target suffered are defined on the basis of “on” and “off” modes for control. Then, the controllable load was maliciously controlled as the research object, and a suitable scenario is selected. The impact of malicious control of the controllable load on the power supply reliability and power quality of the distribution networks are simulated and analyzed, and risk consequences for different types of attacks are provided.

Optimization of Operational Large-Scale (Cyber) Attacks by a Combinational Approach

2020 ◽  
pp. 654-670
Author(s):  
Éric Filiol ◽  
Cécilia Gallais
Keyword(s):  
Distribution System ◽  
Large Scale ◽  
Power Transmission ◽  
Vertex Cover ◽  
Electrical Power ◽  
The United States ◽  
Cyber Attacks ◽  
Attack Scenario ◽  
Critical Components ◽  
Transmission And Distribution

Recent attacks against critical infrastructures have shown that it is possible to take down an entire infrastructure by targeting only a few of its components. To prevent or minimize the effects of this kind of attacks, it is necessary to identify these critical components whose disruption, damage or destruction can lead to the paralysis of an infrastructure. This paper shows that the identification of critical components can be made thanks to a particular pattern of the graph theory: the vertex cover. To illustrate how the vertex cover can be useful for the identification of critical components, the electrical power transmission and distribution system of the United States is used as an example. It is shown how it is possible to build an attack scenario against an infrastructure with the results of a vertex cover algorithm.

Decision-making in crisis management of a serious digital incident: A garbage can approach

2020 ◽  
Vol 18 (6) ◽  
pp. 489-498
Author(s):  
Harald Fardal, PhD ◽  
Ann-Kristin Elstad, PhD
Keyword(s):  
Decision Making ◽  
Crisis Management ◽  
Large Scale ◽  
Analytical Framework ◽  
Decision Makers ◽  
Cyber Attack ◽  
Garbage Can Model ◽  
Management Personnel ◽  
Organizational Choice ◽  
Attack Scenario

Managing crisis challenges the ability to make numerous decisions under great uncertainty. This study address the decision-making process, and how the mix of involved individuals, prior knowledge, and available decision-makers forms the decisions made during a crisis. A large-scale exercise with a cyberattack scenario was chosen as the study’s case. The organization studied have highly skilled crisis management personnel; however, they are not used to manage a large-scale cyber-attack scenario. The garbage can model (GCM) of Organizational Choice with a few modifications is used as the analytical framework in the study.

Sign in / Sign up

Export Citation Format

Share Document