Generation of Cyber-security Reinforcement Strategies for Smart Grid Based on the Attribute-based Attack Graph
Abstract
A smart grid is a kind of energy cyber-physical system (ECPS) with the interdependency of information and physicality.A cyber-attack gravely threatens the safe and stable operation of a physical power grid. Cyber-security reinforcement of smartgrid has become a research issue. However, the information network scale of a smart grid is massive, and the generation ofsecurity reinforcement strategies has become a problem. Therefore, a generation method of security reinforcement strategiesbased on an attribute-based attack graph was proposed in this study. The method defined a smart grid based on premise andconsequence attributes to form an attribute-based attack graph. With this graph, the method for the generation of securityreinforcement strategies was transferred to the minimum dominating set of the attribute-based attack graph and solved torealize space reduction in the security reinforcement strategies. An algorithm for the generation of security reinforcementstrategies was designed based on the greedy algorithm, and strategies for large-scale cyber security reinforcement of thesmart grid were determined to eliminate the complexity and difficulty of this problem effectively. Through a simulation analysisof a large-scale node network, the efficiency of the generation method of reinforcement strategies based on the attributebasedattack graph and minimum dominating set was verified. Results show that the proposed method can be used forsecurity reinforcement of large-scale complicated networks of a smart grid.References
[1] Chen F., Liu D., Zhang Y., and Su J. A scalable approach to analyzing
network security using compact attack graphs. Journal of Networks, 5(5):543–550, 2010.
[2] Spanos G. and Angelis L. Impact metrics of security vulnerabilities:
Analysis and weighing. Information Security Journal: A Global Perspective,
pages 1–15, 2015.
[3] Wang L., Yao C., Singhal A., and Jajodia S. Implementing interactive
analysis of attack graphs using relational database. Journal of Computer
Security, 16(4):419–437, 2008.
[4] Xu L., Li Y.P., Li Q.M., Yang Y.W., Tang Z.M., and Zhang X.F. Proportional
fair resource allocation based on hybrid ant colony optimization
for slow adaptive ofdma system. Information Science, 293:1–10, 2015.
[5] Alhomidi M. and Reed M. Risk assessment and analysis through
population–based attack graph modelling. World Congress in Internet
Security (WorldCIS), pages 19–24, 2013.
[6] Idika N. and Bhargava B. Extending attack graph-based security metrics
and aggregating their application. IEEE Transactions on Dependable
& Secure Computing, 9(1):75–85, 2012.
[7] Poolsappasit N., Dewri R., and Ray I. Dynamic security risk management
using bayesian attack graphs. IEEE Transactions on Dependable
and Secure Computing, 9(1):61–74, 2012.
[8] Li Q. Multiple qos constraints finding paths algorithm in tmn. Information,
14(3):731–737, 2011.
[9] Li Q.M. and Zhang. H. Information security risk assessment technology
of cyberspace: a review. International Journal on Information, 15
(11):4677–4683, 2012.
[10] Xia R., Xu F., Zong C.Q., Li Q., Qi Y., and Li T. Dual sentiment analysis:
Considering two sides of one review. IEEE Transactions on Knowledge
and Data Engineering, 27(8):2120–2133, 2015.
[11] Noel S. and Jajodia S. Metrics suite for network attack graph analytics.
Proceedings of the 9th Annual Cyber and Information Security
Research Conference ACM, pages 5–8, 2014.
[12] Roschke S., Cheng F., and Meinel C. High-quality attack graph-based
ids correlation. Logic Journal of IGPL, 21(4):571–591, 2013.
[13] Saurabh S. and Sairam A.S. A more accurate completion condition
for attack-graph reconstruction in probabilistic packet marketing algorithm.
National Conference on Communications (NCC) IEEE, pages
1–5, 2013.
[14] Chen X.J., Fang B.X., and Zhang H.L. Inferring attack intent of malicious
insider based on probabilistic attack graph model. Chinese Journal
of Computers, 37(1):62–72, 2014.
[15] Yun Y., Xishan X., Yan J., and Chang Q. Z. An attack graph-based
probabilistic computing approach of network security. Chinese Journal
of Computers, 33(10):1987–1996, 2010.
network security using compact attack graphs. Journal of Networks, 5(5):543–550, 2010.
[2] Spanos G. and Angelis L. Impact metrics of security vulnerabilities:
Analysis and weighing. Information Security Journal: A Global Perspective,
pages 1–15, 2015.
[3] Wang L., Yao C., Singhal A., and Jajodia S. Implementing interactive
analysis of attack graphs using relational database. Journal of Computer
Security, 16(4):419–437, 2008.
[4] Xu L., Li Y.P., Li Q.M., Yang Y.W., Tang Z.M., and Zhang X.F. Proportional
fair resource allocation based on hybrid ant colony optimization
for slow adaptive ofdma system. Information Science, 293:1–10, 2015.
[5] Alhomidi M. and Reed M. Risk assessment and analysis through
population–based attack graph modelling. World Congress in Internet
Security (WorldCIS), pages 19–24, 2013.
[6] Idika N. and Bhargava B. Extending attack graph-based security metrics
and aggregating their application. IEEE Transactions on Dependable
& Secure Computing, 9(1):75–85, 2012.
[7] Poolsappasit N., Dewri R., and Ray I. Dynamic security risk management
using bayesian attack graphs. IEEE Transactions on Dependable
and Secure Computing, 9(1):61–74, 2012.
[8] Li Q. Multiple qos constraints finding paths algorithm in tmn. Information,
14(3):731–737, 2011.
[9] Li Q.M. and Zhang. H. Information security risk assessment technology
of cyberspace: a review. International Journal on Information, 15
(11):4677–4683, 2012.
[10] Xia R., Xu F., Zong C.Q., Li Q., Qi Y., and Li T. Dual sentiment analysis:
Considering two sides of one review. IEEE Transactions on Knowledge
and Data Engineering, 27(8):2120–2133, 2015.
[11] Noel S. and Jajodia S. Metrics suite for network attack graph analytics.
Proceedings of the 9th Annual Cyber and Information Security
Research Conference ACM, pages 5–8, 2014.
[12] Roschke S., Cheng F., and Meinel C. High-quality attack graph-based
ids correlation. Logic Journal of IGPL, 21(4):571–591, 2013.
[13] Saurabh S. and Sairam A.S. A more accurate completion condition
for attack-graph reconstruction in probabilistic packet marketing algorithm.
National Conference on Communications (NCC) IEEE, pages
1–5, 2013.
[14] Chen X.J., Fang B.X., and Zhang H.L. Inferring attack intent of malicious
insider based on probabilistic attack graph model. Chinese Journal
of Computers, 37(1):62–72, 2014.
[15] Yun Y., Xishan X., Yan J., and Chang Q. Z. An attack graph-based
probabilistic computing approach of network security. Chinese Journal
of Computers, 33(10):1987–1996, 2010.
Published
2016-10-29
How to Cite
ZHANG, Bo et al.
Generation of Cyber-security Reinforcement Strategies for Smart Grid Based on the Attribute-based Attack Graph.
Journal of Power Technologies, [S.l.], v. 96, n. 3, p. 170--177, oct. 2016.
ISSN 2083-4195.
Available at: <https://papers.itc.pw.edu.pl/index.php/JPT/article/view/923>. Date accessed: 26 apr. 2024.
Issue
Section
Energy Engineering and Technology
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
