IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS: SYSTEMS, VOL. 46, NO. 10, OCTOBER 2016 1429
Multimodel-Based Incident Prediction and
Risk Assessment in Dynamic Cybersecurity
Protection for Industrial Control Systems
Qi Zhang, Chunjie Zhou, Naixue Xiong, Senior Member, IEEE,
Yuanqing Qin, Xuan Li, and Shuang Huang
Abstract—Currently, an increasing number of informa-
tion/communication technologies are adopted into the industrial
control systems (ICSs). While these IT technologies offer high
flexibility, interoperability, and convenient administration of
ICSs, they also introduce cybersecurity risks. Dynamic cybersecu-
rity risk assessment is a key foundational component of security
protection. However, due to the characteristics of ICSs, the risk
assessment for IT systems is not completely applicable for ICSs.
In this paper, through the consideration of the characteristics of
ICSs, a targeted multilevel Bayesian network containing attack,
function, and incident models is proposed. Following this pro-
posal, a novel multimodel-based hazardous incident prediction
approach is designed. On this basis, a dynamic cybersecurity
risk assessment approach, which has the ability to assess the
risk caused by unknown attacks, is also devised. Furthermore,
to improve the accuracy of the risk assessment, which may be
reduced by the redundant accumulation of overlaps amongst dif-
ferent consequences, a unified consequence quantification method
is presented. Finally, to verify the effectiveness of the proposed
approach, a simulation of a simplified chemical reactor control
system is conducted in MATLAB. The simulation results can
clearly demonstrate that the proposed approach has the abil-
ity to dynamically calculate the cybersecurity risk of ICSs in a
timely manner. Additionally, the result of a different comparative
simulation shows that our approach has the ability to assess the
risk caused by unknown attacks.
Index Terms—Bayesian network, cybersecurity, incident pre-
diction, industrial control system (ICS), multiple models, risk
assessment.
Manuscript received May 26, 2015; revised August 13, 2015; accepted
August 20, 2015. Date of publication December 18, 2015; date of cur-
rent version September 14, 2016. This work was supported in part by the
National Natural Science Foundation of China under Grant 61272204 and
Grant 61433006, and in part by the Fundamental Research Funds for the
Central Universities of China (HUST) under Grant 2013ZZGH006. This paper
was recommended by Associate Editor T.-M. Choi. (Corresponding authors:
Chunjie Zhou and Yuanqing Qin.)
Q. Zhang, C. Zhou, Y. Qin, X. Li, and S. Huang are with the
Key Laboratory of Ministry of Education for Image Processing and
Intelligent Control, School of Automation, Huazhong University of
Science and Technology, Wuhan 430074, China (e-mail: [email protected];
[email protected]; [email protected]; [email protected];
[email protected]).
N. Xiong is with the Department of Business and Compu ...
Running Head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY .docxhealdkathaleen
Running Head: ANNOTATED BIBLIOGRAPHY
ANNOTATED BIBLIOGRAPHY 6
Annotated Bibliography on Emerging Cyber Threats
[Name of Institution]
[Name of Writer]
Annotated Bibliography on Emerging Cyber Threats
Source#1
Reference: Kettani, H., & Wainwright, P. (2019, March). On the Top Threats to Cyber Systems. In 2019 IEEE 2nd International Conference on Information and Computer Technologies (ICICT) (pp. 175-179). IEEE.
Summary: This article reveals the threats to the cyber systems even some of them are not known to the common people. The article defines that the latest technology has advanced the cyber systems and these advancements are attractive and beneficial in comparison to the previous systems. However, due to this sophisticated and attractive advancement the individuals, societies, and nations had become dependent on the cyber systems. These systems result in the higher gain and ease of handling since people had relying on the cyber systems. Moreover, the author argues that for the adoption of the proper defense and mitigations to the threats it is necessary to understand cyber threats. The top threats with a brief discussion of threat agents and attack vectors along with the countermeasures are mentioned so that the readers can find knowledge in this regard.
Relevance: This article is of paramount importance because it defines the importance of the topic of research. As the aim of the research is to expose the emerging cyber-attacks and the author of the article “On the Top Threats to Cyber Systems” reveals the importance of the cyber systems which is important for understanding the dependence over the cyber systems. In addition to this, the article is found worth reading because it reveals the emerging cybercrimes and ways of protection too. The study is found relevant because it reveals that cyber systems are important nowadays because they are used in the business systems, control systems, and for accessing the control systems. In other words, the articles provide an overview of the emerging threats and latest trends in the cyber systems.
Source#2
Reference: Parn, E. A., & Edwards, D. (2019). Cyber threats confronting the digital built environment. Engineering, Construction and Architectural Management.
Summary: This article determines the cyber systems attack in the sector of the digital built environment. The study gives the idea of emerging crimes that are made to threat the digital and physical assets that are used to form the digital economies. These threats are often made to affect the critical infrastructure of the smart cities. These smart cities are comprised of the cyber systems which also increase the national wealth, preserve health, and provide safety and welfare to the nation. In this regard, it is important to protect the cyber systems from the critical and emerging threats. Additionally, the article reveals the safe an ...
Artificial intelligence and machine learning capabilities are growing at an unprecedented rate. These technologies have many widely beneficial applications, ranging from machine translation to medical image analysis. Countless more such applications are being developed and can be expected over the long term. Less attention has historically been paid to the ways in which artificial intelligence can be used maliciously. This report surveys the landscape of potential security threats from malicious uses of artificial intelligence technologies, and proposes ways to better forecast, prevent, and mitigate these threats. We analyze, but do not conclusively resolve, the question of what the long-term equilibrium between attackers and defenders will be. We focus instead on what sorts of attacks we are likely to see soon if adequate defenses are not developed.
DEVELOPMENT OF A CONCEPTUAL MODEL OF ADAPTIVE ACCESS RIGHTS MANAGEMENT WITH U...IAEME Publication
The paper describes the conceptual model of adaptive control of cyber protection
of the informatization object (IO). Petri's Networks were used as a mathematical
device to solve the problem of adaptive control of user access rights. The simulation
model is proposed and the simulation in PIPE v4.3.0 package is performed. The
possibility of automating the procedures for adjusting the user profile to minimize or
neutralize cyber threats in the objects of informatization is shown. The model of
distribution of user tasks in computer networks of IO is proposed. The model, unlike
the existing, is based on the mathematical apparatus of Petri's Networks and contains
variables that allow reducing the power of the state space. Access control method
(ACM) is added. The addenda touched upon aspects of reconciliation of access rights
that are requested by the task and requirements of the security policy and the degree
of consistency of tasks and access to the IO nodes. Adjustment of rules and security
metrics for new tasks or redistributable tasks is described in the notation of Petri nets
A hierarchical security framework for defending against sophisticated attacks...redpel dot com
A hierarchical security framework for defending against sophisticated attacks on wireless sensor networks in smart cities
for more ieee paper / full abstract / implementation , just visit www.redpel.com
Advancing the cybersecurity of the healthcare system with self- optimising an...Petar Radanliev
This article advances the knowledge on teaching and training new artificial intelligence algorithms, for securing, preparing,
and adapting the healthcare system to cope with future pandemics. The core objective is to develop a concept healthcare
system supported by autonomous artificial intelligence that can use edge health devices with real-time data. The article constructs two case scenarios for applying cybersecurity with autonomous artificial intelligence for (1) self-optimising predictive cyber risk analytics of failures in healthcare systems during a Disease X event (i.e., undefined future pandemic), and (2) self-adaptive forecasting of medical production and supply chain bottlenecks during future pandemics. To construct the two testing scenarios, the article uses the case of Covid-19 to synthesise data for the algorithms – i.e., for optimising and securing digital healthcare systems in anticipation of Disease X. The testing scenarios are built to tackle the logistical challenges and disruption of complex production and supply chains for vaccine distribution with optimisation algorithms.
Running Head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY .docxhealdkathaleen
Running Head: ANNOTATED BIBLIOGRAPHY
ANNOTATED BIBLIOGRAPHY 6
Annotated Bibliography on Emerging Cyber Threats
[Name of Institution]
[Name of Writer]
Annotated Bibliography on Emerging Cyber Threats
Source#1
Reference: Kettani, H., & Wainwright, P. (2019, March). On the Top Threats to Cyber Systems. In 2019 IEEE 2nd International Conference on Information and Computer Technologies (ICICT) (pp. 175-179). IEEE.
Summary: This article reveals the threats to the cyber systems even some of them are not known to the common people. The article defines that the latest technology has advanced the cyber systems and these advancements are attractive and beneficial in comparison to the previous systems. However, due to this sophisticated and attractive advancement the individuals, societies, and nations had become dependent on the cyber systems. These systems result in the higher gain and ease of handling since people had relying on the cyber systems. Moreover, the author argues that for the adoption of the proper defense and mitigations to the threats it is necessary to understand cyber threats. The top threats with a brief discussion of threat agents and attack vectors along with the countermeasures are mentioned so that the readers can find knowledge in this regard.
Relevance: This article is of paramount importance because it defines the importance of the topic of research. As the aim of the research is to expose the emerging cyber-attacks and the author of the article “On the Top Threats to Cyber Systems” reveals the importance of the cyber systems which is important for understanding the dependence over the cyber systems. In addition to this, the article is found worth reading because it reveals the emerging cybercrimes and ways of protection too. The study is found relevant because it reveals that cyber systems are important nowadays because they are used in the business systems, control systems, and for accessing the control systems. In other words, the articles provide an overview of the emerging threats and latest trends in the cyber systems.
Source#2
Reference: Parn, E. A., & Edwards, D. (2019). Cyber threats confronting the digital built environment. Engineering, Construction and Architectural Management.
Summary: This article determines the cyber systems attack in the sector of the digital built environment. The study gives the idea of emerging crimes that are made to threat the digital and physical assets that are used to form the digital economies. These threats are often made to affect the critical infrastructure of the smart cities. These smart cities are comprised of the cyber systems which also increase the national wealth, preserve health, and provide safety and welfare to the nation. In this regard, it is important to protect the cyber systems from the critical and emerging threats. Additionally, the article reveals the safe an ...
Artificial intelligence and machine learning capabilities are growing at an unprecedented rate. These technologies have many widely beneficial applications, ranging from machine translation to medical image analysis. Countless more such applications are being developed and can be expected over the long term. Less attention has historically been paid to the ways in which artificial intelligence can be used maliciously. This report surveys the landscape of potential security threats from malicious uses of artificial intelligence technologies, and proposes ways to better forecast, prevent, and mitigate these threats. We analyze, but do not conclusively resolve, the question of what the long-term equilibrium between attackers and defenders will be. We focus instead on what sorts of attacks we are likely to see soon if adequate defenses are not developed.
DEVELOPMENT OF A CONCEPTUAL MODEL OF ADAPTIVE ACCESS RIGHTS MANAGEMENT WITH U...IAEME Publication
The paper describes the conceptual model of adaptive control of cyber protection
of the informatization object (IO). Petri's Networks were used as a mathematical
device to solve the problem of adaptive control of user access rights. The simulation
model is proposed and the simulation in PIPE v4.3.0 package is performed. The
possibility of automating the procedures for adjusting the user profile to minimize or
neutralize cyber threats in the objects of informatization is shown. The model of
distribution of user tasks in computer networks of IO is proposed. The model, unlike
the existing, is based on the mathematical apparatus of Petri's Networks and contains
variables that allow reducing the power of the state space. Access control method
(ACM) is added. The addenda touched upon aspects of reconciliation of access rights
that are requested by the task and requirements of the security policy and the degree
of consistency of tasks and access to the IO nodes. Adjustment of rules and security
metrics for new tasks or redistributable tasks is described in the notation of Petri nets
A hierarchical security framework for defending against sophisticated attacks...redpel dot com
A hierarchical security framework for defending against sophisticated attacks on wireless sensor networks in smart cities
for more ieee paper / full abstract / implementation , just visit www.redpel.com
Advancing the cybersecurity of the healthcare system with self- optimising an...Petar Radanliev
This article advances the knowledge on teaching and training new artificial intelligence algorithms, for securing, preparing,
and adapting the healthcare system to cope with future pandemics. The core objective is to develop a concept healthcare
system supported by autonomous artificial intelligence that can use edge health devices with real-time data. The article constructs two case scenarios for applying cybersecurity with autonomous artificial intelligence for (1) self-optimising predictive cyber risk analytics of failures in healthcare systems during a Disease X event (i.e., undefined future pandemic), and (2) self-adaptive forecasting of medical production and supply chain bottlenecks during future pandemics. To construct the two testing scenarios, the article uses the case of Covid-19 to synthesise data for the algorithms – i.e., for optimising and securing digital healthcare systems in anticipation of Disease X. The testing scenarios are built to tackle the logistical challenges and disruption of complex production and supply chains for vaccine distribution with optimisation algorithms.
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...theijes
Software weaknesses in design, architecture, code and deployment have led to software vulnerability exploited by the perpetrators. Although counter measure tools have been developed such as patch management systems, firewalls and antivirus, but the perpetrators have advance sophisticated tools such malware with crypto-lock and crypto-wall technologies. The current counter measures technologies are based on detection and respond model or risk management framework, which are no match to the attacker’s technologies based on speed technologies such as machine generated malwares and precision or stealth technologies such as command-andcontrol node malwares. Although lots of ink has been poured on advances in measuring and preventing software weakness on the detection and respond concept,this study is motivated to explore the state-of-art advances specifically on the novel concept of Continuous Trust Restoration (CTR). The Continuous Trust Restoration is a process of breaking down attacker’s activities kill chain and restoring the system trust. The CTR concept deploys speed, precision and stealth technologies on random route mutation, random host mutation, hypervisors, trust boot, software identities and software define infrastructure. Moreover, to deploy these technologies the study further explores a common security architectural framework with software metrics such as CVE (Common Vulnerability and Exposure), CWE (Common Weakness Enumeration), CVSS (Common Vulnerability Scoring System), CWSS (Common Weakness Scoring System), and CAPEC (Common Attack Pattern Enumeration and Classification). Finally, the study recommends a software security counter measures research paradigm shift from the current detection and respond models to Continuous Trust Restoration concept and from risk management frameworks to a Common Security Architectural Framework.
The paper proposed a model for estimating the quantitative indicator of current
risks of threats and cyberattacks realization on information communication systems of
transport (ICST), that differs from the existing models with ability to take into account
the degree of influence of each threat or cyberattack within the class on the
probability of an emergency situation that arises at cyber-attacks on components
A review: Artificial intelligence and expert systems for cyber securitybijejournal
Artificial intelligence (AI) and expert systems are essential and vital tools to counter potentially dangerous threats
in cyber security. The protection of data requires skilled cyber security technicians for various types of roles. The
essential role of an expert system is to monitor the threats and assist the technician to strengthen security. The
system uses various datasets like a machine and deep learning as well as reinforced learning in order to make
intelligent decisions. The Internet of Things (IoT) is one of the major concerns for cyber security because it is
potentially the second most likely vulnerable link in the cyber security environment because an attacker can easily
gain access to the system by breaching any IoT device that is connected to the system. Still human is the strongest
and potentially the weakest link in the cyber security environment. This review intends to present AI and expert
systems for cyber security
DEVELOPMENT OF A MODEL OF CYBER SECURITY MANAGEMENT FOR AUTOMATED SYSTEMSIAEME Publication
A model of a system of managing information security of automated data
processing systems of critical application is offered in the article. The model allows to
evaluate the level of risk for the information security and provides support of
decision-making on the counteraction to the unauthorized access to the information
circulating in the information systems
n-Tier Modelling of Robust Key management for Secure Data Aggregation in Wire...IJECEIAES
Security problems in Wireless Sensor Network (WSN) have been researched from more than a decade. There are various security approaches being evolving towards resisting various forms of attack using different methodologies. After reviewing the existing security approaches, it can be concluded that such security approaches are highly attack-specific and doesnt address various associated issues in WSN. It is essential for security approach to be computationally lightweight. Therefore, this paper presents a novel analytical modelling that is based on n-tier approach with a target to generate an optimized secret key that could ensure higher degree of security during the process of data aggregation in WSN. The study outcome shows that proposed system is computationally lightweight with good performance on reduced delay and reduced energy consumption. It also exhibits enhanced response time and good data delivery performance to balance the need of security and data forwarding performance in WSN.
A hybrid framework for detecting structured query language injection attacks...IJECEIAES
Almost every web-based application is managed and operated through a number of websites, each of which is vulnerable to cyber-attacks that are mounted across the same networks used by the applications, with much less risk to the attacker than physical attacks. Such web-based attacks make use of a range of modern techniques-such as structured query language injection (SQLi), cross-site scripting, and data tampering-to achieve their aims. Among them, SQLi is the most popular and vulnerable attack, which can be performed in one of two ways; either by an outsider of an organization (known as the outside attacker) or by an insider with a good knowledge of the system with proper administrative rights (known as the inside attacker). An inside attacker, in contrast to an outsider, can take down the system easily and pose a significant challenge to any organization, and therefore needs to be identified in advance to mitigate the possible consequences. Blockchain-based technique is an efficient approach to detect and mitigate SQLi attacks and is widely used these days. Thus, in this study, a hybrid method is proposed that combines a SQL query matching technique (SQLMT) and a standard blockchain framework to detect SQLi attacks created by insiders. The results obtained by the proposed hybrid method through computational experiments are further validated using standard web validation tools.
A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...ssuser793b4e
This paper reviewed the implications, challenges and the effects of cybercrimes and cybersecurity in the society. It fully defined cybersecurity based on governmental and national view, industrial view and academic view. From this it was concluded that cyber security and cyber-attack is best defined and prevented based on the field of research. This paper review 27 articles on cyber security and cybercrimes and it showed that cyber security is a complex task that relies on domain knowledge and requires cognitive abilities to determine possible threats from large amounts of network data. This study investigates how knowledge in network operations and information security influence the detection of intrusions in a simple network. This research paper also reviewed different strategies used by different researchers to prevent cyber-attack in different areas of work and also exposed the most recent used cyber security attacks, preventions, future threats and prospective ways to avoid cyber-attacks
An efficient security framework for intrusion detection and prevention in int...IJECEIAES
Over the past few years, the internet of things (IoT) has advanced to connect billions of smart devices to improve quality of life. However, anomalies or malicious intrusions pose several security loopholes, leading to performance degradation and threat to data security in IoT operations. Thereby, IoT security systems must keep an eye on and restrict unwanted events from occurring in the IoT network. Recently, various technical solutions based on machine learning (ML) models have been derived towards identifying and restricting unwanted events in IoT. However, most ML-based approaches are prone to miss-classification due to inappropriate feature selection. Additionally, most ML approaches applied to intrusion detection and prevention consider supervised learning, which requires a large amount of labeled data to be trained. Consequently, such complex datasets are impossible to source in a large network like IoT. To address this problem, this proposed study introduces an efficient learning mechanism to strengthen the IoT security aspects. The proposed algorithm incorporates supervised and unsupervised approaches to improve the learning models for intrusion detection and mitigation. Compared with the related works, the experimental outcome shows that the model performs well in a benchmark dataset. It accomplishes an improved detection accuracy of approximately 99.21%.
4/18/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=7796a37b-de7b-4272-9f10-575e7c09e6… 1/4
%77
SafeAssign Originality Report
Spring 2020 - Emerging Threats & Countermeas (ITS-834-54)(ITS-834-… • Final research paper
%77Total Score: High riskSharath Kumar Dasari
Submission UUID: 70b554c4-5d3a-02b1-8878-68739542fe9b
Total Number of Reports
1
Highest Match
77 %
Final_Research Paper.docx
Average Match
77 %
Submitted on
04/18/20
06:02 PM PDT
Average Word Count
732
Highest: Final_Research Paper.docx
%77Attachment 1
Institutional database (12)
Student paper Student paper Student paper
Student paper Student paper Student paper
Student paper Student paper Student paper
Student paper Student paper Student paper
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 732
Final_Research Paper.docx
8 5 1
10 4 7
6 9 12
11 3 2
8 Student paper 5 Student paper 1 Student paper
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport?attemptId=7796a37b-de7b-4272-9f10-575e7c09e613&course_id=_114598_1&download=true&includeDeleted=true&print=true&force=true
Smallpdf User
Highlight
Sharath Kumar Dasari
Smallpdf User
Highlight
Sharath Kumar Dasari
4/18/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=7796a37b-de7b-4272-9f10-575e7c09e6… 2/4
Source Matches (22)
Student paper 97% Student paper 77%
Running head: RESEARCH PAPER 2
Defense-In-Depth & Awareness 2
Research Paper - Defense-In-Depth & Awareness
ITS-834 Emerging threats and countermeasures
Sharath Kumar Dasari
University of Cumberland’s
Dr. Giovanni Silvestri
04/18/2020
Basically, this exploration paper will spread out some significant techniques of mindfulness and the barrier inside and out to recognize developing dangers and
reinforce countermeasures. In the event that one considers it, the entire simple space has moved into computerized area in recent years, and the start of this cutting-
edge topic with simulated intelligence (Man-made consciousness) and propelled conventions has indicated exponential development. Be that as it may, we didn't
figure the expense of hazard and dangers joining these trendsetting innovations of the computerized world, which can be alarming for the national foundation (Yang,
Wang, and Zhang, 2016). As individuals don't have legitimate familiarity with the dangers and measures to recognize the cybersecurity issues, they can't take
proper activities to manage it. Keeping this circumstance and some disturbing digital assaults as a top priority, this paper plans to make one mindful of some
basic dangers and propelled procedures to watchful the circumstance alongside conceivable counter strides against the risk. (Foltyn, 2018). In this paper, I have
introduced a review of mindfulness and location procedures alongside t ...
Top 10 Cited Network Security Research Articles 2021 - 2022IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
A Security Analysis Framework Powered by an Expert SystemCSCJournals
Today\'s IT systems are facing a major challenge in confronting the fast rate of emerging security threats. Although many security tools are being employed within organizations in order to standup to these threats, the information revealed is very inferior in providing a rich understanding to the consequences of the discovered vulnerabilities. We believe expert systems can play an important role in capturing any security expertise from various sources in order to provide the informative deductions we are looking for from the supplied inputs. Throughout this research effort, we have built the Open Security Knowledge Engineered (OpenSKE) framework (http://code.google.com/p/openske), which is a security analysis framework built around an expert system in order to reason over the security information collected from external sources. Our implementation has been published online in order to facilitate and encourage online collaboration to increase the practical research within the field of security analysis.
Information Sharing of Cyber Threat Intelligence with their Issue and Challengesijtsrd
Today threat landscape growing at the rapid rate with much organization continuously face complex and malicious cyber threats. In today's Internet connected world where technologies support almost every feature of our society, cyber security and forensic specialists are increasingly distributing with wide ranging cyber threats in almost. real time conditions. The capability to detect, analyze, and defend against such threats in near real time conditions is not possible without the employment of threat intelligence, big data, and machine learning techniques. Cyber Threat Intelligence CTI has become a hot topic and being under consideration for many organizations to counter the rise of cyber attacks. The vast majority of information security challenges we face today are the result of serendipitous and naive decisions made in the early stages of the Internet. Khin Myat Nwe Win | Yin Myo Kay Khine Thaw "Information Sharing of Cyber Threat Intelligence with their Issue and Challenges" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26504.pdfPaper URL: https://www.ijtsrd.com/computer-science/computer-security/26504/information-sharing-of-cyber-threat-intelligence-with-their-issue-and-challenges/khin-myat-nwe-win
Encountering social engineering activities with a novel honeypot mechanismIJECEIAES
Communication and conducting businesses have eventually transformed to be performed through information and communication technology (ICT). While computer network security challenges have become increasingly significant, the world is facing a new era of crimes that can be conducted easily, quickly, and, on top of all, anonymously. Because system penetration is primarily dependent on human psychology and awareness, 80% of network cyberattacks use some form of social engineering tactics to deceive the target, exposing systems at risk, regardless of the security system's robustness. This study highlights the significance of technological solutions in making users more safe and secure. Throughout this paper, a novel approach to detecting and preventing social engineering attacks will be proposed, combining multiple security systems, and utilizing the concept of Honeypots to provide an automated prevention mechanism employing artificial intelligence (AI). This study aims to merge AI and honeypot with intrusion prevention system (IPS) to detect social engineering attacks, threaten the attacker, and restrict his session to keep users away from these manipulation tactics.
Develop a 4-6 page holistic intervention plan design to improve thTaunyaCoffman887
Develop a 4-6 page holistic intervention plan design to improve the quality of outcomes for your target population and setting.
Reminder: these instructions are an outline. Your headings for these sections should be Intervention Plan Components and
not Part 1: Intervention Plan Components.
Part 1: Intervention Plan Components
· Define the major components of an intervention plan for a health promotion, quality improvement, prevention, education, or management need.
· Explain the impact of cultural needs and characteristics of a target population and setting on the development of intervention plan components.
Part 2: Theoretical Foundations
· Evaluate theoretical nursing models, strategies from other disciplines, and health care technologies relevant to an intervention plan.
· Justify the major components of an intervention by referencing relevant and contemporary evidence from the literature and best practices.
Part 3: Stakeholders, Policy, and Regulations
· Analyze the impact of stakeholder needs, health care policy, regulations, and governing bodies relevant to health care practice and specific components of an intervention plan.
Part 4: Ethical and Legal Implications
· Analyze relevant ethical and legal issues related to health care practice, organizational change, and specific components of an intervention plan.
Number of resources
: 5–10 resources. (You may use resources previously cited in your literature review to contribute to this number.
ANNOTATED BIBLIOGRAPHY 1
ANNOTATED BIBLIOGRAPHY
Almaiah, M. A. (2021). A new scheme for detecting malicious attacks in wireless sensor networks based on blockchain technology. In Artificial Intelligence and Blockchain for Future Cybersecurity Applications (pp. 217-234). Springer, Cham.
https://link.springer.com/chapter/10.1007/978-3-030-74575-2_12
This article discusses a new scheme for detecting malicious attacks in wireless sensor networks based on blockchain technology. It describes how blockchain technology can be used to secure wireless sensor networks and how this scheme can be used to detect and prevent malicious attacks. The article will be useful for my paper as it provides a detailed description of how blockchain technology can be used to secure wireless sensor networks. I will therefore use this article in my paper to discuss the different security challenges that come with wireless sensor networks and how blockchain technology can be used to address these challenges.
Ji, X., Huang, K., Jin, L., Tang, H., Liu, C., Zhong, Z., ... & Yi, M. (2018). Overview of 5G security technology.
Science China Information Sciences,
61(8), 1-25.
https://link.springer.com/article/10.1007/s11432-017-9426-4
This article provides an overview of 5G security technology. It discusses the challenges of 5G security and the various technologies that are being developed to address these challenges. The article ...
Find a recent merger or acquisition that has been announced in the.docxMalikPinckney86
Find a recent merger or acquisition that has been announced in the media. What are the implications for the merger or acquisition and plans for implementing the blending firms? Also, evaluate and describe two possible technological innovations that may have led to the merger or acquisition. Would you have obtained this new technology or innovation differently? Why? Include the reference information of the article. Respond substantively to at least two other learners.
.
Find an example of a document that misuses graphics. This can be a d.docxMalikPinckney86
Find an example of a document that misuses graphics. This can be a document that you have received (please blot out any sensitive information and names) or a document that you find on the Internet. Discuss how the graphics are misused and what could be done to better them. Address the three “Cs” of technical writing: Clarity, Conciseness, and Correctness. Add one or two personal experiences with this topic.
.
More Related Content
Similar to IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS SYSTEMS, V
Novel Advances in Measuring and Preventing Software Security Weakness: Contin...theijes
Software weaknesses in design, architecture, code and deployment have led to software vulnerability exploited by the perpetrators. Although counter measure tools have been developed such as patch management systems, firewalls and antivirus, but the perpetrators have advance sophisticated tools such malware with crypto-lock and crypto-wall technologies. The current counter measures technologies are based on detection and respond model or risk management framework, which are no match to the attacker’s technologies based on speed technologies such as machine generated malwares and precision or stealth technologies such as command-andcontrol node malwares. Although lots of ink has been poured on advances in measuring and preventing software weakness on the detection and respond concept,this study is motivated to explore the state-of-art advances specifically on the novel concept of Continuous Trust Restoration (CTR). The Continuous Trust Restoration is a process of breaking down attacker’s activities kill chain and restoring the system trust. The CTR concept deploys speed, precision and stealth technologies on random route mutation, random host mutation, hypervisors, trust boot, software identities and software define infrastructure. Moreover, to deploy these technologies the study further explores a common security architectural framework with software metrics such as CVE (Common Vulnerability and Exposure), CWE (Common Weakness Enumeration), CVSS (Common Vulnerability Scoring System), CWSS (Common Weakness Scoring System), and CAPEC (Common Attack Pattern Enumeration and Classification). Finally, the study recommends a software security counter measures research paradigm shift from the current detection and respond models to Continuous Trust Restoration concept and from risk management frameworks to a Common Security Architectural Framework.
The paper proposed a model for estimating the quantitative indicator of current
risks of threats and cyberattacks realization on information communication systems of
transport (ICST), that differs from the existing models with ability to take into account
the degree of influence of each threat or cyberattack within the class on the
probability of an emergency situation that arises at cyber-attacks on components
A review: Artificial intelligence and expert systems for cyber securitybijejournal
Artificial intelligence (AI) and expert systems are essential and vital tools to counter potentially dangerous threats
in cyber security. The protection of data requires skilled cyber security technicians for various types of roles. The
essential role of an expert system is to monitor the threats and assist the technician to strengthen security. The
system uses various datasets like a machine and deep learning as well as reinforced learning in order to make
intelligent decisions. The Internet of Things (IoT) is one of the major concerns for cyber security because it is
potentially the second most likely vulnerable link in the cyber security environment because an attacker can easily
gain access to the system by breaching any IoT device that is connected to the system. Still human is the strongest
and potentially the weakest link in the cyber security environment. This review intends to present AI and expert
systems for cyber security
DEVELOPMENT OF A MODEL OF CYBER SECURITY MANAGEMENT FOR AUTOMATED SYSTEMSIAEME Publication
A model of a system of managing information security of automated data
processing systems of critical application is offered in the article. The model allows to
evaluate the level of risk for the information security and provides support of
decision-making on the counteraction to the unauthorized access to the information
circulating in the information systems
n-Tier Modelling of Robust Key management for Secure Data Aggregation in Wire...IJECEIAES
Security problems in Wireless Sensor Network (WSN) have been researched from more than a decade. There are various security approaches being evolving towards resisting various forms of attack using different methodologies. After reviewing the existing security approaches, it can be concluded that such security approaches are highly attack-specific and doesnt address various associated issues in WSN. It is essential for security approach to be computationally lightweight. Therefore, this paper presents a novel analytical modelling that is based on n-tier approach with a target to generate an optimized secret key that could ensure higher degree of security during the process of data aggregation in WSN. The study outcome shows that proposed system is computationally lightweight with good performance on reduced delay and reduced energy consumption. It also exhibits enhanced response time and good data delivery performance to balance the need of security and data forwarding performance in WSN.
A hybrid framework for detecting structured query language injection attacks...IJECEIAES
Almost every web-based application is managed and operated through a number of websites, each of which is vulnerable to cyber-attacks that are mounted across the same networks used by the applications, with much less risk to the attacker than physical attacks. Such web-based attacks make use of a range of modern techniques-such as structured query language injection (SQLi), cross-site scripting, and data tampering-to achieve their aims. Among them, SQLi is the most popular and vulnerable attack, which can be performed in one of two ways; either by an outsider of an organization (known as the outside attacker) or by an insider with a good knowledge of the system with proper administrative rights (known as the inside attacker). An inside attacker, in contrast to an outsider, can take down the system easily and pose a significant challenge to any organization, and therefore needs to be identified in advance to mitigate the possible consequences. Blockchain-based technique is an efficient approach to detect and mitigate SQLi attacks and is widely used these days. Thus, in this study, a hybrid method is proposed that combines a SQL query matching technique (SQLMT) and a standard blockchain framework to detect SQLi attacks created by insiders. The results obtained by the proposed hybrid method through computational experiments are further validated using standard web validation tools.
A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...ssuser793b4e
This paper reviewed the implications, challenges and the effects of cybercrimes and cybersecurity in the society. It fully defined cybersecurity based on governmental and national view, industrial view and academic view. From this it was concluded that cyber security and cyber-attack is best defined and prevented based on the field of research. This paper review 27 articles on cyber security and cybercrimes and it showed that cyber security is a complex task that relies on domain knowledge and requires cognitive abilities to determine possible threats from large amounts of network data. This study investigates how knowledge in network operations and information security influence the detection of intrusions in a simple network. This research paper also reviewed different strategies used by different researchers to prevent cyber-attack in different areas of work and also exposed the most recent used cyber security attacks, preventions, future threats and prospective ways to avoid cyber-attacks
An efficient security framework for intrusion detection and prevention in int...IJECEIAES
Over the past few years, the internet of things (IoT) has advanced to connect billions of smart devices to improve quality of life. However, anomalies or malicious intrusions pose several security loopholes, leading to performance degradation and threat to data security in IoT operations. Thereby, IoT security systems must keep an eye on and restrict unwanted events from occurring in the IoT network. Recently, various technical solutions based on machine learning (ML) models have been derived towards identifying and restricting unwanted events in IoT. However, most ML-based approaches are prone to miss-classification due to inappropriate feature selection. Additionally, most ML approaches applied to intrusion detection and prevention consider supervised learning, which requires a large amount of labeled data to be trained. Consequently, such complex datasets are impossible to source in a large network like IoT. To address this problem, this proposed study introduces an efficient learning mechanism to strengthen the IoT security aspects. The proposed algorithm incorporates supervised and unsupervised approaches to improve the learning models for intrusion detection and mitigation. Compared with the related works, the experimental outcome shows that the model performs well in a benchmark dataset. It accomplishes an improved detection accuracy of approximately 99.21%.
4/18/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=7796a37b-de7b-4272-9f10-575e7c09e6… 1/4
%77
SafeAssign Originality Report
Spring 2020 - Emerging Threats & Countermeas (ITS-834-54)(ITS-834-… • Final research paper
%77Total Score: High riskSharath Kumar Dasari
Submission UUID: 70b554c4-5d3a-02b1-8878-68739542fe9b
Total Number of Reports
1
Highest Match
77 %
Final_Research Paper.docx
Average Match
77 %
Submitted on
04/18/20
06:02 PM PDT
Average Word Count
732
Highest: Final_Research Paper.docx
%77Attachment 1
Institutional database (12)
Student paper Student paper Student paper
Student paper Student paper Student paper
Student paper Student paper Student paper
Student paper Student paper Student paper
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 732
Final_Research Paper.docx
8 5 1
10 4 7
6 9 12
11 3 2
8 Student paper 5 Student paper 1 Student paper
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport?attemptId=7796a37b-de7b-4272-9f10-575e7c09e613&course_id=_114598_1&download=true&includeDeleted=true&print=true&force=true
Smallpdf User
Highlight
Sharath Kumar Dasari
Smallpdf User
Highlight
Sharath Kumar Dasari
4/18/2020 Originality Report
https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c48/originalityReport/ultra?attemptId=7796a37b-de7b-4272-9f10-575e7c09e6… 2/4
Source Matches (22)
Student paper 97% Student paper 77%
Running head: RESEARCH PAPER 2
Defense-In-Depth & Awareness 2
Research Paper - Defense-In-Depth & Awareness
ITS-834 Emerging threats and countermeasures
Sharath Kumar Dasari
University of Cumberland’s
Dr. Giovanni Silvestri
04/18/2020
Basically, this exploration paper will spread out some significant techniques of mindfulness and the barrier inside and out to recognize developing dangers and
reinforce countermeasures. In the event that one considers it, the entire simple space has moved into computerized area in recent years, and the start of this cutting-
edge topic with simulated intelligence (Man-made consciousness) and propelled conventions has indicated exponential development. Be that as it may, we didn't
figure the expense of hazard and dangers joining these trendsetting innovations of the computerized world, which can be alarming for the national foundation (Yang,
Wang, and Zhang, 2016). As individuals don't have legitimate familiarity with the dangers and measures to recognize the cybersecurity issues, they can't take
proper activities to manage it. Keeping this circumstance and some disturbing digital assaults as a top priority, this paper plans to make one mindful of some
basic dangers and propelled procedures to watchful the circumstance alongside conceivable counter strides against the risk. (Foltyn, 2018). In this paper, I have
introduced a review of mindfulness and location procedures alongside t ...
Top 10 Cited Network Security Research Articles 2021 - 2022IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
A Security Analysis Framework Powered by an Expert SystemCSCJournals
Today\'s IT systems are facing a major challenge in confronting the fast rate of emerging security threats. Although many security tools are being employed within organizations in order to standup to these threats, the information revealed is very inferior in providing a rich understanding to the consequences of the discovered vulnerabilities. We believe expert systems can play an important role in capturing any security expertise from various sources in order to provide the informative deductions we are looking for from the supplied inputs. Throughout this research effort, we have built the Open Security Knowledge Engineered (OpenSKE) framework (http://code.google.com/p/openske), which is a security analysis framework built around an expert system in order to reason over the security information collected from external sources. Our implementation has been published online in order to facilitate and encourage online collaboration to increase the practical research within the field of security analysis.
Information Sharing of Cyber Threat Intelligence with their Issue and Challengesijtsrd
Today threat landscape growing at the rapid rate with much organization continuously face complex and malicious cyber threats. In today's Internet connected world where technologies support almost every feature of our society, cyber security and forensic specialists are increasingly distributing with wide ranging cyber threats in almost. real time conditions. The capability to detect, analyze, and defend against such threats in near real time conditions is not possible without the employment of threat intelligence, big data, and machine learning techniques. Cyber Threat Intelligence CTI has become a hot topic and being under consideration for many organizations to counter the rise of cyber attacks. The vast majority of information security challenges we face today are the result of serendipitous and naive decisions made in the early stages of the Internet. Khin Myat Nwe Win | Yin Myo Kay Khine Thaw "Information Sharing of Cyber Threat Intelligence with their Issue and Challenges" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26504.pdfPaper URL: https://www.ijtsrd.com/computer-science/computer-security/26504/information-sharing-of-cyber-threat-intelligence-with-their-issue-and-challenges/khin-myat-nwe-win
Encountering social engineering activities with a novel honeypot mechanismIJECEIAES
Communication and conducting businesses have eventually transformed to be performed through information and communication technology (ICT). While computer network security challenges have become increasingly significant, the world is facing a new era of crimes that can be conducted easily, quickly, and, on top of all, anonymously. Because system penetration is primarily dependent on human psychology and awareness, 80% of network cyberattacks use some form of social engineering tactics to deceive the target, exposing systems at risk, regardless of the security system's robustness. This study highlights the significance of technological solutions in making users more safe and secure. Throughout this paper, a novel approach to detecting and preventing social engineering attacks will be proposed, combining multiple security systems, and utilizing the concept of Honeypots to provide an automated prevention mechanism employing artificial intelligence (AI). This study aims to merge AI and honeypot with intrusion prevention system (IPS) to detect social engineering attacks, threaten the attacker, and restrict his session to keep users away from these manipulation tactics.
Develop a 4-6 page holistic intervention plan design to improve thTaunyaCoffman887
Develop a 4-6 page holistic intervention plan design to improve the quality of outcomes for your target population and setting.
Reminder: these instructions are an outline. Your headings for these sections should be Intervention Plan Components and
not Part 1: Intervention Plan Components.
Part 1: Intervention Plan Components
· Define the major components of an intervention plan for a health promotion, quality improvement, prevention, education, or management need.
· Explain the impact of cultural needs and characteristics of a target population and setting on the development of intervention plan components.
Part 2: Theoretical Foundations
· Evaluate theoretical nursing models, strategies from other disciplines, and health care technologies relevant to an intervention plan.
· Justify the major components of an intervention by referencing relevant and contemporary evidence from the literature and best practices.
Part 3: Stakeholders, Policy, and Regulations
· Analyze the impact of stakeholder needs, health care policy, regulations, and governing bodies relevant to health care practice and specific components of an intervention plan.
Part 4: Ethical and Legal Implications
· Analyze relevant ethical and legal issues related to health care practice, organizational change, and specific components of an intervention plan.
Number of resources
: 5–10 resources. (You may use resources previously cited in your literature review to contribute to this number.
ANNOTATED BIBLIOGRAPHY 1
ANNOTATED BIBLIOGRAPHY
Almaiah, M. A. (2021). A new scheme for detecting malicious attacks in wireless sensor networks based on blockchain technology. In Artificial Intelligence and Blockchain for Future Cybersecurity Applications (pp. 217-234). Springer, Cham.
https://link.springer.com/chapter/10.1007/978-3-030-74575-2_12
This article discusses a new scheme for detecting malicious attacks in wireless sensor networks based on blockchain technology. It describes how blockchain technology can be used to secure wireless sensor networks and how this scheme can be used to detect and prevent malicious attacks. The article will be useful for my paper as it provides a detailed description of how blockchain technology can be used to secure wireless sensor networks. I will therefore use this article in my paper to discuss the different security challenges that come with wireless sensor networks and how blockchain technology can be used to address these challenges.
Ji, X., Huang, K., Jin, L., Tang, H., Liu, C., Zhong, Z., ... & Yi, M. (2018). Overview of 5G security technology.
Science China Information Sciences,
61(8), 1-25.
https://link.springer.com/article/10.1007/s11432-017-9426-4
This article provides an overview of 5G security technology. It discusses the challenges of 5G security and the various technologies that are being developed to address these challenges. The article ...
Find a recent merger or acquisition that has been announced in the.docxMalikPinckney86
Find a recent merger or acquisition that has been announced in the media. What are the implications for the merger or acquisition and plans for implementing the blending firms? Also, evaluate and describe two possible technological innovations that may have led to the merger or acquisition. Would you have obtained this new technology or innovation differently? Why? Include the reference information of the article. Respond substantively to at least two other learners.
.
Find an example of a document that misuses graphics. This can be a d.docxMalikPinckney86
Find an example of a document that misuses graphics. This can be a document that you have received (please blot out any sensitive information and names) or a document that you find on the Internet. Discuss how the graphics are misused and what could be done to better them. Address the three “Cs” of technical writing: Clarity, Conciseness, and Correctness. Add one or two personal experiences with this topic.
.
Find a scholarly research study from the Ashford University Library .docxMalikPinckney86
Find a scholarly research study from the Ashford University Library that uses measurement scales for data collection (e.g., a survey). Explain the measurement scales that the study used, and evaluate them. Did you think the researchers made good decisions about the scales? Why or why not? Cite the study in your post, and document it in APA style as outlined in the Ashford Writing Center
.
Find a work of visual art, architecture, or literature from either A.docxMalikPinckney86
Find a work of visual art, architecture, or literature from either Ancient Greece or Rome that appeals to you. Ensure that your choice was created in the time frames identified here. It should not simply be a depiction of something in this time period.
In your initial post, describe where you can see the influence of your work of art in modern and contemporary times. What elements (its style, ideas, purpose, principles) can we see reflected in the world today, in art or in other areas, including government, philosophy, social structure, and entertainment?
.
Find a real-life” example of one of the following institutions. Exa.docxMalikPinckney86
Find a “real-life” example of one of the following institutions. Examples can be found in every state. A simple search for “Department of Corrections” is a good place to start.
Medium-Security Adult Male Institution
Regional Parole and Probation Office Team
Correctional Training Academy Team
Juvenile Justice Male Correctional Institution
Community Correctional Institution
Supermax Correctional Institution
Correctional Education Program of a State Correctional System
Correctional Mental Health Program of a State Correctional System
Medium/Minimum-Security Adult Female Institution
Large County Detention Center (County Jail)
Introduce your institution by identifying the following:
1) Name
2) Mission statement (if published)
3) Population served (number and demographics)
4) Examples of programs offered
5) Number of uniformed personnel and other staff members
Then develop a strategic plan considering the major themes of
Communication; Coordination (formal channels); and Cooperation (informal):
Include in your plan the following:
1) Four (4) organizational objectives (these can be future goals over a 1, 5, or 10-year period)
2) Strategies to address each of the objectives
3) At least 1 employee
or
inmate program that helps to achieve each objective
4) A method for assessing success for each objective
The final work product can include photographs, charts, graphics, or any other appropriate elements to enhance the effectiveness of your presentation
.
Find a listing of expenses by diagnosis or by procedure. The source .docxMalikPinckney86
Find a listing of expenses by diagnosis or by procedure. The source of the list can be internal (within a health care facility of some type) or external (such as a published article, report, or survey). Comment upon whether you believe the expense grouping used is appropriate. Would you have grouped the expenses in another way?
.
Financial Reporting Problem and spreedsheet exercise.This is an.docxMalikPinckney86
Financial Reporting Problem and spreedsheet exercise.
This is an comanding assignment. I am willing to pay good money because I need this assignment to be done correctly and on time. Please review the assignment before sending me an handshake.
**Serious inquires only***
Please see attachment for the assignment.
.
Find a Cybersecurity-related current event that happned THIS WEEK, a.docxMalikPinckney86
Find a Cybersecurity-related current event that happned THIS WEEK, activity, or development in the news. In your discussion post, briefly summarize the event and reflect on its significance. You should use any legitimate news source (television, internet, periodicals, etc.) to support your topical input.
Questions to address might include:
How does the event relate to issues addressed in class?
How might similar situations be mitigated?
What is the broader impact of the event (e.g., nationally, globally, etc.)
Include a link to the story or a citation so that others may read the story.
.
Financing Health Care in a Time of Insurance Restructuring Pleas.docxMalikPinckney86
"
Financing Health Care in a Time of Insurance Restructuring" Please respond to the following:
Analyze the impact of the ACA on changes to health care insurance and coverage. Investigate the major implications of the legislation on the manner in which institutions now provide health care in the U.S.
(NO MORE THAN 200 WORDS ALLOWED)
.
Financing International Trade Please respond to the followingCom.docxMalikPinckney86
Financing International Trade" Please respond to the following:
Compare two (2) methods that a company can use in order to finance international trade. Examine the advantages and disadvantages of financing with a portfolio of currencies. Provide two (2) examples of how companies or MNCs finance international transactions by using their own
bank
” or by keeping currencies on hand (marketable securities).
Analyze Interest Rate Parity (IRP) and two (2) methods for forecasting exchange rates. Determine the primary manner in which they all affect a company’s short-term financing decision. Support your response with one (1) example of the manner in which IRP and forecasting exchange rates methods affect a company’s short-term financing decision.
.
Financial Statement Analysis and DisclosuresDiscuss the import.docxMalikPinckney86
Financial Statement Analysis and Disclosures
Discuss the importance of financial statement analysis, and determine why it is important to investors and creditors.
Imagine you are considering investing in a corporation.
Suggest what key information you would look for in a company’s financial statements, and explain why this information is important to you.
From the e-Activity, highlight the main elements that primary disclosure accounting policies encompass, and provide at least two (2) examples of the most commonly required disclosures.
Give your opinion on the way in which the disclosures you identified are important to financial statement users.
Provide a rationale for your opinion.
e-Activity
Go to the International Financial Reporting Standards (IFRS) Website to review authoritative guidance on “accounting policy disclosures”, located at
http://www.ifrs.org
in the search engine type in “accounting policy disclosures”.
Be prepared to discuss.
.
Financial Ratios what are the limitations of financial ratios .docxMalikPinckney86
Financial Ratios
what are the limitations of financial ratios? Classify your answer into at least the following categories: liquidity ratios, activity ratios, leverage ratios, and profitability ratios.
Financial Analysis
R.E.C. Inc.’s staff of accountants finished preparing the financial statements for 2010 and will meet next week with the company’s CEO as well as the Director of Investor Relations and representatives from the marketing and art departments to design the current year’s annual report. Write a paragraph in which you present the main idea(s) you think the company should present to shareholders in the annual report. Why do you think those ideas should be included?
.
Financial mangers make decisions today that will affect the firm i.docxMalikPinckney86
Financial mangers make decisions today that will affect the firm in the future. The dollars used for investment expenditures made today are different from the cash flows to be realized in the future. What are these differences? What are some of the techniques that can be used to adjust for these differences?
.
Financial Laws and RegulationsComplete an APA formatted 2 page pap.docxMalikPinckney86
Financial Laws and Regulations
Complete an APA formatted 2 page paper (not including the title and reference pages) answering the following questions:
What are five elements pertaining to the establishment of a false claim under the False Claims Act?
HIPAA privacy standards were designed to accomplish what three broad objectives? Explain each.
Stark II laws prohibit physician referrals to entities in which the physician has a financial relationship. What are 10 specific designated health services (DHS) for which referrals by physicians who have financial relationships with the entity providing the DHS are prohibited?
Discuss the following:
Qui tam
HIPAA Privacy Rule
EMTALA
Compliance programs
.
Financial Management DiscussionWhen reviewing the financial st.docxMalikPinckney86
Financial Management Discussion
When reviewing the financial statements of a company, there are many different ratios to choose from. Choose a ratio that looks at liquidity, solvency and profitability and discuss its importance.
75- 150 words required.
.
Final Written Art Project (500 words) carefully and creatively wri.docxMalikPinckney86
Final Written Art Project (500 words) carefully and creatively written words and sentences. Artist Statement (250 words)
WRITTEN ART PROJECT
Create a disjunctive or non-narrative piece
that engages all three aspects of reality that we have been discussing throughout the quarter: 1) larger political, social, and economic realities 2) personal or human dramatic situation and 3) detritus of existence. Make sure each of these are well represented and that they do not merely serve as a backdrop or props for other parts of your piece. In other words, make sure each of these aspects of reality is given its due as determining of your or others reality.
Possible Strategies and Advice:
Switch between first and third person perspectives. Make use of actual seeings—what you see. Describe and only occasionally explain or meditate. Meditate a great deal but be sure you are specific . Enact and don’t preach.
Create a concept (a title for your piece) that gives the reader a sense of the intent of your work.
This concept should serve to suggest complementary or conflictual relations between the different parts of your piece. Ultimately in placing all your parts together, in proximity to one another, you want the “whole” to be greater than the sum of the parts.
ARTIST STATEMENT
Please describe the intent of your piece and how you think its disjunctive form allows you to create a sense of reality that you wish to create. Please consider key words and concepts from the module syllabus as well as the ideas that have emerged from course discussions and thought challenges. You might also find these artist’s statements of use:
Chekov
Remove everything that has no relevance to the story. If you say in the first chapter that there is a rifle hanging on the wall, in the second or third chapter it absolutely must go off. If it’s not going to be fired, it shouldn’t be hanging there.
Marguerite Duras
Sometimes I realize that if writing isn’t, all things, all contraries confounded, a quest for vanity and void, it’s nothing. (
The Lover,
8)
Leslie Scalapino
I intended this writing to be the repetition of historically real events the writing of which punches a hole in reality. . . . There was when writing the work something else going interiorily besides what’s going on in segments.
.
Final Research Paper Research the responsibility of a critical t.docxMalikPinckney86
Final Research Paper
Research the responsibility of a critical thinker in a contemporary society. You may choose any topic that deals with a contemporary social concern. Examine the principles of critical thought in relation to the chosen societal concern, and consider the importance of ethics, moral reasoning, a research-based process to search for truth, and the advantages of information technology in gathering data.
Potential social concerns include, but are not limited to health (e.g., obesity, smoking, or underage drinking), poverty (e.g., homelessness, basic needs, or transportation issues), family relations and dynamics (e.g., teen violence, physical abuse, depression, or suicide), social media (e.g., privacy), immigration (e.g., illegal), and education (e.g., plagiarism and/or cheating).
.
Financial management homeworkUnit III Financial Planning, .docxMalikPinckney86
Financial management homework
Unit III
Financial Planning, the Financial System and Governance
Review:
Learning Activities (Non-Graded):
See Study Guide
Read:
Chapter 4:
Financial Planning
Chapter 5:
The Financial System, Corporate Governance, Interest, and the Financial Crisis of 2008
Submit:
.
Final ProjectThe Final Project should demonstrate an understanding.docxMalikPinckney86
Final Project
The Final Project should demonstrate an understanding of the reading assignments, class discussions, your own research and the application of new knowledge. It should utilize previous skills developed in foundational health care courses and apply them within the context and viewpoint of a health care administrator and their role in managing health and human services.
For the Final Project, select one of the following topics and conduct scholarly and professional research while integrating the course’s learning outcomes to address a selected topic:
Research specific leadership and management traits and theories necessary for managing a multidisciplinary and multicultural health care organization to promote organizational effectiveness.
Present how strategic planning, performance improvement, and information systems are interrelated and fundamental to the delivery of quality health care.
Examine the financial characteristics of health care delivery along with managing costs, revenues, and human resources.
Analyze ethical and legal concepts, including specific federal regulations, required of health care organizations to ensure the delivery of high quality health care that protects patient safety.
Research Requirements
Academic research and papers must meet certain standards of quality that are recognized by the academic community. What constitutes quality academic research?
The use of primary (original), credible sources written by experts in the field of study.
Ensuring secondary sources are supported by research in primary sources.
Making sure all research is relevant and that material used is pertinent to the area of study.
In graduate work, the use of peer-reviewed journal articles (journal articles reviewed by recognized experts in the relevant field of study) is required.
Keep in mind that educational websites may be appropriate, in some cases, but should be evaluated carefully.
The Ashford University Library offers many excellent databases and other resources to assist you in conducting scholarly research.
What sources are not acceptable for academic research and referencing?
Encyclopedias
Dictionaries
Wikipedia, other wikis, or blogs
Websites and other sources that do not provide quality researched materials (e.g., they do not use credible sources to support the information in the document).
All research must reflect professional academic protocol and must be documented according to APA standards as outlined in the Ashford Writing Center.
Creating the Final Project
You may choose to present your research is the form of an eight- to ten-page research paper (excluding title and reference pages) or a comprehensive 10- to 15-slide PowerPoint presentation (excluding title and reference slides) with detailed speaker notes. In either case, the content of the assignment must include each of the elements listed below:
Introduction
Describe the issue. Include why it was selected, the perspective of your appr.
Final ProjectImagine that you work for a health department and hav.docxMalikPinckney86
Final Project
Imagine that you work for a health department and have been asked to make a presentation to a group of health care professionals on the role and responsibilities of community and public health.
After reviewing the materials throughout the course and based on what you have learned, create a PowerPoint presentation of at least six slides that covers the following topics:
Describe the role of community and public health in the well-being of populations.
Describe the public health organizational structure.
Examine the legal and ethical dimensions of public and community health services.
Analyze funding of public and community health services.
Discuss the role of communication in community and public health programs.
Creating the Final Project
The Final Project:
Must be created using a screencast program such as Jing, Screencast-O-Matic, Screenr, or other audio/video program.
Must be a minimum of six PowerPoint slides in length (excluding title and reference slide), and formatted according to APA style as outlined in the Ashford Writing Center.
Must include a title slide with the following:
Title of presentation
Student’s name
Course name and number
Instructor’s name
Date submitted
Must include a succinct thesis that is presented on the opening slide.
Must address the topics with critical thought.
Must use at least four scholarly sources (not including the course text), including a minimum of two from academic journals found in the Ashford University Library. Other sources should be obtained from appropriate epidemiological information.
Must document all sources in APA style, as outlined in the Ashford Writing Center.
Must include a separate reference slide, formatted according to APA style as outlined in the Ashford Writing Center.
.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
We all have good and bad thoughts from time to time and situation to situation. We are bombarded daily with spiraling thoughts(both negative and positive) creating all-consuming feel , making us difficult to manage with associated suffering. Good thoughts are like our Mob Signal (Positive thought) amidst noise(negative thought) in the atmosphere. Negative thoughts like noise outweigh positive thoughts. These thoughts often create unwanted confusion, trouble, stress and frustration in our mind as well as chaos in our physical world. Negative thoughts are also known as “distorted thinking”.
How to Split Bills in the Odoo 17 POS ModuleCeline George
Bills have a main role in point of sale procedure. It will help to track sales, handling payments and giving receipts to customers. Bill splitting also has an important role in POS. For example, If some friends come together for dinner and if they want to divide the bill then it is possible by POS bill splitting. This slide will show how to split bills in odoo 17 POS.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS SYSTEMS, V
1. IEEE TRANSACTIONS ON SYSTEMS, MAN, AND
CYBERNETICS: SYSTEMS, VOL. 46, NO. 10, OCTOBER
2016 1429
Multimodel-Based Incident Prediction and
Risk Assessment in Dynamic Cybersecurity
Protection for Industrial Control Systems
Qi Zhang, Chunjie Zhou, Naixue Xiong, Senior Member, IEEE,
Yuanqing Qin, Xuan Li, and Shuang Huang
Abstract—Currently, an increasing number of informa-
tion/communication technologies are adopted into the industrial
control systems (ICSs). While these IT technologies offer high
flexibility, interoperability, and convenient administration of
ICSs, they also introduce cybersecurity risks. Dynamic
cybersecu-
rity risk assessment is a key foundational component of security
protection. However, due to the characteristics of ICSs, the risk
assessment for IT systems is not completely applicable for
ICSs.
In this paper, through the consideration of the characteristics of
ICSs, a targeted multilevel Bayesian network containing attack,
function, and incident models is proposed. Following this pro-
posal, a novel multimodel-based hazardous incident prediction
approach is designed. On this basis, a dynamic cybersecurity
risk assessment approach, which has the ability to assess the
risk caused by unknown attacks, is also devised. Furthermore,
to improve the accuracy of the risk assessment, which may be
reduced by the redundant accumulation of overlaps amongst dif-
ferent consequences, a unified consequence quantification
2. method
is presented. Finally, to verify the effectiveness of the proposed
approach, a simulation of a simplified chemical reactor control
system is conducted in MATLAB. The simulation results can
clearly demonstrate that the proposed approach has the abil -
ity to dynamically calculate the cybersecurity risk of ICSs in a
timely manner. Additionally, the result of a different
comparative
simulation shows that our approach has the ability to assess the
risk caused by unknown attacks.
Index Terms—Bayesian network, cybersecurity, incident pre-
diction, industrial control system (ICS), multiple models, risk
assessment.
Manuscript received May 26, 2015; revised August 13, 2015;
accepted
August 20, 2015. Date of publication December 18, 2015; date
of cur-
rent version September 14, 2016. This work was supported in
part by the
National Natural Science Foundation of China under Grant
61272204 and
Grant 61433006, and in part by the Fundamental Research
Funds for the
Central Universities of China (HUST) under Grant
2013ZZGH006. This paper
was recommended by Associate Editor T.-M. Choi.
(Corresponding authors:
Chunjie Zhou and Yuanqing Qin.)
Q. Zhang, C. Zhou, Y. Qin, X. Li, and S. Huang are with the
Key Laboratory of Ministry of Education for Image Processing
and
Intelligent Control, School of Automation, Huazhong University
of
3. Science and Technology, Wuhan 430074, China (e-mail:
[email protected];
[email protected]; [email protected]; [email protected];
[email protected]).
N. Xiong is with the Department of Business and Computer
Science,
Southwestern Oklahoma State University, Weatherford, OK
73096, USA
(e-mail: [email protected]).
Color versions of one or more of the figures in this paper are
available
online at http://ieeexplore.ieee.org.
Digital Object Identifier 10.1109/TSMC.2015.2503399
NOMENCLATURE
List of Notation
T A boolean, means that condition is satisfied.
F A boolean, means that condition is not satisfied.
R Cybersecurity risk of the system.
ai ith malicious atom attack (node).
ri ith system resource (node).
fi ith system function (node).
ei ith hazardous incident (node).
xi ith auxiliary incident (node).
ci ith consequence.
p(ei) Occurrence probability of ei.
q(ei) Consequence quantification ei.
O(ri) Event that attacker has obtained ri.
O(ri) Event that attacker has not obtained ri.
ori,j Conditional probability that O(ri) happens in the jth
4. condition.
C(ai) Event that the condition of launching ai has been
satisfied.
C(ai) Event that the condition of launching ai has not been
satisfied.
cai,j Conditional probability that C(ai) happens in the jth
condition.
L(ai) Event that ai has been launched.
L(ai) Event that ai has not been launched.
�ai Probability that L(ai) happens in the condition that
C(ai) has happened.
lai,j Conditional probability that L(ai) happens in the jth
condition.
F( fi) Event that fi has been invalidated.
F( fi) Event that fi has not been invalidated.
bfi,j Conditional probability that F( fi) happens in the jth
condition.
H(ei) Event that ei has occurred.
H(ei) Event that ei has not occurred.
hei,j Conditional probability that H(ei) happens in the jth
condition.
H(xi) Event that xi has occurred.
H(xi) Event that xi has not occurred.
hxi,j Conditional probability that H(xi) happens in the jth
condition.
Ea Set of attack evidence.
Eb Set of anomaly evidence.
6. QP Quantification of property loss.
I. INTRODUCTION
W ITH the rapid development of industrial control sys-tems
(ICSs), ICSs are susceptible to the attacks and
threats of typical IT systems [1]–[4]. Even worse, the number
of vulnerabilities and cyber incidents of ICSs are increasing
rapidly every year [5]. In the year 2000, a former employee
attacked the supervisory control and data acquisition system
of a sewage treatment plant in Queensland. This malicious
attack caused 800 000 L of raw sewage to spill out into
local parks and rivers [6], [7]. Stuxnet, which was discov-
ered in June 2010, reportedly ruined almost one-fifth of
Iran’s nuclear centrifuges. As a result, it led to the repeated
postponement of Iran’s nuclear power plant and grid devel -
opment [3], [8]. Unlike traditional IT systems, the security
incidents of ICSs can cause irreparable harm to the physical
systems they control and to the people dependent on them.
Basically, protecting ICSs against cyberattacks is vital to both
economy and stability of a nation. Therefore, the cybersecurity
issue of ICSs must be taken seriously and solved as soon as
possible.
As production and operation systems, ICSs have a relatively
greater demand on timeliness and availability [9], requiring
the need for dynamic cybersecurity protection. The objec-
tive of cybersecurity protection of the ICSs is to maintain
a normally running system by lowering the dynamic risk
below an acceptable risk threshold [10]. Thus, risk-based
dynamic cybersecurity protection is an effective approach
against cyberattacks [11], [12]. In risk-based dynamic cyber-
security protection, together with the target systems, intru-
sion detection, risk assessment, decision-making, and policy
enforcement [4], [13], [14] form a closed-loop. As a vital role
in the closed-loop, risk assessment is used to collect a wide
7. variety of information, perceive the functioning state of the
system, and assess the current cybersecurity risk of the sys-
tem [10]. This evaluation or assessment assists decision makers
in achieving benchmark performances and taking necessary
actions to prevent the deterioration of the system [15], [16].
Cybersecurity risk assessment in the IT domain is not
entirely applicable to ICSs because ICSs are relatively dif-
ferent in some aspects from traditional IT systems. First, the
cybersecurity objectives are different. Traditional IT systems
require first an ensuring of confidentiality, then integrity, and
finally availability. In contrast, for ICSs, the priorities of these
three security objectives are first availability, then integrity,
and finally confidentiality [17], because timeliness and avail-
ability are the primary concerns. Malicious attacks introduce
the cybersecurity risk to ICSs by demolishing the timeliness
and availability. Therefore, the risk assessment of ICSs needs
a novel risk propagation analysis approach. On the other hand,
the different weight assignments of these three security objec-
tives create the need for the consequence quantification of ICSs
to be redesigned. Second, most ICSs are real-time systems
whose correctness is based on both correctness and timeless of
the output [9]. This means that a deferred response will lead to
the reduction of control quality. Additionally, ICSs have more
complicated and more tightly coupled physical systems. This
characteristic may lead to a domino effect [18], which often
takes place in process industries. For example, a spoof attack
to a programmable logic controller (PLC) which controls a
reducing valve, will cause excessively high pressure and can
even lead to the explosion of a chemical reactor. Generally,
this kind of chain of events happens simultaneously or in a
rapid subsequent order [19]. Even worse is that most ICSs run
in an embedded system environment with limited computing
capabilities. With consideration of the three points above, the
risk assessment algorithm of ICSs requires low computational
8. complexity to reduce time consumption. Finally, in a continu-
ous operation system, ICSs cannot tolerate frequent software
patching or updates [4]. This causes the database of attack
signatures to lag far behind the rapid development of attacks.
With this defect, several intrusion detection system (IDS)-
based misuse detections would miss unknown attacks. On the
other hand, without information about unknown attacks, such
as purposes, consequences, and further steps, these unknown
attacks and their consequences cannot be accurately predicted.
As a result, the risk assessment module will generate erroneous
risk values, which may lead to a wrong decision. In conclusion,
although considerable research undertaken in past decades has
made a contribution to risk assessment, research dedicated to
cybersecurity protection of ICSs has remained limited.
In this paper, a multimodel-based incident prediction and
risk assessment approach is designed for ICSs, which can
perceive and understand the situation of ICSs, utilize the
multiple models to predict hazardous incidents caused by mali -
cious attacks, and generate the dynamic cybersecurity risk
value of ICSs. Furthermore, the proposed approach can also
assess the risk caused by unknown attacks. First, by ana-
lyzing the process of malicious attacks that lead to loss in
ICSs, a multilevel Bayesian network, which consists of an
attack model, a function model, and an incident model, is built
to describe the propagation of risk caused by cyberattacks.
Second, a multimodel-based cybersecurity risk assessment
approach for ICSs is designed, which is able to generate the
current cybersecurity risk value by calculating the probabili -
ties and quantifying the consequences of a variety of potential
hazardous incidents caused by malicious attacks. The pro-
posed multimodel-based approach can predict the incidents
caused by unknown attacks, which is impossible for prediction
approaches-based purely on attack knowledge. Then, to elimi-
nate the risk error caused by the repeated accumulation of the
overlaps amongst different consequences, a decouple method
9. for the consequences of an incident is proposed. Finally, the
Authorized licensed use limited to: Northcentral University.
Downloaded on October 19,2021 at 14:01:47 UTC from IEEE
Xplore. Restrictions apply.
ZHANG et al.: MULTIMODEL-BASED INCIDENT
PREDICTION AND RISK ASSESSMENT 1431
effectiveness of the proposed approach is verified through the
use of a simulation, which is a simplified system of a chemical
reactor control system.
The rest of this paper is organized as follows. Section II
first analyzes the requirement of cybersecurity risk assess-
ment according to the characteristics of ICSs and then presents
the architecture of our approach. Section III builds a novel
multilevel Bayesian network and proposes an approach to pre-
dict hazardous incidents with the multilevel Bayesian network.
Section IV introduces consequence-unified quantification and
proposes an approach of dynamic cybersecurity risk assess-
ment on the foundation of incident prediction. To verify
the effectiveness of the proposed approach, a simulation is
conducted in Section V. The concluding remarks are made
in Section VI.
II. RELATED WORKS
A. Cybersecurity Risk Assessment for ICSs
In recent years, considerable researches have been under -
taken to study cybersecurity risk assessment methods.
Tsai and Huang [20] used the analytic hierarchy process to
qualitatively assess the cybersecurity risk of wireless net-
10. works. Feng and Li [21] used an information systems security
model in order to cope with the uncertainty in the infor-
mation system. Shi [22] adopted a simulation of attacks to
analyze the impact of each attack, which led to the proposal
for an approach of the risk assessment for enterprise networks.
Poolsappasit et al. [23] proposed a risk assessment approach
using Bayesian networks which enabled a system adminis-
trator to quantify the chances of network compromise. This
literature introduced a model named Bayesian attack graph to
describe the causal relationship between multistep attacks and
to analyze the potential attack. Cárdenas et al. [4] presented
an approach for analyzing the loss of events, and used prob-
abilistic risk assessment to calculate the risk. In conclusion,
the existing researches of risk assessment are mainly divided
into two directions. One direction focuses on the relation-
ship between multistep attacks and the prediction of potential
attacks. The quantification methods of the consequence of
malicious attacks are mainly based on confidentiality, integrity,
and availability. Another direction performs work on the causal
relationship of hazardous incidents, which can be used to
predict the occurrence of these hazardous incidents.
Unlike IT systems, such as the intranet or Internet of
things (IoT), ICSs have rigorous requirements on timeliness
and availability [9]. The cybersecurity risks of ICSs are pri -
marily from the potential loss caused by cyberattacks which
demolish the timeliness and availability of the control system.
Therefore, the cybersecurity risk propagation of ICSs is differ -
ent from that of IT systems, and many risk assessment models
for IT systems are not suitable for ICSs. Thus, cybersecurity
risk assessment in ICSs requires a novel model to analyze the
risk propagation.
The majority of the existing quantitative risk assess-
ment approaches [4], [11], [24], [25] use the definition
R = ∑i S(ei)P(ei) to calculate the risk R, where S(ei) is the
11. severity of the incident ei and P(ei) is the probability of the
incident ei. This definition requires that the severity of haz-
ardous incidents should be quantified in the same unit. It is
also worth noting that there is a problem when this definition
is used in ICS risk assessment. This is due to the fact that,
for ICSs, different hazardous incidents may cause the same
consequence; whereby, using this definition to assess risk will
cause the severity of the same consequence to be accumulated
multiple times. As a result, there is an error which cannot
be ignored in the risk assessment. Worst of all, the decision-
making may generate a wrong policy with this inaccurate risk
value.
Many ICSs run constantly [4], [9], and therefore the updates
must be planned and scheduled days or weeks in advance.
After the updates, exhaustive testing is necessary to ensure
the high availability of the ICS [9]. This leads to the inability
of attack knowledge of ICSs to be updated in a timely manner.
Several attack knowledge-based risk assessments cannot work
well on ICSs. Therefore, the risk assessment should have the
ability of assessing the risk caused by unknown attacks without
corresponding attack knowledge.
Based on the above analysis, the requirements of cyberse-
curity risk assessment for ICSs can be summarized as follows.
The risk assessment of ICSs needs the following.
1) A novel and targeted risk model to analyze the risk
propagation.
2) A unified quantification approach to calculate the risk
quantitatively without the error caused by the overlaps
amongst consequences.
3) Finally, the risk assessment of ICSs should have the abil -
12. ity to assess the risks caused by unknown attacks without
corresponding attack knowledge.
B. Model-Based Risk Assessment
Although the aforementioned characteristics of ICSs bring
more demanding requirements of risk assessment for ICSs,
the characteristics of the function and structure of ICSs make
some approaches which are hard to implement in IT systems
work well. More specifically, the network structure, functions,
and tasks of ICSs are usually relatively fixed [26]. Compared
with IT systems, which are more flexible, building a system
model for ICSs is relatively easy and does not require fre-
quent updates or modifications. Therefore, model-based risk
assessment is suitable for ICSs.
Throughout the history of cyberattacks to ICSs, it is noted
that the main purpose of the attackers is to damage the control
system. To achieve this destructive purpose, attackers gener -
ally need to complete part or all of the following three steps:
1) infiltrate the field network; 2) invalidate system functions;
and/or 3) cause incidents. To assess the risk, it is necessary to
model attacks, functions, and incidents.
One typical modeling approach of attacks that is widely
used is the Bayesian network, which is a significant part of risk
assessment. Poolsappasit et al. [23] and Xie et al. [27] estab-
lished models of attack knowledge with the Bayesian network
and used attack models to predict future attacks and assess the
risk. Wrona and Hallingstad [28] used the Bayesian network
to assess the connectivity risk of protected core networking.
Authorized licensed use limited to: Northcentral University.
Downloaded on October 19,2021 at 14:01:47 UTC from IEEE
Xplore. Restrictions apply.
13. 1432 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND
CYBERNETICS: SYSTEMS, VOL. 46, NO. 10, OCTOBER
2016
Szpyrka et al. [29] proposed a risk assessment approach for
telecommunication networks by using the Bayesian network to
analyze the impact of attacks on the work-flow. However, the
Bayesian network has a defect of not containing the informa-
tion of the unknown attack, such as the zero-day attack. If the
system is compromised by an unknown attack, the Bayesian
network cannot predict its next step or potential impact.
Fault tree is the mainstream approach to model the rela-
tionship of functions. Fault tree analysis (FTA) is a top-down,
deductive failure analysis approach [30]. FTA uses Boolean
logic and anomaly events to analyze the undesired system
state. FTA is mainly used in the fields of safety engineer -
ing and reliability engineering to assess system risk [31] –[35],
but this type of risk refers to the potential loss caused by sys -
tem fault rather than the one caused by a cyberattack. It is
noted that the fault tree model is rarely used in IT systems,
such as the intranet, IoT, etc. This is because the structure
and functions of IT systems often change with the change of
business.
An event tree is an effective way to describe the causal
relationship of incidents. Event tree analysis (ETA) is a for-
ward, bottom-up, and logical modeling technique. In using a
single initiating event, ETA can assess the probabilities of the
outcomes. ETA can be applied to nuclear power plants, space-
craft, chemical plants, etc. Like the FTA, ETA is often used
in risk assessment [36]–[38]. Due to the flexibility of IT sys-
tems, ETA is not adaptable for IT systems. Like the event
tree, a Petri net is also used to model relationship of various
14. kinds events. Many researches did work on risk assessment
with Petri net. Cho et al. [39] used the generalized stochastic
Petri nets to model intrusion, failure, and repair events, and
then analyzed the security and dependability of a control sys-
tem. Fanti et al. [40] proposed a risk assessment framework
by modeling accidents of high-way networks with a colored
timed Petri net. However, a Petri net may become too large to
generate all states of the system. As a result, it can be difficult
to dynamically analyze.
In recent years, several comprehensive methods for model-
based risk assessment have been designed. Operationally criti -
cal threat asset and vulnerability evaluation (OCTAVE) [41] is
an approach for identifying, assessing, and managing informa-
tion security risks. OCTAVE can identify and assess the risk
to critical assets and set an optimal security policy by ana-
lyzing the multiple domain knowledge. OCTAVE integrates
many approaches, such as the aforementioned FTA and ETA,
to model the threads. CORAS [42]–[44], which is built on
many methods, such as hazard and operability study, FTA,
Markov analysis, etc., is used to deal with complex systems
such as ICSs. However, as these are static approaches of risk
assessment, OCTAVE and CORAS cannot be adopted to assess
the dynamic risk of ICSs.
C. Architecture of Cybersecurity Risk Assessment for ICSs
To meet the requirement of risk assessment for ICSs men-
tioned in Section II-A, a dynamic cybersecurity risk assess-
ment based on the multimodel is proposed, which is shown
in Fig. 1.
Fig. 1. Architecture of the dynamic cybersecurity risk of ICSs.
There are two kinds of inputs for dynamic cybersecurity
risk assessment: 1) attack evidence and 2) anomaly evidence.
15. Attack evidence, which contains information about the type,
target, and timestamp of the detected attack, is derived from
IDS. Anomaly evidence, containing the information of the
anomaly, such as the invalidation of a function, the occur-
rence of a hazardous incident, etc., can be obtained from the
supervisor system of ICSs.
Dynamic cybersecurity risk assessment is divided into two
phases: 1) hazardous incident prediction and 2) risk assess -
ment. During the hazardous incident prediction phase, attack
evidence and anomaly evidence are collected and marked
in a multilevel Bayesian network. Then, probabilities of all
the potential hazardous incidents can be calculated by ana-
lyzing the collected evidence and the multilevel Bayesian
network. During the risk assessment phase, the consequences
of hazardous incidents are first classified, then each type of
consequence is quantified using the same unit. Second, the
overlaps amongst hazardous incidents must be addressed so
that the error caused by accumulation of overlaps amongst
different consequences can be eliminated. Finally, the proba-
bilities and consequences of hazardous incidents are combined
into the cybersecurity risk.
III. MULTIMODEL-BASED INCIDENT PREDICTION
In this section, the relationship between atom attacks in
multistep attacks, the dependency of system functions, and the
causality of incidents are analyzed first. Then the multidomain
knowledge is modeled into a multilevel Bayesian network.
Finally, a multimodel-based hazardous incident prediction
approach will be introduced.
A. Bayesian Network-Based Knowledge Modeling
As mentioned in Section II-B, in order to achieve the
destructive purpose, attackers generally need to follow part or
16. all of these three steps: 1) infiltrate the field network; 2) inval -
idate system functions; and/or 3) cause incidents. Therefore,
multidomain knowledge of malicious attacks, invalidation of
functions, and occurrence of incidents should be considered,
Authorized licensed use limited to: Northcentral University.
Downloaded on October 19,2021 at 14:01:47 UTC from IEEE
Xplore. Restrictions apply.
ZHANG et al.: MULTIMODEL-BASED INCIDENT
PREDICTION AND RISK ASSESSMENT 1433
making it necessary to establish multiple models of attacks,
system functions, and hazardous incidents.
Theoretically, probabilistic inference requires a joint prob-
ability distribution, but it suffers from exponential complexity
with the number of variables. There are various potential
attacks, many system functions, and a great number of unan-
ticipated incidents, making the joint probability distribution
too large to be available. The Bayesian network is devel -
oped to solve this problem, as it can split the complicated
joint probability distribution into a series of simple nodes,
which reduces the difficulty of knowledge acquisition and
the complexity of probabilistic inference. The Bayesian net-
work is widely used in fault diagnosis [45], decision-theoretic
troubleshooting [46], etc.
As mentioned previously, in order to be used to predict the
occurrences of incidents, attack, function, and incident know l-
edge should be modeled. In this paper, to help facilitate the
inferences, these three types of knowledge are converted into
a multilevel Bayesian network, which consists of four parts:
1) attack level; 2) function level; 3) incident level; and 4) infor -
17. mation transfer between levels. The modeling procedures of
these four parts are described in detail as follows.
1) Attack Level: Cyberattacks are becoming increasingly
complex, especially when the target is an ICS characterized
by a layered architecture that integrates several security tech-
nologies. These contexts can be violated by a multistep attack,
which is a complex attack strategy comprised of multiple cor -
related atom attacks. To launch an atom attack, all conditions
of this attack must be satisfied. If an atom attack works, the
attacker will obtain some resources which may be the condi -
tions of other atom attacks. The purpose of launching any atom
attack is to prepare for subsequent atom attacks. To describe
the atom attacks of a multistep attack with the Bayesian net-
work, two sorts of nodes are proposed: 1) an atom attack node
and 2) a resource node.
In this paper, the Bayesian network is used to describe the
relationships between attack nodes and resource nodes. There
are two steps to generate a Bayesian network: 1) generating a
directed acyclic graph (DAG) and 2) generating a conditional
probability table for each node in DAG.
Through vulnerability scanning, vulnerabilities of ICSs can
be obtained. Then all possible attack scenarios are enumerated
with the information of system vulnerabilities. Next, the condi -
tions and results of each atom attack in the attack scenarios are
analyzed. Assuming there are m atom attacks and n resources,
an (m+n)×(m+n) incidence matrix [Ai,j] can be established.
If the conditions of an atom attack aj are ri1, ri2, . . . , rix, then
let Aik,j = 1, where k = 1, 2, . . . , x. If the attacker can obtain
the resources rj1, rj2, . . . , rjy by launching an atom attack ai,
then let Ai,jk = 1, where k = 1, 2, . . . , y. Finally, a DAG that
is described by the incidence matrix [Ai,j] can be generated.
Assuming there are n resource nodes, r1, r2, . . . , rn, point-
18. ing to the attack node ai. In other words, attack node ai has
n parent nodes. The Bayesian network adopts a conditional
probability table to depict the condition of attack ai, which is
shown in Table I.
In general, satisfying the condition of an attack does
not mean that the attacker must launch the attack, so the
TABLE I
CONDITION OF ATTACK ai
TABLE II
PROBABILITIES OF LAUNCHING ATTACK ai
TABLE III
CONDITIONAL PROBABILITY OF ai
TABLE IV
PROBABILITIES OF OBTAINING RESOURCE rj
Bayesian network uses the �ai to describe the probability of
launching an attack ai. The probability of launching an attack
ai is shown in Table II.
To simplify the Bayesian network, Tables I and II can be
merged into one table, as shown in Table III, where lai,x =
�ai cai,x, x = 1, 2, . . . , 2n.
Assuming that the resource node rj has m parent nodes
a1, a2, . . . , am, and the attacker has launched several attacks
in a1, a2, . . . , am, he will have a chance to obtain the
resource rj. The probabilities of obtaining resource rj are
shown in Table IV.
The aforementioned parameters, such as ori,j, cai,j, and �ai ,
can be obtained from the statistical analysis of historical data
19. or from experts in the cybersecurity field.
2) Function Level: ICSs usually have tight coupled phys-
ical systems. If a function becomes invalid due to malicious
attacks, it may cause other functions to become invalid, too.
This phenomenon is called cascading failure. FTA is used
Authorized licensed use limited to: Northcentral University.
Downloaded on October 19,2021 at 14:01:47 UTC from IEEE
Xplore. Restrictions apply.
1434 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND
CYBERNETICS: SYSTEMS, VOL. 46, NO. 10, OCTOBER
2016
extensively to analyze the cascading failure of a control
system [47]–[49]. The main objectives of FTA are as follows.
1) To identify all possible combinations of basic events that
may result in a critical event in the system.
2) To find the probability that the critical event will occur
during a specified time interval or the frequency of the
critical event.
3) To identify aspects of the system which need to be
improved in order to reduce the probability of the critical
event.
There are many methods involved in establishing a fault
tree; therefore, the modeling procedure will not be discussed
in this paper. A fault tree can be converted into a Bayesian
network [45], [50]. However, it is noted that the conditional
probability table of the Bayesian network contains more infor -
20. mation than the logical gate of the fault tree. In other words,
the logical gate cannot always accurately describe the relation-
ship amongst functions. For example, if the cooling function
is invalid, there will be a 50% possibility of a crash for the
host in the same cabinet. It is impossible to model this rela-
tionship by using the fault tree, but the Bayesian network can
easily describe this relationship with a conditional probability
table. To model the dependency of functions more accurately,
the dependency of every function failure node in the Bayesian
network is analyzed and the corresponding conditional proba-
bility table is amended. Experts in the system safety field can
provide the conditional probability.
3) Incident Level: In ICSs, if an incident takes place, it may
trigger other incidents. This phenomenon is called the “domino
effect.” For example, when the pressure of a reactor exceeds
the safe threshold level, it is likely to cause an explosion. Even
worse, this explosion may lead to casualties, environmental
damage, or property loss. In this paper, the Bayesian network
is used to model the relationship amongst incidents.
There are three steps involved in establishing a Bayesian
network of incidents.
1) Analyze historical data and consult engineers and
experts to identify all possible incident scenarios of
ICSs.
2) Analyze the causal relationship amongst incidents. If
the occurrence of an incident ei can cause another inci-
dent ej, the Bayesian network will add an arrow from
ei to ej, in which ei is the parent node of ej.
3) Generate a conditional probability table for each
incident.
21. Assuming that there are n parent nodes of ej, the Bayesian
network uses a conditional probability table, which is shown
in Table V, to describe the probability of ej. Similar to the
conditional probability in the function level, experts in the
system safety field can provide the parameter hei,j.
There may exist several overlaps amongst different conse-
quences. The loss of an overlapped part will be calculated
repeatedly, and, as a result, it will cause the error to turn into
a risk. To solve this problem, the consequences of the inci -
dents need to be decoupled. There are four steps to decouple
consequences.
Step 1: For each incident ei, analyze its consequence and
generate a consequence set ci = (c1, c2, . . . , cn).
TABLE V
PROBABILITIES OF INCIDENT OCCURRENCE
Algorithm 1 Decoupling Algorithm of C
Input: C = (c1, c2, . . . , cm)
Output: C′ = (c′1, c′2, . . . , c′m′)
1: C′ ← ∅
2: for i = 1 to m do
3: n ← number of elements of C′
4: for j = 1 to n do
5: t1 ← ci ∩ c′j
6: t2 ← c′j − t1
7: ci ← ci − t1
8: for k = 1 to 2 do
9: if tk �= ∅ then
10: Add tk in end of C
′
22. 11: end if
12: end for
13: end for
14: if ci �= ∅ then
15: Add ci in end of C
′
16: end if
17: end for
18: return C′
The elements of the consequence set ci could be
field workers, facilities, environment, products, etc.
The meaning of ci is that the occurrence of inci-
dent ei will threaten the elements in consequence
set ci. For example, the incident ei is an explosion
of a reactor, which may cause worker casualties, air
pollution, facilities damages, and products losses.
The consequence set of ei is
ci = (workers, air, facilities, products).
Step 2: Generate C′ = (c′1, c′2, . . . , c′m′) based on C =
(c1, c2, . . . , cm). The following conditions must be
met:
completeness:
⋃m
i=1 ci =
⋃m′
i=1 c
′
i (1)
23. independence: ∀ c′i, c′j ∈ C′ : c′i ∩ c′j = ∅ (2)
traceability: ∀ c′ ∈ C′,∃ c ∈ C : c′ ⊆ c. (3)
Algorithm 1 shows a promotional algorithm, which
can minimize the number of elements of C′. The
small number of elements of C′ can reduce the
complexity of the Bayesian network.
Step 3: For each c′j in C
′, generate a corresponding aux-
iliary node xj. According to the traceability of C
′,
Authorized licensed use limited to: Northcentral University.
Downloaded on October 19,2021 at 14:01:47 UTC from IEEE
Xplore. Restrictions apply.
ZHANG et al.: MULTIMODEL-BASED INCIDENT
PREDICTION AND RISK ASSESSMENT 1435
TABLE VI
CONDITIONAL PROBABILITY OF AUXILIARY NODE
Fig. 2. Relationship between function and attack.
which is shown in (3), there must be a consequence
set ci in C, where c
′
j ⊆ ci. Generate the incident
set ej for each c
′
24. j, which satisfies the following
conditions:
∀ ei ∈ ej, c′j ⊆ ci (4)
�ei /∈ ej, c′j ⊆ ci. (5)
Assume that the incident set of c′j is ej =
(ei1 , ei2 , . . . , ein ), then add an auxiliary node xj in
the Bayesian network. The parent nodes of the new
auxiliary node xj are ei1 , ei2 , . . . , ein .
Step 4: For each auxiliary node xj, generate a conditional
probability table, which can be obtained from the
expertise. The conditional probability table of the
auxiliary node xj is shown in Table VI.
4) Information Transfer Between Levels: The cyberattacks
can lead to system function failures, and the function failures
may cause the industrial incidents. To analyze risk propa-
gation, information transfer is necessary between the three
aforementioned layers.
For system functions, besides the failures of their parent
nodes, the cyberattack can also invalidate them. For each func-
tion fi in the function level, find all attack nodes that may lead
to the failure of fi in the attack level. Then add arrows from
attack nodes to the function node fi. Assuming that there are
n parent nodes of function fi, and m attack nodes may invalid
function fi, Fig. 2 shows the relationship diagram of func-
tion fi. Finally, analyze the entire situation of f1, f2, . . . , fn
and
a1, a2, . . . , am, and obtain the conditional probability of fail -
ure for function fi, as shown in Table VII, from expertise or
historical data.
25. Failure of system functions is a significant cause of indus-
trial incidents. For example, failure of the temperature control
function may result in the incident of the reactor temperature
exceeding the threshold. For each incident ei in ICSs, ana-
lyze all the system functions whose failure can lead to the
occurrence of incident ei, and then add arrows from function
TABLE VII
PROBABILITIES OF FUNCTION fi FAILURE
Fig. 3. Relationship between incident and function.
TABLE VIII
PROBABILITIES OF INCIDENT ei
failure nodes to the incident ei. Assuming that there are n par -
ent nodes of the incident ei, and m function failure nodes may
cause the incident ei, Fig. 3 shows the relationship diagram of
incident ei.
Then analyze the entire situation of e1, e2, . . . , en and
f1, f2, . . . , fm, and obtain the conditional probability table of
incident ei, as shown in Table VIII, from historical data or
expertise.
B. Incident Prediction
With the proposed multilevel Bayesian network, the proba-
bilities of the potential hazardous incidents can be calculated.
The approach of incident prediction is introduced as follows.
1) Collection of Data and Evidence: An IDS is a device or
software application that monitors network or system activi -
ties for malicious activities or policy violations and produces
Authorized licensed use limited to: Northcentral University.
26. Downloaded on October 19,2021 at 14:01:47 UTC from IEEE
Xplore. Restrictions apply.
1436 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND
CYBERNETICS: SYSTEMS, VOL. 46, NO. 10, OCTOBER
2016
Fig. 4. Example of updating evidence in Bayesian network.
reports to a management station or risk assessment mod-
ule. The anomaly detection system (ADS) collects data from
a system to compare with the normal values. If there is
a considerable deviation, like the IDS, the ADS will gen-
erate a report to the risk assessment module. In several
researches regarding the anomaly-based IDS, the ADS is a
part of the anomaly-based IDS. In this paper, the IDS rep-
resents the signature-based IDS which does not contain an
ADS. In other words, the IDS and ADS are two separate
systems.
When the IDS detects attacks, it generates attack evidence
and sends it to the risk assessment module. Similarly, the
ADS detects anomalies and sends anomaly evidence to the
risk assessment module. For each attack evidence or anomaly
evidence, there must be a unique corresponding node in the
multilevel Bayesian network.
Correlation only exists amongst the atom attacks in a com-
binational attack. If two atom attacks do not belong to a
combinational attack, a correct prediction cannot be gener -
ated by analyzing the multilevel Bayesian network with these
two atom attacks. To solve this problem, Tmax is proposed
as the maximum time interval of adjacent continuous atom
attacks. If the interval of the adjacent continuous attacks is
27. larger than Tmax, the multilevel Bayesian network does not
regard these two attacks as a combinational attack. The value
of Tmax can be obtained by analyzing a significant volume
of historical data regarding combinational attacks. To better
illustrate the updating process of Ea, an example of updating
is shown in Fig. 4.
Suppose that Eb is the set of anomaly evidence. If evi -
dence of an anomaly is added into Eb, it exists until the
corresponding anomaly is removed.
2) Calculation of Incident Probability: Let E = Ea ∪ Eb
is the evidence set of the multilevel Bayesian network. When
any evidence in E is changed, the algorithm named probability
propagation in trees of clusters (PPTCs) can update the prob-
ability of all hazardous incidents by analyzing the multilevel
Bayesian network. PPTC algorithm is one of the most recog-
nized algorithms for exact probabilistic inferences in Bayesian
networks [51]. With PPTC, probabilities of all nodes in the
multilevel Bayesian network can be calculated.
The inference of Bayesian networks is an NP-hard prob-
lem [28], [52]. However, several efficient algorithms, including
the PPTC algorithm, have been proposed for inference in
graphs consisting of tens to hundreds of nodes. In graphs
of a limited size, the Bayesian inference can generally be
performed in less than a few seconds [28].
IV. INCIDENT PREDICTION-BASED
DYNAMIC RISK ASSESSMENT
In this section, the incident consequences of incidents are
first classified. Then, a quantification method is introduced for
each type of consequence. Finally, a dynamic cybersecurity
risk assessment approach for ICSs is proposed.
28. A. Classification of Incident Consequences
The adverse effects of an incident may be classified into
three categories: 1) harm to humans; 2) environmental pollu-
tion; and 3) property loss.
There are three sorts of harms to humans [53].
1) Temporary Harm: In this case, the person is harmed but
will be totally restored and eventually able to work after
the accident.
2) Permanent Disability: In this case, the person receives
permanent illness or disability. The degree of disability
is often given as a percentage.
3) Fatality: In this case, the person dies from the harm.
Pollution is the introduction of contaminants into the natu-
ral environment, causing adverse changes. In this paper, three
kinds of pollution are considered.
1) Air pollution occurs when chemicals and poisonous
particulates are released into the atmosphere.
2) Soil contamination occurs when chemicals are released
by spillage or underground leakage.
3) Water pollution occurs when chemical contaminants or
wastewater from commercial and industrial waste are
discharged into surface waters.
Property loss refers to damage of materials, products, and
equipment. This loss is caused by incidents which occur in
the production process. For example, superheat temperatures
29. will damage the products, frequent changes of the switch will
lead to valve damage, and high pressure will cause a tank
explosion.
B. Quantification of Incident Consequences
1) Quantification of Harm to Humans: To quantitatively
assess the cybersecurity risk of ICSs, the loss of human life
or injury must be quantified in monetary units.
The quantification result of harm to humans depends on the
decision-maker. Now assume that there is a decision-maker
who is deciding which risk-reduction method will be adopted.
If he would like to increase the cost of an investment by �c to
reduce the probability of a fatality by �p, the QH = �c/�p
can be used to derive the quantification of human life. To
quantify human life into monetary units, the decision-maker
must consider the probability of a fatality, total investment,
consequences of a fatality for the reputation of the company,
and so on.
In many cases, the risk to humans is not adequately
described by the fatality risk, and injuries should also be taken
into account. This is often done by comparing injuries and
Authorized licensed use limited to: Northcentral University.
Downloaded on October 19,2021 at 14:01:47 UTC from IEEE
Xplore. Restrictions apply.
ZHANG et al.: MULTIMODEL-BASED INCIDENT
PREDICTION AND RISK ASSESSMENT 1437
disabilities with fatalities and trying to calculate a potential
equivalent fatality [54]. In this paper, for simplicity purposes,
30. probability and fatality are used to replace temporary harm
and permanent disability.
2) Quantification of Environmental Pollution: For ICS, the
monetary loss of environmental pollution is defined as
QE = Penalty + Compensation + HarnessCost. (6)
1) Penalty: According to the environmental protection
laws, if the occurrence of an incident causes environ-
mental pollution, as owner of the ICS, the company
must pay the penalty charge (Penalty). Relevant laws
and regulations decide the specific value of the penalty.
2) Compensation: When environmental pollution occurs, it
tends to influence the living conditions of residents near
the plant, the downstream agricultural production, etc.
As the relevant liable person, the company has the obli -
gation to pay for compensation. Consulting legal advis-
ers decide the value of compensation (Compensation).
3) HarnessCost: To clear the polluted environment, as
the polluter, the company must take action to improve
the environment. The analyzing record of similar inci -
dents can valuate the cost of harnessing the environment
(HarnessCost).
3) Quantification of Property Loss: In this paper, the cost of
replacement is used to quantify the loss of property QP, such as
the loss of materials, products, and equipment. For example, if
any equipment is damaged, it needs to be replaced. Therefore,
the cost of replacement is the loss of this equipment. Similarly,
if a product is damaged, it cannot be sold. When materials are
damaged, the enterprise must buy new materials. Therefore,
the loss of materials and products are the cost. In all situations,
any materials, products, and equipment loss can be quantified
31. as monetary loss.
C. Calculation of Dynamic Risk
In this paper, a set of triplets which is defined by
Kaplan and Garrick [55] is used to express the risk
R = {〈ei, p(ei), c(ei)〉}mi=1 (7)
where p(ei) is the probability of a hazardous incident ei, and
c(ei) is the consequence of ei.
If there is no overlap amongst consequences and the con-
sequences can be quantified in the same unit, then the overall
risk can be calculated by
R =
m∑
i=1
p(ei) · q(ei) (8)
where q(ei) is the quantification of the consequence of ei.
Section III-A3 introduces a method to generate the auxiliary
nodes xi, which are essentially hazardous events. Equation (2)
shows that there is no overlap between the consequences of the
auxiliary nodes. Equation (1) shows that the auxiliary nodes
contain all possible consequences. So the risk of ICSs can be
calculated by
R =
m′∑
i=1
p(xi) · q(xi). (9)
32. Fig. 5. Control structure of chemical reactor.
The p(xi) is calculated in Section III-B, and the q(xi)
can be quantified in monetary units by methods introduced
in Section IV-B.
V. SIMULATION: CHEMICAL REACTOR CONTROL
SYSTEM
The purpose of this section is to illustrate how our approach
validly calculates the cybersecurity risk in real-time through a
simulation. In this section, the experimental subject, a chem-
ical reactor control system, is described first. Then the model
implementation and the simulation platform are introduced.
Several simulations are designed to illustrate the timeliness
capability, validity, and ability to handle unknown attacks
of our approach. Finally, the results of the simulations are
recorded and analyzed.
A. Knowledge Modeling and Simulation Platform
A chemical reactor is a device for containing and controlling
a chemical reaction and is widely used in the chemical indus-
try. The representative structure of a chemical reactor control
system is shown as Fig. 5.
In Fig. 5, the Ethernet connects to the enterprise network
via G1, which is not shown in this figure. Two controller area
network bus (CANBUS) networks connect to the Ethernet
via G2 and G3. In the Ethernet, there are an engineer sta-
tion (ES) and a historical data server (HDS). The host in
the enterprise network can access the historical data of HDS,
but cannot access the ES. PLC1–PLC6 are distributed into
two CANBUS networks. The ES and the HDS can obtain
data from all of the PLCs, but only the ES can modify and
configure PLCs.
33. The control system has intentionally been set up to include
several real vulnerabilities. In particular, the HDS is vulnerable
to a buffer overflow exploitation based on CVE-2007-4060 and
an file transfer protocol bounce attack based on CVE-1999-
0017. Additionally, the HDS does not limit the number of
username/password verifications, which makes the HDS vul -
nerable to password brute-force attacks. Like the HDS, the
Authorized licensed use limited to: Northcentral University.
Downloaded on October 19,2021 at 14:01:47 UTC from IEEE
Xplore. Restrictions apply.
1438 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND
CYBERNETICS: SYSTEMS, VOL. 46, NO. 10, OCTOBER
2016
Fig. 6. Multilevel Bayesian network of reactor.
ES is also vulnerable to a buffer overflow exploitation. More
remarkably, the ES relies on the IP address for authentica-
tion, which allows remote attackers to send malicious codes by
spoofing the IP address. When an attacker obtains the admin-
istrator authorities of the HDS or the ES, he can attack PLCs
by Denial of Service (DoS) attack, man-in-the-middle attack,
etc.
If an attacker launches an attack to PLC1–PLC6, the corre-
sponding functions will fail. For example, when the PLC1 is
under the DoS attack, the switch functions of V1 and V2 will
be invalid. Similarly, if an attacker reconfigures the program
of PLC2, the sensation function will fail. As a subfunction
of the liquid level control, the switch function failure of V1
34. is likely to lead to an invalidation of the liquid level control.
Even worse, the invalidation of a function may cause unan-
ticipated incidents, such as a temperature anomaly, excessive
pressure, or even a reactor explosion. Finally, the series of
incidents will damage products and facilities, pollute water
and air, and injure staff. By analyzing this chemical reactor
control system, all potential attacks can be enumerated, the
failures that may be caused by those attacks can be figured
out, all possible incidents can be speculated, and finally, the
multilevel Bayesian network which is shown in Fig. 6 can be
built. Conditional probabilities of the nodes in the multilevel
Bayesian network are obtained from expertise.
The simulation platform is implemented in MATLAB,
which consists of three modules: 1) an evidence generator;
2) an incident prediction module; and 3) a risk assessment
module. Fig. 7 shows the structure of the simulation platform.
The evidence generator is used to simulate the signature-
based IDS and ADS. It uses an array to store an evidence list,
which is shown in Section V-B. For each node in the multilevel
Bayesian network, it has a unique index in the range of 1 to
the total number of nodes N. The elements of the array are
integers from −N to N. If the ith element is 0, it means that,
at the ith minute, there is no evidence; if the ith element is
a positive integer, it means that there is an evidence at ith
minute; and if the ith element is a negative integer, it means
that this evidence is withdrawn at the ith minute. The input of
the evidence generator is a time trigger. When the evidence
generator receives the trigger signal, it reads the input time and
updates the evidence set of the multilevel Bayesian network
according to the array.
The incident prediction module uses the Bayes net tool-
box (BNT) [56] to establish the multilevel Bayesian network,
which is shown in Fig. 6. The BNT was developed by
35. Kevin Murphy and is a toolbox that works with MATLAB
from MathWorks. The toolbox supports different exact and
approximate inference algorithms, parameters, and structure
learning. When the evidence generator sends evidence, they
will be added into E. Then the incident prediction module
uses the BNT to infer the multilevel Bayesian network with E.
Finally, the probabilities of x1, x2, . . . , x8 are calculated and
sent to the risk assessment module.
When the risk assessment module receives the probabilities
of x1, x2, . . . , x8, it calculates the risk of every incident and
adds all the potential loss of x1, x2, . . . , x8 to the system risk.
Fig. 8 shows the interface of the simulation, which con-
sists of two windows. The left window displays the multilevel
Bayesian network. Four colors—red, green, blue, and black—
are used to represent four kinds of nodes—attack nodes,
resource nodes, function nodes, and incident/auxiliary nodes,
respectively. When the incident prediction module receives
attack evidence or anomaly evidence, the corresponding node
will be marked with a circle. Double clicking any node can
open its property window. In Fig. 8, the properties window
of the incident node x7 shows the current probability of x7
in the parameter UserData. The right window shows the
Authorized licensed use limited to: Northcentral University.
Downloaded on October 19,2021 at 14:01:47 UTC from IEEE
Xplore. Restrictions apply.
ZHANG et al.: MULTIMODEL-BASED INCIDENT
PREDICTION AND RISK ASSESSMENT 1439
Fig. 7. Structure of the simulation platform.
36. Fig. 8. Interface of the simulation platform.
probability curves of x1, x2, . . . , x8 and the dynamic cyberse-
curity risk curve. Every minute, in the right window, points
are plotted above curves according to the results sent from
the incident prediction module and the risk assessment mod-
ule. In Fig. 8, the right window shows the probabilities of
x1, x2, . . . , x8 and the risk during the first 345 min.
B. Simulation and Result Analysis
The simulation procedure is separated into three steps as
follows.
1) A multistep attack, which is described later, is launched
on the chemical reactor control system. The evidence is
collected and the cybersecurity risk is calculated every
minute. Then the curves of the cybersecurity risk and
probabilities of incidents x1, x2, . . . , x8 in the multilevel
Bayesian network are provided.
2) To validate the ability to deal with unknown attacks,
some attack knowledge from the multilevel Bayesian
network is removed, so these attacks are unknown
attacks to the system. Then an identical multistep attack
on the system is launched on the system. Finally, the
results of these two simulations are compared.
3) With the multilevel Bayesian network in step 1), the risk
assessment is repeated 5000 times and all the execution
times are recorded, the distribution curve of the execu-
tion time is presented to show the real-time capability
of our approach. Then, 25 multilevel Bayesian networks
with different node sizes will be generated randomly,
and afterward, all the execution times are recorded to
37. show the possible upper/lower bounds and scalability of
our approach.
Because our concern is the cybersecurity of the physical
layer, in order to simplify the process of attack, the attack
has reached the physical layer. The goal of an attacker is
to destroy the chemical reactor by invalidating the PLC5.
The attack scenario includes the following steps. First, the
remote attacker acquires the list of IP addresses by an IP
scanner. Second, the attacker scans ports and vulnerabilities
within the HDS and the ES. Third, the attacker launches a
DoS attack on the HDS to create a breakdown. Fourth, the
attacker disguises himself as an HDS in order to commu-
nicate with the ES. Since the ES trusts the HDS, the data
and command sent by the attacker will not be validated. As
a result, the attacker can send malicious commands to the ES
and obtain administrator authority. Finally, the attacker modi -
fies the program of PLC5 to invalidate the pressure reduction
function.
Since the aforementioned attacks are all known attacks,
they can be detected by the signature-based IDS. Meanwhile,
some attacks can cause system anomalies and be captured by
ADS. For example, when the attacker launches an IP scan
attack, the IDS detects this attack and generates an attack
evidence. Similarly, the ADS generates an anomaly evidence
due to the failure of the pressure control function. To clarify
this, Table IX lists all the evidence caused by this multistep
attack. In this simulation, a positive integer is used to represent
absolute time, where the unit is 1 min.
In this simulation, the maximum interval of the adjacent
continuous atom attacks is set to 150 min. There are eight
incidents that can lead to various losses. Consequences of these
eight incidents are quantified and given in Table X.
38. Fig. 9 shows the probabilities of incidents x1, x2, . . . , x8 and
the dynamic cybersecurity risk value, which are recorded every
minute. In Fig. 9(b), the label with a pin on the risk curve
Authorized licensed use limited to: Northcentral University.
Downloaded on October 19,2021 at 14:01:47 UTC from IEEE
Xplore. Restrictions apply.
1440 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND
CYBERNETICS: SYSTEMS, VOL. 46, NO. 10, OCTOBER
2016
(a)
(b)
Fig. 9. Results of simulation. (a) Probability curves of
incidents. (b) Cybersecurity risk curve.
TABLE IX
LIST OF EVIDENCE
TABLE X
QUANTIFICATION OF INCIDENCES CONSEQUENCES
represents the corresponding evidence. For example, a1 means
that, at the 50th minute, the signature-based IDS detected the
IP scan attack. f4 means that, at the 266th minute, the ADS
captured the failure of f4. f 4 means that the function f4 has
been fixed at the 378th minute. The last label “attack timeout”
at the 412th minute means that it has been 150 minutes since
the last attack evidence a20 generated at the 261st minute.
39. Fig. 9 shows that the cybersecurity risk is increasing as
the attacker gradually launches those attacks. However, w hen
an attack is suspended or the invalid function is fixed, the
cybersecurity risk decreases. It is worth noting that the damage
probability of product is larger than that of the tank before e4
occurs. One of the main reasons is that the multilevel Bayesi an
network is incapable of inferring the purpose of the attacker
until e4 occurs. Another primary reason is that the causes of
product damage are more than that of the tank damage. When
the incident e4 occurs and is captured, the attack target is
evident. Thus, after the 310th minute, the damage probability
of the tank is higher than that of the product. Fig. 9 shows
that the recovery of f4 or f12 does not reduce the cybersecurity
risk, because that pressure is still excessive during this period.
The risk value is decreasing as the pressure is reduced under
the safe threshold.
To illustrate the ability to deal with unknown attacks, the
attack nodes a6 and a9 are removed from the multilevel
Bayesian network. Thus, the incident prediction module does
not know that an attacker can get the administrator authority
of the ES through a DoS attack and an IP spoofing attack. In
other words, a6 and a9 are unknown attacks to the incident pre-
diction module. Additionally, the conditional probability table
of the resource node r9 also needs to be modified. Table XI
provides the conditional probability table of the resource node
r9 before the modification. By removing the third row and the
sixth through ninth columns, which are marked with gray, the
modified conditional probability table of the resource node r9
can be obtained.
Authorized licensed use limited to: Northcentral University.
Downloaded on October 19,2021 at 14:01:47 UTC from IEEE
Xplore. Restrictions apply.
40. ZHANG et al.: MULTIMODEL-BASED INCIDENT
PREDICTION AND RISK ASSESSMENT 1441
TABLE XI
MODIFICATION OF CONDITIONAL PROBABILITY
Fig. 10. Comparison of risk curves of two simulation.
The same multistep attack is launched to the chemical reac-
tor control system again. Since there is no knowledge of
attacks a6 and a9, the evidence of a6 and a9 must be removed
from the evidence list in Table IX. The cybersecurity risk
value is recorded every minute, and then the risk curves of
the two simulations are put in one figure, which is shown
in Fig. 10.
Fig. 10 shows that, before the 120th minute, the risk value
of the second simulation is slightly lower than that of the first
simulation. The reason is that, without the knowledge of a6
and a9, the probability of an attack obtaining the resource r9
is lower in view of the incident prediction module. After the
120th minute and before the 259th minute, there is a difference
between these two risk curves. Since there is no evidence of
a6 and a9, the risk value of the second simulation in this range
remains unchanged. After the 259th minute, the risk curves of
these two simulations overlap. This comparison shows that,
without the knowledge of several atom attacks, there is no
comparatively large deviation in the result of the risk assess -
ment. Therefore, if there are a few unknown atom attacks in
a multistep attack, our approach can still generate a relatively
accurate risk value.
To demonstrate the execution time of our approach, a
stochastic evidence generator is designed to test the execution
time of our dynamic risk assessment approach. This stochas-
41. tic evidence generator can randomly generate an attack or an
anomaly evidence every minute. The proportion of evidence
is 10%, meaning that the stochastic evidence generator sends
an average of one evidence to the risk assessment module
every 10 min. The stochastic evidence generator is used to
replace the evidence generator in the first simulations, and
then the execution times of 5000 calculations are recorded.
This simulation is run on a machine with Intel Pentium proces-
sor G3220 (3M Cache, 3.00 GHz) and 4 GB DDR3 memory.
Fig. 11 shows the distribution of the 5000 execution times.
Fig. 11. Distribution of execution time.
TABLE XII
COMPARISON OF PROPOSED AND OTHER EXISTING
RISK ASSESSMENT SOLUTIONS
The average execution time of a risk assessment is 0.0941 s,
the minimum execution time of a risk assessment is 0.0899 s,
and the maximum execution time of a risk assessment is
0.1316 s.
Finally, 25 multilevel Bayesian networks with different node
sizes are adopted to show the possible upper/lower bounds
and the scalability of our approach. The minimum node size
is 10, and the maximum node size is 490, which can model
extremely complicated control systems. For each multilevel
Bayesian network, the risk assessment is repeated 200 times
and all the execution times are recorded. Fig. 12 shows the pos -
sible upper/lower bounds and the scalability of the proposed
risk assessment approach.
In Fig. 12, a fitting line y = 0.0019x−0.0175 matches well
with the correlation coefficient r = 0.9987. This means that
the execution time of the risk assessment scales linearly with
42. the increase of the node size of the multilevel Bayesian net-
work. The maximum execution time of the multilevel Bayesian
network with 490 nodes is 1.094 s.
The above simulations show that the proposed risk assess-
ment approach can dynamically predict all the potential haz-
ardous incidents and generate a cybersecurity risk value by
a single inference of the multilevel Bayesian network. Since
the multilevel Bayesian network consists of multiple models,
the proposed approach can assess the risk caused by unknown
attacks without corresponding attack knowledge. The execu-
tion time of the multilevel Bayesian network with 64 nodes is
less than 150 ms, and the time complexity is O(n), where n
is the node number of the multilevel Bayesian network.
This feature enables our approach to run on most soft real -time
control systems.
Authorized licensed use limited to: Northcentral University.
Downloaded on October 19,2021 at 14:01:47 UTC from IEEE
Xplore. Restrictions apply.
1442 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND
CYBERNETICS: SYSTEMS, VOL. 46, NO. 10, OCTOBER
2016
Fig. 12. Upper/lower bounds and scalability of proposed risk
assessment.
As cybersecurity risk assessment approaches have many dif-
ferent application scenarios and a variety of solutions, it is
difficult to directly compare our approach with other existing
approaches. But, Table XII presents some differences between
some published approaches and our approach from the per-
spective of ICS cybersecurity risk assessment requirements,
43. which are mentioned in Section II-A.
VI. CONCLUSION
Cybersecurity risk assessment is a key component of cyber-
security protection for ICSs. In this paper, a risk assessment
approach was proposed based on the multimodel for ICSs,
which utilized the attack evidence and system state to predict
the occurrence of potential hazardous incidents and gener -
ate the cybersecurity risk value dynamically. To begin, a
novel multilevel Bayesian network was proposed by consid-
ering the characteristics of ICSs, which integrated knowl -
edge of attacks, system functions, and hazardous incidents.
With the multilevel Bayesian network, the computational
complexity of incident prediction was reduced, because the
occurrence probabilities of all potential hazardous incidents
could be calculated by a single Bayesian inference. Then,
the attack knowledge and system knowledge were combined
to analyze the potential impact of attacks, so the proposed
approach had the ability of assessing the risk caused by
unknown attacks. Finally, a unified quantification approach for
a variety of consequences of industrial accidents was intro-
duced. Furthermore, the proposed approach could eliminate
the error of risk caused by the overlaps amongst hazardous
incidents.
By using a simplified chemical reactor control system in a
MATLAB environment, the designed dynamic risk assessment
approach was verified. Through the analysis of the simulation
results, the proposed approach could adjust the risk value in
real-time with the launching of multistep attacks was demon-
strated. In addition, the result of the comparative simulation,
in which some attack knowledge was removed from the attack
level of the multilevel Bayesian network, showed that our
approach could calculate the risk caused by unknown attacks.
Finally, our approach had low computational complexity, and
44. it could calculate probabilities of all the potential hazardous
incidents and generate a dynamic cybersecurity risk value
in 150 ms. The average computation time of risk assessment
scaled linearly with the increase of the node number of the
multilevel Bayesian network. Even if the Bayesian network
had 400 nodes, which models a complicated control system,
this approach still had high computation speed.
Current research work has no ability for self-learning,
and the subsecond computation time cannot meet some hard
real-time systems requirements. In the future, a dynamic cyber-
security risk assessment, which can automatically adjust the
conditional probability and structure of the multilevel Bayesian
network by analyzing the real-time data, will be researched,
and several approximate inference methods will be attempted
in the risk assessment.
ACKNOWLEDGMENT
The authors would like to thank the anonymous referees for
their helpful comments and suggestions.
REFERENCES
[1] I. N. Fovino, A. Coletta, A. Carcano, and M. Masera,
“Critical state-
based filtering system for securing SCADA network protocols,”
IEEE
Trans. Ind. Electron., vol. 59, no. 10, pp. 3943–3950, Oct. 2012.
[2] R. R. R. Barbosa, R. Sadre, and A. Pras, “Flow whitelisting
in
SCADA networks,” Int. J. Crit. Infrastruct. Protect., vol. 6, nos.
3–4,
pp. 150–158, 2013.
45. [3] R. Langner, “Stuxnet: Dissecting a cyberwarfare weapon,”
IEEE Secur.
Privacy, vol. 9, no. 3, pp. 49–51, May/Jun. 2011.
[4] A. A. Cárdenas et al., “Attacks against process control
systems: Risk
assessment, detection, and response,” in Proc. 6th ACM Symp.
Inf.
Comput. Commun. Security (ASIACCS), Hong Kong, 2011, pp.
355–366.
[5] Industrial Control Systems Cyber Emergency Response
Team, ICS-
CERT Year in Review, Nat. Cybersecurity Commun. Integr.
Center,
2013.
[6] J. Slay and M. Miller, “Lessons learned from the Maroochy
water
breach,” in Critical Infrastructure Protection (IFIP International
Federation for Information Processing), vol. 253, E. Goetz and
S. Shenoi, Eds. New York, NY, USA: Springer, 2008, pp. 73–
82.
[7] B. Miller and D. Rowe, “A survey SCADA of and critical
infrastructure
incidents,” in Proc. 1st Annu. Conf. Res. Inf. Technol., Calgary,
AB,
Canada, 2012, pp. 51–56.
[8] T. M. Chen, “Stuxnet, the real start of cyber warfare?” IEEE
Netw.,
vol. 24, no. 6, pp. 2–3, Nov./Dec. 2010.
[9] K. Stouffer, J. Falco, and K. Scarfone, “Guide to i ndustrial
46. control sys-
tems (ICS) security,” U.S. Dept. Commer., Nat. Inst. Stand.
Technol.,
Gaithersburg, MD, USA, Tech. Rep. 800-82, 2011.
[10] Industrial Communication Networks—Network and System
Security Part 1-1: Terminology, Concepts and Models, Standard
IEC TS 62443-1-1:2009, 2009.
[11] M. Ni, J. D. McCalley, V. Vittal, and T. Tayyib, “Online
risk-based secu-
rity assessment,” IEEE Trans. Power Syst., vol. 18, no. 1, pp.
258–265,
Feb. 2003.
[12] G. Stoneburner, A. Y. Goguen, and A. Feringa, “Risk
management guide
for information technology systems,” U.S. Dept. Commer., Nat.
Inst.
Stand. Technol., Gaithersburg, MD, USA, Tech. Rep. Sp 800-
30, 2002.
[13] Framework for Improving Critical Infrastructure
Cybersecurity,
Nat. Inst. Stand. Technol., Gaithersburg, MD, USA, 2014.
Authorized licensed use limited to: Northcentral University.
Downloaded on October 19,2021 at 14:01:47 UTC from IEEE
Xplore. Restrictions apply.
ZHANG et al.: MULTIMODEL-BASED INCIDENT
PREDICTION AND RISK ASSESSMENT 1443
[14] A. Shameli-Sendi, N. Ezzati-Jivan, M. Jabbarifar, and M.
47. Dagenais,
“Intrusion response systems: Survey and taxonomy,” Int. J.
Comput.
Sci. Netw. Security, vol. 12, no. 1, pp. 1–14, 2012.
[15] I. Molloy et al., “Risk-based security decisions under
uncertainty,” in
Proc. 2nd ACM Conf. Data Appl. Security Privacy, San
Antonio, TX,
USA, 2012, pp. 157–168.
[16] T. Aven and E. Zio, “Some considerations on the treatment
of uncer-
tainties in risk assessment for practical decision making,” Rel.
Eng. Syst.
Safety, vol. 96, no. 1, pp. 64–74, 2011.
[17] P. D. Ray, R. Harnoor, and M. Hentea, “Smart power grid
security: A
unified risk management approach,” in Proc. IEEE Int.
Carnahan Conf.
Security Technol. (ICCST), San Jose, CA, USA, Oct. 2010, pp.
276–285.
[18] G. L. L. Reniers and V. Cozzani, Domino Effects in the
Process
Industries: Modelling, Prevention and Managing. Waltham, MA,
USA: Elsevier Sci. Technol., 2013.
[19] J. S. Arendt and D. K. Lorenzo, Evaluating Process Safety
in the
Chemical Industry: A User’s Guide to Quantitative Risk
Analysis, vol. 3.
New York, NY, USA: Wiley, 2010.
[20] H.-Y. Tsai and Y.-L. Huang, “An analytic hierarchy
48. process-based risk
assessment method for wireless networks,” IEEE Trans. Rel.,
vol. 60,
no. 4, pp. 801–816, Dec. 2011.
[21] N. Feng and M. Li, “An information systems security risk
assessment
model under uncertain environment,” Appl. Soft Comput., vol.
11, no. 7,
pp. 4332–4340, 2011.
[22] J. Shi, “Security risk assessment about enterprise networks
on the base
of simulated attacks,” Proc. Eng., vol. 24, no. 1, pp. 272–277,
2011.
[23] N. Poolsappasit, R. Dewri, and I. Ray, “Dynamic security
risk man-
agement using Bayesian attack graphs,” IEEE Trans. Depend.
Secure
Comput., vol. 9, no. 1, pp. 61–74, Jan./Feb. 2012.
[24] M. G. Stewart and M. D. Netherton, “Security risks and
probabilistic
risk assessment of glazing subject to explosive blast loading,”
Rel. Eng.
Syst. Safety, vol. 93, no. 4, pp. 627–638, 2008.
[25] P. A. S. Ralston, J. H. Graham, and J. L. Hieb, “Cyber
security risk
assessment for SCADA and DCS networks,” ISA Trans., vol.
46, no. 4,
pp. 583–594, 2007.
[26] A. A. Cárdenas, S. Amin, and S. Sastry, “Research
challenges for the
49. security of control systems,” in Proc. HOTSEC, Berkeley, CA,
USA,
2008, Art. ID 6.
[27] P. Xie, J. H. Li, X. Ou, P. Liu, and R. Levy, “Using
Bayesian networks
for cyber security analysis,” in Proc. IEEE/IFIP Int. Conf.
Depend. Syst.
Netw. (DSN), Chicago, IL, USA, Jun. 2010, pp. 211–220.
[28] K. Wrona and G. Hallingstad, “Real-time automated risk
assessment
in protected core networking,” Telecommun. Syst., vol. 45, nos.
2–3,
pp. 205–214, 2010.
[29] M. Szpyrka, B. Jasiul, K. Wrona, and F. Dziedzic,
“Telecommunications
networks risk assessment with Bayesian networks,” in Computer
Information Systems and Industrial Management (LNCS 8104).
Berlin,
Germany: Springer, 2013, pp. 277–288.
[30] R. Rodriguez, “On qualitative analysis of fault trees using
structurally
persistent nets,” IEEE Trans. Syst., Man, Cybern., Syst., vol.
46, no. 2,
pp. 282–293, Feb. 2016.
[31] Q. Meng and X. Qu, “Uncertainty propagation in
quantitative risk assess-
ment modeling for fire in road tunnels,” IEEE Trans. Syst.,
Man, Cybern.
C, Appl. Rev., vol. 42, no. 6, pp. 1454–1464, Nov. 2012.
[32] E. J. Henley and H. Kumamoto, Reliability Engineering
50. and Risk
Assessment, vol. 193. Englewood Cliffs, NJ, USA: Prentice-
Hall, 1981.
[33] N. R. Commission et al., “Severe accident risks: An
assessment for five
U.S. nuclear power plants,” Div. Syst. Res., U.S. Nucl. Regul.
Comm.,
Washington, DC, USA, Tech. Rep. NUREG-1150, 1990.
[34] M. Stamatelatos et al., “Probabilistic risk assessment
proce-
dures guide for NASA managers and practitioners,” Office
Safety
Mission Assurance, NASA Headquarters, Washington, DC,
USA,
Tech. Rep. NASA/SP-2011-3421, 2011.
[35] J. H. Purba, “A fuzzy-based reliability approach to
evaluate basic
events of fault tree analysis for nuclear power plant
probabilistic safety
assessment,” Ann. Nucl. Energy, vol. 70, pp. 21–29, Aug. 2014.
[36] A. Neri et al., “Developing an event tree for probabilistic
hazard and
risk assessment at Vesuvius,” J. Volcanol. Geoth. Res., vol.
178, no. 3,
pp. 397–415, 2008.
[37] N. Siu, “Risk assessment for dynamic systems: An
overview,” Rel. Eng.
Syst. Safety, vol. 43, no. 1, pp. 43–73, 1994.
[38] H. W. Lewis et al., “Risk assessment review group report
to the U.S.
51. nuclear regulatory commission,” IEEE Trans. Nucl. Sci., vol.
26, no. 5,
pp. 4686–4690, Oct. 1979.
[39] C.-S. Cho, W.-H. Chung, and S.-Y. Kuo, “Cyberphysical
security and
dependability analysis of digital control systems in nuclear
power
plants,” IEEE Trans. Syst., Man, Cybern., Syst., vol. 46, no. 3,
pp. 356–369, Mar. 2016.
[40] M. P. Fanti, G. Iacobellis, and W. Ukovich, “A risk
assessment frame-
work for Hazmat transportation in highways by colored Petri
nets,” IEEE
Trans. Syst., Man, Cybern., Syst., vol. 45, no. 3, pp. 485–495,
Mar. 2015.
[41] C. Alberts, A. Dorofee, J. Stevens, and C. Woody,
Introduction to the
OCTAVE Approach, CERT Coord. Center, Pittsburgh, PA,
USA, 2003.
[42] B. A. Gran, R. Fredriksen, and A. P.-J. Thunem, “An
approach for
model-based risk assessment,” in Computer Safety, Reliability,
and
Security (LNCS 3219), M. Heisel, P. Liggesmeyer, and S.
Wittmann,
Eds. Berlin, Germany: Springer, 2004, pp. 311–324.
[43] J. O. Aagedal et al., “Model-based risk assessment to
improve enter-
prise security,” in Proc. 6th Int. Enterp. Distrib. Object Comput.
Conf. (EDOC), Lausanne, Switzerland, 2002, pp. 51–62.
52. [44] S. H. Houmb, F. den Braber, M. S. Lund, and K. Stølen,
“Towards
a UML profile for model-based risk assessment,” in Proc. Crit.
Syst.
Develop. Workshop (UML), Dresden, Germany, 2002, pp. 79–
91.
[45] D. Codetta-Raiteri and L. Portinale, “Dynamic Bayesian
networks for
fault detection, identification, and recovery in autonomous
spacecraft,”
IEEE Trans. Syst., Man, Cybern., Syst., vol. 45, no. 1, pp. 13–
24,
Jan. 2015.
[46] D. Heckerman, J. S. Breese, and K. Rommelse, “Decision-
theoretic
troubleshooting,” Commun. ACM, vol. 38, no. 3, pp. 49–57,
Mar. 1995.
[47] A. Volkanovski, M. Čepin, and B. Mavko, “Application of
the fault
tree analysis for assessment of power system reliability,” Rel.
Eng. Syst.
Safety, vol. 94, no. 6, pp. 1116–1127, 2009.
[48] I. H. Fajardo and L. Dueñas-Osorio, “Probabilistic study of
cascad-
ing failures in complex interdependent lifeline systems,” Rel.
Eng. Syst.
Safety, vol. 111, pp. 260–272, Mar. 2013.
[49] S. Cheng et al., “Application of fault tree approach for
technical assess-
ment of small-sized biogas systems in Nepal,” Appl. Energy,
vol. 113,
53. pp. 1372–1381, Jan. 2014.
[50] A. Bobbio, L. Portinale, M. Minichino, and E.
Ciancamerla, “Improving
the analysis of dependable systems by mapping fault trees into
Bayesian
networks,” Rel. Eng. Syst. Safety, vol. 71, no. 3, pp. 249–260,
2001.
[51] C. Huang and A. Darwiche, “Inference in belief networks:
A procedural
guide,” Int. J. Approx. Reason., vol. 15, no. 3, pp. 225–263,
1996.
[52] G. F. Cooper, “The computational complexity of
probabilistic infer-
ence using Bayesian belief networks,” Artif. Intell., vol. 42,
nos. 2–3,
pp. 393–405, 1990.
[53] M. Rausand, Risk Assessment: Theory, Methods, and
Applications,
vol. 115. New York, NY, USA: Wiley, 2013.
[54] A. Clinton, Annual Safety Performance Report 2013/14,
Rail Safety
Stand. Board, London, U.K., 2014.
[55] S. Kaplan and B. J. Garrick, “On the quantitative definition
of risk,”
Risk Anal., vol. 1, no. 1, pp. 11–27, 1981.
[56] K. Murphy, “The Bayes net toolbox for MATLAB,”
Comput. Sci. Stat.,
vol. 33, no. 2, pp. 1024–1034, 2001.
54. Qi Zhang received the B.S. degree in automa-
tion from the Huazhong University of Science and
Technology, Wuhan, China, in 2011, where he is
currently pursuing the Ph.D. degree in control sci-
ence and control engineering with the School of
Automation.
His current research interests include risk assess-
ment and decision-making for industrial control
systems.
Chunjie Zhou received the M.S. and Ph.D. degrees
in control theory and control engineering from the
Huazhong University of Science and Technology,
Wuhan, China, in 1991 and 2001, respectively.
He is currently a Professor with the School of
Automation, Huazhong University of Science and
Technology. His current research interests include
safety and security control of industrial control sys-
tems, theory and application of networked control
systems, and artificial intelligence.
Authorized licensed use limited to: Northcentral University.
Downloaded on October 19,2021 at 14:01:47 UTC from IEEE
Xplore. Restrictions apply.
1444 IEEE TRANSACTIONS ON SYSTEMS, MAN, AND
CYBERNETICS: SYSTEMS, VOL. 46, NO. 10, OCTOBER
2016
Naixue Xiong (M’08–SM’12) received the Ph.D.
degree in dependable networks from the Japan
Advanced Institute of Science and Technology,
55. Nomi, Japan, in 2008.
He is current a Full Professor with the Department
of Business and Computer Science, Southwestern
Oklahoma State University, Weatherford, OK,
USA. Before he attends Colorado Technical
University, Colorado Springs, CO, USA, he was with
Wentworth Technology Institution, Georgia State
University, Atlanta, GA, USA, for several years. His
current research interests include cloud computing, security and
dependabil-
ity, parallel and distributed computing, networks, and
optimization theory.
Prof. Xiong has been the General Chair, the Program Chair, the
Publicity
Chair, a Program Chairs and Organization Chairs members of
over 100 inter-
national conferences, and a Reviewer of about 100 international
journals,
including the IEEE JOURNAL ON SELECTED AREAS IN
COMMUNICATIONS,
the IEEE TRANSACTIONS ON SYSTEMS, MAN, AND
CYBERNETICS—PART
A: SYSTEMS AND HUMANS, the IEEE TRANSACTIONS ON
SYSTEMS, MAN,
AND CYBERNETICS—PART B: CYBERNETICS, the IEEE
TRANSACTIONS
ON SYSTEMS, MAN, AND CYBERNETICS—PART C:
APPLICATIONS AND
REVIEWS, the IEEE TRANSACTIONS ON
COMMUNICATIONS, the IEEE
TRANSACTIONS ON MOBILE COMPUTING, and the IEEE
TRANSACTIONS
ON PARALLEL AND DISTRIBUTED SYSTEMS. He serves as
56. the Editor-in-
Chief, an Associate Editor or an Editor Member for over ten
international
journals, an Associate Editor for the IEEE TRANSACTIONS
ON SYSTEMS,
MAN, AND CYBERNETICS: SYSTEMS, the Editor-in-Chief
for the Journal of
Parallel and Cloud Computing, and a Guest Editor for over ten
international
journals, including the Sensor Journal, Journal on Wireless
Networks, and
ACM Springer Mobile Networks and Applications.
Yuanqing Qin received the M.S. and Ph.D. degrees
in control theory and control engineering from the
Huazhong University of Science and Technology,
Wuhan, China, in 2003 and 2007, respectively.
He is currently a Lecturer with the Department
of Control Science and Engineering, Huazhong
University of Science and Technology. His current
research interests include networked control system,
artificial intelligent, and machine vision.
Xuan Li received the B.S. degree in automation
from Dalian Maritime University, Dalian, China,
in 2012. He is currently pursuing the Ph.D. degree
in control science and control engineering with
the School of Automation, Huazhong University of
Science and Technology.
His current research interests include industrial
communication, industrial control system, and asset
assessment.
Shuang Huang received the B.S. and Ph.D. degrees
57. in automation from the Huazhong University of
Science and Technology, Wuhan, China, in 2009 and
2015, respectively.
His current research interests include industrial
communication and industrial control system with
special focus on security.
Authorized licensed use limited to: Northcentral University.
Downloaded on October 19,2021 at 14:01:47 UTC from IEEE
Xplore. Restrictions apply.
<<
/ASCII85EncodePages false
/AllowTransparency false
/AutoPositionEPSFiles false
/AutoRotatePages /None
/Binding /Left
/CalGrayProfile (Gray Gamma 2.2)
/CalRGBProfile (sRGB IEC61966-2.1)
/CalCMYKProfile (U.S. Web Coated 050SWOP051 v2)
/sRGBProfile (sRGB IEC61966-2.1)
/CannotEmbedFontPolicy /Warning
/CompatibilityLevel 1.4
/CompressObjects /Off
/CompressPages true
/ConvertImagesToIndexed true
/PassThroughJPEGImages true
/CreateJobTicket false
/DefaultRenderingIntent /Default
/DetectBlends true
/DetectCurves 0.0000
/ColorConversionStrategy /LeaveColorUnchanged
/DoThumbnails false
/EmbedAllFonts true
/EmbedOpenType false
67. 02000700065007500760065006e0074002000ea00740072006500
20006f007500760065007200740073002000640061006e0073002
0004100630072006f006200610074002c002000610069006e0073
0069002000710075002700410064006f006200650020005200650
06100640065007200200035002e00300020006500740020007600
65007200730069006f006e007300200075006c007400e90072006
900650075007200650073002e>
/ITA (Utilizzare queste impostazioni per creare documenti
Adobe PDF adatti per visualizzare e stampare documenti
aziendali in modo affidabile. I documenti PDF creati possono
essere aperti con Acrobat e Adobe Reader 5.0 e versioni
successive.)
/JPN
<FEFF30d330b830cd30b9658766f8306e8868793a304a30883073
53705237306b90693057305f002000410064006f0062006500200
050004400460020658766f8306e4f5c6210306b4f7f75283057307
e305930023053306e8a2d5b9a30674f5c62103055308c305f00200
05000440046002030d530a130a430eb306f300100410063007200
6f0062006100740020304a30883073002000410064006f0062006
5002000520065006100640065007200200035002e003000204ee5
964d3067958b304f30533068304c3067304d307e3059300230533
06e8a2d5b9a3067306f30d530a930f330c8306e57cb30818fbc307f
3092884c3044307e30593002>
/KOR
<FEFFc7740020c124c815c7440020c0acc6a9d558c5ec0020be44
c988b2c8c2a40020bb38c11cb97c0020c548c815c801c73cb85c00
20bcf4ace00020c778c1c4d558b2940020b3700020ac00c7a50020
c801d569d55c002000410064006f0062006500200050004400460
020bb38c11cb97c0020c791c131d569b2c8b2e4002e0020c774b8
07ac8c0020c791c131b41c00200050004400460020bb38c11cb29
40020004100630072006f0062006100740020bc0f002000410064
006f00620065002000520065006100640065007200200035002e0
0300020c774c0c1c5d0c11c0020c5f40020c2180020c788c2b5b2c
8b2e4002e>
/NLD (Gebruik deze instellingen om Adobe PDF-documenten
te maken waarmee zakelijke documenten betrouwbaar kunnen
68. worden weergegeven en afgedrukt. De gemaakte PDF-
documenten kunnen worden geopend met Acrobat en Adobe
Reader 5.0 en hoger.)
/NOR
<FEFF004200720075006b0020006400690073007300650020006
9006e006e007300740069006c006c0069006e00670065006e0065
002000740069006c002000e50020006f007000700072006500740
0740065002000410064006f006200650020005000440046002d00
64006f006b0075006d0065006e00740065007200200073006f006
d002000650072002000650067006e0065007400200066006f0072
0020007000e5006c006900740065006c006900670020007600690
073006e0069006e00670020006f00670020007500740073006b00
7200690066007400200061007600200066006f007200720065007
4006e0069006e006700730064006f006b0075006d0065006e0074
00650072002e0020005000440046002d0064006f006b0075006d0
065006e00740065006e00650020006b0061006e002000e5007000
6e00650073002000690020004100630072006f006200610074002
00065006c006c00650072002000410064006f0062006500200052
0065006100640065007200200035002e003000200065006c006c0
0650072002e>
/PTB
<FEFF005500740069006c0069007a00650020006500730073006
1007300200063006f006e00660069006700750072006100e700f5
0065007300200064006500200066006f0072006d0061002000610
0200063007200690061007200200064006f00630075006d006500
6e0074006f0073002000410064006f00620065002000500044004
600200061006400650071007500610064006f0073002000700061
0072006100200061002000760069007300750061006c0069007a0
06100e700e3006f002000650020006100200069006d0070007200
650073007300e3006f00200063006f006e0066006900e10076006
50069007300200064006500200064006f00630075006d0065006e
0074006f007300200063006f006d0065007200630069006100690
073002e0020004f007300200064006f00 630075006d0065006e00
74006f00730020005000440046002000630072006900610064006
f007300200070006f00640065006d002000730065007200200061
0062006500720074006f007300200063006f006d0020006f00200
71. consider harm produced by damage or demolition of the object
using quantitative and qualitative parameters. It is based on the
probability of damage or destruction of the facility resulting in
the cascade failure. It can be employed for developing the
information-analytical system aimed to monitor cybersecurity
violations in the energy sector.
Keywords—cybersecurity; critical infrastacture; risk
assessment; intelligent system
I. INTRODUCTION
The Russian energy infrastructure is truly significant, as it
combines power plants and energy systems, including energy
transporting main lines. The critical infrastructures are
currently being explored [1-2]. Because the energy penetrated
all life spheres in the modern society, it is believed to be the
vital component of national security [3]. It is noteworthy, that
energy security (ES) makes an important part of Russia’s
national security. The development of Smart Grid conception
in Russia exacerbates the problem of cybersecurity in energy.
ES threats are traditionally classified into five main groups:
economic, social-political, technogenous, natural and
managerial-legal [4]. This threat list was supplemented with the
cybersecurity threats [2], their implementation possibly
provoking serious emergency situations in energy fraught with
drastic reduction of energy resources to be provided to
consumers.
The rapid spread of the computer environment,
development of information technologies and the trend of
transition to intellectual energy make the cyber threats most
notable tactical threats of ES. As a matter of fact, both
systematic preventive measures of cyber threats averting and
continuous protection updating are underrated. It can lead to
significant long-term deficit of energy supply, which negative
72. impacts depend on cyber threats scale and damage.
Complimented by the reasons above, the authors propose to
create an intelligent system capable to identify risk of
cybersecurity violations in the energy facility based on a risk-
based approach.
II. ENERGY AS AN IMPORTANT CRITICAL
INFRASTRUCTURE
Critical infrastructure is part of civil infrastructure, which
makes up a combination of physical or virtual systems and
means that are important for the country, as their failure or
destruction can trigger disastrous consequences in the fields of
defense, economy, and health and nation security [1].
The requirements for ensuring cybersecurity in the energy
sector were formed in the foreign countries [5]. Actually in
Russia the normative framework for ensuring cybersecurity in
critical infrastructures is beginning to be formed. Information
protection in the automatic process control system in energy is
usually provided on the basis of the Federal Service for
Technical and Export Control of Russia order № 31 [6]. This
order establishes requirements to ensure protection of
information in critical objects from illegal actions, including
computer attacks. The development of the normative
framework of the information protection in critical
infrastructure is that the project stage of the Federal Law “On
the Security of the Critical Information Infrastructure of the
Russian Federation (RF)”. The draft law establishes the main
directions and principles to ensuring security of critical
information infrastructure, the government agent powers of the
RF in this area, and also the rights, duties and responsibilities
of owners, communications, providers and operators and also
state information system operators that provide the functioning