TY - GEN
T1 - An attack execution model for industrial control systems security assessment
AU - Ismail, Ziad
AU - Leneutre, Jean
AU - Fourati, Alia
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2016.
PY - 2016/1/1
Y1 - 2016/1/1
N2 - The improved communication and remote control capabilities of industrial control systems equipment have increased their attack surface. As a result, managing the security risk became a challenging task. The consequences of attacks in an industrial control system can go beyond targeted equipment to impact services in the industrial process. In addition, the success likelihood of an attack is highly correlated to the attacker profile and his knowledge of the architecture of the system. In this paper, we present the Attack Execution Model (AEM), which is an attack graph representing the evolution of the adversary’s state in the system after each attack step. We are interested in assessing the risk of cyber attacks on an industrial control system before the next maintenance period. Given a specific attacker profile, we generate all potential attacker actions that could be executed in the system. Our tool outputs the probability and the time needed to compromise a target equipment or services in the system.
AB - The improved communication and remote control capabilities of industrial control systems equipment have increased their attack surface. As a result, managing the security risk became a challenging task. The consequences of attacks in an industrial control system can go beyond targeted equipment to impact services in the industrial process. In addition, the success likelihood of an attack is highly correlated to the attacker profile and his knowledge of the architecture of the system. In this paper, we present the Attack Execution Model (AEM), which is an attack graph representing the evolution of the adversary’s state in the system after each attack step. We are interested in assessing the risk of cyber attacks on an industrial control system before the next maintenance period. Given a specific attacker profile, we generate all potential attacker actions that could be executed in the system. Our tool outputs the probability and the time needed to compromise a target equipment or services in the system.
KW - Attack graph
KW - Industrial control systems security
KW - SCADA security
UR - https://www.scopus.com/pages/publications/84977070557
U2 - 10.1007/978-3-319-40385-4_11
DO - 10.1007/978-3-319-40385-4_11
M3 - Conference contribution
AN - SCOPUS:84977070557
SN - 9783319403847
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 157
EP - 167
BT - Security of Industrial Control Systems and Cyber Physical Systems - 1st Workshop, CyberICS 2015 and 1st Workshop, WOS-CPS 2015, Revised Selected Papers
A2 - Cuppens-Boulahia, Nora
A2 - Cuppens, Frederic
A2 - Bécue, Adrien
A2 - Katsikas, Sokratis
A2 - Lambrinoudakis, Costas
PB - Springer Verlag
T2 - 1st Workshop on Cybersecurity of Industrial Control Systems, CyberICS 2015 and 1st Workshop on the Security of Cyber-Physical Systems, WOS-CPS 2015 co-located with 20th European Symposium on Research in Computer Security, ESORICS 2015
Y2 - 21 September 2015 through 22 September 2015
ER -