Skip to main content
Springer Nature Link
Log in

CVSS Based Attack Analysis Using a Graphical Security Model: Review and Smart Grid Case Study

  • Conference paper
  • First Online:
Smart Grid and Internet of Things (SGIoT 2020)

Included in the following conference series:

  • 1162 Accesses

Abstract

Smart Grid is one of the critical technologies that provide essential services to sustain social and economic developments. There are various cyber attacks on the Smart Grid system in recent years, which resulted in various negative repercussions. Therefore, understanding the characteristics and evaluating the consequences of an attack on the Smart Grid system is essential. The combination of Graphical Security Model (GrSM), including Attack Tree (AT) and Attack Graph (AG), and the Common Vulnerability Score System (CVSS) is a potential technology to analyze attack on Smart Grid system. However, there are a few research works about Smart Grid attack analysis using GrSM and CVSS. In this research, we first conduct a comprehensive study of the existing research on attack analysis using GrSM and CVSS, ranging from (1) Traditional Networks, (2) Emerging Technologies, to (3) Smart Grid. We indicate that the framework for automating security analysis of the Internet of Things is a promising direction for Smart Grid attack analysis using GrSM and CVSS. The framework has been applied to assess security of the Smart Grid system. A case study using the PNNL Taxonomy Feeders R4-12.47-2 and Smart Grid network model with gateways was conducted to validate the utilized framework. Our research is enriched by capturing all potential attack paths and calculating values of selected security metrics during the vulnerability analysis process. Furthermore, AG can be generated automatically. The research can potentially be utilized in Smart Grid cybersecurity training.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Ghansah, I.: Smart Grid Cyber Security Potential Threats. Interim Project Report. California Energy Commission, Vulnerabilities and Risks (2012)

    Google Scholar 

  2. Christey, S., Martin, R.A.: Vulnerability type distributions in CVE (2007)

    Google Scholar 

  3. Scarfone, K., Mell, P.: An analysis of CVSS version 2 vulnerability scoring. In: 3rd International Symposium on Empirical Software Engineering and Measurement, pp. 516–525. IEEE (2009)

    Google Scholar 

  4. Hong, J.B., Kim, D.S., Chung, C.-J., Huang, D.: A survey on the usability and practical applications of graphical security models. Comput. Sci. Rev. 26, 1–16 (2017)

    Article  MathSciNet  Google Scholar 

  5. Schneier, B.: Secrets and Lies: Digital Security in a Networked World. John Wiley & Sons, Hoboken (2015)

    Book  Google Scholar 

  6. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings: IEEE Symposium on Security and Privacy, pp. 273–284. IEEE (2002)

    Google Scholar 

  7. Hong, J., Kim, D.-S.: Harms: hierarchical attack representation models for network security analysis (2012)

    Google Scholar 

  8. Hong, J.B., Kim, D.S.: Towards scalable security analysis using multi-layered security models. J. Netw. Comput. Appl. 75, 156–168 (2016)

    Article  Google Scholar 

  9. Anoop Singhal, X.O.: Security risk analysis of enterprise networks using probabilistic attack graphs, National Institute of Standards and Technology (NIST), Tech. Rep. (2011)

    Google Scholar 

  10. Hyunchul Joh, Y.K.M.: Defining and assessing quantitative security risk measures using vulnerability lifecycle and CVSS metrics. In: The 2011 International Conference on Security and Management (SAM 2011) (2011)

    Google Scholar 

  11. Cheng, P., Wang, L., Jajodia, S., Singhal, A.: Aggregating CVSS base scores for semantics-rich network security metrics. In: International Symposium on Reliable Distributed Systems (2012)

    Google Scholar 

  12. Poolsappasit, I.R.N., Dewri, R.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secur. Comput. 9(1), 61–74 (2012)

    Article  Google Scholar 

  13. Alhomidi, M., Reed, M.: Attack graph-based risk assessment and optimisation approach. Int. J. Netw. Secur. Appl. 6(3), 31 (2014)

    Google Scholar 

  14. Aksu, M.U., et al.: A quantitative cvss-based cyber security risk assessment methodology for it systems. In: 2017 International Carnahan Conference on Security Technology (ICCST), pp. 1–8 (2017)

    Google Scholar 

  15. Ge, M., Kim, D.S.: A framework for modeling and assessing security of the internet of things. IEEE 21st International Conference on Parallel and Distributed Systems (2015)

    Google Scholar 

  16. Yusuf, S.E., Ge, M., Hong, J.B., Kim, H.K., Kim, P., Kim, D.S.: Security modelling and analysis of dynamic enterprise networks. In:. IEEE International Conference on Computer and Information Technology (CIT), vol. 2016, pp. 249–256 (2016)

    Google Scholar 

  17. Ge, M., Hong, J.B., SeongKim, W.G.D.: A framework for automating security analysis of the internet of things. J. Netw. Comput. Appl. 83, 12–27 (2017)

    Article  Google Scholar 

  18. Li, E.: Quantitative model of attacks on distribution automation systems based on CVSS and attack trees. Information 10(8), 251 (2019)

    Article  Google Scholar 

  19. An, S., et al.: Cloudsafe: a tool for an automated security analysis for cloud computing. In: 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 602–609 (2019)

    Google Scholar 

  20. Eom, T.H., Jin, B., An, S.P., Jong, S., Kim, D.S.: A framework for real-time intrusion response in software defined networking using precomputed graphical security models. Secur. Commun. Netw. (2020)

    Google Scholar 

  21. Beckers, K., Heisel, M., Krautsevich, L., Martinelli, F., Meis, R., Yautsiukhin, A.: Determining the probability of smart grid attacks by combining attack tree and attack graph analysis. In: Cuellar, J. (ed.) SmartGridSec 2014. LNCS, vol. 8448, pp. 30–47. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10329-7_3

    Chapter  Google Scholar 

  22. Wadhawan, Y., Neuman, C., AlMajali, A.: A comprehensive analysis of smart grid systems against cyber-physical attacks. Electronics 7(10), 249 (2018)

    Article  Google Scholar 

  23. Meyur, R.: A Bayesian attack tree based approach to assess cyber-physical security of power system. In: IEEE Texas Power and Energy Conference (TPEC), pp. 1–6 (2020)

    Google Scholar 

  24. Schneider, K., et al.: Analytic considerations and design basis for the IEEE distribution test feeders. IEEE Trans. Power Syst. 33(3), 3181–3188 (2017)

    Article  Google Scholar 

  25. Schneider, K.P., Chen, Y., Chassin, D.P., Pratt, R.G., Engel, D.W., Thompson, S.E.: Modern grid initiative distribution taxonomy final report, Pacific Northwest National Lab. (PNNL), Richland, WA (United States), Tech. Rep. (2008)

    Google Scholar 

  26. Saputro, N., Akkaya, K., Uludag, S.: A survey of routing protocols for smart grid communications. Comput. Netw. 56(11), 2742–2771 (2012)

    Article  Google Scholar 

  27. Colak, I., Sagiroglu, S., Fulli, G., Yesilbudak, M., Covrig, C.-F.: A survey on the critical issues in smart grid technologies. Renew. Sustain. Energy Rev. 54, 396–405 (2016)

    Article  Google Scholar 

  28. Le, T.D., Anwar, A., Beuran, R., Loke, S.W.: Smart grid co-simulation tools: Review and cybersecurity case study. In: 2019 7th International Conference on Smart Grid (icSmartGrid), pp. 39–45. IEEE (2019)

    Google Scholar 

  29. Le, T.D., Anwar, A., Loke, S.W., Beuran, R., Tan, Y.: Gridattacksim: a cyber attack simulation framework for smart grids. Electronics 9(8), 1218 (2020)

    Article  Google Scholar 

  30. Cohen, M.A.: Gridlab-d taxonomy feeder graphs, GridLAB-D Taxonomy Feeder Graphs (2013)

    Google Scholar 

  31. Raza, N., Akbar, M.Q., Soofi, A.A., Akbar, S.: Study of smart grid communication network architectures and technologies. J. Comput. Commun. 7(3), 19–29 (2019)

    Article  Google Scholar 

  32. Clements, S.L., Carroll, T.E., Hadley, M.D.: Home area networks and the smart grid, Pacific Northwest National Lab. (PNNL), Richland, WA (United States), Tech. Rep. (2011)

    Google Scholar 

  33. Blank, R.M.: Guide for conducting risk assessments (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Japan Advanced Institute of Science and Technology, Ishikawa, Japan

    Tan Duy Le, Razvan Beuran & Yasuo Tan

  2. School of Information Technology, Deakin University, Geelong, Australia

    Mengmeng Ge, Adnan Anwar & Seng W. Loke

  3. Information Security Lab, University of Information Technology, Ho Chi Minh City, Vietnam

    Phan The Duy & Hien Do Hoang

  4. Vietnam National University Ho Chi Minh City, Ho Chi Minh City, Vietnam

    Phan The Duy & Hien Do Hoang

Authors
  1. Tan Duy Le
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mengmeng Ge
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Phan The Duy
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hien Do Hoang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Adnan Anwar
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Seng W. Loke
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Razvan Beuran
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Yasuo Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tan Duy Le .

Editor information

Editors and Affiliations

  1. National Chiao Tung University, Hsinchu, Taiwan

    Yi-Bing Lin

  2. National Changhua University of Education, Changhua, Taiwan

    Der-Jiunn Deng

Rights and permissions

Reprints and permissions

Copyright information

© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Duy Le, T. et al. (2021). CVSS Based Attack Analysis Using a Graphical Security Model: Review and Smart Grid Case Study. In: Lin, YB., Deng, DJ. (eds) Smart Grid and Internet of Things. SGIoT 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 354. Springer, Cham. https://doi.org/10.1007/978-3-030-69514-9_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-69514-9_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-69513-2

  • Online ISBN: 978-3-030-69514-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics