Abstract
Although the expansion of attack types against industrial control systems is limited, the available means that violate the same security strategy emerge endlessly. However, the high availability and real-time requirements of industrial control systems restrict the application of some countermeasures that require massive resources. To solve this problem, this paper proposes a low learning-cost risk assessment model for similar scenarios, which enables the formulation of defense strategies for system risks in advance. To lay the foundation for this method, we firstly aggregate the attack means into limited attack types according to word clustering to address the classification challenge caused by unknown attacks. Then, similarity and statistical methods are combined to predict the next attack type. Subsequently, the hidden Markov model is used to map attack types and security states to obtain the forecasting results of the next security state. Based on this, the risk value is calculated through these prediction and forecasting results, and the system relevance and alert timeliness are considered in the assessment stage. We break the scenario limitations and verify the advantages of our model in a known scenario and another similar scenario with unknown attacks. The experimental results show that our model can deal with unknown attacks in similar scenarios and has excellent scenario migration ability. Meanwhile, the changing trend of the risk value is in consistence with the actual data, which also confirms that the assessment model can forecast the future risk situation of the system accurately and comprehensively.
Similar content being viewed by others
Data availability
In this paper, the dataset we used is available at https://archive.ll.mit.edu/ideval/data/2000data.html. Readers who are interested in our research can access the dataset.
References
Zhou C, Hu B, Shi Y, Tian Y-C, Li X, Zhao Y (2021) A unified architectural approach for cyberattack-resilient industrial control systems. Proc IEEE 109(4):517–541. https://doi.org/10.1109/JPROC.2020.3034595
Ahmadian MM, Shajari M, Shafiee MA (2020) Industrial control system security taxonomic framework with application to a comprehensive incidents survey. Int J Crit Infrastruct Prot 29:100356. https://doi.org/10.1016/j.ijcip.2020.100356
Lee S, Lee S, Yoo H, Kwon S, Shon T (2018) Design and implementation of cybersecurity testbed for industrial iot systems. J Supercomput 74:4506–4520
Bhamare D, Zolanvari M, Erbad A, Jain R, Khan K, Meskin N (2020) Cybersecurity for industrial control systems: a survey. Comput Secur 89:101677. https://doi.org/10.1016/j.cose.2019.101677
Alladi T, Chamola V, Zeadally S (2020) Industrial Control Systems: Cyberattack trends and countermeasures. Comput Commun 155:1–8. https://doi.org/10.1016/j.comcom.2020.03.007
Asghar MR, Hu Q, Zeadally S (2019) Cybersecurity in industrial control systems: issues, technologies, and challenges. Comput Netw 165:106946. https://doi.org/10.1016/j.comnet.2019.106946
Qassim QS, Jamil N, Daud M, Patel A, Ja’affar N (2019) A review of security assessment methodologies in industrial control systems. Inform Comput Secur 27(1):47–61. https://doi.org/10.1108/ICS-04-2018-0048
Wang Z, Zhang Y, Liu Z, Li T, Chen Y, Yang C, Wang B, Liu Z (2022) A prioritizing interdiction surface-based vulnerability remediation composite metric for industrial control systems. Wirel Commun Mob Comput 2022:1–16. https://doi.org/10.1155/2022/6442778
Shinde PS, Ardhapurkar SB (2016) Cyber security analysis using vulnerability assessment and penetration testing. In: 2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave), pp. 1–5. IEEE, Coimbatore, India. https://doi.org/10.1109/STARTUP.2016.7583912
Muhati E, Rawat DB (2022) Hidden-Markov-model-enabled prediction and visualization of cyber agility in IoT era. IEEE Internet Things J 9(12):9117–9127. https://doi.org/10.1109/JIOT.2021.3056118
Hu H, Liu Y, Zhang H, Zhang Y (2018) Security metric methods for network multistep attacks using AMC and big data correlation analysis. Secur Commun Netw 2018:1–14. https://doi.org/10.1155/2018/5787102
Zhan M, Li Y, Yang X, Cui W, Fan Y (2020) NSAPs: a novel scheme for network security state assessment and attack prediction. Comput Secur 99:102031. https://doi.org/10.1016/j.cose.2020.102031
Albasheer H, Md Siraj M, Mubarakali A, Elsier Tayfour O, Salih S, Hamdan M, Khan S, Zainal A, Kamarudeen S (2022) Cyber-attack prediction based on network intrusion detection systems for alert correlation techniques: a survey. Sensors 22(4):1494. https://doi.org/10.3390/s22041494
Wu M, Moon YB (2020) Alert correlation for detecting cyber-manufacturing attacks and intrusions. J Comput Inf Sci Eng 20(1):011004
Sun J, Gu L, Chen K (2020) An efficient alert aggregation method based on conditional rough entropy and knowledge granularity. Entropy 22(3):324
Hu H, Liu J, Zhang Y, Liu Y, Xu X, Tan J (2020) Attack scenario reconstruction approach using attack graph and alert data mining. J Inform Secur Appl 54:102522. https://doi.org/10.1016/j.jisa.2020.102522
Mao B, Liu J, Lai Y, Sun M (2021) MIF: a multi-step attack scenario reconstruction and attack chains extraction method based on multi-information fusion. Comput Netw 198:108340. https://doi.org/10.1016/j.comnet.2021.108340
Melo RV, de Macedo DDJ, Kreutz D, De Benedictis A, Fiorenza MM (2022) ISM-AC: an immune security model based on alert correlation and software-defined networking. Int J Inf Secur 21(2):191–205. https://doi.org/10.1007/s10207-021-00550-x
Ahmadian Ramaki A, Rasoolzadegan A, Javan Jafari A (2018) A systematic review on intrusion detection based on the Hidden Markov model. Stat Anal Data Min ASA Data Sci J 11(3):111–134. https://doi.org/10.1002/sam.11377
Ahmadian Ramaki A, Rasoolzadegan A (2016) Causal knowledge analysis for detecting and modeling multi-step attacks. Secur Commun Netw 9(18):6042–6065. https://doi.org/10.1002/sec.1756
Wang W, Jiang R, Jia Y, Li A, Chen Y (2017) Kgbiac: knowledge graph based intelligent alert correlation framework. In: Cyberspace Safety and Security: 9th International Symposium, CSS 2017, Xi’an China, October 23–25, 2017, Proceedings, pp. 523–530. Springer
Liang W, Long J, Chen Z, Yan X, Li Y, Zhang Q, Li K-C (2018) A Security Situation Prediction Algorithm Based on HMM in Mobile Network. Wirel Commun Mob Comput 2018:1–11. https://doi.org/10.1155/2018/5380481
Wang C, Li K, He X (2021) Network risk assessment based on baum welch algorithm and HMM. Mobile Netw Appl 26(4):1630–1637. https://doi.org/10.1007/s11036-019-01500-7
Holgado P, Villagra VA, Vazquez L (2020) Real-time multistep attack prediction based on hidden Markov Models. IEEE Trans Dependable Secure Comput 17(1):134–147. https://doi.org/10.1109/TDSC.2017.2751478
Li T, Liu Y, Liu Y, Xiao Y, Nguyen NA (2020) Attack plan recognition using hidden Markov and probabilistic inference. Comput Secur 97:101974. https://doi.org/10.1016/j.cose.2020.101974
Lee C, Ho Chae Y, Hyun Seong P (2021) Development of a method for estimating security state: supporting integrated response to cyber-attacks in NPPs. Ann Nucl Energy 158:108287. https://doi.org/10.1016/j.anucene.2021.108287
Khan MA, Abuhasel KA (2021) An evolutionary multi-hidden markov model for intelligent threat sensing in industrial internet of things. J Supercomput 77(6):6236–6250
Wang T, Zeng P, Zhao J, Liu X, Zhang B (2022) Identification of influential nodes in industrial networks based on structure analysis. Symmetry 14(2):211
Qin Y, Peng Y, Huang K, Zhou C, Tian Y-C (2021) Association analysis-based cybersecurity risk assessment for industrial control systems. IEEE Syst J 15(1):1423–1432. https://doi.org/10.1109/JSYST.2020.3010977
Li S, Zhao S, Yuan Y, Sun Q, Zhang K (2018) Dynamic security risk evaluation via hybrid bayesian risk graph in cyber-physical social systems. IEEE Transact Comput Soc Syst 5(4):1133–1141. https://doi.org/10.1109/TCSS.2018.2858440
Ma Y, Wu Y, Yu D, Ding L, Chen Y (2022) Vulnerability association evaluation of Internet of thing devices based on attack graph. Int J Distrib Sens Netw 18(5):155013292210978. https://doi.org/10.1177/15501329221097817
Hu H, Zhang H, Liu Y, Wang Y (2017) Quantitative method for network security situation based on attack prediction. Secur Commun Netw 2017:1–19. https://doi.org/10.1155/2017/3407642
Humeau-Heurtier A (2015) The multiscale entropy algorithm and its variants: a review. Entropy 17(5):3110–3123. https://doi.org/10.3390/e17053110
Lorbeer B, Kosareva A, Deva B, Softić D, Ruppel P, Küpper A (2018) Variations on the clustering algorithm BIRCH. Big Data Res 11:44–53. https://doi.org/10.1016/j.bdr.2017.09.002
Mor B, Garhwal S, Kumar A (2021) A systematic review of hidden Markov models and their applications. Archives Comput Methods Eng 28(3):1429–1448. https://doi.org/10.1007/s11831-020-09422-4
Funding
This research is funded by the National Key Research and Development Program of China [No. 2021YFB2012400].
Author information
Authors and Affiliations
Contributions
YZ involved in conceptualization, methodology, investigation, formal analysis and writing—original draft; ZW involved in investigation and writing—original draft; YW involved in visualization and data curation; KL involved in software and validation; TL involved in software and validation; HL involved in supervision and writing—review and editing; CL involved in writing—review and editing; BW involved in funding acquisition, project administration, resources, supervision and writing—review and editing.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Zhang, Y., Wang, Z., Wang, Y. et al. A risk assessment model for similar attack scenarios in industrial control system. J Supercomput 79, 15955–15979 (2023). https://doi.org/10.1007/s11227-023-05269-1
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-023-05269-1