Skip to main content
SpringerLink
Log in

A risk assessment model for similar attack scenarios in industrial control system

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Although the expansion of attack types against industrial control systems is limited, the available means that violate the same security strategy emerge endlessly. However, the high availability and real-time requirements of industrial control systems restrict the application of some countermeasures that require massive resources. To solve this problem, this paper proposes a low learning-cost risk assessment model for similar scenarios, which enables the formulation of defense strategies for system risks in advance. To lay the foundation for this method, we firstly aggregate the attack means into limited attack types according to word clustering to address the classification challenge caused by unknown attacks. Then, similarity and statistical methods are combined to predict the next attack type. Subsequently, the hidden Markov model is used to map attack types and security states to obtain the forecasting results of the next security state. Based on this, the risk value is calculated through these prediction and forecasting results, and the system relevance and alert timeliness are considered in the assessment stage. We break the scenario limitations and verify the advantages of our model in a known scenario and another similar scenario with unknown attacks. The experimental results show that our model can deal with unknown attacks in similar scenarios and has excellent scenario migration ability. Meanwhile, the changing trend of the risk value is in consistence with the actual data, which also confirms that the assessment model can forecast the future risk situation of the system accurately and comprehensively.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Data availability

In this paper, the dataset we used is available at https://archive.ll.mit.edu/ideval/data/2000data.html. Readers who are interested in our research can access the dataset.

References

  1. Zhou C, Hu B, Shi Y, Tian Y-C, Li X, Zhao Y (2021) A unified architectural approach for cyberattack-resilient industrial control systems. Proc IEEE 109(4):517–541. https://doi.org/10.1109/JPROC.2020.3034595

    Article  Google Scholar 

  2. Ahmadian MM, Shajari M, Shafiee MA (2020) Industrial control system security taxonomic framework with application to a comprehensive incidents survey. Int J Crit Infrastruct Prot 29:100356. https://doi.org/10.1016/j.ijcip.2020.100356

    Article  Google Scholar 

  3. Lee S, Lee S, Yoo H, Kwon S, Shon T (2018) Design and implementation of cybersecurity testbed for industrial iot systems. J Supercomput 74:4506–4520

    Article  Google Scholar 

  4. Bhamare D, Zolanvari M, Erbad A, Jain R, Khan K, Meskin N (2020) Cybersecurity for industrial control systems: a survey. Comput Secur 89:101677. https://doi.org/10.1016/j.cose.2019.101677

    Article  Google Scholar 

  5. Alladi T, Chamola V, Zeadally S (2020) Industrial Control Systems: Cyberattack trends and countermeasures. Comput Commun 155:1–8. https://doi.org/10.1016/j.comcom.2020.03.007

    Article  Google Scholar 

  6. Asghar MR, Hu Q, Zeadally S (2019) Cybersecurity in industrial control systems: issues, technologies, and challenges. Comput Netw 165:106946. https://doi.org/10.1016/j.comnet.2019.106946

    Article  Google Scholar 

  7. Qassim QS, Jamil N, Daud M, Patel A, Ja’affar N (2019) A review of security assessment methodologies in industrial control systems. Inform Comput Secur 27(1):47–61. https://doi.org/10.1108/ICS-04-2018-0048

    Article  Google Scholar 

  8. Wang Z, Zhang Y, Liu Z, Li T, Chen Y, Yang C, Wang B, Liu Z (2022) A prioritizing interdiction surface-based vulnerability remediation composite metric for industrial control systems. Wirel Commun Mob Comput 2022:1–16. https://doi.org/10.1155/2022/6442778

    Article  Google Scholar 

  9. Shinde PS, Ardhapurkar SB (2016) Cyber security analysis using vulnerability assessment and penetration testing. In: 2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave), pp. 1–5. IEEE, Coimbatore, India. https://doi.org/10.1109/STARTUP.2016.7583912

  10. Muhati E, Rawat DB (2022) Hidden-Markov-model-enabled prediction and visualization of cyber agility in IoT era. IEEE Internet Things J 9(12):9117–9127. https://doi.org/10.1109/JIOT.2021.3056118

    Article  Google Scholar 

  11. Hu H, Liu Y, Zhang H, Zhang Y (2018) Security metric methods for network multistep attacks using AMC and big data correlation analysis. Secur Commun Netw 2018:1–14. https://doi.org/10.1155/2018/5787102

    Article  Google Scholar 

  12. Zhan M, Li Y, Yang X, Cui W, Fan Y (2020) NSAPs: a novel scheme for network security state assessment and attack prediction. Comput Secur 99:102031. https://doi.org/10.1016/j.cose.2020.102031

    Article  Google Scholar 

  13. Albasheer H, Md Siraj M, Mubarakali A, Elsier Tayfour O, Salih S, Hamdan M, Khan S, Zainal A, Kamarudeen S (2022) Cyber-attack prediction based on network intrusion detection systems for alert correlation techniques: a survey. Sensors 22(4):1494. https://doi.org/10.3390/s22041494

    Article  Google Scholar 

  14. Wu M, Moon YB (2020) Alert correlation for detecting cyber-manufacturing attacks and intrusions. J Comput Inf Sci Eng 20(1):011004

    Article  Google Scholar 

  15. Sun J, Gu L, Chen K (2020) An efficient alert aggregation method based on conditional rough entropy and knowledge granularity. Entropy 22(3):324

    Article  MathSciNet  Google Scholar 

  16. Hu H, Liu J, Zhang Y, Liu Y, Xu X, Tan J (2020) Attack scenario reconstruction approach using attack graph and alert data mining. J Inform Secur Appl 54:102522. https://doi.org/10.1016/j.jisa.2020.102522

    Article  Google Scholar 

  17. Mao B, Liu J, Lai Y, Sun M (2021) MIF: a multi-step attack scenario reconstruction and attack chains extraction method based on multi-information fusion. Comput Netw 198:108340. https://doi.org/10.1016/j.comnet.2021.108340

    Article  Google Scholar 

  18. Melo RV, de Macedo DDJ, Kreutz D, De Benedictis A, Fiorenza MM (2022) ISM-AC: an immune security model based on alert correlation and software-defined networking. Int J Inf Secur 21(2):191–205. https://doi.org/10.1007/s10207-021-00550-x

    Article  Google Scholar 

  19. Ahmadian Ramaki A, Rasoolzadegan A, Javan Jafari A (2018) A systematic review on intrusion detection based on the Hidden Markov model. Stat Anal Data Min ASA Data Sci J 11(3):111–134. https://doi.org/10.1002/sam.11377

    Article  MathSciNet  MATH  Google Scholar 

  20. Ahmadian Ramaki A, Rasoolzadegan A (2016) Causal knowledge analysis for detecting and modeling multi-step attacks. Secur Commun Netw 9(18):6042–6065. https://doi.org/10.1002/sec.1756

    Article  Google Scholar 

  21. Wang W, Jiang R, Jia Y, Li A, Chen Y (2017) Kgbiac: knowledge graph based intelligent alert correlation framework. In: Cyberspace Safety and Security: 9th International Symposium, CSS 2017, Xi’an China, October 23–25, 2017, Proceedings, pp. 523–530. Springer

  22. Liang W, Long J, Chen Z, Yan X, Li Y, Zhang Q, Li K-C (2018) A Security Situation Prediction Algorithm Based on HMM in Mobile Network. Wirel Commun Mob Comput 2018:1–11. https://doi.org/10.1155/2018/5380481

    Article  Google Scholar 

  23. Wang C, Li K, He X (2021) Network risk assessment based on baum welch algorithm and HMM. Mobile Netw Appl 26(4):1630–1637. https://doi.org/10.1007/s11036-019-01500-7

    Article  Google Scholar 

  24. Holgado P, Villagra VA, Vazquez L (2020) Real-time multistep attack prediction based on hidden Markov Models. IEEE Trans Dependable Secure Comput 17(1):134–147. https://doi.org/10.1109/TDSC.2017.2751478

    Article  Google Scholar 

  25. Li T, Liu Y, Liu Y, Xiao Y, Nguyen NA (2020) Attack plan recognition using hidden Markov and probabilistic inference. Comput Secur 97:101974. https://doi.org/10.1016/j.cose.2020.101974

    Article  Google Scholar 

  26. Lee C, Ho Chae Y, Hyun Seong P (2021) Development of a method for estimating security state: supporting integrated response to cyber-attacks in NPPs. Ann Nucl Energy 158:108287. https://doi.org/10.1016/j.anucene.2021.108287

    Article  Google Scholar 

  27. Khan MA, Abuhasel KA (2021) An evolutionary multi-hidden markov model for intelligent threat sensing in industrial internet of things. J Supercomput 77(6):6236–6250

    Article  Google Scholar 

  28. Wang T, Zeng P, Zhao J, Liu X, Zhang B (2022) Identification of influential nodes in industrial networks based on structure analysis. Symmetry 14(2):211

    Article  Google Scholar 

  29. Qin Y, Peng Y, Huang K, Zhou C, Tian Y-C (2021) Association analysis-based cybersecurity risk assessment for industrial control systems. IEEE Syst J 15(1):1423–1432. https://doi.org/10.1109/JSYST.2020.3010977

    Article  Google Scholar 

  30. Li S, Zhao S, Yuan Y, Sun Q, Zhang K (2018) Dynamic security risk evaluation via hybrid bayesian risk graph in cyber-physical social systems. IEEE Transact Comput Soc Syst 5(4):1133–1141. https://doi.org/10.1109/TCSS.2018.2858440

    Article  Google Scholar 

  31. Ma Y, Wu Y, Yu D, Ding L, Chen Y (2022) Vulnerability association evaluation of Internet of thing devices based on attack graph. Int J Distrib Sens Netw 18(5):155013292210978. https://doi.org/10.1177/15501329221097817

    Article  Google Scholar 

  32. Hu H, Zhang H, Liu Y, Wang Y (2017) Quantitative method for network security situation based on attack prediction. Secur Commun Netw 2017:1–19. https://doi.org/10.1155/2017/3407642

    Article  Google Scholar 

  33. Humeau-Heurtier A (2015) The multiscale entropy algorithm and its variants: a review. Entropy 17(5):3110–3123. https://doi.org/10.3390/e17053110

    Article  MathSciNet  Google Scholar 

  34. Lorbeer B, Kosareva A, Deva B, Softić D, Ruppel P, Küpper A (2018) Variations on the clustering algorithm BIRCH. Big Data Res 11:44–53. https://doi.org/10.1016/j.bdr.2017.09.002

    Article  Google Scholar 

  35. Mor B, Garhwal S, Kumar A (2021) A systematic review of hidden Markov models and their applications. Archives Comput Methods Eng 28(3):1429–1448. https://doi.org/10.1007/s11831-020-09422-4

    Article  MathSciNet  Google Scholar 

Download references

Funding

This research is funded by the National Key Research and Development Program of China [No. 2021YFB2012400].

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Harbin Institute of Technology, Weihai, 264209, China

    Yaofang Zhang, Zibo Wang, Yingzhou Wang, Tongtong Li, Hongri Liu & Bailing Wang

  2. Aerospace Information Research Institute, Chinese Academy of Sciences, Beijing, 100190, China

    Kuan Lin

  3. School of Cyber Science and Technology, Harbin Institute of Technology, Harbin, 150001, China

    Yaofang Zhang, Zibo Wang, Yingzhou Wang, Tongtong Li & Bailing Wang

  4. Weihai Cyberguard Technologies Co. Ltd, Weihai, 264209, China

    Hongri Liu & Chao Li

Authors
  1. Yaofang Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zibo Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yingzhou Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kuan Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tongtong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Hongri Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Chao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Bailing Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

YZ involved in conceptualization, methodology, investigation, formal analysis and writing—original draft; ZW involved in investigation and writing—original draft; YW involved in visualization and data curation; KL involved in software and validation; TL involved in software and validation; HL involved in supervision and writing—review and editing; CL involved in writing—review and editing; BW involved in funding acquisition, project administration, resources, supervision and writing—review and editing.

Corresponding author

Correspondence to Bailing Wang.

Ethics declarations

Conflict of interest

The authors declare no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, Y., Wang, Z., Wang, Y. et al. A risk assessment model for similar attack scenarios in industrial control system. J Supercomput 79, 15955–15979 (2023). https://doi.org/10.1007/s11227-023-05269-1

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-023-05269-1

Keywords

Search

Navigation