CVSS Based Attack Analysis using a Graphical Security Model: Review and Smart Grid Case Study

RESEARCH CREW
8:21 05/10/2020

Smart Grid is one of the critical technologies that provide essential services to sustain social and economic developments. There are various cyber attacks on the Smart Grid system in recent years, which resulted in various negative repercussions. Therefore, understanding the characteristics and evaluating the consequences of an attack on the Smart Grid system is essential. The combination of Graphical Security Model (GrSM), including Attack Tree (AT) and Attack Graph (AG), and the Common Vulnerability Score System (CVSS) is a potential technology to analyze attack on Smart Grid system. However, there are a few research works about Smart Grid attack analysis using GrSM and CVSS. In this research, we first conduct a comprehensive study of the existing research on attack analysis using GrSM and CVSS, ranging from (1) Traditional Networks, (2) Emerging Technologies, to (3) Smart Grid. We indicate that the framework for automating security analysis of the Internet of Things is a promising direction for Smart Grid attack analysis using GrSM and CVSS. The framework has been applied to assess security of the Smart Grid system. A case study using the PNNL Taxonomy Feeders R4-12.47-2 and Smart Grid network model with gateways was conducted to validate the utilized framework. Our research is enriched by capturing all potential attack paths and calculating values of selected security metrics during the vulnerability analysis process. Furthermore, AG can be generated automatically. The research can potentially be utilized in Smart Grid cybersecurity training.

TIN LIÊN QUAN
The increasing number of smart contracts has gained significant attention to the urgency of robust and scalable vulnerability detection techniques to mitigate substantial financial risks associated with their immutable nature on blockchain platforms. This paper introduces structured reasoning prompts using agent-role chaining for vulnerability detection without fine-tuning that utilizes model...