International Journal of Critical Infrastructure Protection最新文献_第7页

AKAASH: A realizable authentication, key agreement, and secure handover approach for controller-pilot data link communications AKAASH:一种可实现的控制器-导频数据链路通信的认证、密钥协议和安全切换方法

IF 3.6 3区工程技术

International Journal of Critical Infrastructure Protection Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100619

Suleman Khan, G. S. Gaba, An Braeken, Pardeep Kumar, A. Gurtov

引用次数: 0

Systemic risk mitigation strategy for power grid cascade failures using constrained spectral clustering 基于约束谱聚类的电网级联故障系统风险缓解策略

IF 3.6 3区工程技术

International Journal of Critical Infrastructure Protection Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100622

Mohamed Salama , Wael El-Dakhakhni , Michael Tait

{"title":"Systemic risk mitigation strategy for power grid cascade failures using constrained spectral clustering","authors":"Mohamed Salama , Wael El-Dakhakhni , Michael Tait","doi":"10.1016/j.ijcip.2023.100622","DOIUrl":"https://doi.org/10.1016/j.ijcip.2023.100622","url":null,"abstract":"<div><p>Power grids are prone to damage induced by natural or anthropogenic hazard events that might disrupt the functionality of key/multiple grid components concurrently, resulting in a chain of cascade failures spreading throughout the grid. Through integrating grid operation-guided with structure-driven modeling strategies, the current study proposes an approach to manage the risks of such cascade failure (known as <em>systemic-risks</em><span>) to minimize the possibility of large-scale catastrophic blackouts. The operation-guided modeling strategy is implemented through dispatch and load shedding to rebalance power demand and supply after disruptive events. On the other hand, the grid structure-driven modeling strategy adopted intentional controlled islanding approach through employing a constrained spectral clustering<span><span> algorithm. Introducing the latter algorithm within the integrated (operation + structure) cascade failure model facilitated identifying the optimal cut-set lines to separate the grid into a group of functioning sub-grids following initial failure and prior to cascade propagation. To demonstrate the utility of the developed systemic risk management strategy, an actual power grid was simulated using a high-fidelity physics-based model under different disruption scenarios to compare the cascade failure size with and without strategy implementation, considering different numbers of sub-grids. The simulations demonstrate that the integrated (dispatch & load shedding-controlled islanding) strategy can effectively boost the overall grid robustness, and subsequently its resilience, and effectively manage catastrophic blackout </span>systemic risks.</span></span></p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 ","pages":"Article 100622"},"PeriodicalIF":3.6,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50192875","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Software-Defined Networking approaches for intrusion response in Industrial Control Systems: A survey 工业控制系统中用于入侵响应的软件定义网络方法：综述

IF 3.6 3区工程技术

International Journal of Critical Infrastructure Protection Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100615

Xabier Etxezarreta, Iñaki Garitano, Mikel Iturbe, Urko Zurutuza

{"title":"Software-Defined Networking approaches for intrusion response in Industrial Control Systems: A survey","authors":"Xabier Etxezarreta, Iñaki Garitano, Mikel Iturbe, Urko Zurutuza","doi":"10.1016/j.ijcip.2023.100615","DOIUrl":"https://doi.org/10.1016/j.ijcip.2023.100615","url":null,"abstract":"<div><p>Industrial Control Systems (ICSs) are a key technology for life-sustainability, social development and economic progress used in a wide range of industrial solutions, including Critical Infrastructures (CIs), becoming the primary target for multiple security attacks. With the increase of personalized and sophisticated attacks, the need for new tailored ICS cybersecurity mechanisms has increased exponentially, complying with specific ICS requirements that Information Technology (IT) security systems fail to meet. In this survey, a comprehensive study of ICS intrusion response is conducted, focusing on the use of Software-Defined Networking (SDN) for the development of intrusion response strategies in ICS. With its centralized control plane, increased programmability and global view of the entire network, SDN enables the development of intrusion response solutions that provide a coordinated response to mitigate attacks. Through the survey, an analysis of ICS security requirements and the applicability of SDN is conducted, identifying the advantages and disadvantages compared to traditional networking and protocols. Furthermore, a taxonomy on intrusion response strategies is presented, where different proposals are discussed and categorized according to intrusion response strategy and deployment environment characteristics. Finally, future research directions and challenges are identified.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 ","pages":"Article 100615"},"PeriodicalIF":3.6,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50192978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Assessing the comprehensive importance of power grid nodes based on DEA 基于DEA的电网节点综合重要性评估

IF 3.6 3区工程技术

International Journal of Critical Infrastructure Protection Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100614

Xin Gao , Yunxia Ye , Wenxin Su , Linyan Chen

引用次数: 0

Evaluation of network expansion decisions for resilient interdependent critical infrastructures with different topologies 具有不同拓扑结构的弹性相互依赖关键基础设施的网络扩展决策评估

IF 3.6 3区工程技术

International Journal of Critical Infrastructure Protection Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100623

Achara Tiong, Hector A. Vergara

{"title":"Evaluation of network expansion decisions for resilient interdependent critical infrastructures with different topologies","authors":"Achara Tiong, Hector A. Vergara","doi":"10.1016/j.ijcip.2023.100623","DOIUrl":"https://doi.org/10.1016/j.ijcip.2023.100623","url":null,"abstract":"<div><p><span><span>Resilient interdependent critical infrastructures (CIs) can better withstand cascading failures in disruptive events. This study proposes network expansion as a resilience improvement strategy for interdependent CIs and evaluates the influence of topology in interdependent network design for resilience optimization under disruption uncertainty. A resilience score consisting of network complexity and unmet demand metrics is introduced to quantify the resilience of expanded networks. Five synthetic interdependent network instances with random and hub-and-spoke (i.e., cluster) topologies are generated to represent CIs with heterogeneous node functions. Different network expansion opportunities are considered and critical node disruption scenarios are used to evaluate the impact of uncertain disruptions. We apply a two-stage stochastic multi-objective resilience optimization model to determine strategic investment decisions using the expected total cost and expected resilience score as competing objectives. Compromise solutions of expanded network designs are identified from </span>Pareto optimal solutions and they are characterized according to their graph properties. The results show that expanded networks have improved resilience and the extent of improvement is affected by the </span>network topology<span> and type of disruption. Under critical node disruptions, a random network is more resilient than a hub-and-spoke structure due to its better connectivity. Characteristics of highly connected interdependent networks are high average node degree, high clustering coefficient, and low average shortest path length. Resilience improvement is more limited in expanded networks with a hub-and-spoke structure due to the negative impact of hub failures.</span></p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 ","pages":"Article 100623"},"PeriodicalIF":3.6,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50192877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

CAPTAIN: Community-based Advanced Persistent Threat Analysis in IT Networks CAPTAIN：基于社区的IT网络高级持续威胁分析

IF 3.6 3区工程技术

International Journal of Critical Infrastructure Protection Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100620

Ali Ahmadian Ramaki , Abbas Ghaemi-Bafghi , Abbas Rasoolzadegan

{"title":"CAPTAIN: Community-based Advanced Persistent Threat Analysis in IT Networks","authors":"Ali Ahmadian Ramaki , Abbas Ghaemi-Bafghi , Abbas Rasoolzadegan","doi":"10.1016/j.ijcip.2023.100620","DOIUrl":"https://doi.org/10.1016/j.ijcip.2023.100620","url":null,"abstract":"<div><p>Organizations that possess valuable information assets and critical infrastructure are prone to Advanced Persistent Threats<span> (APTs). The life cycle of this type of modern attack consists of multiple stages called Intrusion Kill Chain (IKC). As one of the most common approaches to deal with these attacks, organizations’ security staff use various heterogeneous security and non-security sensors in different lines of defense (Network, Host, and Application) as the primary detection levels in the monitored IT network to log the attacker’s intrusive activities. They then model their behaviors by using logged events to detect the IKC of APT attacks. However, numerous methods proposed in the literature have three primary drawbacks: 1) the inability to use both security and non-security sensors of the three mentioned detection levels in event correlation analysis, 2) high dependence on expert knowledge in setting up and maintaining common attack patterns, and 3) incapability to provide a visual representation of the attack path for security administrators to better track on-the-fly attacks in a monitored network. This paper presents a system for Community-based Advanced Persistent Threat Analysis in IT Networks (CAPTAIN) to address the aforementioned issues and challenges. The CAPTAIN framework comprises two distinct phases (including 12 different activities) that receive raw events logged by heterogeneous sensors as input and detect possible IKCs of the APT attacks as output. This system implements a novel graph-based attackers’ behavior modeling technique for detecting the IKC of APT attacks by correlating analysis of logged events and leveraging knowledge discovery on the graph. Our evaluation of the two publicly available standard datasets, Bryant and DARPA Transparent Computing, indicates that the CAPTAIN is robust, reliable against high volume events, and can detect the IKC of APT attacks with high accuracy and low false positive rates.</span></p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 ","pages":"Article 100620"},"PeriodicalIF":3.6,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50192878","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A forensics and compliance auditing framework for critical infrastructure protection 用于关键基础设施保护的取证和遵从性审计框架

IF 3.6 3区工程技术

International Journal of Critical Infrastructure Protection Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100613

João Henriques, F. Caldeira, T. Cruz, P. Simões

引用次数: 0

Attacking the grid: Lessons from a guerrilla conflict and efforts for peace in Colombia: 1990–2018 攻击电网：哥伦比亚游击队冲突的教训和和平努力：1990–2018

IF 3.6 3区工程技术

International Journal of Critical Infrastructure Protection Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100621

Jennifer S. Holmes , Agustin Palao , Mercedez Callenes , Neil Ortiz Silva , Alvaro Cardenas

引用次数: 0

A flexible OT testbed for evaluating on-device implementations of IEC-61850 GOOSE 一种用于评估IEC-61850 GOOSE器件实现情况的柔性OT试验台

IF 3.6 3区工程技术

International Journal of Critical Infrastructure Protection Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100618

Matthew Boeding , Michael Hempel , Hamid Sharif , Juan Lopez Jr , Kalyan Perumalla

引用次数: 1

AKAASH: A realizable authentication, key agreement, and secure handover approach for controller-pilot data link communications AKAASH：一种可实现的控制器导频数据链路通信认证、密钥协商和安全切换方法

IF 3.6 3区工程技术

International Journal of Critical Infrastructure Protection Pub Date : 2023-09-01 DOI: 10.1016/j.ijcip.2023.100619

Suleman Khan , Gurjot Singh Gaba , An Braeken , Pardeep Kumar , Andrei Gurtov

{"title":"AKAASH: A realizable authentication, key agreement, and secure handover approach for controller-pilot data link communications","authors":"Suleman Khan , Gurjot Singh Gaba , An Braeken , Pardeep Kumar , Andrei Gurtov","doi":"10.1016/j.ijcip.2023.100619","DOIUrl":"https://doi.org/10.1016/j.ijcip.2023.100619","url":null,"abstract":"<div><p>Controller-Pilot Data Link Communications (CPDLC) are rapidly replacing voice-based Air Traffic Control (ATC) communications worldwide. Being digital, CPDLC is highly resilient and bandwidth efficient, which makes it the best choice for traffic-congested airports. Although CPDLC initially seems to be a perfect solution for modern-day ATC operations, it suffers from serious security issues. For instance, eavesdropping, spoofing, man-in-the-middle, message replay, impersonation attacks, etc. Cyber attacks on the aviation communication network could be hazardous, leading to fatal aircraft incidents and causing damage to individuals, service providers, and the aviation industry. Therefore, we propose a new security model called AKAASH, enabling several paramount security services, such as efficient and robust mutual authentication, key establishment, and a secure handover approach for the CPDLC-enabled aviation communication network. We implement the approach on hardware to examine the practicality of the proposed approach and verify its computational and communication efficiency and efficacy. We investigate the robustness of AKAASH through formal (proverif) and informal security analysis. The analysis reveals that the AKAASH adheres to the CPDLC standards and can easily integrate into the CPDLC framework.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 ","pages":"Article 100619"},"PeriodicalIF":3.6,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50192981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1