为关键基础设施形式化一个自动化的、对手感知的风险评估过程

2019 IEEE Texas Power and Energy Conference (TPEC) Pub Date : 2019-02-01 DOI:10.1109/TPEC.2019.8662167

Ananth A. Jillepalli, Daniel Conte De Leon, I. A. Oyewumi, J. Alves-Foss, B. Johnson, Clinton L. Jeffery, Y. Chakhchoukh, M. Haney, Frederick T. Sheldon

{"title":"为关键基础设施形式化一个自动化的、对手感知的风险评估过程","authors":"Ananth A. Jillepalli, Daniel Conte De Leon, I. A. Oyewumi, J. Alves-Foss, B. Johnson, Clinton L. Jeffery, Y. Chakhchoukh, M. Haney, Frederick T. Sheldon","doi":"10.1109/TPEC.2019.8662167","DOIUrl":null,"url":null,"abstract":"Cyber-attack attempts against critical infrastructure have been increasing in recent years. In the event of a successful cyber-attack on critical infrastructure, the potential for wide-spread loss of access to a critical resource, like electricity, is high. Automated and adversary-aware risk assessment approaches may be useful in defending the nation’s critical infrastructure. In previous publications, one such approach, HESTIA, was presented. HESTIA stands for High-level, Extensible System for Training and Infrastructure risk Assessment, which is a semi-automatic, adversarial- and specification-based risk assessment system. HESTIA takes a system specification and subjects it to specifications of attack and hardening scenarios to generate a new specification, which can be used for risk assessment of the system. This paper formalizes a part of HESTIA process. We also discuss about HESTIA’s planned utilization.","PeriodicalId":424038,"journal":{"name":"2019 IEEE Texas Power and Energy Conference (TPEC)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Formalizing an Automated, Adversary-aware Risk Assessment Process for Critical Infrastructure\",\"authors\":\"Ananth A. Jillepalli, Daniel Conte De Leon, I. A. Oyewumi, J. Alves-Foss, B. Johnson, Clinton L. Jeffery, Y. Chakhchoukh, M. Haney, Frederick T. Sheldon\",\"doi\":\"10.1109/TPEC.2019.8662167\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cyber-attack attempts against critical infrastructure have been increasing in recent years. In the event of a successful cyber-attack on critical infrastructure, the potential for wide-spread loss of access to a critical resource, like electricity, is high. Automated and adversary-aware risk assessment approaches may be useful in defending the nation’s critical infrastructure. In previous publications, one such approach, HESTIA, was presented. HESTIA stands for High-level, Extensible System for Training and Infrastructure risk Assessment, which is a semi-automatic, adversarial- and specification-based risk assessment system. HESTIA takes a system specification and subjects it to specifications of attack and hardening scenarios to generate a new specification, which can be used for risk assessment of the system. This paper formalizes a part of HESTIA process. We also discuss about HESTIA’s planned utilization.\",\"PeriodicalId\":424038,\"journal\":{\"name\":\"2019 IEEE Texas Power and Energy Conference (TPEC)\",\"volume\":\"50 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE Texas Power and Energy Conference (TPEC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TPEC.2019.8662167\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Texas Power and Energy Conference (TPEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TPEC.2019.8662167","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

近年来，针对关键基础设施的网络攻击一直在增加。一旦对关键基础设施的网络攻击成功，电力等关键资源大面积丧失的可能性很高。自动化和对手感知风险评估方法可能在保卫国家关键基础设施方面有用。在以前的出版物中，提出了一种这样的方法，即HESTIA。HESTIA代表高级、可扩展的培训和基础设施风险评估系统，这是一个半自动、对抗性和基于规范的风险评估系统。HESTIA获取系统规范，并将其置于攻击和强化场景规范中，以生成可用于系统风险评估的新规范。本文形式化了HESTIA流程的一部分。并对HESTIA的计划利用进行了讨论。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Formalizing an Automated, Adversary-aware Risk Assessment Process for Critical Infrastructure

Cyber-attack attempts against critical infrastructure have been increasing in recent years. In the event of a successful cyber-attack on critical infrastructure, the potential for wide-spread loss of access to a critical resource, like electricity, is high. Automated and adversary-aware risk assessment approaches may be useful in defending the nation’s critical infrastructure. In previous publications, one such approach, HESTIA, was presented. HESTIA stands for High-level, Extensible System for Training and Infrastructure risk Assessment, which is a semi-automatic, adversarial- and specification-based risk assessment system. HESTIA takes a system specification and subjects it to specifications of attack and hardening scenarios to generate a new specification, which can be used for risk assessment of the system. This paper formalizes a part of HESTIA process. We also discuss about HESTIA’s planned utilization.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 IEEE Texas Power and Energy Conference (TPEC)

自引率

0.00%

发文量