skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Inferring adversarial behaviour in cyber‐physical power systems using a Bayesian attack graph approach

Journal Article · · IET Cyber-Physical Systems: Theory & Applications
DOI:https://doi.org/10.1049/cps2.12047· OSTI ID:1924131
ORCiD logo [1];  [1]
  1. Electrical and Computer Engineering Texas A&,M University College Station Texas USA
+ Show Author Affiliations

Abstract Highly connected smart power systems are subject to increasing vulnerabilities and adversarial threats. Defenders need to proactively identify and defend new high‐risk access paths of cyber intruders that target grid resilience. However, cyber‐physical risk analysis and defense in power systems often requires making assumptions on adversary behaviour, and these assumptions can be wrong. Thus, this work examines the problem of inferring adversary behaviour in power systems to improve risk‐based defense and detection. To achieve this, a Bayesian approach for inference of the Cyber‐Adversarial Power System (Bayes‐CAPS) is proposed that uses Bayesian networks (BNs) to define and solve the inference problem of adversarial movement in the grid infrastructure towards targets of physical impact. Specifically, BNs are used to compute conditional probabilities to queries, such as the probability of observing an event given a set of alerts. Bayes‐CAPS builds initial Bayesian attack graphs for realistic power system cyber‐physical models. These models are adaptable using collected data from the system under study. Then, Bayes‐CAPS computes the posterior probabilities of the occurrence of a security breach event in power systems. Experiments are conducted that evaluate algorithms based on time complexity, accuracy and impact of evidence for different scales and densities of network. The performance is evaluated and compared for five realistic cyber‐physical power system models of increasing size and complexities ranging from 8 to 300 substations based on computation and accuracy impacts.

Sponsoring Organization:
USDOE
Grant/Contract Number:
DE‐OE0000895
OSTI ID:
1924131
Alternate ID(s):
OSTI ID: 1924132
Journal Information:
IET Cyber-Physical Systems: Theory & Applications, Journal Name: IET Cyber-Physical Systems: Theory & Applications Vol. 8 Journal Issue: 2; ISSN 2398-3396
Publisher:
Institution of Engineering and Technology (IET)Copyright Statement
Country of Publication:
United Kingdom
Language:
English

References (35)

Graphical Inference for Multiple Intrusion Detection journal September 2008
Dynamic Security Risk Management Using Bayesian Attack Graphs journal January 2012
Routing the Cyber-Attack Path with the Bayesian Network Deducing Approach conference October 2017
Recognizing Intrusive Intention Based on Dynamic Bayesian Networks conference May 2009
Probabilistic Networks and Expert Systems journal February 2001
A Cyber-Physical Modeling and Assessment Framework for Power Grid Infrastructures journal September 2015
Cyber security in the Smart Grid: Survey and challenges journal April 2013
Automated Generation of Attack Graphs Using NVD conference March 2018
An Approach to Incorporating Uncertainty in Network Security Analysis conference April 2017
Measuring Network Security Using Bayesian Network-Based Attack Graphs conference January 2008
Factor graphs and the sum-product algorithm journal January 2001
Grid Structural Characteristics as Validation Criteria for Synthetic Networks journal July 2017
Dealing with Uncertainty: A Survey of Theories and Practices journal November 2013
Firewall Configuration and Path Analysis for SmartGrid Networks conference May 2020
A Framework for an Adaptive Intrusion Detection System using Bayesian Network conference May 2007
Automatic Generation Algorithm of Penetration Graph in Penetration Testing conference November 2014
A Cyber Topology Model for the Texas 2000 Synthetic Electric Power Grid conference October 2019
Probabilistic Model-Based Diagnosis: An Electrical Power System Case Study journal September 2010
Intensive Use of Bayesian Belief Networks for the Unified, Flexible and Adaptable Analysis of Misuses and Anomalies in Network Intrusion Detection and Prevention Systems conference September 2007
A Practical Approach to Constructing a Knowledge Graph for Cybersecurity journal February 2018
A Method for Information Security Risk Assessment Based on the Dynamic Bayesian Network conference July 2016
Generalized Contingency Analysis Based on Graph Theory and Line Outage Distribution Factor journal March 2022
Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach journal March 2022
Man‐in‐the‐middle attacks and defence in a power system cyber‐physical testbed journal June 2021
Using attack graphs and intrusion evidences to extrapolate network security state conference August 2009
Measuring network security using dynamic bayesian network conference January 2008
CAPTAR: Causal-Polytree-based Anomaly Reasoning for SCADA Networks conference October 2019
Cyber‐physical component ranking for risk sensitivity analysis using betweenness centrality journal April 2021
On Estimation of Equipment Failures in Electric Distribution Systems Using Bayesian Inference conference January 2021
Exact Inference Techniques for the Analysis of Bayesian Attack Graphs journal March 2019
Cyber-Physical models for power grid security analysis: 8-substation case conference November 2016
Mitigating TCP Congestion: A Coordinated Cyber and Physical Approach conference November 2021
Planning based on Dynamic Bayesian Network algorithm using dynamic programming and variable elimination conference February 2009
Structural Learning Techniques for Bayesian Attack Graphs in Cyber Physical Power Systems conference February 2021
Multi-Source Multi-Domain Data Fusion for Cyberattack Detection in Power Systems journal January 2021

Similar Records

Related Subjects