A Diversity-Based Substation Cyber Defense Strategy Utilizing Coloring Games

Touhiduzzaman,; Hahn, Adam; Srivastava, Anurag K.

doi:10.1109/tsg.2018.2881672

Cited by 35 publications

(13 citation statements)

References 27 publications

(30 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another two different applications of network diversity for increasing network survivability and reliability were introduced in the contexts of cyber-security [34][35][36][37] and virus contention [38][39][40][41]. In [34,35] attack graphs and attack paths are defined as the ways an attacker can get access to a network asset.…”

Section: Related Workmentioning

confidence: 99%

“…Consequently, the more diverse the types of nodes the more resilient the network in the face of 0-day attacks. In [37], the authors aimed to allocate heterogeneous security mechanisms at the network nodes, thereby making difficult the access of an attacker to a target asset of interest. Their main research idea relied on allocating nodes in such a way that neighbors should not share the same vulnerabilities.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Optimal Multiculture Network Design for Maximizing Resilience in the Face of Multiple Correlated Failures

et al. 2019

View full text Add to dashboard Cite

Current data networks are highly homogeneous because of management, economic, and interoperability reasons. This technological homogeneity introduces shared risks, where correlated failures may entirely disrupt the network operation and impair multiple nodes. In this paper, we tackle the problem of improving the resilience of homogeneous networks, which are affected by correlated node failures, through optimal multiculture network design. Correlated failures regarded here are modeled by SRNG events. We propose three sequential optimization problems for maximizing the network resilience by selecting as different node technologies, which do not share risks, and placing such nodes in a given topology. Results show that in the 75% of real-world network topologies analyzed here, our optimal multiculture design yields networks whose probability that a pair of nodes, chosen at random, are connected is 1, i.e., its ATTR metric is 1. To do so, our method efficiently trades off the network heterogeneity, the number of nodes per technology, and their clustered location in the network. In the remaining 25% of the topologies, whose average node degree was less than 2, such probability was at least 0.7867. This means that both multiculture design and topology connectivity are necessary to achieve network resilience.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Optimal Multiculture Network Design for Maximizing Resilience in the Face of Multiple Correlated Failures

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Fourth, we propose a new technique to tackle this problem and compare it with the proposal made in [44], showing that the new proposal is much more efficient. Finally, the performance evaluation conducted in this paper is more comprehensive, including an analysis of the effect that network metrics have on the achievable risk reduction, and an experimental comparison which the aforementioned work [45], which shows significant advantages for our approaches in terms of risk reduction.…”

Section: Distributed Approximations To Security and Critical Infrastrmentioning

confidence: 99%

“…We did a preliminary exploration of this line of work in the conference paper [44]. After the publication of that work, other authors have recently taken a similar approach [45], although with some key differences. First of all, they study the "resilience-by-design" problem, in the sense that they try to optimize the a priori network diversity so that the overall vulnerability of the network is mitigated.…”

Section: Distributed Approximations To Security and Critical Infrastrmentioning

confidence: 99%

“…In this paper, we have generalized the approach in [44] with both a more detailed model and the use of the graph coloring technique TSC-DSATUR, which we had tested in graph coloring problems in a different domain [48]. As described in Section 2.3, in a very recent work [45], other authors proposed the use of graph coloring techniques in a related setting, to increase the security of a Smart Grid installation by adding diversity in the deployment of security mechanisms. There are some key differences between their work and ours:…”

Section: Comparison Of Tsc-dsatur With Other Relevant Approaches In Tmentioning

confidence: 99%

See 1 more Smart Citation

REACT: reactive resilience for critical infrastructures using graph-coloring techniques

Marsa-Maestre

Giménez-Guzmán

Orden

et al. 2019

Journal of Network and Computer Applications

View full text Add to dashboard Cite

Nowadays society is more and more dependent on critical infrastructures. Critical network infrastructures (CNI) are communication networks whose disruption can create a severe impact. In this paper we propose REACT, a distributed framework for reactive network resilience, which allows networks to reconfigure themselves in the event of a security incidents so that the risk of further damage is mitigated. Our framework takes advantage of a risk model based on multilayer networks, as well as a graph-coloring problem conversion, to identify new, more resilient configurations for networks in the event of an attack. We propose two different solution approaches, and evaluate them from two different perspectives, with a number of centralized optimization techniques. Experiments show that our approaches outperform the reference approaches in terms of risk mitigation and performance. . cover the ability of a network to reconfigure itself in the event of a security incident so that the risk of further damage is mitigated. This is radically different from the usual notions of resilience, where the network is designed so that the attack impact is minimized a priori. For instance, [4] designs cloud-based critical infrastructures so that there are redundancies which minimize the impact of a service disruption. In [5,6] the network is designed so that diversity is maximized, to prevent attacks which affect similar configurations to propagate throughout the network. In contrast, we take advantage of the possibilities of new (semi-)virtualized network infrastructures to perform the network configuration in a reactive manner once the attack has been detected. In this way, the resulting configuration is specific for the location of the attack, hence allowing for a greater risk reduction.In particular, we propose REACT, a distributed framework for reactive network reconfiguration in (semi-) virtualized CNIs over a zero-day attack threat model. This threat model assumes that the specific vulnerabilities used by the attack are unknown to the network operators, and therefore can only be detected by using an anomaly-based IDS (Intrusion Detection System). REACT uses the alert reports from such an IDS, as well as an a priori risk analysis model of the network, to propose a new network configuration (that is, an alternative redeployment of the different components in the network) that will minimize the impact of the incident. It is important to note that, although malicious attacks are not the only challenge to cope with in CNIs, these types of attacks are generally the most harmful ones as they are focused on blocking network services. Network resilience challenges are also different with malicious attacks, human errors or natural disasters [7]: the latter two have a more random and distributed nature, while the former are usually focused on nodes that play an essential role in the network. A more in-depth discussion of related literature, with an emphasis on zero-day resiliency, can be found in Section 2.Our goal is, therefore, to build ...

show abstract