From product recommendation to cyber-attack prediction: generating attack graphs and predicting future attacks

Abstract: Modern information society depends on reliable functionality of information systems infrastructure, while at the same time the number of cyber-attacks has been increasing over the years and damages have been caused. Furthermore, graphs can be used to show paths than can be exploited by attackers to intrude into systems and gain unauthorized access through vulnerability exploitation. This paper presents a method that builds attack graphs using data supplied from the maritime supply chain infrastructure. The met… Show more

“…Its dynamic and collaborative notion derives from an evidence-driven Maritime Supply Chain Risk Assessment (MSCRA) holistic approach [56][57][58], which is implemented towards a step-by-step risk management methodology providing an holistic view of maritime logistics infrastructures and their supply chains, enabling cooperation and risk-handling transparency among supply chain stakeholders and generating unique evidence about risk assessment and mitigation. This is achieved by an open simulation environment that allows the business partners to simulate risks and evaluate risk mitigation actions.…”

“…The identification and analysis of composite interdependencies between supply chain entities and their cyber-assets drive the process of assessing the propagation of incidents through multiple ICT networks. An application of game-theoretic algorithms yields the recognition of optimal mitigation actions, capturing a worst-case scenario damage for the defender, based on the game-theoretic risk management approach described in Reference [59], the mathematical module for uncertain payoffs described in Reference [60] and potential attack strategies presented in References [57,58,61]. In this context, the MITIGATE methodology focuses on the following objectives:…”

“…This MITIGATE service provides guidance to the MLoSC operators to assess and organize the cybersecurity issues associated with the supply chain services in which they are involved. Moreover, the MITIGATE system encompasses and executes an evaluation process that implements the main steps of the proposed MSCRA approach [56][57][58]61]. Furthermore, MLoSC operators, such as Port employees, SCADA operators, forwarders, Port Authorities, shipping and carrier agencies, can use this service to identify and measure all relevant cyber threats, vulnerabilities, assess the possible impacts and derive and prioritize the corresponding risks.…”

“…Moreover, the mapping of attacker's capability with respect to the asset-vulnerability combination provides the likelihood that an attacker may be able to exploit a specific vulnerability. This estimation relies on a qualitative nature of a five-tier nominal scale, which is thoroughly analyzed in References [56][57][58]: (i) "Very High" (VH) risk is expected to occur within the assets of the business partner with very high probability and an incident has been realized more than once in the last year (12 month period); (ii) "High" (H) risk is expected to occur within the assets of the business partner with high probability and an incident has been realized once in the last 1 year (12 month period); (iii) "Moderate" (M) risk is expected to occur within the assets of the business partner with moderate probability, where more than one incident has been realized over the last 2 years; (iv) "Low" (L) risk is expected to occur within the assets of the business partner with low probability, where at most one incident has been realized over the last 2 years; (v) "Very Low" (VL) risk is expected to occur within the assets of the business partner with very low probability, where at most one incident or no incident has been realized over the last 3 years. To classify the asset's risk, the worst-case scenario of the vulnerability risks per asset is used to introduce the "Dominant Individual Risk Level", which is additionally visualized by a Risk Analysis Diagram.…”

“…MLoSC interdependent assets can be increasingly affected by multi-stage targeted cyber-attacks (such as Stuxnet, Duqu, and Flame) using this cross-organizational dependency as a stepping stone to reach the actual target. MITIGATE implements an attack-path discovery method [57,58,61] that relies on unique characteristics, such as the attacker's location, the attacker's capability, assets interdependencies and which the entry and target points are in order to return all attack paths that exist in the examined supply chains. The service supports the calculation and rendering of all the relevant attack graphs representing the different paths a cyber-attacker can follow to reach and harm a target asset.…”

A Novel Risk Assessment Methodology for SCADA Maritime Logistics Environments

“…Its dynamic and collaborative notion derives from an evidence-driven Maritime Supply Chain Risk Assessment (MSCRA) holistic approach [56][57][58], which is implemented towards a step-by-step risk management methodology providing an holistic view of maritime logistics infrastructures and their supply chains, enabling cooperation and risk-handling transparency among supply chain stakeholders and generating unique evidence about risk assessment and mitigation. This is achieved by an open simulation environment that allows the business partners to simulate risks and evaluate risk mitigation actions.…”

“…The identification and analysis of composite interdependencies between supply chain entities and their cyber-assets drive the process of assessing the propagation of incidents through multiple ICT networks. An application of game-theoretic algorithms yields the recognition of optimal mitigation actions, capturing a worst-case scenario damage for the defender, based on the game-theoretic risk management approach described in Reference [59], the mathematical module for uncertain payoffs described in Reference [60] and potential attack strategies presented in References [57,58,61]. In this context, the MITIGATE methodology focuses on the following objectives:…”

“…This MITIGATE service provides guidance to the MLoSC operators to assess and organize the cybersecurity issues associated with the supply chain services in which they are involved. Moreover, the MITIGATE system encompasses and executes an evaluation process that implements the main steps of the proposed MSCRA approach [56][57][58]61]. Furthermore, MLoSC operators, such as Port employees, SCADA operators, forwarders, Port Authorities, shipping and carrier agencies, can use this service to identify and measure all relevant cyber threats, vulnerabilities, assess the possible impacts and derive and prioritize the corresponding risks.…”

“…Moreover, the mapping of attacker's capability with respect to the asset-vulnerability combination provides the likelihood that an attacker may be able to exploit a specific vulnerability. This estimation relies on a qualitative nature of a five-tier nominal scale, which is thoroughly analyzed in References [56][57][58]: (i) "Very High" (VH) risk is expected to occur within the assets of the business partner with very high probability and an incident has been realized more than once in the last year (12 month period); (ii) "High" (H) risk is expected to occur within the assets of the business partner with high probability and an incident has been realized once in the last 1 year (12 month period); (iii) "Moderate" (M) risk is expected to occur within the assets of the business partner with moderate probability, where more than one incident has been realized over the last 2 years; (iv) "Low" (L) risk is expected to occur within the assets of the business partner with low probability, where at most one incident has been realized over the last 2 years; (v) "Very Low" (VL) risk is expected to occur within the assets of the business partner with very low probability, where at most one incident or no incident has been realized over the last 3 years. To classify the asset's risk, the worst-case scenario of the vulnerability risks per asset is used to introduce the "Dominant Individual Risk Level", which is additionally visualized by a Risk Analysis Diagram.…”

“…MLoSC interdependent assets can be increasingly affected by multi-stage targeted cyber-attacks (such as Stuxnet, Duqu, and Flame) using this cross-organizational dependency as a stepping stone to reach the actual target. MITIGATE implements an attack-path discovery method [57,58,61] that relies on unique characteristics, such as the attacker's location, the attacker's capability, assets interdependencies and which the entry and target points are in order to return all attack paths that exist in the examined supply chains. The service supports the calculation and rendering of all the relevant attack graphs representing the different paths a cyber-attacker can follow to reach and harm a target asset.…”

A Novel Risk Assessment Methodology for SCADA Maritime Logistics Environments

Enhancing Security in Cloud Computing Using Artificial Intelligence ( AI )

Challenges and Issues in Risk Assessment in Modern Maritime Systems