GVScan: Scanning Networks for Global Vulnerabilities

Baiardi, Fabrizio; Corò, Fabio; Tonelli, Federico; Guidi, Luca

doi:10.1109/ares.2013.88

Cited by 13 publications

(5 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore global graph measures such as the number of vertices and edges have been introduced to study network connectivity performance under different attack strategies (Holme et al 2002). Applications of such theories can be found in the Information & Communication Technology (ICT) and the power sectors where fictional or real networks are studied (Baiardi & Corò 2013;Bompard et al 2013;Mao et al 2009;Matisziw et al 2009).…”

Section: Infrastructure Network Vulnerabilitymentioning

confidence: 99%

The spatial exposure of the Chinese infrastructure system to flooding and drought hazards

Shi

Lim

2015

Nat Hazards

View full text Add to dashboard Cite

Recent rapid urbanisation means that China has invested in an enormous amount of infrastructure, much of which is vulnerable to natural hazards. This paper investigates from a spatial perspective how the Chinese infrastructure system is exposed to flooding and drought hazards. Infrastructure exposure across three different sectorsenergy, transport and wasteis considered. With a database of 10,561 nodes and 2,863 edges that make up the three infrastructure networks, we develop a methodology assigning the number of users to individual infrastructure assets and conduct hotspot analysis by applying the Kernel density estimator. We find that infrastructure assets in Anhui,

show abstract

Section: Infrastructure Network Vulnerabilitymentioning

confidence: 99%

The spatial exposure of the Chinese infrastructure system to flooding and drought hazards

Shi

Lim

2015

Nat Hazards

View full text Add to dashboard Cite

show abstract

“…The builder deduces from the CVE description of v and from its common vulnerability scoring system score other attributes of the attacks that v enables such as the pre‐condition and post‐condition, the success probabilities and the execution time. We refer to for a detailed discussion of the current implementation of the builder and the accuracy of the classification.…”

Section: Haruspex Suite: Risk Assessmentmentioning

confidence: 99%

“…Haruspex is a suite of tools that supports the proposed approach. Some tools of the suite build the infrastructure, and the agent models starting from the output of a vulnerability scanning and by interacting with the user.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Iterative selection of countermeasures for intelligent threat agents

2015

Self Cite

View full text Add to dashboard Cite

We describe a model-based approach to select cost-effective countermeasures for an information and communication technology infrastructure under attack by intelligent agents. Each agent tries to reach some predefined goals through a sequence of attacks. The proposed approach builds the models of the infrastructure and of the agents, and then it applies a Monte Carlo method that runs multiple, independent simulations of the agent attacks. These simulations produce a statistical sample that is used to assess the risk. The selection of countermeasures works in an iterative way where each iteration selects some countermeasures and applies the Monte Carlo method to evaluate any residual risk. In this way, it takes into account that an intelligent agent may select distinct attacks to replace those affected by the countermeasures. To improve cost effectiveness, the selection focuses on useful attacks to reach a goal. The Haruspex suite is an integrated set of tool to support this approach. Some of its tools build the models of the agents and the one of the system. Another tool uses these models to apply the Monte Carlo method and simulate the agent attacks. This tool is iteratively invoked by the one that select countermeasures. We describe the adoption of the suite to assess and manage the risk of three industrial control system

show abstract

“…We discuss the design of GVScan (Baiardi et al 2013a), our tool that builds the description of the target system, of its components, their vulnerabilities and the corresponding attacks. Since most of the scenarios of interest for an assessment differ because of the agents, the availability of a tool such as GVScan strongly reduces the complexity of the assessment.…”

Section: Building the Scenario Descriptionmentioning

confidence: 99%

Simulating Attack Plans Against ICT Infrastructures

Baiardi

Corò

Tonelli

et al. 2014

Vulnerability, Uncertainty, and Risk

Self Cite

View full text Add to dashboard Cite

Goal-oriented, rational threat agents attack a complex ICT infrastructure by composing elementary attacks against distinct components into an attack chain or attack plan. To compute statistics on the success probabilities of these plans, we have designed and implemented Haruspex, a tool that implements a Monte Carlo method by simulating the agent plans. A proper set of Haruspex experiments returns a set of data to compute statistics on the agent plans and their success probabilities even before deploying a system. In this way, we can assess with high confidence the robustness of a system and the risk it poses by considering scenarios where it is attacked by a set of agent. To fully automate the assessment, we have developed GVScan, a tool that maps the output of a vulnerability scanning into the inputs of Haruspex. This paper describes both Haruspex and GVScan and their adoption to assess the control plant of a power generation system.

show abstract

GVScan: Scanning Networks for Global Vulnerabilities

Cited by 13 publications

References 9 publications

The spatial exposure of the Chinese infrastructure system to flooding and drought hazards

The spatial exposure of the Chinese infrastructure system to flooding and drought hazards

Iterative selection of countermeasures for intelligent threat agents

Simulating Attack Plans Against ICT Infrastructures

Contact Info

Product

Resources

About