Publications
161 results found
Barrère M, Hankin C, O'Reilly D, 2023, Cyber-physical attack graphs (CPAGs): Composable and scalable attack graphs for cyber-physical systems., Comput. Secur., Vol: 132, Pages: 103348-103348
Barrère M, Hankin C, OReilly D, 2023, Cyber-physical attack graphs (CPAGs): Composable and scalable attack graphs for cyber-physical systems, Computers & Security, Vol: 132, Pages: 1-13, ISSN: 0167-4048
Attack graphs are a fundamental security tool focused on depicting how multi-stage attacks can be carried out through a network to compromise specific assets and systems. While attack graphs have been widely utilised in the IT cyber domain, their use in Operational Technology (OT) environments requires new approaches able to properly model and analyse Cyber-Physical Systems (CPS). In this paper, we introduce Cyber-Physical Attack Graphs (CPAGs) as a class of attack graphs able to cover both cyber and physical aspects. CPAGs aim at extending the reach of standard attack graphs to cyber-physical networks typically observed in industrial environments and critical infrastructure systems, analyse how an attacker can move within the network, and understand the impact that these actions may have on the system. We propose a constructive methodology to design CPAGs backed up by a formal rule-based approach that specifies how integral parts of the model can be generated and later composed to build more complex CPAGs. We then explore the semantics of CPAGs associated to cyber and physical attack actions as well as their impact on CPS environments. We also discuss potential CPAG-based analysis techniques and focus on risk analysis using Bayesian CPAGs. Finally, we show the application of the proposed model over a realistic scenario on smart farming using our open source tool T-CITY.
Sonmez FO, Hankin C, Malacaria P, 2022, Attack Dynamics: An Automatic Attack Graph Generation Framework Based on System Topology, CAPEC, CWE, and CVE Databases, COMPUTERS & SECURITY, Vol: 123, ISSN: 0167-4048
- Author Web Link
- Cite
- Citations: 1
Sonmez FO, Hankin C, Malacaria P, 2022, Decision support for healthcare cyber security, COMPUTERS & SECURITY, Vol: 122, ISSN: 0167-4048
- Author Web Link
- Cite
- Citations: 2
Buczkowski P, Malacaria P, Hankin C, et al., 2022, Optimal Security Hardening over a Probabilistic Attack Graph: A Case Study of an Industrial Control System using CySecTool., Publisher: ACM, Pages: 21-30
Buczkowski P, Malacaria P, Hankin C, et al., 2022, Optimal security hardening over a probabilistic attack graph: a case study of an industrial control system using the CySecTool tool., CoRR, Vol: abs/2204.11707
Buczkowski P, Malacaria P, Hankin C, et al., 2022, Optimal Security Hardening over a Probabilistic Attack Graph, SAT-CPS'22: PROCEEDINGS OF THE 2022 ACM WORKSHOP ON SECURE AND TRUSTWORTHY CYBER-PHYSICAL SYSTEMS, Pages: 21-30
Barrere Cambrun M, Hankin C, 2021, Analysing mission-critical cyber-physical systems with AND/OR graphs and MaxSAT, ACM Transactions on Cyber-Physical Systems, Vol: 5, Pages: 1-29, ISSN: 2378-962X
Cyber-Physical Systems (CPS) often involve complex networks of interconnected software and hardware components that are logically combined to achieve a common goal or mission, for example, keeping a plane in the air or providing energy to a city. Failures in these components may jeopardise the mission of the system. Therefore, identifying the minimal set of critical CPS components that is most likely to fail, and prevent the global system from accomplishing its mission, becomes essential to ensure reliability. In this paper, we present a novel approach to identifying the Most Likely Mission-critical Component Set (MLMCS) using AND/OR dependency graphs enriched with independent failure probabilities. We address the MLMCS problem as a Maximum Satisfiability (MaxSAT) problem. We translate probabilities into a negative logarithmic space in order to linearise the problem within MaxSAT. The experimental results conducted with our open source tool LDA4CPS indicate that the approach is both effective and efficient. We also present a case study on complex aircraft systems that shows the feasibility of our approach and its applicability to mission-critical cyber-physical systems. Finally, we present two MLMCS-based security applications focused on system hardening and forensic investigations.
Zizzo G, Rawat A, Sinn M, et al., 2021, Certified Federated Adversarial Training., CoRR, Vol: abs/2112.10525
Barrère M, Hankin C, 2021, Analysing Mission-critical Cyber-physical Systems with AND/OR Graphs and MaxSAT., ACM Trans. Cyber Phys. Syst., Vol: 5, Pages: 30:1-30:1
Zizzo G, Hankin C, Maffeis S, et al., 2020, Adversarial attacks on time-series intrusion detection for industrial control systems, The 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Publisher: Institute of Electrical and Electronics Engineers
Neural networks are increasingly used for intrusiondetection on industrial control systems (ICS). With neuralnetworks being vulnerable to adversarial examples, attackerswho wish to cause damage to an ICS can attempt to hidetheir attacks from detection by using adversarial exampletechniques. In this work we address the domain specificchallenges of constructing such attacks against autoregressivebased intrusion detection systems (IDS) in a ICS setting.We model an attacker that can compromise a subset ofsensors in a ICS which has a LSTM based IDS. The attackermanipulates the data sent to the IDS, and seeks to hide thepresence of real cyber-physical attacks occurring in the ICS.We evaluate our adversarial attack methodology on theSecure Water Treatment system when examining solely continuous data, and on data containing a mixture of discrete andcontinuous variables. In the continuous data domain our attacksuccessfully hides the cyber-physical attacks requiring 2.87 outof 12 monitored sensors to be compromised on average. Withboth discrete and continuous data our attack required, onaverage, 3.74 out of 26 monitored sensors to be compromised.
Barrere Cambrun M, Hankin C, 2020, MaxSAT Evaluation 2020 - Benchmark: Identifying maximum probability minimal cut sets in fault trees, MaxSAT Evaluation 2020 (affiliated with SAT 2020), Publisher: University of Helsinki, Department of Computer Science
This paper presents a MaxSAT benchmark focused on the identification of Maximum Probability Minimal Cut Sets (MPMCSs) in fault trees. We address the MPMCS problem by transforming the input fault tree into a weighted logical formula that is then used to build and solve a Weighted Partial MaxSAT problem. The benchmark includes 80 cases with fault trees of different size and composition as well as the optimal cost and solution for each case.
Barrere M, Hankin C, Nicolau N, et al., 2020, Measuring cyber-physical security in industrial control systems via minimum-effort attack strategies, Journal of Information Security and Applications, Vol: 52, Pages: 1-17, ISSN: 2214-2126
In recent years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical attacks, having massive destructive consequences. Security metrics are therefore essential to assess and improve their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs and hypergraphs which is able to efficiently identify the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our tool, META4ICS (pronounced as metaphorics), leverages state-of-the-art methods from the field of logical satisfiability optimisation and MAX-SAT techniques in order to achieve efficient computation times. In addition, we present a case study where we have used our system to analyse the security posture of a realistic Water Transport Network (WTN).
Barrere Cambrun M, Hankin C, 2020, Fault Tree Analysis: Identifying Maximum Probability Minimal Cut Sets with MaxSAT, 50th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2020), Publisher: IEEE
In this paper, we present a novel MaxSAT-based technique to compute Maximum Probability Minimal Cut Sets (MPMCSs) in fault trees. We model the MPMCS problem as a Weighted Partial MaxSAT problem and solve it using a parallel SAT-solving architecture. The results obtained with our open source tool indicate that the approach is effective and efficient.
Barrère M, Hankin C, 2020, Fault Tree Analysis: Identifying Maximum Probability Minimal Cut Sets with MaxSAT., Publisher: IEEE, Pages: 53-54
Hankin C, Barrère M, 2020, Trustworthy Inter-connected Cyber-Physical Systems, Critical Information Infrastructures Security, Publisher: Springer International Publishing, Pages: 3-13, ISBN: 9783030582944
In this paper we identify some of the particular challenges that are encountered when trying to secure cyber-physical systems. We describe three of our current activities: the architecture of a system for monitoring cyber-physical systems; a new approach to modelling dependencies in such systems which leads to a measurement of the security of the system – interpreted as the least effort that an attacker has to expend to compromise the operation; and an approach to optimising the diversity of products used in a system with a view to slowing the propagation of malware. We conclude by discussing how these different threads of work contribute to meeting the challenges and identify possible avenues for future development, as well as providing some pointers to other work.
Li T, Feng C, Hankin C, 2020, Scalable Approach to Enhancing ICS Resilience by Network Diversity, 50th IEEE/IFIP Annual International Conference on Dependable Systems and Networks (DSN), Publisher: IEEE COMPUTER SOC, Pages: 398-410, ISSN: 1530-0889
- Author Web Link
- Cite
- Citations: 3
Maple C, Davies P, Eder K, et al., 2020, CyRes - Avoiding Catastrophic Failure in Connected and Autonomous Vehicles (Extended Abstract)., CoRR, Vol: abs/2006.14890
Barrere Cambrun M, Hankin C, Nicolaou N, et al., 2019, MaxSAT Evaluation 2019 - Benchmark: Identifying Security-Critical Cyber-Physical Components in Weighted AND/OR Graphs, MaxSAT Evaluation 2019 (affiliated with SAT 2019), Pages: 32-33
This paper presents a MaxSAT benchmark focused on identifying critical nodes in AND/OR graphs. We use AND/OR graphs to model Industrial Control Systems (ICS) as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. We address this problem by efficiently transforming the input AND/OR graph-based model into a weighted logical formula that is then used to build and solve a Weighted Partial MaxSAT problem. The benchmark includes 80 cases with AND/OR graphs of different size and composition as well as the optimal cost and solution for each case.
Barrère M, Hankin C, Eliades DG, et al., 2019, Assessing cyber-physical security in industrial control systems, 6th International Symposium for ICS & SCADA Cyber Security Research 2019, Publisher: BCS Learning & Development, Pages: 49-58
Over the last years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical threats. Efficient models and techniques able to capture their complex structure and identify critical cyber-physical components are therefore essential. AND/OR graphs have proven very useful in this context as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. In addition, ICS settings normally involve various cyber and physical security measures that simultaneously protect multiple ICS components in overlapping manners, which makes this problem even harder. In this paper, we present an extended security metric based on AND/OR hypergraphs which efficiently identifies the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our approach relies on MAX-SAT techniques, which we have incorporated in META4ICS, a Java-based security metric analyser for ICS. We also provide a thorough performance evaluation that shows the feasibility of our method. Finally, we illustrate our methodology through a case study in which we analyse the security posture of a realistic Water Transport Network (WTN).
Zizzo G, Hankin C, Maffeis S, et al., 2019, Adversarial machine learning beyond the image domain, the 56th Annual Design Automation Conference 2019, Publisher: ACM Press
Machine learning systems have had enormous success in a wide range of fields from computer vision, natural language processing, and anomaly detection. However, such systems are vulnerable to attackers who can cause deliberate misclassification by introducing small perturbations. With machine learning systems being proposed for cyber attack detection such attackers are cause for serious concern. Despite this the vast majority of adversarial machine learning security research is focused on the image domain. This work gives a brief overview of adversarial machine learning and machine learning used in cyber attack detection and suggests key differences between the traditional image domain of adversarial machine learning and the cyber domain. Finally we show an adversarial machine learning attack on an industrial control system.
Barrère M, Hankin C, Nicolau N, et al., 2019, Identifying security-critical cyber-physical components in industrial control systems, Publisher: arxiv
In recent years, Industrial Control Systems (ICS) have become an appealingtarget for cyber attacks, having massive destructive consequences. Securitymetrics are therefore essential to assess their security posture. In thispaper, we present a novel ICS security metric based on AND/OR graphs thatrepresent cyber-physical dependencies among network components. Our metric isable to efficiently identify sets of critical cyber-physical components, withminimal cost for an attacker, such that if compromised, the system would enterinto a non-operational state. We address this problem by efficientlytransforming the input AND/OR graph-based model into a weighted logical formulathat is then used to build and solve a Weighted Partial MAX-SAT problem. Ourtool, META4ICS, leverages state-of-the-art techniques from the field of logicalsatisfiability optimisation in order to achieve efficient computation times.Our experimental results indicate that the proposed security metric canefficiently scale to networks with thousands of nodes and be computed inseconds. In addition, we present a case study where we have used our system toanalyse the security posture of a realistic water transport network. We discussour findings on the plant as well as further security applications of ourmetric.
Hankin CL, Serban O, Thapen N, et al., 2019, Real-time processing of social media with SENTINEL: a syndromic surveillance system incorporating deep learning for health classification, Information Processing and Management, Vol: 56, Pages: 1166-1184, ISSN: 0306-4573
Interest in real-time syndromic surveillance based on social media data has greatly increased in recent years.The ability to detect disease outbreaks earlier than traditional methods would be highly useful for publichealth officials. This paper describes a software system which is built upon recent developments in machinelearning and data processing to achieve this goal. The system is built from reusable modules integrated intodata processing pipelines that are easily deployable and configurable. It applies deep learning to the problemof classifying health-related tweets and is able to do so with high accuracy. It has the capability to detectillness outbreaks from Twitter data and then to build up and display information about these outbreaks,including relevant news articles, to provide situational awareness. It also provides nowcasting functionalityof current disease levels from previous clinical data combined with Twitter data.The preliminary results are promising, with the system being able to detect outbreaks of influenza-likeillness symptoms which could then be confirmed by existing official sources. The Nowcasting module showsthat using social media data can improve prediction for multiple diseases over simply using traditional datasources.
Fatourou P, Hankin C, 2019, Welcome to the Europe Region Special Section, COMMUNICATIONS OF THE ACM, Vol: 62, Pages: 30-30, ISSN: 0001-0782
Barrere Cambrun M, Hankin C, Barboni A, et al., 2019, CPS-MT: a real-time cyber-physical system monitoring tool for security Research, 24th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA2018), Publisher: IEEE
Monitoring systems are essential to understand and control the behaviour of systems and networks. Cyber-physical systems (CPS) are particularly delicate under that perspective since they involve real-time constraints and physical phenomena that are not usually considered in common IT solutions. Therefore, there is a need for publicly available monitoring tools able to contemplate these aspects. In this poster/demo, we present our initiative, called CPS-MT, towards a versatile, real-time CPS monitoring tool, with a particular focus on security research. We first present its architecture and main components, followed by a MiniCPS-based case study. We also describe a performance analysis and preliminary results. During the demo, we will discuss CPS-MT’s capabilities and limitations for security applications.
Craggs B, Rashid A, Hankin C, et al., 2019, A reference architecture for IIoT and industrial control systems testbeds
Conducting cyber security research within live operational technology and industrial Internet of Things environments is, understandably, not practical and as such research needs to be undertaken within non-live mimics or testbeds. However, testbeds and especially those which are built using real-world infrastructure are expensive to develop and maintain. Moreover, such testbeds tend to be representative of a single industry vertical (often based upon the skill set or research focus) and built in isolation. In this paper we present a reference architecture, developed whilst designing and building the Bristol Cyber Security Group ICS/IIoT testbed for critical national infrastructure security research.
Zizzo G, Hankin C, Maffeis S, et al., 2019, Intrusion Detection for Industrial Control Systems: Evaluation Analysis and Adversarial Attacks., CoRR, Vol: abs/1911.04278
Zizzo G, Hankin C, Maffeis S, et al., 2019, Deep Latent Defence., CoRR, Vol: abs/1910.03916
Fatourou P, Hankin C, 2019, Welcome to the Europe region special section., Commun. ACM, Vol: 62, Pages: 28-28
Li T, Feng C, Hankin C, 2018, Improving ICS Cyber Resilience through Optimal Diversification of Network Resources
Network diversity has been widely recognized as an effective defense strategyto mitigate the spread of malware. Optimally diversifying network resources canimprove the resilience of a network against malware propagation. This workproposes an efficient method to compute such an optimal deployment, in thecontext of upgrading a legacy Industrial Control System with modern ITinfrastructure. Our approach can tolerate various constraints when searchingfor an optimal diversification, such as outdated products and strictconfiguration policies. We explicitly measure the vulnerability similarity ofproducts based on the CVE/NVD, to estimate the infection rate of malwarebetween products. A Stuxnet-inspired case demonstrates our optimaldiversification in practice, particularly when constrained by variousrequirements. We then measure the improved resilience of the diversifiednetwork in terms of a well-defined diversity metric and Mean-time-to-compromise(MTTC), to verify the effectiveness of our approach. We further evaluate threefactors affecting the performance of the optimization, such as the networkstructure, the variety of products and constraints. Finally, we show thecompetitive scalability of our approach in finding optimal solutions within acouple of seconds to minutes for networks of large scales (up to 10,000 hosts)and high densities (up to 240,000 edges).
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.