Litcius/Paper detail

Association Analysis-Based Cybersecurity Risk Assessment for Industrial Control Systems

Yuanqing Qin, Peng Yuan, Kaixing Huang, Chunjie Zhou, Yu‐Chu Tian

2020IEEE Systems Journal35 citationsDOI

Abstract

With the adoption of various information and communication technologies and commercial off-the-shelf components, industrial control systems (ICSs) become highly vulnerable to cyberattacks. Dynamic cybersecurity risk assessment (CSRA) plays a vital role in the security protection of ICSs. To reduce the complexity of the modeling process in the dynamic CSRA, an association analysis-based CSRA approach is proposed in this article. It designs a three-layer association network (AN) to infer the probabilities of security incidents. The parameters of the AN are derived through mining the data of historical attack records. From a distance correlation analysis of the process data of the target system, an association matrix is obtained between the system state variables and the key security variables to quantify the cybersecurity risk of the system. A case study is conducted on a coupling tanks control system to demonstrate the effectiveness and timeliness of the proposed approach.

Topics & Concepts

Computer securityComputer scienceIndustrial control systemAssociation (psychology)Process (computing)Security controlsKey (lock)Control (management)Information securityRisk analysis (engineering)BusinessOperating systemEpistemologyPhilosophyArtificial intelligenceSmart Grid Security and ResilienceRisk and Safety AnalysisInformation and Cyber Security
Association Analysis-Based Cybersecurity Risk Assessment for Industrial Control Systems | Litcius