Predictive model for multistage cyber-attack simulation

Adoption of information and communication technologies (ICT) in railway has improved the reliability, maintainability, operational efficiency, capacity as well as the comfort of passengers. This adoption introduces new vulnerabilities and entry points for hackers to launch attacks. Advanced cybersecurity threats with automated capabilities are increasing in such sectors as finance, health, grid, retail, government, telecommunications, transportation, etc. These cyber threats are also increasing in railways and, therefore, it needs for cybersecurity measures to predict, detect and respond these threats. The cyber kill chain (CKC) model is a widely used model to detect cyber-attacks and it consists of seven stages/chains; breaking the chain at an early stage will help the defender stop the adversary’s malicious actions. Due to lack of real cybersecurity data, this research simulates cyber-attacks to calculate the attack penetration probabilities at each stage of the cyber kill chain model. The objective of this research is to predict cyber-attack penetrations by implementing various security controls using modeling and simulation. This research is an extension of developed railway defender kill chain which provides security controls at each stage of CKC for railway organizations to minimize the risk of cyber threats.

[1]  Jean-Marie Bonnin,et al.  When Game Theory Meets VANET's Security and Privacy , 2016, MoMM.

[2]  Mohamed Hamdi,et al.  A new security games based reaction algorithm against DOS attacks in VANETs , 2016, 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[3]  Ester Ciancamerla,et al.  Modeling cyber attacks on a critical infrastructure scenario , 2013, IISA 2013.

[4]  Nirwan Ansari,et al.  Intrusion Detection and Ejection Framework Against Lethal Attacks in UAV-Aided Networks: A Bayesian Game-Theoretic Methodology , 2017, IEEE Transactions on Intelligent Transportation Systems.

[5]  Tansu Alpcan,et al.  Security games for vehicular networks , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[6]  Walid Saad,et al.  Prospect theory for enhanced cyber-physical security of drone delivery systems: A network interdiction game , 2017, 2017 IEEE International Conference on Communications (ICC).

[7]  Peng Zhao,et al.  Simulation and evaluation of urban rail transit network based on multi- agent approach , 2013 .

[8]  David K. Y. Yau,et al.  SecureRails: Towards an open simulation platform for analyzing cyber-physical attacks in railways , 2016, 2016 IEEE Region 10 Conference (TENCON).

[9]  Adithya Thaduri,et al.  Cybersecurity for eMaintenance in railway infrastructure: risks and consequences , 2019, International Journal of System Assurance Engineering and Management.

[10]  Mustafa Aljumaili,et al.  eMaintenance in railways: Issues and challenges in cybersecurity , 2019, Proceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit.

[11]  H.A.M. Luiijf,et al.  EU project CIPRNet : Critical Infrastructure Preparedness and Resilience Research Network , 2013 .

[12]  Stamatis Karnouskos,et al.  Stuxnet worm impact on industrial cyber-physical system security , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[13]  Neda Bazyar Shourabi A Model for Cyber Attack Risks in Telemetry Networks , 2015 .

[14]  Adithya Thaduri,et al.  Railway Defender Kill Chain to Predict and Detect Cyber-Attacks , 2020, J. Cyber Secur. Mobil..

[15]  Felipe Núñez,et al.  An event-driven simulator for multi-line metro systems and its application to Santiago de Chile metropolitan rail network , 2011, Simul. Model. Pract. Theory.

[16]  Simon Tjoa,et al.  Simulation-Based Cyber-Attack Assessment of Critical Infrastructures , 2014, EOMAS@CAiSE.

[17]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .