Visible to the public A Cyber Security Risk Assessment Methodology for CBTC Systems Based on Complex Network Theory and Attack Graph

TitleA Cyber Security Risk Assessment Methodology for CBTC Systems Based on Complex Network Theory and Attack Graph
Publication TypeConference Paper
Year of Publication2021
AuthorsZhang, Fan, Bu, Bing
Conference Name2021 7th Annual International Conference on Network and Information Systems for Computers (ICNISC)
Keywordsattack graph, Communication-Based Train Control, complex network theory, complex networks, Computer crime, Computers, control systems, control theory, cyber security risk assessment, Human Behavior, human factors, Information systems, pubcrawl, Resiliency, risk management, Scalability, security, security risk management
Abstract

Cyber security risk assessment is very important to quantify the security level of communication-based train control (CBTC) systems. In this paper, a methodology is proposed to assess the cyber security risk of CBTC systems that integrates complex network theory and attack graph method. On one hand, in order to determine the impact of malicious attacks on train control, we analyze the connectivity of movement authority (MA) paths based on the working state of nodes, the connectivity of edges. On the other hand, attack graph is introduced to quantify the probabilities of potential attacks that combine multiple vulnerabilities in the cyber world of CBTC. Experiments show that our methodology can assess the security risks of CBTC systems and improve the security level after implementing reinforcement schemes.

DOI10.1109/ICNISC54316.2021.00011
Citation Keyzhang_cyber_2021