A Cyber Security Risk Assessment Methodology for CBTC Systems Based on Complex Network Theory and Attack Graph
| Title | A Cyber Security Risk Assessment Methodology for CBTC Systems Based on Complex Network Theory and Attack Graph |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Zhang, Fan, Bu, Bing |
| Conference Name | 2021 7th Annual International Conference on Network and Information Systems for Computers (ICNISC) |
| Keywords | attack graph, Communication-Based Train Control, complex network theory, complex networks, Computer crime, Computers, control systems, control theory, cyber security risk assessment, Human Behavior, human factors, Information systems, pubcrawl, Resiliency, risk management, Scalability, security, security risk management |
| Abstract | Cyber security risk assessment is very important to quantify the security level of communication-based train control (CBTC) systems. In this paper, a methodology is proposed to assess the cyber security risk of CBTC systems that integrates complex network theory and attack graph method. On one hand, in order to determine the impact of malicious attacks on train control, we analyze the connectivity of movement authority (MA) paths based on the working state of nodes, the connectivity of edges. On the other hand, attack graph is introduced to quantify the probabilities of potential attacks that combine multiple vulnerabilities in the cyber world of CBTC. Experiments show that our methodology can assess the security risks of CBTC systems and improve the security level after implementing reinforcement schemes. |
| DOI | 10.1109/ICNISC54316.2021.00011 |
| Citation Key | zhang_cyber_2021 |
- cyber security risk assessment
- security
- Scalability
- risk management
- Resiliency
- pubcrawl
- Information systems
- Human Factors
- Human behavior
- Security Risk Management
- Control Theory
- control systems
- Computers
- Computer crime
- complex networks
- complex network theory
- Communication-Based Train Control
- attack graph