Smart Grid and Internet of Things. 4th EAI International Conference, SGIoT 2020, TaiChung, Taiwan, December 5–6, 2020, Proceedings

Research Article

CVSS Based Attack Analysis Using a Graphical Security Model: Review and Smart Grid Case Study

  • @INPROCEEDINGS{10.1007/978-3-030-69514-9_11,
        author={Tan Duy Le and Mengmeng Ge and Phan The Duy and Hien Do Hoang and Adnan Anwar and Seng W. Loke and Razvan Beuran and Yasuo Tan},
        title={CVSS Based Attack Analysis Using a Graphical Security Model: Review and Smart Grid Case Study},
        proceedings={Smart Grid and Internet of Things. 4th EAI International Conference, SGIoT 2020, TaiChung, Taiwan, December 5--6, 2020, Proceedings},
        proceedings_a={SGIOT},
        year={2021},
        month={7},
        keywords={Smart Grid Graphical Security Model (GrSM) Common Vulnerability Score System (CVSS) Attack analysis Attack tree Attack graph},
        doi={10.1007/978-3-030-69514-9_11}
    }
    
  • Tan Duy Le
    Mengmeng Ge
    Phan The Duy
    Hien Do Hoang
    Adnan Anwar
    Seng W. Loke
    Razvan Beuran
    Yasuo Tan
    Year: 2021
    CVSS Based Attack Analysis Using a Graphical Security Model: Review and Smart Grid Case Study
    SGIOT
    Springer
    DOI: 10.1007/978-3-030-69514-9_11
Tan Duy Le1, Mengmeng Ge2, Phan The Duy3, Hien Do Hoang3, Adnan Anwar2, Seng W. Loke2, Razvan Beuran1, Yasuo Tan1
  • 1: Japan Advanced Institute of Science and Technology
  • 2: Deakin University
  • 3: University of Information Technology

Abstract

Smart Grid is one of the critical technologies that provide essential services to sustain social and economic developments. There are various cyber attacks on the Smart Grid system in recent years, which resulted in various negative repercussions. Therefore, understanding the characteristics and evaluating the consequences of an attack on the Smart Grid system is essential. The combination of Graphical Security Model (GrSM), including Attack Tree (AT) and Attack Graph (AG), and the Common Vulnerability Score System (CVSS) is a potential technology to analyze attack on Smart Grid system. However, there are a few research works about Smart Grid attack analysis using GrSM and CVSS. In this research, we first conduct a comprehensive study of the existing research on attack analysis using GrSM and CVSS, ranging from (1) Traditional Networks, (2) Emerging Technologies, to (3) Smart Grid. We indicate that the framework for automating security analysis of the Internet of Things is a promising direction for Smart Grid attack analysis using GrSM and CVSS. The framework has been applied to assess security of the Smart Grid system. A case study using the PNNL Taxonomy Feeders R4-12.47-2 and Smart Grid network model with gateways was conducted to validate the utilized framework. Our research is enriched by capturing all potential attack paths and calculating values of selected security metrics during the vulnerability analysis process. Furthermore, AG can be generated automatically. The research can potentially be utilized in Smart Grid cybersecurity training.