About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
sesa 22(30): 1

Research Article

Dynamic Risk Assessment and Analysis Framework for Large-Scale Cyber-Physical Systems

Download1192 downloads
Cite
BibTeX Plain Text
  • @ARTICLE{10.4108/eai.25-1-2022.172997,
        author={Adeel A. Malik and Deepak K. Tosh},
        title={Dynamic Risk Assessment and Analysis Framework for Large-Scale Cyber-Physical Systems},
        journal={EAI Endorsed Transactions on Security and Safety},
        volume={8},
        number={30},
        publisher={EAI},
        journal_a={SESA},
        year={2022},
        month={1},
        keywords={Risk Assessment, Vulnerability Assessment, NVD, MITRE ATT\&CK},
        doi={10.4108/eai.25-1-2022.172997}
    }
    
  • Adeel A. Malik
    Deepak K. Tosh
    Year: 2022
    Dynamic Risk Assessment and Analysis Framework for Large-Scale Cyber-Physical Systems
    SESA
    EAI
    DOI: 10.4108/eai.25-1-2022.172997
Adeel A. Malik1,*, Deepak K. Tosh1
  • 1: The University of Texas at El Paso
*Contact email: amalik@miners.utep.edu

Abstract

Cyberspace is growing at full tilt creating an amalgamation of disparate systems. This heterogeneity leads to increased system complexity and security flaws. It is crucial to understand and identify these flaws to prevent catastrophic events. However, the current state-of-the-art solutions are threat-specific and focus on either risk, vulnerabilities, or adversary emulation. In this work, we present a scalable Cyber-threats and Vulnerability Information Analyzer (CyVIA) framework. CyVIA analyzes cyber risks and abnormalities in real-time using multi-formatted knowledge bases derived from open-source vulnerability databases. CyVIA achieves the following goals: 1) assess the target network for risk and vulnerabilities, 2) map services and policies to network nodes, 3) classify nodes based on severity, and 4) provide consequences, mitigation, and relationships for the found vulnerabilities. We use CyVIA and other tools to examine a simulated network for threats and compare the results.

Keywords
Risk Assessment, Vulnerability Assessment, NVD, MITRE ATT&CK
Received
2021-11-06
Accepted
2022-01-13
Published
2022-01-25
Publisher
EAI
http://dx.doi.org/10.4108/eai.25-1-2022.172997

Copyright © 2022 A.A. Malik et al., licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution license, which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.

EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL