A Vulnerability Assessment Approach for Transportation Networks Subjected to Cyber–Physical Attacks
Abstract
:1. Introduction
2. Related Work
3. Vulnerability Assessment Approach
3.1. Overview of Vulnerability Assessment Approach
3.2. Cyber–Physical Attack Scenarios and Vulnerability States
3.3. Calculation of PI Ratio
3.3.1. Control Barriers
3.4. Efficiency of Transportation Network
4. Case Study of a Cyber–Physical Transportation Network
4.1. Case Study Application of Vulnerability Assessment Approach
4.2. Case Study Analysis and Results
5. Discussion
Comparison of Results with Existing Studies in the Transportation Domain
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Ding, R.; Ujang, N.; bin Hamid, H.; Abd Manan, M.S.; Li, R.; Wu, J. Heuristic urban transportation network design method, a multilayer coevolution approach. Phys. A Stat. Mech. Its Appl. 2017, 479, 71–83. [Google Scholar] [CrossRef]
- Mattsson, L.-G.; Jenelius, E. Vulnerability and resilience of transport systems–A discussion of recent research. Transp. Res. Part A Policy Pract. 2015, 81, 16–34. [Google Scholar] [CrossRef]
- Rebally, A.; Valeo, C.; He, J.; Saidi, S. Flood Impact Assessments on Transportation Networks: A Review of Methods and Associated Temporal and Spatial Scales. Front. Sustain. Cities 2021, 3, 732181. [Google Scholar] [CrossRef]
- Chen, M.; Mangalathu, S.; Jeon, J.-S. Bridge fragilities to network fragilities in seismic scenarios: An integrated approach. Eng. Struct. 2021, 237, 112212. [Google Scholar] [CrossRef]
- Murray-Tuite, P.M.; Fei, X. A methodology for assessing transportation network terrorism risk with attacker and defender interactions. Comput. Aided Civ. Infrastruct. Eng. 2010, 25, 396–410. [Google Scholar] [CrossRef]
- Zantalis, F.; Koulouras, G.; Karabetsos, S.; Kandris, D. A review of machine learning and IoT in smart transportation. Future Internet 2019, 11, 94. [Google Scholar] [CrossRef] [Green Version]
- Gupta, M.; Sandhu, R. Authorization Framework for Secure Cloud Assisted Connected Cars and Vehicular Internet of Things. In Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies, Indianapolis, IN, USA, 13–15 June 2018; Association for Computing Machinery: New York, NY, USA, 2018; pp. 193–204. [Google Scholar]
- Koursari, E.; Wallace, S.; Xu, Y.; Michalis, P.; Valyrakis, M. Smart bridge: Towards robust monitoring of environmental hazards. In River Flow 2020; CRC Press: Boca Raton, FL, USA, 2020; pp. 886–890. [Google Scholar]
- Mishra, M.; Lourenço, P.B.; Ramana, G.V. Structural health monitoring of civil engineering structures by using the internet of things: A review. J. Build. Eng. 2022, 48, 103954. [Google Scholar] [CrossRef]
- Putra, A.S.; Warnars, H.L.H.S. Intelligent Traffic Monitoring System (ITMS) for Smart City Based on IoT Monitoring. In Proceedings of the 2018 Indonesian Association for Pattern Recognition International Conference (INAPR), Jakarta, Indonesia, 7–8 September 2018; IEEE: Piscataway, NJ, USA, 2018; pp. 161–165. [Google Scholar]
- Gupta, M.; Sandhu, R. Towards Activity-Centric Access Control for Smart Collaborative Ecosystems. In Proceedings of the 26th ACM Symposium on Access Control Models and Technologies, Virtual Event, Spain, 16–18 June 2021; Association for Computing Machinery: New York, NY, USA; pp. 155–164.
- Gupta, M.; Awaysheh, F.M.; Benson, J.; Alazab, M.; Patwa, F.; Sandhu, R. An attribute-based access control for cloud enabled industrial smart vehicles. IEEE Trans. Ind. Inform. 2020, 17, 4288–4297. [Google Scholar] [CrossRef]
- Singh, S.K.; Jeong, Y.-S.; Park, J.H. A deep learning-based IoT-oriented infrastructure for secure smart city. Sustain. Cities Soc. 2020, 60, 102252. [Google Scholar] [CrossRef]
- Mahmoud, R.; Yousuf, T.; Aloul, F.; Zualkernan, I. Internet of Things (IoT) Security: Current Status, Challenges and Prospective Measures. In Proceedings of the 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, UK, 14–16 December 2015; IEEE: Piscataway, NJ, USA, 2015; pp. 336–341. [Google Scholar]
- Landaluce, H.; Arjona, L.; Perallos, A.; Falcone, F.; Angulo, I.; Muralter, F. A review of IoT sensing applications and challenges using RFID and wireless sensor networks. Sensors 2020, 20, 2495. [Google Scholar] [CrossRef]
- Kouicem, D.E.; Bouabdallah, A.; Lakhlef, H. Internet of things security: A top-down survey. Comput. Netw. 2018, 141, 199–221. [Google Scholar] [CrossRef] [Green Version]
- Loukas, G. Cyber-Physical Attacks: A Growing Invisible Threat; Butterworth-Heinemann: Oxford, UK, 2015. [Google Scholar]
- Ntafloukas, K.; McCrum, D.P.; Pasquale, L. A Cyber-Physical Risk Assessment Approach for Internet of Things Enabled Transportation Infrastructure. Appl. Sci. 2022, 12, 9241. [Google Scholar] [CrossRef]
- Ntafloukas, K.; McCrum, D.P.; Pasquale, L. A Risk Assessment Approach for IoT Enabled Transportation Infrastructure Subjected to Cyber-Physical Attacks. In Proceedings of the 32nd European Safety and Reliability Conference, Dublin, Ireland, 28 August–1 September 2022; Research Publishing: Singapore, 2022. [Google Scholar]
- Liveri, D.; Theocharidou, M.; Naydenov, R. Railway Cybersecurity: Security Measures in the Railway Transport Sector; ENISA: Athens, Greece, 2020.
- Perti, A.; Singh, A.; Sinha, A.; Srivastava, P.K. Security Risks and Challenges in IoT-Based Applications. In Proceedings of the International Conference on Big Data, Machine Learning and Their Applications: ICBMA 2019, Prayagraj, India, 29–31 May 2020; Springer: Singapore, 2021; pp. 99–111. [Google Scholar]
- Gu, Y.; Fu, X.; Liu, Z.; Xu, X.; Chen, A. Performance of transportation network under perturbations: Reliability, vulnerability, and resilience. Transp. Res. Part E Logist. Transp. Rev. 2020, 133, 101809. [Google Scholar] [CrossRef]
- Li, Z.; Jin, D.; Hannon, C.; Shahidehpour, M.; Wang, J. Assessing and mitigating cybersecurity risks of traffic light systems in smart cities. IET Cyber-Phys. Syst. Theory Appl. 2016, 1, 60–69. [Google Scholar] [CrossRef] [Green Version]
- Zheng, X.; Pan, L.; Chen, H.; Wang, P. Investigating Security Vulnerabilities in Modern Vehicle Systems. In Proceedings of the International Conference on Applications and Techniques in Information Security, Cairns, Australia, 26–28 October 2016; Springer: Berlin/Heidelberg, Germany, 2016; pp. 29–40. [Google Scholar]
- Gupta, M.; Benson, J.; Patwa, F.; Sandhu, R. Secure V2V and V2I communication in intelligent transportation using cloudlets. IEEE Trans. Serv. Comput. 2020, 15, 1912–1925. [Google Scholar] [CrossRef]
- CIPSEC Enhancing Critical Infrastructure Protection with Innovative SECurity Framework. Available online: https://www.cipsec.eu/ (accessed on 9 February 2023).
- RESOLUTE RESilience Management Guidelines and Operationalization Applied to Urban Transport Environment. Available online: https://www.resolute-project.eu/ (accessed on 9 February 2023).
- RESIST RESilient Transport InfraSTructure to Extreme Events. Available online: https://www.resistproject.eu/ (accessed on 9 February 2023).
- PRECINCT. Preparedness and Resilience Enforcement for Critical INfrastructure Cascading Cyberphysical Threats and Effects with Focus on District or Regional Protection. Available online: https://www.precinct.info/en/publications/ (accessed on 9 February 2023).
- Lou, Y.; Zhang, L. Defending transportation networks against random and targeted attacks. Transp. Res. Rec. 2011, 2234, 31–40. [Google Scholar] [CrossRef]
- Zhang, X.; Miller-Hooks, E.; Denny, K. Assessing the role of network topology in transportation network resilience. J. Transp. Geogr. 2015, 46, 35–45. [Google Scholar] [CrossRef] [Green Version]
- López, F.A.; Páez, A.; Carrasco, J.A.; Ruminot, N.A. Vulnerability of nodes under controlled network topology and flow autocorrelation conditions. J. Transp. Geogr. 2017, 59, 77–87. [Google Scholar] [CrossRef]
- Candelieri, A.; Galuzzi, B.G.; Giordani, I.; Archetti, F. Vulnerability of public transportation networks against directed attacks and cascading failures. Public Transp. 2019, 11, 27–49. [Google Scholar] [CrossRef] [Green Version]
- Husák, M.; Komárková, J.; Bou-Harb, E.; Čeleda, P. Survey of attack projection, prediction, and forecasting in cyber security. IEEE Commun. Surv. Tutor. 2018, 21, 640–660. [Google Scholar] [CrossRef] [Green Version]
- Nist, National Vulnerability Database. Available online: https://nvd.nist.gov/ (accessed on 9 February 2023).
- Common Vulnerability Scoring System Version 3.1. Available online: https://www.first.org/cvss/specification-document (accessed on 9 February 2023).
- MITRE ATT&CK. Available online: https://attack.mitre.org/ (accessed on 9 February 2023).
- Melamed, T. An active man-in-the-middle attack on bluetooth smart devices. Saf. Secur. Stud. 2018, 15, 2018. [Google Scholar] [CrossRef] [Green Version]
- Liu, Y.; Man, H. Network Vulnerability Assessment Using Bayesian Networks. In Proceedings of theData Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2005, Orlando, FL, USA, 28–29 March 2005; SPIE: Bellingham, WA, USA, 2005; pp. 61–71. [Google Scholar]
- Avci, O.; Ozbulut, O. Threat and vulnerability risk assessment for existing subway stations: A simplified approach. Case Stud. Transp. Policy 2018, 6, 663–673. [Google Scholar] [CrossRef]
- Taylor, M. Vulnerability Analysis for Transportation Networks; Elsevier: Amsterdam, The Netherlands, 2017. [Google Scholar]
- Martinez-Pastor, B.; Nogal, M.; O’Connor, A.; Teixeira, R. Identifying critical and vulnerable links: A new approach using the Fisher information matrix. Int. J. Crit. Infrastruct. Prot. 2022, 39, 100570. [Google Scholar] [CrossRef]
- von Ferber, C.; Holovatch, T.; Holovatch, Y. Attack vulnerability of public transport networks. In Traffic and Granular Flow’07; Springer: Berlin/Heidelberg, Germany, 2009; pp. 721–731. [Google Scholar]
- Gupta, M.; Benson, J.; Patwa, F.; Sandhu, R. Dynamic Groups and Attribute-Based Access Control for Next-Generation Smart Cars. In Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, Dallas, TX, USA, 25–27 March 2019; Association for Computing Machinery: New York, NY, USA, 2019; pp. 61–72. [Google Scholar]
- Zhang, D.-m.; Du, F.; Huang, H.; Zhang, F.; Ayyub, B.M.; Beer, M. Resiliency assessment of urban rail transit networks: Shanghai metro as an example. Saf. Sci. 2018, 106, 230–243. [Google Scholar] [CrossRef]
- Cai, H.; Zhu, J.; Yang, C.; Fan, W.; Xu, T. Vulnerability analysis of metro network incorporating flow impact and capacity constraint after a disaster. J. Urban Plan. Dev. 2017, 143, 04016031. [Google Scholar] [CrossRef]
- Liu, J.; Lu, H.; Chen, M.; Wang, J.; Zhang, Y. Macro perspective research on transportation safety: An empirical analysis of network characteristics and vulnerability. Sustainability 2020, 12, 6267. [Google Scholar] [CrossRef]
- Taylor, M.A. Remoteness and accessibility in the vulnerability analysis of regional road networks. Transp. Res. Part A Policy Pract. 2012, 46, 761–771. [Google Scholar] [CrossRef]
- Ghena, B.; Beyer, W.; Hillaker, A.; Pevarnek, J.; Halderman, J.A. Green Lights Forever: Analyzing the Security of Traffic Infrastructure. In Proceedings of the 8th USENIX Workshop on Offensive Technologies (WOOT 14), San Diego, CA, USA, 19 August 2014; USENIX Association: Berkeley, CA, USA, 2014. [Google Scholar]
- Laszka, A.; Potteiger, B.; Vorobeychik, Y.; Amin, S.; Koutsoukos, X. Vulnerability of Transportation Networks to Traffic-Signal Tampering. In Proceedings of the 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS), Vienna, Austria, 11–14 April 2016; IEEE: Piscataway, NJ, USA, 2016; pp. 1–10. [Google Scholar]
- Daganzo, C.F. The cell transmission model: A dynamic representation of highway traffic consistent with the hydrodynamic theory. Transp. Res. Part B Methodol. 1994, 28, 269–287. [Google Scholar] [CrossRef]
- Vivek, S.; Conner, H. Urban road network vulnerability and resilience to large-scale attacks. Saf. Sci. 2022, 147, 105575. [Google Scholar] [CrossRef]
- Musa, T.; Yeo, K.C.; Azam, S.; Shanmugam, B.; Karim, A.; De Boer, F.; Nur, F.N.; Faisal, F. Analysis of Complex Networks for Security Issues Using Attack Graph. In Proceedings of the 2019 International Conference on Computer Communication and Informatics (ICCCI), Coimbatore, India, 25–27 January 2022; IEEE: Piscataway, NJ, USA, 2019; pp. 1–6. [Google Scholar]
- Sadlek, L.; Čeleda, P.; Tovarňák, D. Identification of Attack Paths Using Kill Chain and Attack Graphs. In Proceedings of the NOMS 2022–2022 IEEE/IFIP Network Operations and Management Symposium, Budapest, Hungary, 25–29 April 2022; IEEE: Piscataway, NJ, USA, 2022; pp. 1–6. [Google Scholar]
- Hutchins, E.M.; Amin, R.M.; Cloppert, M.J. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issues Inf. Warf. Secur. Res. 2011, 1, 80. [Google Scholar]
- Shin, J.; Son, H.; Heo, G. Development of a cyber security risk model using Bayesian networks. Reliab. Eng. Syst. Saf. 2015, 134, 208–217. [Google Scholar] [CrossRef]
- Sheehan, B.; Murphy, F.; Mullins, M.; Ryan, C. Connected and autonomous vehicles: A cyber-risk classification framework. Transp. Res. Part A Policy Pract. 2019, 124, 523–536. [Google Scholar] [CrossRef]
- Comert, G.; Pollard, J.; Nicol, D.M.; Palani, K.; Vignesh, B. Modeling cyber attacks at intelligent traffic signals. Transp. Res. Rec. 2018, 2672, 76–89. [Google Scholar] [CrossRef] [Green Version]
- Derrible, S.; Kennedy, C. Applications of graph theory and network science to transit network design. Transp. Rev. 2011, 31, 495–519. [Google Scholar] [CrossRef]
- CAPEC Common Attack Pattern Enumeration and Classification. Available online: https://capec.mitre.org/ (accessed on 9 February 2023).
- Burhan, M.; Rehman, R.A.; Khan, B.; Kim, B.-S. IoT elements, layered architectures and security issues: A comprehensive survey. Sensors 2018, 18, 2796. [Google Scholar] [CrossRef] [Green Version]
- Olawumi, O.; Haataja, K.; Asikainen, M.; Vidgren, N.; Toivanen, P. Three practical attacks against ZigBee security: Attack scenario definitions, practical experiments, countermeasures, and lessons learned. In Proceedings of the 2014 14th International Conference on Hybrid Intelligent Systems, Hawally, Kuwait, 14–16 December 2014; IEEE: Piscataway, NJ, USA, 2014; pp. 199–206. [Google Scholar]
- Neapolitan, R.E. Learning Bayesian Networks; Pearson Prentice Hall: Upper Saddle River, NI, USA, 2004; Volume 38. [Google Scholar]
- Latora, V.; Marchiori, M. Efficient behavior of small-world networks. Phys. Rev. Lett. 2001, 87, 198701. [Google Scholar] [CrossRef] [Green Version]
- Kure, H.I.; Islam, S.; Razzaque, M.A. An integrated cyber security risk management approach for a cyber-physical system. Appl. Sci. 2018, 8, 898. [Google Scholar] [CrossRef] [Green Version]
- Ben-Asher, N.; Gonzalez, C. Effects of cyber security knowledge on attack detection. Comput. Hum. Behav. 2015, 48, 51–61. [Google Scholar] [CrossRef]
- CVE Common Vulnerabilities and Exposures. Available online: https://cve.mitre.org/cve/search_cve_list.html (accessed on 9 February 2022).
- Krishna, R.R.; Priyadarshini, A.; Jha, A.V.; Appasani, B.; Srinivasulu, A.; Bizon, N. State-of-the-art review on IoT threats and attacks: Taxonomy, challenges and solutions. Sustainability 2021, 13, 9463. [Google Scholar] [CrossRef]
- Zeng, J.; Wu, S.; Chen, Y.; Zeng, R.; Wu, C. Survey of attack graph analysis methods from the perspective of data and knowledge processing. Secur. Commun. Netw. 2019, 2019, 2031063. [Google Scholar] [CrossRef] [Green Version]
- Rocchetto, M.; Tippenhauer, N.O. On Attacker Models and Profiles for Cyber-Physical Systems. In Proceedings of the European Symposium on Research in Computer Security, Heraklion, Greece, 26–30 September 2016; Springer: Berlin/Heidelberg, Germany, 2016; pp. 427–449. [Google Scholar]
- NIST. Guide for Conducting Risk Assessments; NIST: Gaithersburg, MD, USA, 2012.
- Zhang, R.; Li, D. Development of Risk Assessment Model in Construction Project Using Fuzzy Expert System. In Proceedings of the 2011 2nd IEEE International Conference on Emergency Management and Management Sciences, Beijing, China, 8–10 August 2011; IEEE: Piscataway, NJ, USA, 2011; pp. 866–869. [Google Scholar]
- Sarker, I.H.; Kayes, A.; Badsha, S.; Alqahtani, H.; Watters, P.; Ng, A. Cybersecurity data science: An overview from machine learning perspective. J. Big Data 2020, 7, 1–29. [Google Scholar] [CrossRef]
- Ben Othmane, L.; Ranchal, R.; Fernando, R.; Bhargava, B.; Bodden, E. Incorporating attacker capabilities in risk estimation and mitigation. Comput. Secur. 2015, 51, 41–61. [Google Scholar] [CrossRef]
- Loveček, T.; Veľas, A.; Ďurovec, M. Level of Protection of Critical Infrastructure in the Slovak Republic. In Proceedings of the International Conference on Engineering Science and Production Management, Tatranská Štrba, Slovakia, 16–17 April 2015; CRC Press: Boca Raton, FL, USA, 2015; pp. 163–168. [Google Scholar]
- Neshenko, N.; Bou-Harb, E.; Crichigno, J.; Kaddoum, G.; Ghani, N. Demystifying IoT security: An exhaustive survey on IoT vulnerabilities and a first empirical look on Internet-scale IoT exploitations. IEEE Commun. Surv. Tutor. 2019, 21, 2702–2733. [Google Scholar] [CrossRef]
- Sachidananda, V.; Siboni, S.; Shabtai, A.; Toh, J.; Bhairav, S.; Elovici, Y. Let the Cat out of the Bag: A Holistic Approach Towards Security Analysis of the Internet of Things. In Proceedings of the 3rd ACM International Workshop on IoT Privacy, Trust, and Security, Abu Dhabi, United Arab Emirates, 2 April 2017; Association for Computing Machinery: New York, NY, USA, 2017; pp. 3–10. [Google Scholar]
- Osei-Asamoah, A.; Lownes, N.E. Complex network method of evaluating resilience in surface transportation networks. Transp. Res. Rec. 2014, 2467, 120–128. [Google Scholar] [CrossRef]
- Ali, A.I.; Partal, S.Z.; Kepke, S.; Partal, H.P. ZigBee and LoRa Based Wireless Sensors for Smart Environment and IoT Applications. In Proceedings of the 2019 1st Global Power, Energy and Communication Conference (GPECOM), Urgup, Turkey, 12–15 June 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 19–23. [Google Scholar]
- Meneghello, F.; Calore, M.; Zucchetto, D.; Polese, M.; Zanella, A. IoT: Internet of threats? A survey of practical security vulnerabilities in real IoT devices. IEEE Internet Things J. 2019, 6, 8182–8201. [Google Scholar] [CrossRef]
- Chae, M.; Yoo, H.; Kim, J.; Cho, M.-Y. Development of a wireless sensor network system for suspension bridge health monitoring. Autom. Constr. 2012, 21, 237–252. [Google Scholar] [CrossRef]
- Vidgren, N.; Haataja, K.; Patino-Andres, J.L.; Ramirez-Sanchis, J.J.; Toivanen, P. Security Threats in ZigBee-Enabled Systems: Vulnerability Evaluation, Practical Experiments, Countermeasures, and Lessons Learned. In Proceedings of the 2013 46th Hawaii International Conference on System Sciences, Wailea, HI, USA, 7–10 January 2013; IEEE: Piscataway, NJ, USA, 2013; pp. 5132–5138. [Google Scholar]
- Khanji, S.; Iqbal, F.; Hung, P. ZigBee Security Vulnerabilities: Exploration and Evaluating. In Proceedings of the 2019 10th International Conference on Information and Communication Systems (ICICS), Irbid, Jordan, 11–13 June 2019; IEEE: Piscataway, NJ, USA, 2019; pp. 52–57. [Google Scholar]
- Cao, X.; Shila, D.M.; Cheng, Y.; Yang, Z.; Zhou, Y.; Chen, J. Ghost-in-zigbee: Energy depletion attack on zigbee-based wireless networks. IEEE Internet Things J. 2016, 3, 816–829. [Google Scholar] [CrossRef]
- Razouk, W.; Crosby, G.V.; Sekkaki, A. New security approach for ZigBee weaknesses. Procedia Comput. Sci. 2014, 37, 376–381. [Google Scholar] [CrossRef] [Green Version]
- Collins, S.; McCombie, S. Stuxnet: The emergence of a new cyber weapon and its implications. J. Polic. Intell. Count. Terror. 2012, 7, 80–91. [Google Scholar] [CrossRef]
- Kilger, M. Integrating Human Behavior into the Development of Future Cyberterrorism Scenarios. In Proceedings of the 2015 10th International Conference on Availability, Reliability and Security, Toulouse, France, 24–27 August 2015; IEEE: Piscataway, NJ, USA, 2015; pp. 693–700. [Google Scholar]
- Raychaudhuri, S. Introduction to Monte Carlo Simulation. In Proceedings of the 2008 Winter Simulation Conference, Miami, FL, USA, 7–10 December 2008; IEEE: Piscataway, NJ, USA, 2008; pp. 91–100. [Google Scholar]
- Benesty, J.; Chen, J.; Huang, Y.; Cohen, I. Pearson correlation coefficient. In Noise Reduction in Speech Processing; Springer: Berlin/Heidelberg, Germany, 2009; pp. 1–4. [Google Scholar]
- Foglietta, C.; Palazzo, C.; Santini, R.; Panzieri, S. Assessing Cyber risk Using the CISIApro Simulator. In Proceedings of the International Conference on Critical Infrastructure Protection, Arlington, VA, USA, 16–18 March 2015; Springer: Berlin/Heidelberg, Germany, 2015; pp. 315–331. [Google Scholar]
- Maschmeyer, L.; Deibert, R.J.; Lindsay, J.R. A tale of two cybers-how threat reporting by cybersecurity firms systematically underrepresents threats to civil society. J. Inf. Technol. Politics 2021, 18, 1–20. [Google Scholar] [CrossRef]
Qualitative Rating Scale/Level Xi | Qualitative Rating Scale/Importance Index Wi |
---|---|
Low/0.01–1 | Very Low/0.00–0.20 |
Low/0.21–0.40 | |
Medium/1–2 | Medium/0.41–0.60 |
High/0.61–0.80 | |
High/2–3 | Very High/0.81–1.0 |
Range of PI | Range of Probability Scores |
---|---|
0 ≤ PI ≤ 0.33 | 0 ≤ P(i) ≤ 0.25 |
0.33 ≤ PI ≤ 1 | 0.25 ≤ P(i) ≤ 0.50 |
PI = 1 | P(i) = 0.50 |
1 ≤ PI ≤ 2 | 0.50 ≤ P(i) ≤ 0.75 |
2 ≤ PI < 3 | 0.75 ≤ P(i) ≤ 1.0 |
Space | Operation |
---|---|
Physical | Technological operation (CCTV, motion detectors, line crossing, smart video-surveillance) |
Non-technological or human operation (perimeter protection, continual inspection from trained personnel) | |
Cyber | Authentication, encryption |
Access control, energy resources | |
Proper patch management, audit mechanisms |
Vulnerability State | Characteristic/Level |
---|---|
A-B-C-D | Terrorism experience/(XTe = 2–3, WTe = 0.81–1.0), Psychology/(XPS = 2–3, WPS = 0.61–0.80) |
C-D | Knowledge/(XKN = 2–3, WKN = 0.81–1.0) Resources/(XRE = 2–3, WRE = 0.01–0.20) |
Number of Node | Vulnerability State | Control Barriers/Level (Xcb) |
---|---|---|
1,8 | A AND B | Rare inspection from trained personnel/(Low, 1), Line crossing (Low, 1) |
C, D | Standard security level/(Low, 1), Poor audit mechanisms/(Low, 1) | |
2,3 | A AND B | Frequent inspection from trained personnel/(Medium, 1–2), Motion detector, CCTV systems (Medium, 1–2) |
C, D | Standard security level/(Low, 1), Frequent audit mechanisms/(Medium, 1–2) | |
4 | A | Continual inspection from trained personnel and perimeter protection/(High, 2–3), Lack of technological operation barriers—State B does not exist |
C, D | High security level/(High, 2–3), Poor audit mechanisms/(Low, 1) | |
5 | A AND B | Frequent inspection from trained personnel/(Medium, 1–2), Motion detector, CCTV systems (Medium, 1–2) |
C, D | High security level/(High, 2–3), Frequent audit mechanisms/(Medium, 1–2) | |
6 | A AND B | Continual inspection from trained personnel and perimeter protection/(High, 2–3), Smart video surveillance/(High, 2–3) |
C, D | High security level/(High, 2–3), Continual audit mechanisms (High, 2–3) | |
7 | B | Lack of non-technological or human operation barriers—State A does not exist, Motion detector, CCTV systems (Medium, 1–2) |
C, D | High security level/(High, 2–3), Poor audit mechanisms/(Low, 1) |
Node | Vulnerability State | PI/Probability Range | Total Probability Score Based on Equation (1) |
---|---|---|---|
4 | A | PIA = 1/P(A) = 0.50 | |
C | PIC = 1/P(C) = 0.50 | ||
D | 2 ≤ PID ≤ 3/P(D) = 0.875 |
Node | Probability of Successful Attack for Node i, P(i) |
---|---|
8 | P(8) = 0.60 |
1 | P(1) = 0.57 |
7 | P(7) = 0.27 |
3 | P(3) = 0.22 |
4 | P(4) = 0.22 |
2 | P(2) = 0.21 |
5 | P(5) = 0.12 |
6 | P(6) = 0.06 |
Node 8: Probability of Successful Attack/High Level of Knowledge | Node 8: Probability of Successful Attack/Low Level of Knowledge | Percentage Change |
---|---|---|
P(8) = 0.60 | P(8) = 0.30 | −50.0% |
dij | Node 1 | Node 2 | Node 3 | Node 4 | Node 5 | Node 6 | Node 7 | Node 8 |
---|---|---|---|---|---|---|---|---|
Node 1 | d11 = 0 | d12 = 1 | 1 | 2 | 2 | 2 | 3 | d18 = 3 |
Node 2 | 1 | 0 | 1 | 2 | 2 | 1 | 3 | 2 |
Node 3 | 1 | 1 | 0 | 1 | 1 | 2 | 2 | 3 |
Node 4 | 2 | 2 | 1 | 0 | 1 | 1 | 2 | 2 |
Node 5 | 2 | 2 | 1 | 1 | 0 | 1 | 1 | 2 |
Node 6 | 2 | 1 | 2 | 1 | 1 | 0 | 1 | 1 |
Node 7 | 3 | 3 | 2 | 2 | 1 | 1 | 0 | 1 |
Node 8 | 3 | 2 | 3 | 2 | 2 | 1 | 1 | 0 |
Initial Efficiency E(G) | Efficiency E′(i) after Node Removal | Vulnerability Assessment as Drop in Efficiency (%) |
---|---|---|
0.369 | E′(8) = 0.283 | |
E′(1) = 0.295 | 20.1% | |
E′(7) = 0.283 | 23.4% | |
E′(3) = 0.265 | 28.2% | |
E′(4) = 0.279 | 24.2% | |
E′(2) = 0.283 | 23.3% | |
E′(5) = 0.256 | 30.6% | |
E′(6) = 0.256 | 30.6% |
Removal of Nodes Based on the Proposed Approach (i.e., Probability-Based Ranking) | Removal of Nodes Based on Centrality Measure-Based Ranking (Node Degree k(i)) | Removal of Nodes Based on Centrality Measure-Based Ranking (Betweenness Centrality b(i)) |
---|---|---|
8: P(8) = 0.60 | 5: k(5) = 5 | 6: B(6) = 10.0 |
1: P(1) = 0.57 | 6: k(6) = 5 | 5: B(5) = 8.67 |
7: P(7) = 0.27 | 3: k(3) = 4 | 3: B(3) = 8.0 |
3: P(3) = 0.22 | 2: k(2) = 3 | 2: B(2) = 4.67 |
4: P(4) = 0.22 | 4: k(4) = 3 | 4: B(4) = 0.67 |
2: P(2) = 0.21 | 7: k(7) = 3 | 1: B(1) = 0.0 |
5: P(5) = 0.12 | 8: k(8) = 3 | 7: B(7) = 0.0 |
6: P(6) = 0.06 | 1: k(1) = 2 | 1: B(8) = 0.0 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Ntafloukas, K.; Pasquale, L.; Martinez-Pastor, B.; McCrum, D.P. A Vulnerability Assessment Approach for Transportation Networks Subjected to Cyber–Physical Attacks. Future Internet 2023, 15, 100. https://doi.org/10.3390/fi15030100
Ntafloukas K, Pasquale L, Martinez-Pastor B, McCrum DP. A Vulnerability Assessment Approach for Transportation Networks Subjected to Cyber–Physical Attacks. Future Internet. 2023; 15(3):100. https://doi.org/10.3390/fi15030100
Chicago/Turabian StyleNtafloukas, Konstantinos, Liliana Pasquale, Beatriz Martinez-Pastor, and Daniel P. McCrum. 2023. "A Vulnerability Assessment Approach for Transportation Networks Subjected to Cyber–Physical Attacks" Future Internet 15, no. 3: 100. https://doi.org/10.3390/fi15030100
APA StyleNtafloukas, K., Pasquale, L., Martinez-Pastor, B., & McCrum, D. P. (2023). A Vulnerability Assessment Approach for Transportation Networks Subjected to Cyber–Physical Attacks. Future Internet, 15(3), 100. https://doi.org/10.3390/fi15030100