Research Article

Lightweight Cyber Security for Decision Support in Information Security Risk Assessment

Koshal Rahman Rahmani
Md Sohel Rana
* Corresponding author
Md Alamin Hossan
Wali Mohammad Wadeed
DOI icon 10.24018/ejece.2022.6.1.391

Read Counter
722

Downloads
546

Citations

Share

Article Sidebar

Submitted 2021-12-24
Published 2022-01-20

Read counter = 722 times

Table of Contents

Article Main Content

Cyber-Security in the Internet of Things (IoT) is a major concern for information exploitation which hinder the growth of information system. To address security levels and issues, security risk assessment is considered an effective tool for system security, products, process, and readiness. Effective system vulnerabilities guidance is involved in the prioritization of security risk assessment. At present, the differential equation provides a significant tool for risk assessment. However, for second-order derivatives, the error rate is higher which impacts on overall risk assessment model. To overcome those limitations, this paper presented Decision Support Light Weight Risk Assessment Model (DSLiRAM). The proposed DSLiRAM is the domain-specific framework for security assessment. The proposed DSLiRAM is adopted in four stages for the specification of practices applied for cybersecurity and organizational characteristics. The proposed DSLiRAM includes a fuzzy differential equation with a second-order derivative. To minimize error rate Taylor series expansion is integrated with Fredholm for risk assessment. The proposed DSLiRAM is examined in three scenarios, RT server, BPCS, and HMI. Analysis of results stated that the proposed DSLiRAM significantly predicts risk and prevents the attack. 

Keywords: Cyber risk assessment, Risk Prediction, Differential Equation, DSLiRAM, Human Machine Interface (HMI), Basic Process Control System (BPCS).

References

  1. Wang Z, Chen L, Song S, Cong PX, Ruan Q. Automatic cyber security risk assessment based on fuzzy fractional ordinary differential equations. Alexandria Engineering Journal. 2020 Aug 1;59(4):2725-31.
     Google Scholar
  2. van Staalduinen MA, Khan F, Gadag V, Reniers G. Functional quantitative security risk analysis (QSRA) to assist in protecting critical process infrastructure. Reliability Engineering & System Safety. 2017 Jan 1;157:23-34.
     Google Scholar
  3. Tantawy A, Abdelwahed S, Erradi A, Shaban K. Model-based risk assessment for cyber physical systems security. Computers & Security. 2020 Sep 1;96:101864.
     Google Scholar
  4. Schmitz C, Pape S. LiSRA: lightweight security risk assessment for decision support in information security. Computers & Security. 2020 Mar 1;90:101656.
     Google Scholar
  5. Venkatachary SK, Prasad J, Samikannu R. Cybersecurity and cyber terrorism-in energy sector?a review. Journal of Cyber Security Technology. 2018 Oct 2;2(3-4):111-30.
     Google Scholar
  6. Kumar VS, Prasad J, Samikannu R. A critical review of cyber security and cyber terrorism?threats to critical infrastructure in the energy sector. International Journal of Critical Infrastructures. 2018;14(2):101-19.
     Google Scholar
  7. Venkatachary SK, Prasad J, Samikannu R. Economic impacts of cyber security in energy sector: A review. International Journal of Energy Economics and Policy. 2017;7(5):250-62.
     Google Scholar
  8. Venkatachary SK, Prasad J, Samikannu R, Alagappan A, Andrews LJ. Cybersecurity infrastructure challenges in IoT based virtual power plants. Journal of Statistics and Management Systems. 2020 Feb 17;23(2):263-76.
     Google Scholar
  9. Benaroch M. Real options models for proactive uncertainty-reducing mitigations and applications in cybersecurity investment decision making. Information Systems Research. 2018 Jun;29(2):315-40.
     Google Scholar
  10. Nhlabatsi AM, Hong JB, Kim DS, Fernandez R, Hussein A, Fetais N, Khan KM. Threat-specific security risk evaluation in the cloud. IEEE Transactions on Cloud Computing. 2018 Nov 23.
     Google Scholar
  11. Khidzir NZ, Daud KA, Ismail AR, Ghani MS, Ibrahim MA. Information Security Requirement: The Relationship Between Cybersecurity Risk Confidentiality, Integrity and Availability in Digital Social Media. In Regional Conference on Science, Technology and Social Sciences (RCSTSS 2016) 2018 (pp. 229-237). Springer, Singapore.
     Google Scholar
  12. Kusyk J, Uyar MU, Sahin CS. Survey on evolutionary computation methods for cybersecurity of mobile ad hoc networks. Evolutionary Intelligence. 2018 Jun;10(3):95-117.
     Google Scholar
  13. Genge B, Haller P, En?chescu C. Anomaly detection in aging industrial internet of things. IEEE Access. 2019 Jun 4;7:74217-30.
     Google Scholar
  14. Ashibani Y, Mahmoud QH. Cyber physical systems security: Analysis, challenges and solutions. Computers & Security. 2017 Jul 1;68:81-97.
     Google Scholar
  15. Ylmaz EN, Ciylan B, G?nen S, Sindiren E, Karacay?lmaz G. Cyber security in industrial control systems: Analysis of DoS attacks against PLCs and the insider effect. In2018 6th International Istanbul Smart Grids and Cities Congress and Fair (ICSG) 2018 Apr 25 (pp. 81-85). IEEE.
     Google Scholar
  16. Abdo H, Kaouk M, Flaus JM, Masse F. A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie?combining new version of attack tree with bowtie analysis. Computers & security. 2018 Jan 1;72:175-95.
     Google Scholar
  17. Urbina DI, Giraldo JA, Cardenas AA, Tippenhauer NO, Valente J, Faisal M, Ruths J, Candell R, Sandberg H. Limiting the impact of stealthy attacks on industrial control systems. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security 2016 Oct 24 (pp. 1092-1105).
     Google Scholar
  18. Gupta A, Anpalagan A, Carvalho GH, Khwaja AS, Guan L, Woungang I. RETRACTED: Prevailing and emerging cyber threats and security practices in IoT-Enabled smart grids: A survey.
     Google Scholar
  19. Janu?rio F, Cardoso A, Gil P. A distributed multi-agent framework for resilience enhancement in cyber-physical systems. IEEE Access. 2019 Mar 7;7:31342-57.
     Google Scholar
  20. Durand L. Cyber security: a risky business, 2018.
     Google Scholar
  21. Wu Z, Albalawi F, Zhang J, Zhang Z, Durand H, Christofides PD. Detecting and handling cyber-attacks in model predictive control of chemical processes. Mathematics. 2018 Oct;6(10):173.
     Google Scholar
  22. S?ndor H, Genge B, Sz?nt? Z, M?rton L, Haller P. Cyber attack detection and mitigation: Software defined survivable industrial control systems. International Journal of Critical InfrastructureProtection. 2019 Jun 1;25:152-68.
     Google Scholar
  23. Paoletti N, Jiang Z, Islam MA, Abbas H, Mangharam R, Lin S, Gruber Z, Smolka SA. Synthesizing stealthy reprogramming attacks on cardiac devices. In Proceedings of the 10th ACM/IEEE International Conference on Cyber-Physical Systems 2019 Apr 16 (pp. 13-22).
     Google Scholar
  24. Liu L, De Vel O, Han QL, Zhang J, Xiang Y. Detecting and preventing cyber insider threats: A survey. IEEE Communications Surveys & Tutorials. 2018 Feb 1;20(2):1397-417.
     Google Scholar