Analyzing attacker behavior and exploring attack paths are crucial to design effective cybersecurity protection mechanisms. In this work, we propose a Monte Carlo (MC)-based probabilistic cost-benefit analysis approach to assess cyber vulnerabilities and identify attack paths most likely to be exploited in an industrial control setting. First, we draw an attack graph to represent the potential attack paths that attackers could exploit to compromise the vulnerabilities of a target Industrial Control System (ICS). A cost-benefit analysis is, then, integrated into a graph path algorithm to explore attacker's decisions for exploiting vulnerabilities, whilst accounting for the dynamic characteristics of the system configuration. A probabilistic risk metric is introduced to measure the uncertainty that derives from the intrinsic technical exploitability of vulnerabilities and attackers’ propensities. For demonstration, we apply the proposed approach to a simplified corporate network in an ICS environment, which is vulnerable to multi-step cyberattacks. We identify the shortest attack paths with the highest probabilities and assess the risk associated to each vulnerable element.
A probabilistic cost-benefit analysis approach for cyberattack path evaluation
Zio, Enrico;
2025-01-01
Abstract
Analyzing attacker behavior and exploring attack paths are crucial to design effective cybersecurity protection mechanisms. In this work, we propose a Monte Carlo (MC)-based probabilistic cost-benefit analysis approach to assess cyber vulnerabilities and identify attack paths most likely to be exploited in an industrial control setting. First, we draw an attack graph to represent the potential attack paths that attackers could exploit to compromise the vulnerabilities of a target Industrial Control System (ICS). A cost-benefit analysis is, then, integrated into a graph path algorithm to explore attacker's decisions for exploiting vulnerabilities, whilst accounting for the dynamic characteristics of the system configuration. A probabilistic risk metric is introduced to measure the uncertainty that derives from the intrinsic technical exploitability of vulnerabilities and attackers’ propensities. For demonstration, we apply the proposed approach to a simplified corporate network in an ICS environment, which is vulnerable to multi-step cyberattacks. We identify the shortest attack paths with the highest probabilities and assess the risk associated to each vulnerable element.| File | Dimensione | Formato | |
|---|---|---|---|
|
1-s2.0-S0951832025004569-main.pdf
accesso aperto
Dimensione
9.17 MB
Formato
Adobe PDF
|
9.17 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
