Vulnerability modelling for hybrid IT systems
- Authors: Ur-Rehman, Attiq , Gondal, Iqbal , Kamruzzuman, Joarder , Jolfaei, Alireza
- Date: 2019
- Type: Text , Conference proceedings , Conference paper
- Relation: 2019 IEEE International Conference on Industrial Technology, ICIT 2019; Melbourne, Australia; 13th-15th February 2019 Vol. 2019-February, p. 1186-1191
- Full Text:
- Reviewed:
- Description: Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSSIoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSSIoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system, but also exploits unique characteristics of IoT devices.
- Description: Proceedings of the IEEE International Conference on Industrial Technology
Cyber resilience modelling for the operations of hybrid network
- Authors: Ur-Rehman, Attiq , Kamruzzuman, Joarder , Gondal, Iqbal , Jolfaei, Alireza
- Date: 2022
- Type: Text , Conference paper
- Relation: 20th IEEE International Conference on Dependable, Autonomic and Secure Computing, 20th IEEE International Conference on Pervasive Intelligence and Computing, 7th IEEE International Conference on Cloud and Big Data Computing, 2022 IEEE International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2022, Falerna, Italy, 12-15 September 2022, Proceedings 2022 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)
- Full Text: false
- Reviewed:
- Description: Cyber resilience is referred to as the ability to resist cyber-attacks and it has several dimensions to evaluate. This study focuses on cyber resilience evaluation of nodes in hybrid network operations. This paper proposes a framework to evaluate cyber resilience and its integration with the CVSS (Common Vulnerability Scoring System) framework. CVSS is an industry standard to assess node vulnerabilities. The integration of cyber resilience with the CVSS framework will help cyber industry to standardise the node resilience capabilities for their operations. The proposed modelling is assessed and compared with our previous work on CVSS-based vulnerability evaluation for IoT and industrial integrated systems called CVSSIoT-ICS. The comparison results validate that the proposed model better evaluates the node vulnerabilities by incorporating the resilience capability of that nodes. © 2022 IEEE.
Fuzzy-based operational resilience modelling
- Authors: Ur-Rehman, Attiq , Kamruzzuman, Joarder , Gondal, Iqbal , Jolfaei, Alireza
- Date: 2022
- Type: Text , Conference paper
- Relation: 9th IEEE International Conference on Data Science and Advanced Analytics, DSAA 2022, Shenzhen, China, 13-16 October 2022, Proceedings - 2022 IEEE 9th International Conference on Data Science and Advanced Analytics, DSAA 2022
- Full Text: false
- Reviewed:
- Description: Resilience is an increasingly important concept in current socio-economic landscapes. Due to the competitive global context and security attacks, the organisations are looking for realistic resilience assessments for operations of their digital networks. This study proposes a node Operational Resilience evaluation based on the fuzzy logic by assessing various cyber security dynamics; including node threat protection, avoiding degradation, attack identification and recovery vectors. Through extensive experiments and analysis, we reached to a better understanding of diverse relationships between cyber security factors for the evaluation of Operational Resilience. © 2022 IEEE.