Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
CVSS Based Attack Analysis using a Graphical SecurityModel: Review and Smart Grid Case Study
Tan Duy Le1, Mengmeng Ge2, Phan The Duy3,4, Hien Do Hoang3,4, Adnan Anwar2,Seng W. Loke2, Razvan Beuran1, and Yasuo Tan1
1 Japan Advanced Institute of Science and Technology, Ishikawa, Japan2 School of Information Technology, Deakin University, Geelong, Australia
3 Information Security Lab, University of Information Technology, Ho Chi Minh City, Vietnam4 Vietnam National University Ho Chi Minh City, Ho Chi Minh City, Vietnam
Abstract. Smart Grid is one of the critical technologies that provide essentialservices to sustain social and economic developments. There are various cyberattacks on the Smart Grid system in recent years, which resulted in various neg-ative repercussions. Therefore, understanding the characteristics and evaluatingthe consequences of an attack on the Smart Grid system is essential. The com-bination of Graphical Security Model (GrSM), including Attack Tree (AT) andAttack Graph (AG), and the Common Vulnerability Score System (CVSS) is apotential technology to analyze attack on Smart Grid system. However, there area few research works about Smart Grid attack analysis using GrSM and CVSS. Inthis research, we first conduct a comprehensive study of the existing research onattack analysis using GrSM and CVSS, ranging from (1) Traditional Networks,(2) Emerging Technologies, to (3) Smart Grid. We indicate that the frameworkfor automating security analysis of the Internet of Things is a promising direc-tion for Smart Grid attack analysis using GrSM and CVSS. The framework hasbeen applied to assess security of the Smart Grid system. A case study using thePNNL Taxonomy Feeders R4-12.47-2 and Smart Grid network model with gate-ways was conducted to validate the utilized framework. Our research is enrichedby capturing all potential attack paths and calculating values of selected secu-rity metrics during the vulnerability analysis process. Furthermore, AG can begenerated automatically. The research can potentially be utilized in Smart Gridcybersecurity training.
Keywords: Smart Grid · Graphical Security Model (GrSM) · Common Vulnera-bility Score System (CVSS) · Attack Analysis · Attack Tree · Attack Graph
1 Introduction
Smart Grid is one of the application domains of the emerging Internet of Things (IoT).According to the US Department of Homeland Security (DHS) [1], it is one of thekey technologies supporting essential services towards sustainable social and economicdevelopments. The number of cyber attacks on the Smart Grid system has expandedin recent years. It has resulted in various negative impacts, such as blackouts, the lossof confidential data, and even physical destruction to electrical devices. Therefore, it is
2 Tan Duy Le et al.
essential to understand the characteristics and evaluate the consequences of an attackon the Smart Grid system.
Vulnerability scanners are widely accepted to assess security threats by identify-ing the number, type, and location of the vulnerabilities within the network. CommonVulnerabilities and Exposures (CVE), maintained by MITRE, is a list of a reference-method for publicly known vulnerabilities and exposures [2]. This CVE glossary in-vestigates vulnerabilities and uses the Common Vulnerability Score System (CVSS)to evaluate the severity level of vulnerabilities [3]. CVSS offers a systematic approachto capture critical features of vulnerabilities through numerical scores reflecting theirseverity. To support evaluation and prioritization of organization’s vulnerability man-agement processes by IT experts, security analysts, and cybersecurity professionals,CVSS scores can be converted into a qualitative representation, ranging from low,medium, high, and critical. Besides, these numerical scores can be taken as inputs togenerate the Graphical Security Model (GrSM) [4].
GrSM is a significant technology to identify the security posture of networked sys-tems and evaluate the effectiveness of security defenses. Since it provides a visualisa-tion of how a system can be hacked through attack paths, countermeasures to preventthe attacks from reaching the target can be developed. Attack Tree (AT) [5] and AttackGraph (AG) [6] are two essential components of GrSM. The structure of an AT containsa root node as the attack goal and leaf nodes to represent different ways of achievingthat goal. Each node represents a sub-target, and children of the node form the paths toaccomplish this sub-target. There are two types of nodes, namely, AND nodes and ORnodes. Once an AT is built, CVSS values can be assigned to the leaf nodes; then, thecalculation of security metrics can be conducted. An AG visualizes all paths througha system that results in a circumstance where attackers can successfully achieve theirtarget. Cybersecurity professionals can utilize attack graphs for detection, defense, andforensics.
Several studies have proposed technologies to combine ATs and AGs in multiplelayers to resolve the scalability issue of single-layered model [7, 8]. GrSM with CVSSis an emerging technology to analyze attacks on Smart Grid system. However, therehas been only a few works that focuses on Smart Grid attack analysis using GrSM andCVSS. In this context, we first provide an analytical literature review in current state-of-the-art attack analysis using GrSM and CVSS for (1) Traditional Networks, (2) Emerg-ing Technologies, and (3) Smart Grid. We indicate that the framework for automatingsecurity analysis of the Internet of Things is a promising direction for Smart Grid attackanalysis using GrSM and CVSS. We apply the framework to assess the security of theSmart Gid system. A case study with various attack scenarios was conducted to validateour applied framework.
The main contributions of this research are summarized as follows:
– A comprehensive study and comparison of the existing research on attack analy-sis using GrSM and CVSS ranging from (1) Traditional Networks, (2) EmergingTechnologies, to (3) Smart Grid;
– Application of security assessment framework with automatic generation of AG forSmart Grid;
CVSS Based Attack Analysis using a Graphical Security Model 3
– A case study using the PNNL Taxonomy Feeders R4-12.47-2 and a simplifiedSmart Grid network model with gateways to validate the utilized framework.
– Classification of attack paths based on attack success probability and matching intofive levels: Rare, Unlikely, Possible, Likely, and Almost Certain.
The remainder of this paper is organized as follows. Section 2 discusses the relatedresearch on attack analysis using GrSM and CVSS. A Smart Grid case study with var-ious attack scenarios is provided in Section 3. Conclusion and future work are finallydrawn in Section 4.
2 Attack Analysis using GrSM and CVSS
In this section, we discuss the related studies on attack analysis using GrSM and CVSSbased on three categories (1) Traditional Networks, (2) Emerging Technologies, to (3)Smart Grid. We examine numerous metrics of interest, including Attack Tree (AT),Attack Graph Generation (AGG), Attack Graph Visualization (AGV), Attack SuccessProbability (p), Attack Cost (ac), Attack Impact (aim), Attack Risk (r), Likelihood(lh), and Smart Grid Application (SG) to accomplish this goal. Table 1 chronologi-cally presents the majority of the attack analysis using GrSM and CVSS that have beenstudied in recent years.
2.1 Attack Analysis for Traditional Networks
Nowadays, attacks targeting information systems are getting more sophisticated grad-ually. Attackers can combine and exploit multiple vulnerabilities to run an attack. Theresearch [9] pointed out that probabilistic attack graphs can be used to analyze and drawall attack paths. This method can help mitigate risks and maximize the security of enter-prise systems. The authors use available tools for generating attack graphs in enterprisenetworks to indicate potential steps that allow attackers to hit their targets. Besides,CVSS score, a standard that is used to evaluate the severity of security vulnerabilitiesof computer systems, is used to estimate the security risk.
HyunChul Joh et al. [10] indicated that a risk cannot be evaluated by a single cause.Independent multiple causes need to be considered to estimate the overall risk. Basedon likelihood and impact values, a risk matrix is built to classify causes. The risk ma-trix is used to rate risks, and therefore, serious risks can be recognized and mitigated.Their study also addressed the software vulnerability life cycle. From the method of riskevaluation for each single vulnerability using stochastic modeling, the authors definedconditional risk measures to evaluate risk by combining both the essence and accessi-bility of the vulnerability. They provided the mathematical basis and demonstrated thisapproach by experimental validation.
The existing approaches to assess a network security metric using aggregation ofCVSS scores can result in valuable semantics of individual scores to be lost. The re-search [11] drilled down basic metric levels to get dependency relationships in orderto obtain better semantics. These relationships are signified by an attack graph. Thisapproach used three separate aspects of the CVSS score to explain and aggregate thebasic metrics. This help maintained corresponding semantics of the individual scores.
4Tan
Duy
Le
etal.
Table 1: Attack Analysis using Graphical Security Model (GrSM) and CVSS (Y: Yes, Blank: No)
No Research AT Attack Graph Security MetricsCalculation lh SG
AGG AGV p ac aim r1 Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs [9] Y Y Y Y
2Defining and Assessing Quantitative Security Risk Measures Using VulnerabilityLifecycle and CVSS Metrics [10]
Y Y Y
3 Aggregating CVSS Base Scores for Semantics-Rich Network Security Metrics [11] Y Y4 Dynamic Security Risk Management Using Bayesian Attack Graphs [12] Y Y Y Y Y
5Determining the Probability of Smart Grid Attacks by Combining Attack Treeand Attack Graph Analysis [21]
Y Y Y Y
6 Attack Graph-Based Risk Assessment and Optimisation Approach [13] Y Y Y Y7 A Framework for Modeling and Assessing Security of the Internet of Things [15] Y Y Y Y Y Y8 Security Modelling and Analysis of Dynamic Enterprise Networks [16] Y Y Y Y
9A Quantitative CVSS-Based Cyber Security Risk Assessment Methodologyfor IT Systems [14]
Y Y Y Y
10 A Framework for Automating Security Analysis of the Internet of Things [17] Y Y Y Y Y Y11 A Comprehensive Analysis of Smart Grid Systems against Cyber-Physical Attacks [22] Y Y Y Y Y Y Y12 CloudSafe: A Tool for an Automated Security Analysis for Cloud Computing [19] Y Y Y
13Quantitative Model of Attacks on Distribution Automation Systems Based onCVSS and Attack Trees [18]
Y Y Y
14A Bayesian Attack Tree Based Approach to Assess Cyber-Physical Security ofPower System [23]
Y Y Y Y Y Y
15A Framework for Real-Time Intrusion Response in Software Defined NetworkingUsing Precomputed Graphical Security Models [20]
Y Y Y Y Y
CVSS Based Attack Analysis using a Graphical Security Model 5
The work in [12] used Bayesian networks to propose a risk management framework,called Bayesian Attack Graph (BAG). This framework allows administrators to estimatethe possibility of network compromise at various levels. Security risk management withBAG comprises threat analysis, risk assessment, loss expectancy, potential safeguards,and risk mitigation analysis. This component enables administrators to execute staticand dynamic risk assessments, and risk mitigation analysis. Security risk mitigationwith BAG is formulated as a Multiobjective Optimization Problem (MOOP), having alow complexity for optimization.
In approaches of attack graph-based risk management, a study [13] proposed aframework of risk assessment and optimization to generate a graph using a geneticalgorithm for drawing attack paths. The framework was presented by six steps: attackgraph generation, likelihood determination, loss estimation, risk determination, opti-mization, and high-risk attack paths. The proposed genetic algorithm finds the highestrisk for building a minimal attack tree. This also computed with huge graphs when verylarge attack paths are explored.
In a work of risk assessment for IT systems, Ugur Aksu et al. [14] proposed aquantitative methodology for evaluating the vulnerability in the system. Like other ap-proaches, in this study, the CVSS metrics (base and temporal scores) are used to calcu-late the probability of attack success, attack risk, and the attack impact. The attack pathscan be determined corresponding to the generation of the attack graph-based risk of aCVE on an asset. They measure risks not for only single CVEs but also for a collectionof CVEs on the assets, elements, and attack paths in each IT system. But the authorsdid not evaluate the likelihood of potential attack when analyzing the cyber security riskthat may occur inside the network.
2.2 Attack Analysis for Emerging Technologies
Internet of Things (IoT) brings many innovations in numerous domains; however, itssecurity is a challenge. In order to analyze and address security issues in IoT, the workin [15] proposed a framework for security modeling and assessment, building graphsof security models, evaluating security levels, and recommending defense strategies.The framework can find attack scenarios in five stages: preprocessing, security modelgeneration, visualization and storage, security analysis, and alterations and updates.This research demonstrated the ability of the framework in two cases of IoT networksin reducing impacts of possible attacks.
In the context of dynamic networks that the configuration changes over time, Si-mon et al. [16] presented the Temporal-Hierarchical Attack Representation Model (T-HARM) with two layers for analyzing the security problems in the network. Therein,the upper layer contains the temporal hosts reachability information whereas the lowerlayer shows the changes of vulnerabilities correlating with each host by defining ATand AG. The attack paths, attack cost, attack success probability, and the attack riskwere calculated based on the metrics of CVSS base score. But the authors did not usethe likelihood of exploitable vulnerability in investigating the security of a dynamicnetwork.
In the study of automating security assessment for the IoT environment, Ge etal. [17] proposed a graphical security model which is used to find the potential at-
6 Tan Duy Le et al.
tack before it occurs [15]. The authors conducted experiments with three different IoTnetworks in the context of smart home, environment sensor, healthcare wearable de-vice monitoring. The 3-layer Hierarchical Attack Representation Model (HARM), anextended version of HARM, is used to find all potential attack paths. This extended oneconsists of an attack tree (AT) for each node in the network topology. They analyzedthe security problems of IoT devices to specific vulnerabilities on various metrics likeattack success probability, attack cost spent by hackers, attack impact and the time tocompromise these vulnerabilities. To quantify the severity of vulnerabilities for networkelement, the CVSS is used to computed aforementioned metrics. They also supportedthe feature of choosing the most effective defense strategies for mitigating potential at-tacks. But this work neither discussed about the security likelihood nor visualized theattack graph.
Erxia Li et al. [18] presented a quantitative model in distribution automation sys-tems (DASs) for attack analysis based on CVSS and ATs. To be more specific, theirmodeling method is considered from the perspective of attackers behavior. Each step ofcomplete attack processes is formed to calculate the node attack probability. Therein,the root tree is the ascertained component in the system while an attack which can beoccurred in certain DASs is represented by each leaf node of the AT. Three metricsof CVSS, namely base, time, environment score, are used to compute the maximumprobability of each potential path for intruding the network. The max score indicatesthe most vulnerable path to be patched with the most defense strategies. Although thisframework can generate the quantitative attack graph, it does not support the feature ofgraph visualization.
Seongmo et al. proposed CloudSafe [19], a tool for automated security assessmentin cloud environment which is implemented in the Amazon AWS. It consists of twophases: information collection and HARM generation. Firstly, they built a cloud infor-mation gathering interface for further data store and security analysis. Then, this moduleis integrated with HARM by modifying the security information retrieved from the firstphase. In quantifying security, the probability of successfully exploiting a vulnerabilityis calculated by the metrics of CVSS on the Reachability Graph (RG) which is savedin a database after mapping inter-VM connections in cloud targets. Moreover, they alsoprovided the Attack Cost, Risk, and Impact information correlating with each cloudvulnerability. Nevertheless, the graph visualization is not supported.
Meanwhile, a work by Taehoon Eom et al. [20], focused on the computation of pos-sible attack graphs for real-time intrusion detection and response in Software-DefinedNetworking (SDN). They used HARM model with security metrics depending on theinformation of flow table, and SDN components. All possible attack paths which arepre-computed by HARM and full AG can evaluate the security issues of the networksystem prior to an attack detected. It is useful to estimate possible attack paths fromthe point of detection to formulate effective remedy. In detail, the authors used the basescore (BS) of CVSS to measure the severity of vulnerabilities and the probability of anattack success in the network entities. The impact attack metric was directly inheritedfrom CVSS. Additionally, in accordance with the reduction of scalability complexity,the authors also built attack graphs based on the modeling network nodes and their vul-nerabilities onto multiple layers. The main reason for this is that the SDN consists of
CVSS Based Attack Analysis using a Graphical Security Model 7
many components and network elements, causing security assessment to be not scalablein enumerating all possible attack scenarios. By leveraging from HARM, they gener-ate 2-layer HARM, where each host in the higher layer has a corresponding AT in thelower layer. The lower layer is a collection of ATs, where each AT is the representa-tive of the vulnerability information for each upper layer node, i.e SDN network node.Nonetheless, their work lacks the support of graph attack visualization and likelihoodrecommendation.
2.3 Attack Analysis for Smart Grid
An attacker collects information from the high-level aim of a target, and then takeslow-level actions. Kristian Beckers et al. [21] delivered a method that can show stepsof attackers. This method gathers information of a system at the low-level presentationto analyze high-level probabilistic attributes. The attackers high-level aims are drawnas an attack tree and actions in low level as an attack graph. The research combinedboth the attack tree and attack graph for mapping aims of the attacker to actions. Thiscombination was applied to a Smart Grid. This proposal helps system administratorsprevent possible attacks.
The acceleration of the Smart Grid technologies makes the power delivery systemsto be easily used as well as meet the intelligence and efficiency. However, insider andoutsider attacks that may harm the Smart Grid system have recently occurred in thereal case. Hence, there is more attention from researchers to deeply understand securitylevels in these systems in order to implement defense methods for disaster preventionto avoid the consequences of intrusion attacks.
To start with, the study [21] delivered a method that can show the steps of attackers.This method gathers information of a system at the low-level presentation to analyzehigh-level probabilistic attributes. The attackers high-level aims are drawn as an attacktree and low-level actions as an attack graph. The research combined both the attacktree and attack graph for mapping aims of the attacker to actions. This combination wasapplied to a Smart Grid. This proposal helps system administrators prevent possibleattacks.
Besides, Yatin et al. [22] presented the methodology of risk assessment for Cyber-physical attacks in Smart Grid system. They concentrated on one primary functionwhich is power delivery to narrow down the number of attacks in the system. TheBayesian Attack Graph for Smart Grid (BAGS) tool is used to quantify the probabilityof attack success and the likelihood of attack relied on the CVSS base score when suc-cessfully exploiting vulnerabilities. The authors also considered the attack risk to helppower engineers decide the security budget and patch management to protect systemon which system component is being susceptible to easily get compromised by intrud-ers. In addition, they applied reinforcement learning for resource allocation in the cyberdomain of Smart Grid to generate the optimal policy which recommends whether toconduct the assessment and patching the vulnerability in the network. However, thiswork did not take into account the attack cost for hackers when attempting to compro-mise the cyber system. Graph visualization is also ignored in their implementation.
In [23], Rounak presented a Bayesian attack tree to model CPS vulnerabilities forSCADAs security assessment. This work concentrated on the perspective of prioritizing
8 Tan Duy Le et al.
important vulnerabilities in SCADA to be first identified and generated attack paths totarget element. This is to avoid comprehensive modeling of every element in the CPS.For each type of vulnerability, the probability of successfully exploiting is consideredin accordance with the skill level of the intruder. Also, their skill level reflects on thetime of compromising system which contains the vulnerability. The CVSS metric isused to calculate the probability that a vulnerability is successfully exploited. Besides,the impact on the power grid as well as the risk of cyber attack on each attack pathis also assessed in the cyber-system. However, lack of attack graph visualization andlikelihood is the shortcoming of this study.
2.4 Security Metrics Calculation
To compute the likelihood of compromise in a Smart Grid environment, Yatin et al. [22]used the base score of CVSS to compute the exploitability of a vulnerability. Basedon the probability ranges, they matched each potential attack into the correspondingqualitative value of likelihood.
Besides, Ge et al. [17] proposed some metrics to analyze the security problems foran IoT-enabled system. In general, this framework takes IoT topology, vulnerabilityinformation and security metrics from security decision maker as its input to generateextended HARM model. Then, the graph visualization of IoT network topology withattack paths is produced. Subsequently, the security analysis is conducted relying onthe set of IoT nodes, vulnerabilities and potential attack path information. The analysisresult is then used to determine the most appropriate defense strategies for vulnerablenodes in the network. In this approach, a set of IoT nodes is defined as T . There is anattack tree att = (A,B,c,g,root) for each node t ∈ T . Attack success probability is thevalue to measure the probability of success when an attacker is attacking the target.At the level of node, attack success probability is measured for each inner node of anattack tree. The value of attack success probability at the node t ∈ T is the attack successprobability value of the root of the attack tree corresponding to the node. At the levelof path, the value of attack success probability of an attack path is also measured. Thisvalue is the metric of the probability that an attacker can compromise the target overthe attack path.
Attack cost is the value of measuring the cost of an attack spent for successfullyattacking a target. At the level of node, the values of attack cost are calculated for eachinner node and node t ∈ T of an attack tree. At the level of path, the measure is thecost spent by an attacker to compromise the target over the attack path. At the level ofnetwork, the measure is the minimum cost for an attacker compromising the target inthe company of all possible paths.
Similarly, the attack impact value of an attack path is computed by taking the sumof attack values of each node. Then, at the network-level, the attack impact is the max-imum value among all potential paths.
2.5 Summary
Among the related studies, the framework for automating security analysis of IoT pro-posed in [17] is the most advanced in terms of coverage, ranging from Attack Tree,
CVSS Based Attack Analysis using a Graphical Security Model 9
Attack Graph Generation, p, ac, aim, r. Furthermore, the formulae to calculate secu-rity metrics were explained in detail. However, the scope of the framework focuses onthe general IoT system. Therefore, there are still limitations in Attack Graph Visualiza-tion, Likelihood, and Smart Grid application. Attack Graph Visualization is a practicalmethod for cybersecurity experts and even novices to examine the system activities andinvestigate all potential cyber attacks. By using Likelihood, the possibility of an attackcan be ranked, which strongly supports the risk assessment process. Missing researchon Smart Grid Attack Graph Visualization and Likelihood creates a gap in the field.Consequently, we utilize the framework to bridge the gap of current research.
3 Smart Grid Case Study
In this section, a Smart Grid case study with various attack scenarios is conducted. Wefirst introduce the Smart Grid model, including the power grid and network models, fol-lowed by description of attack scenarios. Finally, attack analysis results are presented.
3.1 Smart Grid Model
There are two essential components of Smart Grid, including the power grid and net-work models. Various research has been completed to model each Smart Grid com-ponent. On the one hand, several distribution test feeders, which vary in the complex-ity, scale, and control data, are developed in recent decades. Among these test feed-ers, IEEE Feeders [24] and Pacific Northwest National Laboratory (PNNL) TaxonomyFeeders [25] are widely accepted in Smart Grid research community. On the otherhand, numerous network architectural models were designed for the Smart Grid sys-tem [26], [27]. The IEEE Feeders have been applied in our previous research at [28]and [29]. Therefore, the selected PNNL Taxonomy Feeders for power grid and networkmodels applied for the Smart Grid case study are discussed in the scope of this research.
Power Grid Model The increasing integration of Smart Grid technologies in the U.S.electricity networks highlights the significance of test feeders’ availability, which allowsstudying the impact of attacks for such cyber-physical models.
Due to its large size and the various utilities, the existing electricity grids in the USpresent a wide range of topologies and equipment. Therefore, test feeders should reflectthese differences based on factors, for instance, the voltage level and climate region.To respond to this demand, PNNL introduced a set of 24-node radial distribution testfeeders for taxonomy representing the continental region of the U.S. in 2009. Thesedistribution test feeders have been developed with a clustering algorithm comprising of17 different utilities and their 575 current feeders. The continental region was dividedinto five climate zones to perform this categorization, where 35 associated statisticaland electrical characteristics were investigated.
Among 24 prototypical feeders, R4-12.47-2 has its advantage by representing acombination of a moderately populated urban area with a lightly populated suburbanarea. Besides, the less populous area is mainly comprised of single-family residences,which is ideal for our case study. The power grid infrastructure is shown in Figure 1.
10 Tan Duy Le et al.
load1
load2
load3
load4
load5
load6
load7
load8
load9
load10
load11
load12
load13
load14
load15
load16
load17
load18
load19
load20
load21
meter1
meter2
meter3
meter4
meter5
meter6
meter7
meter8
meter9
meter10
meter11
meter12
meter13
meter14
meter15
meter16
meter17
meter18
meter19
meter20
meter21
meter22
node263
node67
node1
node264
tn51
node2
node4
node30
node3
node182
tn170
node183
node215
node5
node170
tn162
node171
node6
node169
node168
tn154
node7
node181
tn176
node8
node115
tn114
node9
node72
node87
node116
node114
node10
node73
node74
node70
node126
node121
node123
node11
node96
node97
node147
node152
node12
node91
node66
node250
node253
node13
node249
tn68
tn69
tn70
node14
node15
node84
node32
node17
node234
node16
node235
node233
node238
tn3
tn4
tn92
tn93
tn94
node75
node76
node241
node127
node128
node18
node260
node28
node19
node259
node69
node68
node20
node21
node22
node245
node251
node23
node247
node24
node92node93
node25
node143node261
node94
node95node248
node262
node144
node26
node33
node90
node35
node27
node64
node29
node146
node145
tn106
tn116 node216
node31
node85
tn89
tn90
tn91
node34
node111
node99
node106
tn55
node110
tn59
tn60
tn61
node36
node188
tn126
node189
node37
node194
node193
tn121
node38
node154
tn146
node155
node39
node200
node199
tn137
node40 node43
node81
node44
node41
node77
node83
node86
node136
node42
node63
node220
node80
node243
node236
node65
tn95
tn96
tn97
node45
node79
node230
node221
node82
node231
tn101
tn102
tn103
node46
node228
tn79
node47
node88
node49
node105
node48
node104
node50
node227
tn5
tn1
node239
node51
node256
tn77
node103
tn2
node52
node255
node242
node53
tn85
node71
node153
node54
node178
tn52
node179
node55
node56
tn53
tm53
node57
tn54
tm54
node58
node269
node59
node60
node61
node62
node223
tn98
tn99
tn100
node252
tn74
tn75
tn76
node122
tn104
tn22
tn23
node125
tn27
node120
tn30
tn37
node130
tn39
node129
tn111
node137
node78
node258
tn8
node222
tn7
node225
node224
tn9
node229
node240
tn10
tn11
tn12
node232
node112
tn24
tn16
node89
node109
node108
tn17
node254
tn20
tn21
node267
node266
tn44
node148
node151
tn48
node98
node100
tn56
tm55
node102
tn57
tn58
tm57
node101
tn65
tn66
tn67
tm65
tm66
tm67
tm58
tm2
tm1
tm16
tm56
node107
tn19
tm19
tn18
tm18
tm17
tn62
tn63
tn64
tm62
tm63
tm64
tm59
tm60
tm61
tn25
node113
tm25
tn26
tm26
tm24
tm114
tm23
node117
tn34
tm34
node118
tn33
tm33
node119
tn32
tm32
tn31
tm31
tm30
tn115
tm115
tm104
node124
tn29
tm29
tn28
tm28
tm27
tm37
tn38
node132
tm39
tn40
node135
tm40
node134
tn41
tm38
node131
tn35
node265
tn36
tm36
tm35
node133
tn43
tm43
tn42
tm42
tm41
tm111
tn107
node138
tm107
tn108
node139
tm108
tn109
node140
tm109
tn110
node141
tm110
tn112
node142
tm112
tn113
tm113
tn105
tm105
tm106
tm44
tn45 node149
tm45
tn46
node150
tm46
node268
tn47
tm47
tn49
tm49
tm48
tm22
tm146
tn147
node156
tm147
tn148
node157
tm148
tn149
node158
tm149
tn150
node159
tm150
tn153
node214
tm153
node160
tn151
node272
tn152
tm152
node161
tn159
tm159
node162
tn158
tm158
node163
tn161
tm161
node164
tn160
tm160
node165
node166
tn157
tm157
node167
tn156
tm156
tn155
tm155
tm154
tm162
tn163
node172
tm163
tn164
node174
tm164
node173
tn165
tn166
node175
tm166
tn168
node176
tm165
tm168
tn169
node177
tm169
tn167
tm167
tm52
tn50
node180
tm50
tm176
tm170
tn171
node184
tm171
tn172
node185
tm172
tn173
node186
tm173
tn174
node187
tm174
tn175
tm175
tm126
tn127
node190
tm127
tn128
node191
tm128
tn129
node192
tm129
tn130
node213
tm130
node206
tn131
tn122
node202
tm122
tn123
node203
tm121
node195
tn140
node196
tm140
tn141
node197
tm141
tn145
node201
tm145
tn142
node208
node198
tn139
tm139
tn138
tm138
tm137
tm142
tn143
node209
tm123
tn124
node204
tm124
node270
tn125
tm125
node205
tn144tm144
tn132
node207
tm132
tn133
node210
tm133
tn134
node211
tm143
tm134
tn135
node212
tm135
node271
tn136tm136
tm131
tm151
tm116
tn120
node217
tm120
tn119
node218
tm119
tn118
node219
tm118
tn117
tm117
tm9
tn6
tm7
tm6
tm98
tm99
tm100
node226
tm5
tm79
node257
tn13
tn14
tn15
tm10
tm11
tm12
tn86
tn87
tn88
tm101
tm102
tm103
tm86
tm87
tm88
tm89
tm90
tm91
tm3
tm4
node237
tn83
tn84
tm83
tm84
tm92
tm93
tm94
tn78
tm77
tn81
tn82
tm13
tm14
tm15
tm85
tm95
tm96
tm97
node244
node246
tn71
tn72tn73
tm71
tm72
tm73
tm68
tm69
tm70
tn80
tm20
tm21
tm74
tm75
tm76
tm80
tm78
tm81
tm82
tm8
tm51
node273
tn177
tn178
tn179
tn180
tn181
tn182
tn183
tn184
tn185
tn186
tn187
tn188
tn189
tn190
tn191
tn192
tn193
tn194
tn195
tn196
tn197
tn198
tn199
tn200
tn201
tn202
tn203
tn204
tn205
tn206
tn207
tn208
tn209
tn210
tn211
tn212
tn213
tn214
tn215
tn216
tn217
tn218
tn219
tn220
tn221
tn222
tn223
tn224
tn225
tn226
tn227
tn228
tn229
tn230
tn231
tn232
tn233
tn234
tn235
tn236
tn237
tn238
tn239
tn240
tn241
tn242
tn243
tn244
tn245
tn246
tn247
tn248
tn249
tn250
tn251
tn252
tn253
tn254
tn255
tn256
tn257
tn258
tn259
tn260
tn261
tn262
tn263
tn264
tn265
tn266
tn267
tn268
tn269
tn270
tn271
tn272
tn273
tn274
tn275
tn276
tn277
tn278
tn279
tn280
tn281
tn282
tn283
tn284
tn285
tn286
tn287
tn288
tn289
tn290
tn291
tn292
tn293
tn294
tn295
tn296
tn297
tn298
tn299
tn300
tn301
tn302
tn303
tn304
tn305
tn306
tn307
tn308
tn309
tn310
tn311
tn312
tn313
tn314
tn315
tn316
tn317
tn318
tn319
tn320
tn321
tn322
tn323
tn324
tn325
tn326
tn327
tn328
tn329
tn330
tn331
tn332
tn333
tn334
tn335
tn336
tn337
tn338
tn339
tn340
tn341
tn342
tn343
tn344
tn345
tn346 tn347
tn348
tn349
tn350
tn351
tn352
E
A
B
CD
Fig. 1: The Pacific Northwest National Laboratory (PNNL) Taxonomy Feeders -R4-12.47-2 [30].
.
There are 352 residential houses in the system. Each house was extended by a smart me-ter to collect electricity consumption data. In order to enhance the performance control,these houses are clustered into 5 smaller areas, namely, A, B, C, D, and E.
Network Model The infrastructure of Smart Grid is divided into three major com-munication networks, namely Home Area Network (HAN), Neighbor Area Network(NAN), and Wide Area Network (WAN) [31]. The research at [32] introduced two dis-tinct types of HAN architecture to represent its relationship with the utility. In the firstarchitecture, the smart meter monitors all the house appliances to manage the grid. Thedisadvantage of this architecture is that all devices have to communicate through thesame networking protocol. Therefore, the second architecture in which all the devicesconnect to the smart meter through a gateway is introduced to deal with the difficultyof multiple communication protocols.
We show the Smart Grid communication network with the gateway based on theselected structure of the power grid in Figure 2. Note that the model was simplifiedfor the purposes of our case study. The household in the network model reflects eachhouse in the power grid model. Besides, these households are clustered into smaller
CVSS Based Attack Analysis using a Graphical Security Model 11
Smart Meter
HAN NAN
WANControlCenterSCADA
Smart TV
Smart Thermostat
IPCamera
Robot Vacuum Cleaner
Smart Light
GatewayStreet
Concentrator
StreetConcentrator
CentralConcentrator
StreetConcentrator
Fig. 2: Simplified network model (part of Smart Grid) with Gateway used in our casestudy.
areas in the same way as the residential houses are clustered in the power grid model.Each house is equipped with five smart appliances, including a smart TV, a smart ther-mostat, a robot vacuum cleaner, a smart light, and an IP camera. The gateway handlesincoming messages from the smart devices and forwards those relevant to the smartmeter. Then, these data are transmitted from the smart meter to the area concentrator.Five area concentrators are corresponding with five areas A, B, C, D, E. They receivethe data, then transfers to the central concentrator. Finally, these data are gathered at theSCADA system. In the considered scenario, the SCADA system is not covered.
Each device or node in the system is given an ID that follows a regular patternincluding device name, area, and house ID. For instance, the ID of a smart TV belongsto house number 1 of area A is denoted as TVA1 . Similarly, we have T hermostatA1 ,CleanerA1 , LightA1 , CamA1 , GatewayA1 , and MeterA1 as the IDs of the smart appliancesof the area A’s first house. In addition, ConcentratorA, ConcentratorB, ConcentratorC,ConcentratorD, and ConcentratorE represent the concentrators for each area A, B, C,D, and E, respectively. Finally, Central Concentrator serves as the ID for the centralconcentrator in the defined Smart Grid network model.
3.2 Attack Scenarios
We assumed that nearly 2% of 352 residential houses in the system, which are all of thesmart devices inside seven households, contain vulnerabilities. In detail, there are two
12 Tan Duy Le et al.
Table 2: Assumption CVE list for Smart Grid Devices
No Smart Devices CVE Lists
1 Smart TVCVE-2018-13989, CVE-2019-9871,CVE-2019-11336, CVE-2019-12477,
CVE-2020-92642 Smart Thermostat CVE-2018-11315, CVE-2013-4860
3 Smart Vacuum CleanerCVE-2018-10987, CVE-2018-17177,CVE-2018-20785, CVE-2019-12821,
CVE-2019-12820
4 Smart LightCVE-2020-6007, CVE-2019-18980,
CVE-2017-14797
5 IP CameraCVE-2020-3110, CVE-2020-11949,
CVE-2020-11623
6 GatewayCVE-2018-3911, CVE-2018-3907,CVE-2018-3909, CVE-2018-3902,CVE-2018-3879, CVE-2018-3880
7 Smart Meter CVE-2017-99448 Concentrator CVE-2020-1638
houses in each area A and B, as well as one house in each area C, D, and E, that havevulnerabilities.
A vulnerability is a weakness, flaw, or error detected inside a security system thatcan be taken advantage of by nefarious actors to compromise a secure network. Byusing sequences of commands, pieces of software, or even open-source exploit kits,hackers can exploit which vulnerabilities can be leveraged for malicious activity. Inthe considered circumstance, we assume that the CVE list shown in Table 2 was thevulnerabilities exploited by attackers. The hackers can use any HAN devices, includingsmart tv, smart thermostat, robot vacuum cleaner, smart light, and IP camera, one byone or even all of them as the entry points to start an attack. Three attack scenarioswere considered in this research:
1. Single-entry attacker model: one type of devices has vulnerabilities in this model.Therefore, attackers can only exploit this kind of device inside the infected housesto conduct an attack. For instance, all smart TVs of seven selected houses con-tain different types of CVEs. Consequently, these smart TVs can be exploited byattackers as the entry points and compromised to perform further attacks.
2. Multiple-entry attacker model: all types of the devices in the seven selected houseshave vulnerabilities. Accordingly, attackers can potentially exploit all of these de-vices to carry out an intrusion. This scenario can be considered as combining allavailable devices in the aforementioned single-entry attacker model.
3. Multiple-entry attacker model with patch: patching is used to fix the vulnerabilitiesin a specific type of devices. This scenario is the extension of the multiple-entryattacker model by integrating the patching as a defense strategy. For example, all
CVSS Based Attack Analysis using a Graphical Security Model 13
Table 3: Attack Analysis Results
Scenario Entry Point Patch p ac aim r
Number of Paths
Tota
l
Rar
e
Unl
ilkel
y
Poss
ible
Lik
ely
Alm
ostC
erta
in
1Smart
TVNo 1 21.6 35.8 35.8 25 1 10 0 7 7
2Smart
ThermostatNo 0.65 23.6 35.8 23.27 25 0 5 14 6 0
3Robot
VacuumCleaner
No 0.86 21.6 32.2 27.69 25 3 12 0 8 2
4SmartLight
No 1 23.6 35.8 35.8 25 2 10 9 0 4
5IP
CameraNo 0.8 23.6 35.8 28.64 25 2 9 5 6 3
6 All No 1 21.6 35.8 35.8 125 8 46 28 27 16
7 All Smart TV 1 21.6 35.8 35.8 100 7 36 28 20 9
8 AllSmart TV
andSmart Light
0.86 21.6 35.8 30.8 75 5 26 19 20 5
vulnerabilities of all smart TVs inside the system have been fixed. Hence, they cannot be used as the entry points by attacker to conduct the attack.
The attack goal is to control the central concentrator. If a Smart Grid device hasmore than one vulnerability, attackers can randomly select one vulnerability to conductthe attack. The considered attack scenarios are not the only solutions since more vul-nerability rates can be selected and tested. Fortunately, the result at a 2% rate is visuallysignificant.
3.3 Attack Analysis Results
We conducted a Smart Grid case study by applying the framework for automating IoTsecurity analysis proposed in [17]. We calculate the security metrics values in node, at-tack path, and network level. These security metrics are Attack Success Probability (p),Attack Cost (ac), Attack Impact (aim), Attack Risk (r). The formulas to calculate thesesecurity metrics are extracted from Subsection 2.4. Based on the range of p adapted bythe research at [22] and [33], the attack paths are classified into five categories, includ-ing Rare (0.0≤ p≤ 0.19), Unlikely (0.2≤ p≤ 0.39), Possible (0.4≤ p≤ 0.59), Likely
14 Tan Duy Le et al.
(0.6 ≤ p ≤ 0.79), and Almost Certain (0.8 ≤ p ≤ 1) paths. The network level analysisresults are shown in Table 3. Accordingly, the scenarios from one to five denote theresults for the single-entry attacker model, as well as scenario six represents the resultsfor the multiple-entry attacker model, and the scenarios from seven to eight for resultsfrom multiple-entry attacker model with patch.
Single-entry attacker model: We can see that attacking the smart TVs and smart lightshave the maximum success probability from the metrics values 1. However, the attackcost by compromising the smart lights is higher than the smart TVs. Accordingly, thereare 25 attack paths, which contain 7 Almost Certain paths, for attackers to reach thecentral concentrator via the smart TVs’ entry points. Consequently, intruders are morelikely to choose smart TVs as entry points.
At the network level, attack cost is the minimum cost, while attack impact is themaximum loss caused by an intruder to compromise the target among all potential paths.Therefore, an ideal path for attackers to compromise the central concentrator may notexist even in the single-entry attacker model. As an evidence, the path from TVA1 toCentral Concentrator, which is shown in the following, has the minimum attack costat 21.6, maximum attack success probability at 1, and maximum attack risk and impactat 35.8:
– Attackers→ TVA1 →GatewayA1 →MeterA1 →ConcentratorA→Central Concentrator
However, the following path from TVB2 to Central Concentrator has the maximumimpact at 35.8:
– Attackers→ TVB2 →GatewayB2 →MeterB2 →ConcentratorB→Central Concentrator
After analyzing the Smart Grid system, attackers can determine which paths to hackbased on their intention. The knowledge can be used by security experts to protect thesystem against an attack. By using attack success probability metrics, the example ofan attack graph generated automatically by the case study is shown in Figure 3.
Multiple-entry attacker model: By providing more entry devices, attackers possessmore paths to conduct an attack. There is more likely that the Smart Gird system ishacked since among 125 paths, there are 16 Almost Certain, 27 Likely, and 28 Possiblepaths, respectively. In this scenario, attackers need to spend less cost at 21.6. However,the attack impact and attack risk are highest at 35.8. Similarly, smart TVs and smartlights should be protected at first in order to prevent the attackers from breaking intothe system.
Multiple-entry attacker model with patch: We modify the vulnerability informationfor the smart TVs or both smart TVs and smart lights, separately.
Since the potential attack paths caused by both smart TVs and smart lights, theimpact of patch function on smart TVs is not obvious. The attack success probability,attack impact, attack risk remain the same with multiple-entry attacker model. However,
CVSS Based Attack Analysis using a Graphical Security Model 15
Fig. 3: An Example of Attack Graph Generated by a Case Study
the total paths have been decreased. The Almost Certain paths are modified from 16 to9.
By eliminating the vulnerabilities of both smart TVs and smart lights, we decreasethe attack success probability, attack impact, and attack risk. However, the attack costhas not changed. The reason comes from the vacuum cleaners, which costs attackersless effort to compromise. The number of Almost Certain paths has been changed to 5.Therefore, based on the analysis results, it is evident that protecting both smart TVs andsmart lights is more effective than protecting either of them.
4 Conclusion and Future Work
Cyber-security is at the core of modern technologies. In this research, we conducted acomprehensive and systematic survey of various attack analysis studies using the com-bination of Graphical Security Model and CVSS. We reviewed of the state-of-the-arttechniques, ranging from traditional networks, emerging technologies, to Smart Grid.To accomplish this goal, numerous metrics of interest have been examined, namely, At-tack Tree, Attack Graph Generation, Attack Graph Visualization, Attack Success Prob-ability, Attack Cost, Attack Impact, Attack Risk, Likelihood, and Smart Grid Applica-tion.
16 Tan Duy Le et al.
As cyber attacks on the Smart Grid system can have serious issues, protecting theSmart Grid system safe from attackers is extremely important. Attack analysis is one ofthe advanced technologies to investigate and evaluate attackers’ activities. This infor-mation is invaluable to defense the Smart Grid system. However, there is few researchfocus on Smart Grid attack analysis using Graphical Security Model.
We indicated that the framework for automating security analysis of the Internet ofThings proposed in this paper is a successful solution which can be extended to SmartGrid system. By applying the PNNL Taxonomy Feeders R4-12.47-2, Smart Grid net-work model with gateway, a Smart Grid case study with three attack scenarios, includ-ing a single-entry attacker model, multiple-entry attacker model, and multiple-entryattacker model with patch, has been carried out. All potential attack paths have beendetermined, and the values of the selected security metrics have been calculated duringthe vulnerability analysis process. Besides, our research is enriched by the automatedAttack Graph generation capacity.
This knowledge can be used for cybersecurity training of IT experts and cybersecu-rity professionals. Based on evaluating various security metrics, IT experts and cyberse-curity professionals can determine all possible attack paths, then decide which devicesincluded in the paths should be protected at first. Besides, the effectiveness of specificdevice-level strategies deployed for different devices can be compared. For the network-level, the performance of the Smart Grid system’s defense strategies can be measured.Furthermore, our work can help system planners estimate the attack’s damage cost onthe proposed Smart Grid system.
We intend to extend our current work to a Cyber Attack Analysis Framework forSmart Grids, which integrates more power grid test feeders and network models forfuture work. We will also conduct case studies with the collection of various Smart GridCVEs, different power grid and network models, to validate our extended framework.
References
1. I. Ghansah, Smart Grid Cyber Security Potential Threats, Vulnerabilities and Risks: InterimProject Report. California Energy Commission, 2012.
2. S. Christey and R. A. Martin, “Vulnerability type distributions in cve,” 2007.3. K. Scarfone and P. Mell, “An analysis of cvss version 2 vulnerability scoring,” in 2009 3rd
International Symposium on Empirical Software Engineering and Measurement. IEEE,2009, pp. 516–525.
4. J. B. Hong, D. S. Kim, C.-J. Chung, and D. Huang, “A survey on the usability and practicalapplications of graphical security models,” Computer Science Review, vol. 26, pp. 1–16,2017.
5. B. Schneier, Secrets and lies: digital security in a networked world. John Wiley & Sons,2015.
6. O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing, “Automated generation andanalysis of attack graphs,” in Proceedings 2002 IEEE Symposium on Security and Privacy.IEEE, 2002, pp. 273–284.
7. J. Hong and D.-S. Kim, “Harms: Hierarchical attack representation models for network se-curity analysis,” 2012.
8. J. B. Hong and D. S. Kim, “Towards scalable security analysis using multi-layered securitymodels,” Journal of Network and Computer Applications, vol. 75, pp. 156–168, 2016.
CVSS Based Attack Analysis using a Graphical Security Model 17
9. X. O. Anoop Singhal, “Security risk analysis of enterprise networks using probabilistic attackgraphs,” National Institute of Standards and Technology (NIST), Tech. Rep., 2011.
10. Y. K. M. Hyunchul Joh, “Defining and assessing quantitative security risk measures usingvulnerability lifecycle and cvss metrics,” The 2011 International Conference on Security andManagement (SAM’11), 2011.
11. P. Cheng, L. Wang, S. Jajodia, and A. Singhal, “Aggregating cvss base scores for semantics-rich network security metrics,” International Symposium on Reliable Distributed Systems,2012.
12. I. R. Nayot Poolsappasit, Rinku Dewri, “Dynamic security risk management using bayesianattack graphs,” IEEE Transactions on Dependable and Secure Computing, 2012.
13. M. Alhomidi and M. Reed, “Attack graph-based risk assessment and optimisation approach,”International Journal of Network Security & Its Applications, vol. 6, no. 3, p. 31, 2014.
14. M. U. Aksu, M. H. Dilek, E. I. Tatl, K. Bicakci, H. I. Dirik, M. U. Demirezen, and T. Aykr,“A quantitative cvss-based cyber security risk assessment methodology for it systems,” in2017 International Carnahan Conference on Security Technology (ICCST), 2017, pp. 1–8.
15. M. Ge and D. S. Kim, “A framework for modeling and assessing security of the internet ofthings,” IEEE 21st International Conference on Parallel and Distributed Systems, 2015.
16. S. E. Yusuf, M. Ge, J. B. Hong, H. K. Kim, P. Kim, and D. S. Kim, “Security modellingand analysis of dynamic enterprise networks,” in 2016 IEEE International Conference onComputer and Information Technology (CIT), 2016, pp. 249–256.
17. M. Ge, J. B.Hong, and W. G. D. SeongKim, “A framework for automating security analysisof the internet of things,” Journal of Network and Computer Applications, vol. 83, pp. 12–27,2017.
18. Erxia Li, Chaoqun Kang, Deyu Huang, Modi Hu, Fangyuan Chang, Lianjie He, and Xiaoy-ong Li 0003, “Quantitative model of attacks on distribution automation systems based oncvss and attack trees.” Information., 2019.
19. S. An, T. Eom, J. S. Park, J. B. Hong, A. Nhlabatsi, N. Fetais, K. M. Khan, and D. S. Kim,“Cloudsafe: A tool for an automated security analysis for cloud computing,” in 2019 18thIEEE International Conference On Trust, Security And Privacy In Computing And Com-munications/13th IEEE International Conference On Big Data Science And Engineering(TrustCom/BigDataSE), 2019, pp. 602–609.
20. T. Eom, J. B. Hong, S. An, and J. S. P. D. S. Kim, “A framework for real-time intrusionresponse in software defined networking using precomputed graphical security models,” Se-curity and Communication Networks, 2020.
21. K. Beckers, M. Heisel, L. Krautsevich, F. Martinelli, R. Meis, and A. Yautsiukhin, “De-termining the probability of smart grid attacks by combining attack tree and attack graphanalysis,” International Workshop on Smart Grid Security, 2014.
22. C. N. Yatin Wadhawan, Anas AlMajali, “A comprehensive analysis of smart grid systemsagainst cyber-physical attacks,” Electronics, vol. 7, 2018.
23. R. Meyur, “A bayesian attack tree based approach to assess cyber-physical security of powersystem,” in 2020 IEEE Texas Power and Energy Conference (TPEC), 2020, pp. 1–6.
24. K. Schneider, B. Mather, B. Pal, C.-W. Ten, G. Shirek, H. Zhu, J. Fuller, J. L. R. Pereira,L. F. Ochoa, L. R. de Araujo et al., “Analytic considerations and design basis for the ieeedistribution test feeders,” IEEE Transactions on power systems, vol. 33, no. 3, pp. 3181–3188, 2017.
25. K. P. Schneider, Y. Chen, D. P. Chassin, R. G. Pratt, D. W. Engel, and S. E. Thomp-son, “Modern grid initiative distribution taxonomy final report,” Pacific Northwest NationalLab.(PNNL), Richland, WA (United States), Tech. Rep., 2008.
26. N. Saputro, K. Akkaya, and S. Uludag, “A survey of routing protocols for smart grid com-munications,” Computer Networks, vol. 56, no. 11, pp. 2742–2771, 2012.
18 Tan Duy Le et al.
27. I. Colak, S. Sagiroglu, G. Fulli, M. Yesilbudak, and C.-F. Covrig, “A survey on the criticalissues in smart grid technologies,” Renewable and Sustainable Energy Reviews, vol. 54, pp.396–405, 2016.
28. T. D. Le, A. Anwar, R. Beuran, and S. W. Loke, “Smart grid co-simulation tools: Reviewand cybersecurity case study,” in 2019 7th International Conference on Smart Grid (icS-martGrid). IEEE, 2019, pp. 39–45.
29. T. D. Le, A. Anwar, S. W. Loke, R. Beuran, and Y. Tan, “Gridattacksim: A cyber attacksimulation framework for smart grids,” Electronics, vol. 9, no. 8, p. 1218, 2020.
30. M. A. Cohen, “Gridlab-d taxonomy feeder graphs,” GridLAB-D Taxonomy Feeder Graphs,2013.
31. N. Raza, M. Q. Akbar, A. A. Soofi, and S. Akbar, “Study of smart grid communicationnetwork architectures and technologies,” Journal of Computer and Communications, vol. 7,no. 3, pp. 19–29, 2019.
32. S. L. Clements, T. E. Carroll, and M. D. Hadley, “Home area networks and the smart grid,”Pacific Northwest National Lab.(PNNL), Richland, WA (United States), Tech. Rep., 2011.
33. R. M. Blank, “Guide for conducting risk assessments,” 2011.