CVSS Based Attack Analysis using a Graphical SecurityModel: Review and Smart Grid Case Study

Tan Duy Le1, Mengmeng Ge2, Phan The Duy3,4, Hien Do Hoang3,4, Adnan Anwar2,Seng W. Loke2, Razvan Beuran1, and Yasuo Tan1

1 Japan Advanced Institute of Science and Technology, Ishikawa, Japan2 School of Information Technology, Deakin University, Geelong, Australia

3 Information Security Lab, University of Information Technology, Ho Chi Minh City, Vietnam4 Vietnam National University Ho Chi Minh City, Ho Chi Minh City, Vietnam

tanld@jaist.ac.jp

Abstract. Smart Grid is one of the critical technologies that provide essentialservices to sustain social and economic developments. There are various cyberattacks on the Smart Grid system in recent years, which resulted in various neg-ative repercussions. Therefore, understanding the characteristics and evaluatingthe consequences of an attack on the Smart Grid system is essential. The com-bination of Graphical Security Model (GrSM), including Attack Tree (AT) andAttack Graph (AG), and the Common Vulnerability Score System (CVSS) is apotential technology to analyze attack on Smart Grid system. However, there area few research works about Smart Grid attack analysis using GrSM and CVSS. Inthis research, we first conduct a comprehensive study of the existing research onattack analysis using GrSM and CVSS, ranging from (1) Traditional Networks,(2) Emerging Technologies, to (3) Smart Grid. We indicate that the frameworkfor automating security analysis of the Internet of Things is a promising direc-tion for Smart Grid attack analysis using GrSM and CVSS. The framework hasbeen applied to assess security of the Smart Grid system. A case study using thePNNL Taxonomy Feeders R4-12.47-2 and Smart Grid network model with gate-ways was conducted to validate the utilized framework. Our research is enrichedby capturing all potential attack paths and calculating values of selected secu-rity metrics during the vulnerability analysis process. Furthermore, AG can begenerated automatically. The research can potentially be utilized in Smart Gridcybersecurity training.

Keywords: Smart Grid · Graphical Security Model (GrSM) · Common Vulnera-bility Score System (CVSS) · Attack Analysis · Attack Tree · Attack Graph

1 Introduction

Smart Grid is one of the application domains of the emerging Internet of Things (IoT).According to the US Department of Homeland Security (DHS) [1], it is one of thekey technologies supporting essential services towards sustainable social and economicdevelopments. The number of cyber attacks on the Smart Grid system has expandedin recent years. It has resulted in various negative impacts, such as blackouts, the lossof confidential data, and even physical destruction to electrical devices. Therefore, it is

2 Tan Duy Le et al.

essential to understand the characteristics and evaluate the consequences of an attackon the Smart Grid system.

Vulnerability scanners are widely accepted to assess security threats by identify-ing the number, type, and location of the vulnerabilities within the network. CommonVulnerabilities and Exposures (CVE), maintained by MITRE, is a list of a reference-method for publicly known vulnerabilities and exposures [2]. This CVE glossary in-vestigates vulnerabilities and uses the Common Vulnerability Score System (CVSS)to evaluate the severity level of vulnerabilities [3]. CVSS offers a systematic approachto capture critical features of vulnerabilities through numerical scores reflecting theirseverity. To support evaluation and prioritization of organization’s vulnerability man-agement processes by IT experts, security analysts, and cybersecurity professionals,CVSS scores can be converted into a qualitative representation, ranging from low,medium, high, and critical. Besides, these numerical scores can be taken as inputs togenerate the Graphical Security Model (GrSM) [4].

GrSM is a significant technology to identify the security posture of networked sys-tems and evaluate the effectiveness of security defenses. Since it provides a visualisa-tion of how a system can be hacked through attack paths, countermeasures to preventthe attacks from reaching the target can be developed. Attack Tree (AT) [5] and AttackGraph (AG) [6] are two essential components of GrSM. The structure of an AT containsa root node as the attack goal and leaf nodes to represent different ways of achievingthat goal. Each node represents a sub-target, and children of the node form the paths toaccomplish this sub-target. There are two types of nodes, namely, AND nodes and ORnodes. Once an AT is built, CVSS values can be assigned to the leaf nodes; then, thecalculation of security metrics can be conducted. An AG visualizes all paths througha system that results in a circumstance where attackers can successfully achieve theirtarget. Cybersecurity professionals can utilize attack graphs for detection, defense, andforensics.

Several studies have proposed technologies to combine ATs and AGs in multiplelayers to resolve the scalability issue of single-layered model [7, 8]. GrSM with CVSSis an emerging technology to analyze attacks on Smart Grid system. However, therehas been only a few works that focuses on Smart Grid attack analysis using GrSM andCVSS. In this context, we first provide an analytical literature review in current state-of-the-art attack analysis using GrSM and CVSS for (1) Traditional Networks, (2) Emerg-ing Technologies, and (3) Smart Grid. We indicate that the framework for automatingsecurity analysis of the Internet of Things is a promising direction for Smart Grid attackanalysis using GrSM and CVSS. We apply the framework to assess the security of theSmart Gid system. A case study with various attack scenarios was conducted to validateour applied framework.

The main contributions of this research are summarized as follows:

– A comprehensive study and comparison of the existing research on attack analy-sis using GrSM and CVSS ranging from (1) Traditional Networks, (2) EmergingTechnologies, to (3) Smart Grid;

– Application of security assessment framework with automatic generation of AG forSmart Grid;

CVSS Based Attack Analysis using a Graphical Security Model 3

– A case study using the PNNL Taxonomy Feeders R4-12.47-2 and a simplifiedSmart Grid network model with gateways to validate the utilized framework.

– Classification of attack paths based on attack success probability and matching intofive levels: Rare, Unlikely, Possible, Likely, and Almost Certain.

The remainder of this paper is organized as follows. Section 2 discusses the relatedresearch on attack analysis using GrSM and CVSS. A Smart Grid case study with var-ious attack scenarios is provided in Section 3. Conclusion and future work are finallydrawn in Section 4.

2 Attack Analysis using GrSM and CVSS

In this section, we discuss the related studies on attack analysis using GrSM and CVSSbased on three categories (1) Traditional Networks, (2) Emerging Technologies, to (3)Smart Grid. We examine numerous metrics of interest, including Attack Tree (AT),Attack Graph Generation (AGG), Attack Graph Visualization (AGV), Attack SuccessProbability (p), Attack Cost (ac), Attack Impact (aim), Attack Risk (r), Likelihood(lh), and Smart Grid Application (SG) to accomplish this goal. Table 1 chronologi-cally presents the majority of the attack analysis using GrSM and CVSS that have beenstudied in recent years.

2.1 Attack Analysis for Traditional Networks

Nowadays, attacks targeting information systems are getting more sophisticated grad-ually. Attackers can combine and exploit multiple vulnerabilities to run an attack. Theresearch [9] pointed out that probabilistic attack graphs can be used to analyze and drawall attack paths. This method can help mitigate risks and maximize the security of enter-prise systems. The authors use available tools for generating attack graphs in enterprisenetworks to indicate potential steps that allow attackers to hit their targets. Besides,CVSS score, a standard that is used to evaluate the severity of security vulnerabilitiesof computer systems, is used to estimate the security risk.

HyunChul Joh et al. [10] indicated that a risk cannot be evaluated by a single cause.Independent multiple causes need to be considered to estimate the overall risk. Basedon likelihood and impact values, a risk matrix is built to classify causes. The risk ma-trix is used to rate risks, and therefore, serious risks can be recognized and mitigated.Their study also addressed the software vulnerability life cycle. From the method of riskevaluation for each single vulnerability using stochastic modeling, the authors definedconditional risk measures to evaluate risk by combining both the essence and accessi-bility of the vulnerability. They provided the mathematical basis and demonstrated thisapproach by experimental validation.

The existing approaches to assess a network security metric using aggregation ofCVSS scores can result in valuable semantics of individual scores to be lost. The re-search [11] drilled down basic metric levels to get dependency relationships in orderto obtain better semantics. These relationships are signified by an attack graph. Thisapproach used three separate aspects of the CVSS score to explain and aggregate thebasic metrics. This help maintained corresponding semantics of the individual scores.

4Tan

Duy

Le

etal.

Table 1: Attack Analysis using Graphical Security Model (GrSM) and CVSS (Y: Yes, Blank: No)

No Research AT Attack Graph Security MetricsCalculation lh SG

AGG AGV p ac aim r1 Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs [9] Y Y Y Y

2Defining and Assessing Quantitative Security Risk Measures Using VulnerabilityLifecycle and CVSS Metrics [10]

Y Y Y

3 Aggregating CVSS Base Scores for Semantics-Rich Network Security Metrics [11] Y Y4 Dynamic Security Risk Management Using Bayesian Attack Graphs [12] Y Y Y Y Y

5Determining the Probability of Smart Grid Attacks by Combining Attack Treeand Attack Graph Analysis [21]

Y Y Y Y

6 Attack Graph-Based Risk Assessment and Optimisation Approach [13] Y Y Y Y7 A Framework for Modeling and Assessing Security of the Internet of Things [15] Y Y Y Y Y Y8 Security Modelling and Analysis of Dynamic Enterprise Networks [16] Y Y Y Y

9A Quantitative CVSS-Based Cyber Security Risk Assessment Methodologyfor IT Systems [14]

Y Y Y Y

10 A Framework for Automating Security Analysis of the Internet of Things [17] Y Y Y Y Y Y11 A Comprehensive Analysis of Smart Grid Systems against Cyber-Physical Attacks [22] Y Y Y Y Y Y Y12 CloudSafe: A Tool for an Automated Security Analysis for Cloud Computing [19] Y Y Y

13Quantitative Model of Attacks on Distribution Automation Systems Based onCVSS and Attack Trees [18]

Y Y Y

14A Bayesian Attack Tree Based Approach to Assess Cyber-Physical Security ofPower System [23]

Y Y Y Y Y Y

15A Framework for Real-Time Intrusion Response in Software Defined NetworkingUsing Precomputed Graphical Security Models [20]

Y Y Y Y Y

CVSS Based Attack Analysis using a Graphical Security Model 5

The work in [12] used Bayesian networks to propose a risk management framework,called Bayesian Attack Graph (BAG). This framework allows administrators to estimatethe possibility of network compromise at various levels. Security risk management withBAG comprises threat analysis, risk assessment, loss expectancy, potential safeguards,and risk mitigation analysis. This component enables administrators to execute staticand dynamic risk assessments, and risk mitigation analysis. Security risk mitigationwith BAG is formulated as a Multiobjective Optimization Problem (MOOP), having alow complexity for optimization.

In approaches of attack graph-based risk management, a study [13] proposed aframework of risk assessment and optimization to generate a graph using a geneticalgorithm for drawing attack paths. The framework was presented by six steps: attackgraph generation, likelihood determination, loss estimation, risk determination, opti-mization, and high-risk attack paths. The proposed genetic algorithm finds the highestrisk for building a minimal attack tree. This also computed with huge graphs when verylarge attack paths are explored.

In a work of risk assessment for IT systems, Ugur Aksu et al. [14] proposed aquantitative methodology for evaluating the vulnerability in the system. Like other ap-proaches, in this study, the CVSS metrics (base and temporal scores) are used to calcu-late the probability of attack success, attack risk, and the attack impact. The attack pathscan be determined corresponding to the generation of the attack graph-based risk of aCVE on an asset. They measure risks not for only single CVEs but also for a collectionof CVEs on the assets, elements, and attack paths in each IT system. But the authorsdid not evaluate the likelihood of potential attack when analyzing the cyber security riskthat may occur inside the network.

2.2 Attack Analysis for Emerging Technologies

Internet of Things (IoT) brings many innovations in numerous domains; however, itssecurity is a challenge. In order to analyze and address security issues in IoT, the workin [15] proposed a framework for security modeling and assessment, building graphsof security models, evaluating security levels, and recommending defense strategies.The framework can find attack scenarios in five stages: preprocessing, security modelgeneration, visualization and storage, security analysis, and alterations and updates.This research demonstrated the ability of the framework in two cases of IoT networksin reducing impacts of possible attacks.

In the context of dynamic networks that the configuration changes over time, Si-mon et al. [16] presented the Temporal-Hierarchical Attack Representation Model (T-HARM) with two layers for analyzing the security problems in the network. Therein,the upper layer contains the temporal hosts reachability information whereas the lowerlayer shows the changes of vulnerabilities correlating with each host by defining ATand AG. The attack paths, attack cost, attack success probability, and the attack riskwere calculated based on the metrics of CVSS base score. But the authors did not usethe likelihood of exploitable vulnerability in investigating the security of a dynamicnetwork.

In the study of automating security assessment for the IoT environment, Ge etal. [17] proposed a graphical security model which is used to find the potential at-

6 Tan Duy Le et al.

tack before it occurs [15]. The authors conducted experiments with three different IoTnetworks in the context of smart home, environment sensor, healthcare wearable de-vice monitoring. The 3-layer Hierarchical Attack Representation Model (HARM), anextended version of HARM, is used to find all potential attack paths. This extended oneconsists of an attack tree (AT) for each node in the network topology. They analyzedthe security problems of IoT devices to specific vulnerabilities on various metrics likeattack success probability, attack cost spent by hackers, attack impact and the time tocompromise these vulnerabilities. To quantify the severity of vulnerabilities for networkelement, the CVSS is used to computed aforementioned metrics. They also supportedthe feature of choosing the most effective defense strategies for mitigating potential at-tacks. But this work neither discussed about the security likelihood nor visualized theattack graph.

Erxia Li et al. [18] presented a quantitative model in distribution automation sys-tems (DASs) for attack analysis based on CVSS and ATs. To be more specific, theirmodeling method is considered from the perspective of attackers behavior. Each step ofcomplete attack processes is formed to calculate the node attack probability. Therein,the root tree is the ascertained component in the system while an attack which can beoccurred in certain DASs is represented by each leaf node of the AT. Three metricsof CVSS, namely base, time, environment score, are used to compute the maximumprobability of each potential path for intruding the network. The max score indicatesthe most vulnerable path to be patched with the most defense strategies. Although thisframework can generate the quantitative attack graph, it does not support the feature ofgraph visualization.

Seongmo et al. proposed CloudSafe [19], a tool for automated security assessmentin cloud environment which is implemented in the Amazon AWS. It consists of twophases: information collection and HARM generation. Firstly, they built a cloud infor-mation gathering interface for further data store and security analysis. Then, this moduleis integrated with HARM by modifying the security information retrieved from the firstphase. In quantifying security, the probability of successfully exploiting a vulnerabilityis calculated by the metrics of CVSS on the Reachability Graph (RG) which is savedin a database after mapping inter-VM connections in cloud targets. Moreover, they alsoprovided the Attack Cost, Risk, and Impact information correlating with each cloudvulnerability. Nevertheless, the graph visualization is not supported.

Meanwhile, a work by Taehoon Eom et al. [20], focused on the computation of pos-sible attack graphs for real-time intrusion detection and response in Software-DefinedNetworking (SDN). They used HARM model with security metrics depending on theinformation of flow table, and SDN components. All possible attack paths which arepre-computed by HARM and full AG can evaluate the security issues of the networksystem prior to an attack detected. It is useful to estimate possible attack paths fromthe point of detection to formulate effective remedy. In detail, the authors used the basescore (BS) of CVSS to measure the severity of vulnerabilities and the probability of anattack success in the network entities. The impact attack metric was directly inheritedfrom CVSS. Additionally, in accordance with the reduction of scalability complexity,the authors also built attack graphs based on the modeling network nodes and their vul-nerabilities onto multiple layers. The main reason for this is that the SDN consists of

CVSS Based Attack Analysis using a Graphical Security Model 7

many components and network elements, causing security assessment to be not scalablein enumerating all possible attack scenarios. By leveraging from HARM, they gener-ate 2-layer HARM, where each host in the higher layer has a corresponding AT in thelower layer. The lower layer is a collection of ATs, where each AT is the representa-tive of the vulnerability information for each upper layer node, i.e SDN network node.Nonetheless, their work lacks the support of graph attack visualization and likelihoodrecommendation.

2.3 Attack Analysis for Smart Grid

An attacker collects information from the high-level aim of a target, and then takeslow-level actions. Kristian Beckers et al. [21] delivered a method that can show stepsof attackers. This method gathers information of a system at the low-level presentationto analyze high-level probabilistic attributes. The attackers high-level aims are drawnas an attack tree and actions in low level as an attack graph. The research combinedboth the attack tree and attack graph for mapping aims of the attacker to actions. Thiscombination was applied to a Smart Grid. This proposal helps system administratorsprevent possible attacks.

The acceleration of the Smart Grid technologies makes the power delivery systemsto be easily used as well as meet the intelligence and efficiency. However, insider andoutsider attacks that may harm the Smart Grid system have recently occurred in thereal case. Hence, there is more attention from researchers to deeply understand securitylevels in these systems in order to implement defense methods for disaster preventionto avoid the consequences of intrusion attacks.

To start with, the study [21] delivered a method that can show the steps of attackers.This method gathers information of a system at the low-level presentation to analyzehigh-level probabilistic attributes. The attackers high-level aims are drawn as an attacktree and low-level actions as an attack graph. The research combined both the attacktree and attack graph for mapping aims of the attacker to actions. This combination wasapplied to a Smart Grid. This proposal helps system administrators prevent possibleattacks.

Besides, Yatin et al. [22] presented the methodology of risk assessment for Cyber-physical attacks in Smart Grid system. They concentrated on one primary functionwhich is power delivery to narrow down the number of attacks in the system. TheBayesian Attack Graph for Smart Grid (BAGS) tool is used to quantify the probabilityof attack success and the likelihood of attack relied on the CVSS base score when suc-cessfully exploiting vulnerabilities. The authors also considered the attack risk to helppower engineers decide the security budget and patch management to protect systemon which system component is being susceptible to easily get compromised by intrud-ers. In addition, they applied reinforcement learning for resource allocation in the cyberdomain of Smart Grid to generate the optimal policy which recommends whether toconduct the assessment and patching the vulnerability in the network. However, thiswork did not take into account the attack cost for hackers when attempting to compro-mise the cyber system. Graph visualization is also ignored in their implementation.

In [23], Rounak presented a Bayesian attack tree to model CPS vulnerabilities forSCADAs security assessment. This work concentrated on the perspective of prioritizing

8 Tan Duy Le et al.

important vulnerabilities in SCADA to be first identified and generated attack paths totarget element. This is to avoid comprehensive modeling of every element in the CPS.For each type of vulnerability, the probability of successfully exploiting is consideredin accordance with the skill level of the intruder. Also, their skill level reflects on thetime of compromising system which contains the vulnerability. The CVSS metric isused to calculate the probability that a vulnerability is successfully exploited. Besides,the impact on the power grid as well as the risk of cyber attack on each attack pathis also assessed in the cyber-system. However, lack of attack graph visualization andlikelihood is the shortcoming of this study.

2.4 Security Metrics Calculation

To compute the likelihood of compromise in a Smart Grid environment, Yatin et al. [22]used the base score of CVSS to compute the exploitability of a vulnerability. Basedon the probability ranges, they matched each potential attack into the correspondingqualitative value of likelihood.

Besides, Ge et al. [17] proposed some metrics to analyze the security problems foran IoT-enabled system. In general, this framework takes IoT topology, vulnerabilityinformation and security metrics from security decision maker as its input to generateextended HARM model. Then, the graph visualization of IoT network topology withattack paths is produced. Subsequently, the security analysis is conducted relying onthe set of IoT nodes, vulnerabilities and potential attack path information. The analysisresult is then used to determine the most appropriate defense strategies for vulnerablenodes in the network. In this approach, a set of IoT nodes is defined as T . There is anattack tree att = (A,B,c,g,root) for each node t ∈ T . Attack success probability is thevalue to measure the probability of success when an attacker is attacking the target.At the level of node, attack success probability is measured for each inner node of anattack tree. The value of attack success probability at the node t ∈ T is the attack successprobability value of the root of the attack tree corresponding to the node. At the levelof path, the value of attack success probability of an attack path is also measured. Thisvalue is the metric of the probability that an attacker can compromise the target overthe attack path.

Attack cost is the value of measuring the cost of an attack spent for successfullyattacking a target. At the level of node, the values of attack cost are calculated for eachinner node and node t ∈ T of an attack tree. At the level of path, the measure is thecost spent by an attacker to compromise the target over the attack path. At the level ofnetwork, the measure is the minimum cost for an attacker compromising the target inthe company of all possible paths.

Similarly, the attack impact value of an attack path is computed by taking the sumof attack values of each node. Then, at the network-level, the attack impact is the max-imum value among all potential paths.

2.5 Summary

Among the related studies, the framework for automating security analysis of IoT pro-posed in [17] is the most advanced in terms of coverage, ranging from Attack Tree,

CVSS Based Attack Analysis using a Graphical Security Model 9

Attack Graph Generation, p, ac, aim, r. Furthermore, the formulae to calculate secu-rity metrics were explained in detail. However, the scope of the framework focuses onthe general IoT system. Therefore, there are still limitations in Attack Graph Visualiza-tion, Likelihood, and Smart Grid application. Attack Graph Visualization is a practicalmethod for cybersecurity experts and even novices to examine the system activities andinvestigate all potential cyber attacks. By using Likelihood, the possibility of an attackcan be ranked, which strongly supports the risk assessment process. Missing researchon Smart Grid Attack Graph Visualization and Likelihood creates a gap in the field.Consequently, we utilize the framework to bridge the gap of current research.

3 Smart Grid Case Study

In this section, a Smart Grid case study with various attack scenarios is conducted. Wefirst introduce the Smart Grid model, including the power grid and network models, fol-lowed by description of attack scenarios. Finally, attack analysis results are presented.

3.1 Smart Grid Model

There are two essential components of Smart Grid, including the power grid and net-work models. Various research has been completed to model each Smart Grid com-ponent. On the one hand, several distribution test feeders, which vary in the complex-ity, scale, and control data, are developed in recent decades. Among these test feed-ers, IEEE Feeders [24] and Pacific Northwest National Laboratory (PNNL) TaxonomyFeeders [25] are widely accepted in Smart Grid research community. On the otherhand, numerous network architectural models were designed for the Smart Grid sys-tem [26], [27]. The IEEE Feeders have been applied in our previous research at [28]and [29]. Therefore, the selected PNNL Taxonomy Feeders for power grid and networkmodels applied for the Smart Grid case study are discussed in the scope of this research.

Power Grid Model The increasing integration of Smart Grid technologies in the U.S.electricity networks highlights the significance of test feeders’ availability, which allowsstudying the impact of attacks for such cyber-physical models.

Due to its large size and the various utilities, the existing electricity grids in the USpresent a wide range of topologies and equipment. Therefore, test feeders should reflectthese differences based on factors, for instance, the voltage level and climate region.To respond to this demand, PNNL introduced a set of 24-node radial distribution testfeeders for taxonomy representing the continental region of the U.S. in 2009. Thesedistribution test feeders have been developed with a clustering algorithm comprising of17 different utilities and their 575 current feeders. The continental region was dividedinto five climate zones to perform this categorization, where 35 associated statisticaland electrical characteristics were investigated.

Among 24 prototypical feeders, R4-12.47-2 has its advantage by representing acombination of a moderately populated urban area with a lightly populated suburbanarea. Besides, the less populous area is mainly comprised of single-family residences,which is ideal for our case study. The power grid infrastructure is shown in Figure 1.

10 Tan Duy Le et al.

load1

load2

load3

load4

load5

load6

load7

load8

load9

load10

load11

load12

load13

load14

load15

load16

load17

load18

load19

load20

load21

meter1

meter2

meter3

meter4

meter5

meter6

meter7

meter8

meter9

meter10

meter11

meter12

meter13

meter14

meter15

meter16

meter17

meter18

meter19

meter20

meter21

meter22

node263

node67

node1

node264

tn51

node2

node4

node30

node3

node182

tn170

node183

node215

node5

node170

tn162

node171

node6

node169

node168

tn154

node7

node181

tn176

node8

node115

tn114

node9

node72

node87

node116

node114

node10

node73

node74

node70

node126

node121

node123

node11

node96

node97

node147

node152

node12

node91

node66

node250

node253

node13

node249

tn68

tn69

tn70

node14

node15

node84

node32

node17

node234

node16

node235

node233

node238

tn3

tn4

tn92

tn93

tn94

node75

node76

node241

node127

node128

node18

node260

node28

node19

node259

node69

node68

node20

node21

node22

node245

node251

node23

node247

node24

node92node93

node25

node143node261

node94

node95node248

node262

node144

node26

node33

node90

node35

node27

node64

node29

node146

node145

tn106

tn116 node216

node31

node85

tn89

tn90

tn91

node34

node111

node99

node106

tn55

node110

tn59

tn60

tn61

node36

node188

tn126

node189

node37

node194

node193

tn121

node38

node154

tn146

node155

node39

node200

node199

tn137

node40 node43

node81

node44

node41

node77

node83

node86

node136

node42

node63

node220

node80

node243

node236

node65

tn95

tn96

tn97

node45

node79

node230

node221

node82

node231

tn101

tn102

tn103

node46

node228

tn79

node47

node88

node49

node105

node48

node104

node50

node227

tn5

tn1

node239

node51

node256

tn77

node103

tn2

node52

node255

node242

node53

tn85

node71

node153

node54

node178

tn52

node179

node55

node56

tn53

tm53

node57

tn54

tm54

node58

node269

node59

node60

node61

node62

node223

tn98

tn99

tn100

node252

tn74

tn75

tn76

node122

tn104

tn22

tn23

node125

tn27

node120

tn30

tn37

node130

tn39

node129

tn111

node137

node78

node258

tn8

node222

tn7

node225

node224

tn9

node229

node240

tn10

tn11

tn12

node232

node112

tn24

tn16

node89

node109

node108

tn17

node254

tn20

tn21

node267

node266

tn44

node148

node151

tn48

node98

node100

tn56

tm55

node102

tn57

tn58

tm57

node101

tn65

tn66

tn67

tm65

tm66

tm67

tm58

tm2

tm1

tm16

tm56

node107

tn19

tm19

tn18

tm18

tm17

tn62

tn63

tn64

tm62

tm63

tm64

tm59

tm60

tm61

tn25

node113

tm25

tn26

tm26

tm24

tm114

tm23

node117

tn34

tm34

node118

tn33

tm33

node119

tn32

tm32

tn31

tm31

tm30

tn115

tm115

tm104

node124

tn29

tm29

tn28

tm28

tm27

tm37

tn38

node132

tm39

tn40

node135

tm40

node134

tn41

tm38

node131

tn35

node265

tn36

tm36

tm35

node133

tn43

tm43

tn42

tm42

tm41

tm111

tn107

node138

tm107

tn108

node139

tm108

tn109

node140

tm109

tn110

node141

tm110

tn112

node142

tm112

tn113

tm113

tn105

tm105

tm106

tm44

tn45 node149

tm45

tn46

node150

tm46

node268

tn47

tm47

tn49

tm49

tm48

tm22

tm146

tn147

node156

tm147

tn148

node157

tm148

tn149

node158

tm149

tn150

node159

tm150

tn153

node214

tm153

node160

tn151

node272

tn152

tm152

node161

tn159

tm159

node162

tn158

tm158

node163

tn161

tm161

node164

tn160

tm160

node165

node166

tn157

tm157

node167

tn156

tm156

tn155

tm155

tm154

tm162

tn163

node172

tm163

tn164

node174

tm164

node173

tn165

tn166

node175

tm166

tn168

node176

tm165

tm168

tn169

node177

tm169

tn167

tm167

tm52

tn50

node180

tm50

tm176

tm170

tn171

node184

tm171

tn172

node185

tm172

tn173

node186

tm173

tn174

node187

tm174

tn175

tm175

tm126

tn127

node190

tm127

tn128

node191

tm128

tn129

node192

tm129

tn130

node213

tm130

node206

tn131

tn122

node202

tm122

tn123

node203

tm121

node195

tn140

node196

tm140

tn141

node197

tm141

tn145

node201

tm145

tn142

node208

node198

tn139

tm139

tn138

tm138

tm137

tm142

tn143

node209

tm123

tn124

node204

tm124

node270

tn125

tm125

node205

tn144tm144

tn132

node207

tm132

tn133

node210

tm133

tn134

node211

tm143

tm134

tn135

node212

tm135

node271

tn136tm136

tm131

tm151

tm116

tn120

node217

tm120

tn119

node218

tm119

tn118

node219

tm118

tn117

tm117

tm9

tn6

tm7

tm6

tm98

tm99

tm100

node226

tm5

tm79

node257

tn13

tn14

tn15

tm10

tm11

tm12

tn86

tn87

tn88

tm101

tm102

tm103

tm86

tm87

tm88

tm89

tm90

tm91

tm3

tm4

node237

tn83

tn84

tm83

tm84

tm92

tm93

tm94

tn78

tm77

tn81

tn82

tm13

tm14

tm15

tm85

tm95

tm96

tm97

node244

node246

tn71

tn72tn73

tm71

tm72

tm73

tm68

tm69

tm70

tn80

tm20

tm21

tm74

tm75

tm76

tm80

tm78

tm81

tm82

tm8

tm51

node273

tn177

tn178

tn179

tn180

tn181

tn182

tn183

tn184

tn185

tn186

tn187

tn188

tn189

tn190

tn191

tn192

tn193

tn194

tn195

tn196

tn197

tn198

tn199

tn200

tn201

tn202

tn203

tn204

tn205

tn206

tn207

tn208

tn209

tn210

tn211

tn212

tn213

tn214

tn215

tn216

tn217

tn218

tn219

tn220

tn221

tn222

tn223

tn224

tn225

tn226

tn227

tn228

tn229

tn230

tn231

tn232

tn233

tn234

tn235

tn236

tn237

tn238

tn239

tn240

tn241

tn242

tn243

tn244

tn245

tn246

tn247

tn248

tn249

tn250

tn251

tn252

tn253

tn254

tn255

tn256

tn257

tn258

tn259

tn260

tn261

tn262

tn263

tn264

tn265

tn266

tn267

tn268

tn269

tn270

tn271

tn272

tn273

tn274

tn275

tn276

tn277

tn278

tn279

tn280

tn281

tn282

tn283

tn284

tn285

tn286

tn287

tn288

tn289

tn290

tn291

tn292

tn293

tn294

tn295

tn296

tn297

tn298

tn299

tn300

tn301

tn302

tn303

tn304

tn305

tn306

tn307

tn308

tn309

tn310

tn311

tn312

tn313

tn314

tn315

tn316

tn317

tn318

tn319

tn320

tn321

tn322

tn323

tn324

tn325

tn326

tn327

tn328

tn329

tn330

tn331

tn332

tn333

tn334

tn335

tn336

tn337

tn338

tn339

tn340

tn341

tn342

tn343

tn344

tn345

tn346 tn347

tn348

tn349

tn350

tn351

tn352

E

A

B

CD

Fig. 1: The Pacific Northwest National Laboratory (PNNL) Taxonomy Feeders -R4-12.47-2 [30].

.

There are 352 residential houses in the system. Each house was extended by a smart me-ter to collect electricity consumption data. In order to enhance the performance control,these houses are clustered into 5 smaller areas, namely, A, B, C, D, and E.

Network Model The infrastructure of Smart Grid is divided into three major com-munication networks, namely Home Area Network (HAN), Neighbor Area Network(NAN), and Wide Area Network (WAN) [31]. The research at [32] introduced two dis-tinct types of HAN architecture to represent its relationship with the utility. In the firstarchitecture, the smart meter monitors all the house appliances to manage the grid. Thedisadvantage of this architecture is that all devices have to communicate through thesame networking protocol. Therefore, the second architecture in which all the devicesconnect to the smart meter through a gateway is introduced to deal with the difficultyof multiple communication protocols.

We show the Smart Grid communication network with the gateway based on theselected structure of the power grid in Figure 2. Note that the model was simplifiedfor the purposes of our case study. The household in the network model reflects eachhouse in the power grid model. Besides, these households are clustered into smaller

CVSS Based Attack Analysis using a Graphical Security Model 11

Smart Meter

HAN NAN

WANControlCenterSCADA

Smart TV

Smart Thermostat

IPCamera

Robot Vacuum Cleaner

Smart Light

GatewayStreet

Concentrator

StreetConcentrator

CentralConcentrator

StreetConcentrator

Fig. 2: Simplified network model (part of Smart Grid) with Gateway used in our casestudy.

areas in the same way as the residential houses are clustered in the power grid model.Each house is equipped with five smart appliances, including a smart TV, a smart ther-mostat, a robot vacuum cleaner, a smart light, and an IP camera. The gateway handlesincoming messages from the smart devices and forwards those relevant to the smartmeter. Then, these data are transmitted from the smart meter to the area concentrator.Five area concentrators are corresponding with five areas A, B, C, D, E. They receivethe data, then transfers to the central concentrator. Finally, these data are gathered at theSCADA system. In the considered scenario, the SCADA system is not covered.

Each device or node in the system is given an ID that follows a regular patternincluding device name, area, and house ID. For instance, the ID of a smart TV belongsto house number 1 of area A is denoted as TVA1 . Similarly, we have T hermostatA1 ,CleanerA1 , LightA1 , CamA1 , GatewayA1 , and MeterA1 as the IDs of the smart appliancesof the area A’s first house. In addition, ConcentratorA, ConcentratorB, ConcentratorC,ConcentratorD, and ConcentratorE represent the concentrators for each area A, B, C,D, and E, respectively. Finally, Central Concentrator serves as the ID for the centralconcentrator in the defined Smart Grid network model.

3.2 Attack Scenarios

We assumed that nearly 2% of 352 residential houses in the system, which are all of thesmart devices inside seven households, contain vulnerabilities. In detail, there are two

12 Tan Duy Le et al.

Table 2: Assumption CVE list for Smart Grid Devices

No Smart Devices CVE Lists

1 Smart TVCVE-2018-13989, CVE-2019-9871,CVE-2019-11336, CVE-2019-12477,

CVE-2020-92642 Smart Thermostat CVE-2018-11315, CVE-2013-4860

3 Smart Vacuum CleanerCVE-2018-10987, CVE-2018-17177,CVE-2018-20785, CVE-2019-12821,

CVE-2019-12820

4 Smart LightCVE-2020-6007, CVE-2019-18980,

CVE-2017-14797

5 IP CameraCVE-2020-3110, CVE-2020-11949,

CVE-2020-11623

6 GatewayCVE-2018-3911, CVE-2018-3907,CVE-2018-3909, CVE-2018-3902,CVE-2018-3879, CVE-2018-3880

7 Smart Meter CVE-2017-99448 Concentrator CVE-2020-1638

houses in each area A and B, as well as one house in each area C, D, and E, that havevulnerabilities.

A vulnerability is a weakness, flaw, or error detected inside a security system thatcan be taken advantage of by nefarious actors to compromise a secure network. Byusing sequences of commands, pieces of software, or even open-source exploit kits,hackers can exploit which vulnerabilities can be leveraged for malicious activity. Inthe considered circumstance, we assume that the CVE list shown in Table 2 was thevulnerabilities exploited by attackers. The hackers can use any HAN devices, includingsmart tv, smart thermostat, robot vacuum cleaner, smart light, and IP camera, one byone or even all of them as the entry points to start an attack. Three attack scenarioswere considered in this research:

1. Single-entry attacker model: one type of devices has vulnerabilities in this model.Therefore, attackers can only exploit this kind of device inside the infected housesto conduct an attack. For instance, all smart TVs of seven selected houses con-tain different types of CVEs. Consequently, these smart TVs can be exploited byattackers as the entry points and compromised to perform further attacks.

2. Multiple-entry attacker model: all types of the devices in the seven selected houseshave vulnerabilities. Accordingly, attackers can potentially exploit all of these de-vices to carry out an intrusion. This scenario can be considered as combining allavailable devices in the aforementioned single-entry attacker model.

3. Multiple-entry attacker model with patch: patching is used to fix the vulnerabilitiesin a specific type of devices. This scenario is the extension of the multiple-entryattacker model by integrating the patching as a defense strategy. For example, all

CVSS Based Attack Analysis using a Graphical Security Model 13

Table 3: Attack Analysis Results

Scenario Entry Point Patch p ac aim r

Number of Paths

Tota

l

Rar

e

Unl

ilkel

y

Poss

ible

Lik

ely

Alm

ostC

erta

in

1Smart

TVNo 1 21.6 35.8 35.8 25 1 10 0 7 7

2Smart

ThermostatNo 0.65 23.6 35.8 23.27 25 0 5 14 6 0

3Robot

VacuumCleaner

No 0.86 21.6 32.2 27.69 25 3 12 0 8 2

4SmartLight

No 1 23.6 35.8 35.8 25 2 10 9 0 4

5IP

CameraNo 0.8 23.6 35.8 28.64 25 2 9 5 6 3

6 All No 1 21.6 35.8 35.8 125 8 46 28 27 16

7 All Smart TV 1 21.6 35.8 35.8 100 7 36 28 20 9

8 AllSmart TV

andSmart Light

0.86 21.6 35.8 30.8 75 5 26 19 20 5

vulnerabilities of all smart TVs inside the system have been fixed. Hence, they cannot be used as the entry points by attacker to conduct the attack.

The attack goal is to control the central concentrator. If a Smart Grid device hasmore than one vulnerability, attackers can randomly select one vulnerability to conductthe attack. The considered attack scenarios are not the only solutions since more vul-nerability rates can be selected and tested. Fortunately, the result at a 2% rate is visuallysignificant.

3.3 Attack Analysis Results

We conducted a Smart Grid case study by applying the framework for automating IoTsecurity analysis proposed in [17]. We calculate the security metrics values in node, at-tack path, and network level. These security metrics are Attack Success Probability (p),Attack Cost (ac), Attack Impact (aim), Attack Risk (r). The formulas to calculate thesesecurity metrics are extracted from Subsection 2.4. Based on the range of p adapted bythe research at [22] and [33], the attack paths are classified into five categories, includ-ing Rare (0.0≤ p≤ 0.19), Unlikely (0.2≤ p≤ 0.39), Possible (0.4≤ p≤ 0.59), Likely

14 Tan Duy Le et al.

(0.6 ≤ p ≤ 0.79), and Almost Certain (0.8 ≤ p ≤ 1) paths. The network level analysisresults are shown in Table 3. Accordingly, the scenarios from one to five denote theresults for the single-entry attacker model, as well as scenario six represents the resultsfor the multiple-entry attacker model, and the scenarios from seven to eight for resultsfrom multiple-entry attacker model with patch.

Single-entry attacker model: We can see that attacking the smart TVs and smart lightshave the maximum success probability from the metrics values 1. However, the attackcost by compromising the smart lights is higher than the smart TVs. Accordingly, thereare 25 attack paths, which contain 7 Almost Certain paths, for attackers to reach thecentral concentrator via the smart TVs’ entry points. Consequently, intruders are morelikely to choose smart TVs as entry points.

At the network level, attack cost is the minimum cost, while attack impact is themaximum loss caused by an intruder to compromise the target among all potential paths.Therefore, an ideal path for attackers to compromise the central concentrator may notexist even in the single-entry attacker model. As an evidence, the path from TVA1 toCentral Concentrator, which is shown in the following, has the minimum attack costat 21.6, maximum attack success probability at 1, and maximum attack risk and impactat 35.8:

– Attackers→ TVA1 →GatewayA1 →MeterA1 →ConcentratorA→Central Concentrator

However, the following path from TVB2 to Central Concentrator has the maximumimpact at 35.8:

– Attackers→ TVB2 →GatewayB2 →MeterB2 →ConcentratorB→Central Concentrator

After analyzing the Smart Grid system, attackers can determine which paths to hackbased on their intention. The knowledge can be used by security experts to protect thesystem against an attack. By using attack success probability metrics, the example ofan attack graph generated automatically by the case study is shown in Figure 3.

Multiple-entry attacker model: By providing more entry devices, attackers possessmore paths to conduct an attack. There is more likely that the Smart Gird system ishacked since among 125 paths, there are 16 Almost Certain, 27 Likely, and 28 Possiblepaths, respectively. In this scenario, attackers need to spend less cost at 21.6. However,the attack impact and attack risk are highest at 35.8. Similarly, smart TVs and smartlights should be protected at first in order to prevent the attackers from breaking intothe system.

Multiple-entry attacker model with patch: We modify the vulnerability informationfor the smart TVs or both smart TVs and smart lights, separately.

Since the potential attack paths caused by both smart TVs and smart lights, theimpact of patch function on smart TVs is not obvious. The attack success probability,attack impact, attack risk remain the same with multiple-entry attacker model. However,

CVSS Based Attack Analysis using a Graphical Security Model 15

Fig. 3: An Example of Attack Graph Generated by a Case Study

the total paths have been decreased. The Almost Certain paths are modified from 16 to9.

By eliminating the vulnerabilities of both smart TVs and smart lights, we decreasethe attack success probability, attack impact, and attack risk. However, the attack costhas not changed. The reason comes from the vacuum cleaners, which costs attackersless effort to compromise. The number of Almost Certain paths has been changed to 5.Therefore, based on the analysis results, it is evident that protecting both smart TVs andsmart lights is more effective than protecting either of them.

4 Conclusion and Future Work

Cyber-security is at the core of modern technologies. In this research, we conducted acomprehensive and systematic survey of various attack analysis studies using the com-bination of Graphical Security Model and CVSS. We reviewed of the state-of-the-arttechniques, ranging from traditional networks, emerging technologies, to Smart Grid.To accomplish this goal, numerous metrics of interest have been examined, namely, At-tack Tree, Attack Graph Generation, Attack Graph Visualization, Attack Success Prob-ability, Attack Cost, Attack Impact, Attack Risk, Likelihood, and Smart Grid Applica-tion.

16 Tan Duy Le et al.

As cyber attacks on the Smart Grid system can have serious issues, protecting theSmart Grid system safe from attackers is extremely important. Attack analysis is one ofthe advanced technologies to investigate and evaluate attackers’ activities. This infor-mation is invaluable to defense the Smart Grid system. However, there is few researchfocus on Smart Grid attack analysis using Graphical Security Model.

We indicated that the framework for automating security analysis of the Internet ofThings proposed in this paper is a successful solution which can be extended to SmartGrid system. By applying the PNNL Taxonomy Feeders R4-12.47-2, Smart Grid net-work model with gateway, a Smart Grid case study with three attack scenarios, includ-ing a single-entry attacker model, multiple-entry attacker model, and multiple-entryattacker model with patch, has been carried out. All potential attack paths have beendetermined, and the values of the selected security metrics have been calculated duringthe vulnerability analysis process. Besides, our research is enriched by the automatedAttack Graph generation capacity.

This knowledge can be used for cybersecurity training of IT experts and cybersecu-rity professionals. Based on evaluating various security metrics, IT experts and cyberse-curity professionals can determine all possible attack paths, then decide which devicesincluded in the paths should be protected at first. Besides, the effectiveness of specificdevice-level strategies deployed for different devices can be compared. For the network-level, the performance of the Smart Grid system’s defense strategies can be measured.Furthermore, our work can help system planners estimate the attack’s damage cost onthe proposed Smart Grid system.

We intend to extend our current work to a Cyber Attack Analysis Framework forSmart Grids, which integrates more power grid test feeders and network models forfuture work. We will also conduct case studies with the collection of various Smart GridCVEs, different power grid and network models, to validate our extended framework.

References

1. I. Ghansah, Smart Grid Cyber Security Potential Threats, Vulnerabilities and Risks: InterimProject Report. California Energy Commission, 2012.

2. S. Christey and R. A. Martin, “Vulnerability type distributions in cve,” 2007.3. K. Scarfone and P. Mell, “An analysis of cvss version 2 vulnerability scoring,” in 2009 3rd

International Symposium on Empirical Software Engineering and Measurement. IEEE,2009, pp. 516–525.

4. J. B. Hong, D. S. Kim, C.-J. Chung, and D. Huang, “A survey on the usability and practicalapplications of graphical security models,” Computer Science Review, vol. 26, pp. 1–16,2017.

5. B. Schneier, Secrets and lies: digital security in a networked world. John Wiley & Sons,2015.

6. O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing, “Automated generation andanalysis of attack graphs,” in Proceedings 2002 IEEE Symposium on Security and Privacy.IEEE, 2002, pp. 273–284.

7. J. Hong and D.-S. Kim, “Harms: Hierarchical attack representation models for network se-curity analysis,” 2012.

8. J. B. Hong and D. S. Kim, “Towards scalable security analysis using multi-layered securitymodels,” Journal of Network and Computer Applications, vol. 75, pp. 156–168, 2016.

CVSS Based Attack Analysis using a Graphical Security Model 17

9. X. O. Anoop Singhal, “Security risk analysis of enterprise networks using probabilistic attackgraphs,” National Institute of Standards and Technology (NIST), Tech. Rep., 2011.

10. Y. K. M. Hyunchul Joh, “Defining and assessing quantitative security risk measures usingvulnerability lifecycle and cvss metrics,” The 2011 International Conference on Security andManagement (SAM’11), 2011.

11. P. Cheng, L. Wang, S. Jajodia, and A. Singhal, “Aggregating cvss base scores for semantics-rich network security metrics,” International Symposium on Reliable Distributed Systems,2012.

12. I. R. Nayot Poolsappasit, Rinku Dewri, “Dynamic security risk management using bayesianattack graphs,” IEEE Transactions on Dependable and Secure Computing, 2012.

13. M. Alhomidi and M. Reed, “Attack graph-based risk assessment and optimisation approach,”International Journal of Network Security & Its Applications, vol. 6, no. 3, p. 31, 2014.

14. M. U. Aksu, M. H. Dilek, E. I. Tatl, K. Bicakci, H. I. Dirik, M. U. Demirezen, and T. Aykr,“A quantitative cvss-based cyber security risk assessment methodology for it systems,” in2017 International Carnahan Conference on Security Technology (ICCST), 2017, pp. 1–8.

15. M. Ge and D. S. Kim, “A framework for modeling and assessing security of the internet ofthings,” IEEE 21st International Conference on Parallel and Distributed Systems, 2015.

16. S. E. Yusuf, M. Ge, J. B. Hong, H. K. Kim, P. Kim, and D. S. Kim, “Security modellingand analysis of dynamic enterprise networks,” in 2016 IEEE International Conference onComputer and Information Technology (CIT), 2016, pp. 249–256.

17. M. Ge, J. B.Hong, and W. G. D. SeongKim, “A framework for automating security analysisof the internet of things,” Journal of Network and Computer Applications, vol. 83, pp. 12–27,2017.

18. Erxia Li, Chaoqun Kang, Deyu Huang, Modi Hu, Fangyuan Chang, Lianjie He, and Xiaoy-ong Li 0003, “Quantitative model of attacks on distribution automation systems based oncvss and attack trees.” Information., 2019.

19. S. An, T. Eom, J. S. Park, J. B. Hong, A. Nhlabatsi, N. Fetais, K. M. Khan, and D. S. Kim,“Cloudsafe: A tool for an automated security analysis for cloud computing,” in 2019 18thIEEE International Conference On Trust, Security And Privacy In Computing And Com-munications/13th IEEE International Conference On Big Data Science And Engineering(TrustCom/BigDataSE), 2019, pp. 602–609.

20. T. Eom, J. B. Hong, S. An, and J. S. P. D. S. Kim, “A framework for real-time intrusionresponse in software defined networking using precomputed graphical security models,” Se-curity and Communication Networks, 2020.

21. K. Beckers, M. Heisel, L. Krautsevich, F. Martinelli, R. Meis, and A. Yautsiukhin, “De-termining the probability of smart grid attacks by combining attack tree and attack graphanalysis,” International Workshop on Smart Grid Security, 2014.

22. C. N. Yatin Wadhawan, Anas AlMajali, “A comprehensive analysis of smart grid systemsagainst cyber-physical attacks,” Electronics, vol. 7, 2018.

23. R. Meyur, “A bayesian attack tree based approach to assess cyber-physical security of powersystem,” in 2020 IEEE Texas Power and Energy Conference (TPEC), 2020, pp. 1–6.

24. K. Schneider, B. Mather, B. Pal, C.-W. Ten, G. Shirek, H. Zhu, J. Fuller, J. L. R. Pereira,L. F. Ochoa, L. R. de Araujo et al., “Analytic considerations and design basis for the ieeedistribution test feeders,” IEEE Transactions on power systems, vol. 33, no. 3, pp. 3181–3188, 2017.

25. K. P. Schneider, Y. Chen, D. P. Chassin, R. G. Pratt, D. W. Engel, and S. E. Thomp-son, “Modern grid initiative distribution taxonomy final report,” Pacific Northwest NationalLab.(PNNL), Richland, WA (United States), Tech. Rep., 2008.

26. N. Saputro, K. Akkaya, and S. Uludag, “A survey of routing protocols for smart grid com-munications,” Computer Networks, vol. 56, no. 11, pp. 2742–2771, 2012.

18 Tan Duy Le et al.

27. I. Colak, S. Sagiroglu, G. Fulli, M. Yesilbudak, and C.-F. Covrig, “A survey on the criticalissues in smart grid technologies,” Renewable and Sustainable Energy Reviews, vol. 54, pp.396–405, 2016.

28. T. D. Le, A. Anwar, R. Beuran, and S. W. Loke, “Smart grid co-simulation tools: Reviewand cybersecurity case study,” in 2019 7th International Conference on Smart Grid (icS-martGrid). IEEE, 2019, pp. 39–45.

29. T. D. Le, A. Anwar, S. W. Loke, R. Beuran, and Y. Tan, “Gridattacksim: A cyber attacksimulation framework for smart grids,” Electronics, vol. 9, no. 8, p. 1218, 2020.

30. M. A. Cohen, “Gridlab-d taxonomy feeder graphs,” GridLAB-D Taxonomy Feeder Graphs,2013.

31. N. Raza, M. Q. Akbar, A. A. Soofi, and S. Akbar, “Study of smart grid communicationnetwork architectures and technologies,” Journal of Computer and Communications, vol. 7,no. 3, pp. 19–29, 2019.

32. S. L. Clements, T. E. Carroll, and M. D. Hadley, “Home area networks and the smart grid,”Pacific Northwest National Lab.(PNNL), Richland, WA (United States), Tech. Rep., 2011.

33. R. M. Blank, “Guide for conducting risk assessments,” 2011.