Process-Aware Attack-Graphs for Risk Quantification and Mitigation in Industrial Infrastructures

Research output: Contribution to journalConference articlepeer-review

Abstract

As connectivity constantly increases, business processes are vulnerable to external cyberattacks, which may hamper their continuity. As the frequency and derived impacts of these attacks increase, there is a need to prioritize and mitigate risks, considering their impact on business processes, in order of importance to the business. Addressing this need arises several challenges, starting with how to quantify the cyber-security risk over the infrastructure abstract level, map it to the business abstract level, and then propagate it across all process dependencies, and ending with how to prioritize issues to be addressed first. We identified that a holistic approach to answer these challenges in a process-aware manner is still missing. Therefore, the research aims to develop the following framework. First, we will form a processaware attack-graph that stands for the potential behavior of an attacker within an industrial infrastructure and its impact over the business processes. Second, we will develop a risk inferencing method to quantify the risk over the infrastructure level, map it to the business level and propagate it across different process dependencies. Finally, we will develop a method to identify the risk root causes and recommend for risk mitigation steps. The framework will be evaluated based on real-life event logs and simulated settings of a smart manufacturing factory. The resulted artifacts will be evaluated by a panel of subject matter experts from the areas of cyber-security and business process management.

Original languageEnglish
Pages (from-to)11-18
Number of pages8
JournalCEUR Workshop Proceedings
Volume3139
StatePublished - 2022
EventDoctoral Consortium Papers Presented at the 34th International Conference on Advanced Information Systems Engineering, CAiSE-DC 2022 - Leuven, Belgium
Duration: 6 Jun 202210 Jun 2022

Bibliographical note

Publisher Copyright:
© 2022 Copyright for this paper by its authors.

Keywords

  • Attack-Graph
  • Process-Mining
  • Risk management

ASJC Scopus subject areas

  • General Computer Science

Fingerprint

Dive into the research topics of 'Process-Aware Attack-Graphs for Risk Quantification and Mitigation in Industrial Infrastructures'. Together they form a unique fingerprint.

Cite this