Vulnerability of weighted networks

In real networks complex topological features are often associated with a diversity of interactions as measured by the weights of the links. Moreover, spatial constraints may as well play an important role, resulting in a complex interplay between topology, weight, and geography. In order to study the vulnerability of such networks to intentional attacks, these attributes must be therefore considered along with the topological quantities. In order to tackle this issue, we consider the case of the world-wide airport network, which is a weighted heterogeneous network whose evolution and structure are influenced by traffic and geographical constraints. We first characterize relevant topological and weighted centrality measures and then use these quantities as selection criteria for the removal of vertices. We consider different attack strategies and different measures of the damage achieved in the network. The analysis of weighted properties shows that centrality driven attacks are capable to shatter the network's communication or transport properties even at very low level of damage in the connectivity pattern. The inclusion of weight and traffic therefore provides evidence for the extreme vulnerability of complex networks to any targeted strategy and need to be considered as key features in the finding and development of defensive strategies

Scalable attack modelling in support of security information and event management

Includes bibliographical referencesWhile assessing security on single devices can be performed using vulnerability assessment tools, modelling of more intricate attacks, which incorporate multiple steps on different machines, requires more advanced techniques. Attack graphs are a promising technique, however they face a number of challenges. An attack graph is an abstract description of what attacks are possible against a specific network. Nodes in an attack graph represent the state of a network at a point in time while arcs between nodes indicate the transformation of a network from one state to another, via the exploit of a vulnerability. Using attack graphs allows system and network configuration information to be correlated and analysed to indicate imminent threats. This approach is limited by several serious issues including the state-space explosion, due to the exponential nature of the problem, and the difficulty in visualising an exhaustive graph of all potential attacks. Furthermore, the lack of availability of information regarding exploits, in a standardised format, makes it difficult to model atomic attacks in terms of exploit requirements and effects. This thesis has as its objective to address these issues and to present a proof of concept solution. It describes a proof of concept implementation of an automated attack graph based tool, to assist in evaluation of network security, assessing whether a sequence of actions could lead to an attacker gaining access to critical network resources. Key objectives are the investigation of attacks that can be modelled, discovery of attack paths, development of techniques to strengthen networks based on attack paths, and testing scalability for larger networks. The proof of concept framework, Network Vulnerability Analyser (NVA), sources vulnerability information from National Vulnerability Database (NVD), a comprehensive, publicly available vulnerability database, transforming it into atomic exploit actions. NVA combines these with a topological network model, using an automated planner to identify potential attacks on network devices. Automated planning is an area of Artificial Intelligence (AI) which focuses on the computational deliberation process of action sequences, by measuring their expected outcomes and this technique is applied to support discovery of a best possible solution to an attack graph that is created. Through the use of heuristics developed for this study, unpromising regions of an attack graph are avoided. Effectively, this prevents the state-space explosion problem associated with modelling large scale networks, only enumerating critical paths rather than an exhaustive graph. SGPlan5 was selected as the most suitable automated planner for this study and was integrated into the system, employing network and exploit models to construct critical attack paths. A critical attack path indicates the most likely attack vector to be used in compromising a targeted device. Critical attack paths are identifed by SGPlan5 by using a heuristic to search through the state-space the attack which yields the highest aggregated severity score. CVSS severity scores were selected as a means of guiding state-space exploration since they are currently the only publicly available metric which can measure the impact of an exploited vulnerability. Two analysis techniques have been implemented to further support the user in making an informed decision as to how to prevent identified attacks. Evaluation of NVA was broken down into a demonstration of its effectiveness in two case studies, and analysis of its scalability potential. Results demonstrate that NVA can successfully enumerate the expected critical attack paths and also this information to establish a solution to identified attacks. Additionally, performance and scalability testing illustrate NVA's success in application to realistically sized larger networks

Assessing the criticality of interdependent power and gas systems using complex networks and load flow techniques

Gas and electricity transmission systems are increasingly interconnected, and an attack on certain assets can cause serious energy supply disruptions, as stated in recommendation (EU) 2019/553 on cybersecurity in the energy sector, recently approved by the European Commission. This study aims to assess the vulnerability of coupled natural gas and electricity infrastructures and proposes a method based on graph theory that incorporates the effects of interdependencies between networks. This study is built in a joint framework, where two different attack strategies are applied to the integrated systems: (1) disruptions to facilities with most links and (2) disruptions to the most important facilities in terms of flow. The vulnerability is measured after each network attack by quantifying the unmet load (UL) through a power flow analysis and calculating the topological damage of the systems with the geodesic vulnerability (v) index. The proposed simulation framework is applied to a case study that consists of the IEEE 118-bus test system and a 25-node high-pressure natural gas network, where both are coupled through seven gas-fired power plants (GFPPs) and three electric compressors (ECs). The methodology is useful for estimating vulnerability in both systems in a coupled manner, studying the propagation of interdependencies in the two networks and showing the applicability of the v index as a substitute for the UL index

Topological Analysis of Power Grid to Identify Vulnerable Transmission Lines and Nodes

Electrical energy generation and distribution systems are good examples of complex systems. This M.Tech thesis is dedicated to the study of Complex Network Theory with applications in power systems for the analysis of vulnerability in power grid both for unweighted and weighted network. In Power system the vulnerability has been a key issue since a decade. A simple component failure may cause cascades of failures across the power grid and lead to a large blackout. A number of recent large blackouts in Europe, North America and India have emphasized the importance of understanding the dynamics. In this thesis Power grids have been studied for their structural vulnerabilities using purely topological approaches. The focus of the study is for a complete topological analysis of power grid based on different mode of attack. Analysis has been done by modeling power grid as a topological network and applying the concepts from graph theory. The work can be broadly classified into two parts: first is vulnerability analysis of unweighted small world network and second is analysis of weighted network in terms of homogeneous and heterogeneous network. In particular, this thesis propose two new method to identify vulnerable line for both the network and compare the topological structure of unweighted small world network with weighted network. The simulation has been done for IEEE 39, 118 and 300 bus. It is demonstrated by simulations that failure of transmission lines identified as critical, has a major impact on the performance and structure of the network unlike the failure of random connections which have no effect

The failure tolerance of mechatronic software systems to random and targeted attacks

This paper describes a complex networks approach to study the failure tolerance of mechatronic software systems under various types of hardware and/or software failures. We produce synthetic system architectures based on evidence of modular and hierarchical modular product architectures and known motifs for the interconnection of physical components to software. The system architectures are then subject to various forms of attack. The attacks simulate failure of critical hardware or software. Four types of attack are investigated: degree centrality, betweenness centrality, closeness centrality and random attack. Failure tolerance of the system is measured by a 'robustness coefficient', a topological 'size' metric of the connectedness of the attacked network. We find that the betweenness centrality attack results in the most significant reduction in the robustness coefficient, confirming betweenness centrality, rather than the number of connections (i.e. degree), as the most conservative metric of component importance. A counter-intuitive finding is that "designed" system architectures, including a bus, ring, and star architecture, are not significantly more failure-tolerant than interconnections with no prescribed architecture, that is, a random architecture. Our research provides a data-driven approach to engineer the architecture of mechatronic software systems for failure tolerance.Comment: Proceedings of the 2013 ASME International Design Engineering Technical Conferences & Computers and Information in Engineering Conference IDETC/CIE 2013 August 4-7, 2013, Portland, Oregon, USA (In Print