# A Stochastic Assessment of Attacks based on Continuous-Time Markov Chains

Title | A Stochastic Assessment of Attacks based on Continuous-Time Markov Chains |

Publication Type | Conference Paper |

Year of Publication | 2020 |

Authors | Sadu, A., Stevic, M., Wirtz, N., Monti, A. |

Conference Name | 2020 6th IEEE International Energy Conference (ENERGYCon) |

Date Published | Oct. 2020 |

Publisher | IEEE |

ISBN Number | 978-1-7281-2956-3 |

Keywords | attack propagation, attack trees, basic attack tree, Chained Attacks, concurrent attack, Conferences, continuous-time Markov chains, critical infrastructure, critical infrastructures, Cyber-physical attack, Cyber-physical systems, individual attack occurrence probabilities, Markov processes, performance evaluation, Petri nets, probability, pubcrawl, resilience, Resiliency, Scalability, security of data, sequential attack, Statistical performance evaluation, stochastic assessment, stochastic methodology, Stochastic processes, stochastic propagation times, Time measurement, Transient analysis, trees (mathematics) |

Abstract | With the increasing interdependence of critical infrastructures, the probability of a specific infrastructure to experience a complex cyber-physical attack is increasing. Thus it is important to analyze the risk of an attack and the dynamics of its propagation in order to design and deploy appropriate countermeasures. The attack trees, commonly adopted to this aim, have inherent shortcomings in representing interdependent, concurrent and sequential attacks. To overcome this, the work presented here proposes a stochastic methodology using Petri Nets and Continuous Time Markov Chain (CTMC) to analyze the attacks, considering the individual attack occurrence probabilities and their stochastic propagation times. A procedure to convert a basic attack tree into an equivalent CTMC is presented. The proposed method is applied in a case study to calculate the different attack propagation characteristics. The characteristics are namely, the probability of reaching the root node & sub attack nodes, the mean time to reach the root node and the mean time spent in the sub attack nodes before reaching the root node. Additionally, the method quantifies the effectiveness of specific defenses in reducing the attack risk considering the efficiency of individual defenses. |

URL | https://ieeexplore.ieee.org/document/9236600 |

DOI | 10.1109/ENERGYCon48941.2020.9236600 |

Citation Key | sadu_stochastic_2020 |

- attack propagation
- attack trees
- basic attack tree
- Chained Attacks
- concurrent attack
- Conferences
- continuous-time Markov chains
- critical infrastructure
- critical infrastructures
- Cyber-physical attack
- cyber-physical systems
- individual attack occurrence probabilities
- Markov processes
- performance evaluation
- Petri nets
- probability
- pubcrawl
- resilience
- Resiliency
- Scalability
- security of data
- sequential attack
- Statistical performance evaluation
- stochastic assessment
- stochastic methodology
- Stochastic processes
- stochastic propagation times
- Time measurement
- Transient analysis
- trees (mathematics)