A Graph-Based Security Framework for Securing Industrial IoT Networks from Vulnerability Exploitations
ABSTRACT
Industrial IoT (IIoT) refers to the application of IoT in industrial management to improve overall operational efficiency. With IIoT that accelerates the industrial automation process by enrolling thousands of IoT devices, strong security foundations are to be deployed befitting the distributed connectivity and constrained functionalities of the IoT devices. Recent years witnessed severe attacks exploiting the vulnerabilities in the devices of IIoT networks. Moreover, attackers can use the relations a the vulnerabilities to penetrate deep into the network. This paper addresses the security issues in IIoT network because of the vulnerabilities existing in its devices. As graphs are efficient in representing relations a entities, we propose a graphical model representing the vulnerability relations in the IIoT network. This helps to formulate the security issues in the network as graph-theoretic problems. The proposed model acts as a security framework for the risk assessment of the network. Furthermore, we propose a set of risk mitigation strategies to improve the overall security of the network. The strategies include detection and removal of the attack paths with high risk and low hop-length. We also discuss a method to identify the strongly connected vulnerabilities referred as hot-spots. A use-case is discussed and various security parameters are evaluated. The simulation results with graphs of different sizes and structures are presented for the performance evaluation of the proposed techniques against the changing dynamics of the IIoT network.
EXISTING SYSTEM :
Industrial Control Systems(ICS) and IoT networks. However, to the best of our knowledge, no major security frameworks are developed for the IIoT systems. As the IIoT eco-system is the blend of ICS and IoT, smart security designs for IIoT systems should leverage the existing security approaches in the ICS and IoT networks. In this section, we present a brief description of the important security frameworks for industrial automation systems and IoT networks, with an emphasis on the attacks using vulnerabilities in the network devices. Risk assessment and security management of industrial automation systems are well investigated used attack trees to evaluate security in power system control networks. They propose an analytical method for measuring the severity of vulnerabilities. Different scenarios of security breaches are mapped into a tree structure and an upper bound of threat value is imposed to find the pivotal leaves which require counter measures. developed a vulnerability tree of an industrial control system based on the past history of attacks. For each system in the network, they used two indices, referred as threat impact index and cyber vulnerability index, both ranging from 0 to 100 and denoting the financial impact and vulnerability impact, respectively. However these values were assigned using the questionnaire methods. A Network Security Risk Model (NSRM) was developed for process control networks(PCN) to represent the attack paths in a graph. They formulated a risk analysis based on a model that captures the dynamics of cyber attacks on PCNs. The nodes in their graph denote the system components and the edges denote the influence a them. They presented the effectiveness of their method on a use-case of SCADAcontrolled oil pump station. A digraph model for the formal and explicit representation of the structure of a SCADA system was presented for risk assessment and management. The devices in the network are mapped into the nodes and the security relations a the devices are mapped into the edges of the graph. They found the devices to be affected with high probability in case if any device in the network was already infected. They applied their method in a chemical distillation system. It is used a Markov model driven by Boolean logic which models an attack by mapping Markov process on Fault trees. An evaluation of the STUXNET attack is also presented using their method. Game theoretic approaches were introduced for security analysis of the grid-based SCADA systems.It presented a thorough review of major works in the security of the industrial control systems. A systematic review of cyber-security issues in different industries is presented. Most of the works discussed above use graph based structures to model the attack paths as in our proposed work. However, the formulation of attack paths and computation of security impact in these works rely on heuristics such as history of attacks, opinion of experts, model checking and domain knowledge. In our work, the formulation of path is governed by vulnerability relations which are available from the Internet resources, and computations are based on standards such as CVSS and hence our proposed work can be uniformly applied to all industries.
PROPOSED SYSTEM :
The proposed strategies provide multiple options for the security administrator, so that he can make efficient decisions from the available solutions in the IIoT scenario. The major contributions of our work follow. We propose a graphical model that represents multistage and multi-host attacks to targets through the chaining of vulnerabilities in the IIoT networks. We also propose techniques to extract security-relevant parameters from the graph. Depending on the ease of exploitation of a vulnerability , we apply a probabilistic metric to the corresponding edge in the graph. This enables us to compute the cumulative threat corresponding to each attack path. We propose risk mitigation strategies based on the following approaches: Selective removal of the high-risk attack paths. Removal of attack paths with low hop-lengths. Removal of hot-spots. We present a realistic example scenario of an IIoT network and evaluate its security-relevant parameters.
The proposed risk mitigation strategies are of high relevance in an IIoT network. We compute the cumulative threat of each possible path and identify the dominant attack paths with high cumulative threats. The selective removal of these paths results in an improved network security. Hop-based strategies rely on the fact that the attackers always try to complete the execution of attack in minimum possible hops so as to remain unnoticed in the network. Hence, we propose a method to find the paths to be removed such that the attacker has to traverse at least a minimum predetermined number of hops to successfully compromise a target device. Hot-spots refer to those vulnerability elements in the network which are strongly connected with the other vulnerability elements. Therefore, removal of such vulnerabilities can drastically reduce the number of attack paths. We discuss an algorithm to detect the hot-spots in an IIoT network.
CONCLUSION :
In this work, a graph based security framework is discussed for securing the IIoT network from vulnerabilities residing in the network devices. The critical parameters that represent different security-relevant information about the network are derived from this graph. Risk mitigation strategies are proposed on the graph to reduce the overall threat level in the network. The model and the techniques proposed enable a security administrator to visualize the threat levels posed by the vulnerabilities existing in the network. The framework also provides an optimization platform for the security administrator to find the optimum threshold values corresponding to the threat, hop and hot-spot index within the constraints of the IIoT network. The options provided by the proposed risk mitigation strategies helps the administrator to choose viable solutions for security improvement. The proposed techniques pave the way for a safer IIoT environment. The framework can be improved by incorporating cost models for hardening of the vulnerabilities in the network. However, widely accepted standard for cost modeling are currently unavailable even though a few works have proposed their-own mechanism for the cost calculation. The feasibility of a standard cost modeling for the patching of vulnerabilities can be investigated and incorporated into the framework to find the optimal threshold values corresponding to the threat, hop and hot-spot index.