Using Bayesian network models for early assessment of cyberattack threats to electricity generation facility
Recent trends in Ukraine and worldwide show a sharp increase in cyber incidents and cyber-attacks targeting modern critical infrastructure, particularly in the energy sector. That is why ensuring the cyber resilience of energy distribution systems has become particularly relevant. This study present...
Saved in:
| Date: | 2025 |
|---|---|
| Main Authors: | , |
| Format: | Article |
| Language: | Ukrainian |
| Published: |
Інститут проблем реєстрації інформації НАН України
2025
|
| Subjects: | |
| Online Access: | http://drsp.ipri.kiev.ua/article/view/345591 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Journal Title: | Data Recording, Storage & Processing |
Institution
Data Recording, Storage & Processing| Summary: | Recent trends in Ukraine and worldwide show a sharp increase in cyber incidents and cyber-attacks targeting modern critical infrastructure, particularly in the energy sector. That is why ensuring the cyber resilience of energy distribution systems has become particularly relevant.
This study presents the results of research into the development of a mechanism to facilitate the detection of cyberattacks on the IT network of a critical energy infrastructure facility. Analysis of existing tools has shown that the Bayesian network model has significant advantages and capabilities for the early assessment of cyberattack threats to the electric power industry. The cyber-attack model is built on the basis of the directed acyclic graph methodology, which allowed us to build a model for assessing the level of cyber threats for the IT network of an energy facility in the form of a Bayesian network. At the same time, the CVSS metric system, which is based on real CVE vulnerabilities, was used for a priori estimates of conditional distributions.
Numerical experiments have shown good relevance on a set of attack scenarios. In particular, they demonstrate the adaptability of the final indicators to changes in the nature and configuration of the network. Using the Kjærulff and van der Gaag method, an important fact of low sensitivity of probability values to changes in distribution parameters in critical nodes of the IT network was established. These results will allow in the future to test this concept at all stages of the attack, and not only at the early stages.
Thus, it can be argued that the use of Bayesian networks is a promising approach for assessing cyberattack threats to the IT networks of energy facilities. This, in turn, paves the way for solving the problem of increasing the level of cyber resilience of infrastructure systems for further restoration to an acceptable functional state of the system and assessment of the consequences and criticality of a cyber incident. Tabl.: 2. Fig.: 2. Refs: 23 titles. |
|---|