Determining the Probability of Smart Grid Attacks by Combining Attack Tree and Attack Graph Analysis

  • Kristian Beckers
  • Maritta Heisel
  • Leanid KrautsevichEmail author
  • Fabio Martinelli
  • Rene Meis
  • Artsiom Yautsiukhin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8448)


Smart grid is an intelligent energy distribution system consisting of multiple information and communication technologies (ICT). One of the challenges for such complex and heterogeneous system as smart grid is to unite security analysis on a high level of abstraction and concrete behavioral attack patterns that exploit low-level vulnerabilities. We provide a structured method that combines the Si* language, which can express attacker motivations as a goal hierarchy, and vulnerability specific attack graphs, which shows every step available for an attacker. We derive system specific information from the low-level representation of the system for a high-level probabilistic analysis.


Smart grid Threat analysis Attack graphs Attack trees Si* model 


  1. 1.
    Asnar, Yudistira, Massacci, Fabio: A method for security governance, risk, and compliance(GRC): a goal-process approach. In: Aldini, Alessandro, Gorrieri, Roberto (eds.) FOSAD 2011. LNCS, vol. 6858, pp. 152–184. Springer, Heidelberg (2011) Google Scholar
  2. 2.
    Beckers, K.: Goal-based establishment of an information security management system compliant to ISO 27001. In: Geffert, V., Preneel, B., Rovan, B., Štuller, J., Tjoa, A.M. (eds.) SOFSEM 2014. LNCS, vol. 8327, pp. 102–113. Springer, Heidelberg (2014) Google Scholar
  3. 3.
    Beckers, K., Côté, I., Hatebur, D., Faßbender, S., Heisel, M.: Common Criteria CompliAnt Software Development (CC-CASD). In: Proceedings of 28th SAC, pp. 937–943. ACM (2013)Google Scholar
  4. 4.
    Bistarelli, S., Fioravanti, F., Peretti, P.: Defense trees for economic evaluation of security investments. In: Proceedings of the 1st ARES, pp. 416–423. IEEE (2006)Google Scholar
  5. 5.
    Dalton II, G.C., Colombi, J.M., Mills, R.F., Raines, R.A.: Analyzing attack trees using generalized stochastic petri nets. In: Proceedings of the IAS, pp. 116–123. IEEE (2006)Google Scholar
  6. 6.
    Jha, S., Sheyner, O., Wing, J.: Two formal analyses of attack graphs. In: Proceedings of the 2002 IEEE CSF, p. 49. IEEE (2002)Google Scholar
  7. 7.
    Jürjens, J.: Using UMLsec and goal trees for secure systems development. In: Proceedings of the 2002 SAC, pp. 1026–1030. ACM Press (2002)Google Scholar
  8. 8.
    Krautsevich, L., Martinelli, F., Yautsiukhin, A.: Towards modelling adaptive attacker’s behaviour. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds.) FPS 2012. LNCS, vol. 7743, pp. 357–364. Springer, Heidelberg (2013) Google Scholar
  9. 9.
    LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C.: Model-based security metrics using adversary view security evaluation (advise). In: Proceedings of the 8th QEST, pp. 191–200. IEEE (2011)Google Scholar
  10. 10.
    Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: Proceedings of the 11th RE, pp. 151–161. IEEE (2003)Google Scholar
  11. 11.
    Massacci, Fabio, Mylopoulos, John, Zannone, Nicola: Security requirements engineering: the SI* modeling language and the secure tropos methodology. In: Ras, Zbigniew W., Tsay, Li-Shiang (eds.) Advances in Intelligent Information Systems. SCI, vol. 265, pp. 147–174. Springer, Heidelberg (2010) Google Scholar
  12. 12.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006) Google Scholar
  13. 13.
    Mouratidis, H., Giorgini, P., Manson, G.: Using security attack scenarios to analyse security during information systems design. In: Proceedings of ICEIS, pp. 10–17 (2004)Google Scholar
  14. 14.
    Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the VizSEC/DMSEC (2004)Google Scholar
  15. 15.
    Piètre-Cambacédès, L., Bouissou, M.: Beyond attack trees: Dynamic security modeling with boolean logic driven markov processes (bdmp). In: Proceedings of the EDCC, pp. 199–208. IEEE (2010)Google Scholar
  16. 16.
    Qin, X., Lee, W.: Attack plan recognition and prediction using causal networks. In: Proceedings of the 20th ACSAC, pp. 370–379. IEEE (2004)Google Scholar
  17. 17.
    Sarraute, C., Richarte, G., Obes, J.L.: An algorithm to find optimal attack paths in nondeterministic scenarios. In: Proceedings of the 4th AISec, pp. 71–80. ACM (2011)Google Scholar
  18. 18.
    Schneier, B.: Attack trees: Modelling security threats. Dr. Dobb’s journal, December 1999Google Scholar
  19. 19.
    van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th ICSE, pp. 148–157. IEEE (2004)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Kristian Beckers
    • 1
  • Maritta Heisel
    • 1
  • Leanid Krautsevich
    • 2
    Email author
  • Fabio Martinelli
    • 2
  • Rene Meis
    • 1
  • Artsiom Yautsiukhin
    • 2
  1. 1.paluno – The Ruhr Institute for Software Technology – University of Duisburg-EssenEssenGermany
  2. 2.Istituto di Informatica E Telematica – Consiglio Nazionale Delle RicerchePisaItaly

Personalised recommendations