Skip to main content

An Attack Execution Model for Industrial Control Systems Security Assessment

Part of the Lecture Notes in Computer Science book series (LNSC,volume 9588)


The improved communication and remote control capabilities of industrial control systems equipment have increased their attack surface. As a result, managing the security risk became a challenging task. The consequences of attacks in an industrial control system can go beyond targeted equipment to impact services in the industrial process. In addition, the success likelihood of an attack is highly correlated to the attacker profile and his knowledge of the architecture of the system. In this paper, we present the Attack Execution Model (AEM), which is an attack graph representing the evolution of the adversary’s state in the system after each attack step. We are interested in assessing the risk of cyber attacks on an industrial control system before the next maintenance period. Given a specific attacker profile, we generate all potential attacker actions that could be executed in the system. Our tool outputs the probability and the time needed to compromise a target equipment or services in the system.


  • Industrial control systems security
  • SCADA security
  • Attack graph

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-40385-4_11
  • Chapter length: 11 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
USD   44.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-40385-4
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   59.99
Price excludes VAT (USA)


  1. ICS-CERT: NCCIC/ICS-CERT Monitor September 2014-February 2015.

  2. Byres, E.: The air gap: SCADA’s enduring security myth. Commun. ACM 56(8), 29–31 (2013)

    CrossRef  Google Scholar 

  3. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002 pp. 217–224 (2002)

    Google Scholar 

  4. Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 121–130 (2006)

    Google Scholar 

  5. Jajodia, S., Noel, S.: Topological vulnerability analysis. In: Jajodia, S., Liu, P., Swarup, V., Wang, C. (eds.) Cyber Situational Awareness. Advances in Information Security, vol. 46, pp. 139–154. Springer, US (2010)

    CrossRef  Google Scholar 

  6. Lippmann, R.P., et al.: Validating and restoring defense in depth using attack graphs. In: Proceedings of Military Communications Conference (MILCOM) (2006)

    Google Scholar 

  7. Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost-sensitive intrusion response. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 626–642. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  8. Albanese, M., Jajodia, S., Pugliese, A., Subrahmanian, V.S.: Scalable analysis of attack scenarios. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 416–433. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  9. Leversage, D., Byres, E.: Estimating a system’s mean time-to-compromise. IEEE Secur. Priv. 6(1), 52–60 (2008)

    CrossRef  Google Scholar 

  10. LeMay, E., Ford, M., Keefe, K., Sanders, W., Muehrcke, C.: Model-based security metrics using adversary view security evaluation (advise). In: Proceedings of the 2011 Eighth International Conference on Quantitative Evaluation of SysTems, QEST 2011, pp. 191–200. IEEE Computer Society, Washington, DC (2011)

    Google Scholar 

  11. Bursztein, E.: Anticipation Games. Ph.D. thesis, Ecole Normale Supérieure de Cachan (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Ziad Ismail .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Ismail, Z., Leneutre, J., Fourati, A. (2016). An Attack Execution Model for Industrial Control Systems Security Assessment. In: Bécue, A., Cuppens-Boulahia, N., Cuppens, F., Katsikas, S., Lambrinoudakis, C. (eds) Security of Industrial Control Systems and Cyber Physical Systems. CyberICS WOS-CPS 2015 2015. Lecture Notes in Computer Science(), vol 9588. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-40384-7

  • Online ISBN: 978-3-319-40385-4

  • eBook Packages: Computer ScienceComputer Science (R0)