Automatic Attack Graph Generation for Industrial Controlled Systems

  • Mariam IbrahimEmail author
  • Ahmad Alsheikh
  • Qays Al-Hindawi
Part of the Studies in Systems, Decision and Control book series (SSDC, volume 255)


Industrial Controlled Systems (ICSs) are prone to cyber-attacks exploiting weaknesses in their units. This chapter illustrates through an example of a pressurized water Nuclear Power Plant (NPP) control system how these vulnerabilities may be exploited by an attacker compromising the system. The control system is described by Architecture Analysis and Design Language (AADL), and then checked with a security property via JKind checker. The resulted Lustre file is later fed to an Attack Scenarios Generation and Filtration Tool (ASGFT). This tool automatically generates all possible attack scenarios resulting in overall plant disruption. The union of these attack scenarios is visualized by a Visualizer.exe, a Graphical User Interface (GUI) built employing C#.


Nuclear power plant Attack scenario Assets Vulnerabilities ASGFT 



The authors would like to acknowledge Deanship of Graduation Studies and Scientific Research at the German Jordanian University for the Seed fund SATS 02/2018.

Supplementary material


  1. 1.
    Morris, T.H., Gao, W.: 1st International Symposium on ICS & SCADA Cyber Security Research 2013, pp. 22–29. Leicester, UK (2013)Google Scholar
  2. 2.
    Potter, W.C.: Less Well Known Cases of Nuclear Terrorism and Nuclear Diversion in Russia. (NIT). (Aug, 1997)
  3. 3.
    Maguire, K.: Guard tries to sabotage nuclear reactor. The Guardian. (Jan, 2001, Ed.)
  4. 4.
    Kesler, B.: The vulnerability of nuclear facilities to cyber attack. Strat. Insights 10(1), 15–25 (2011)Google Scholar
  5. 5.
    Farwell, J.P., Rohozinski, R.: Stuxnet and the future of cyber war. Surv. Global Politics Strategy, 53(1), 23–40. (28 Jan 2011).
  6. 6.
    Arène, V.: Le réseau informatique d’Areva piraté. Le Monde Informatique. Retrieved from (30 Sept 2011)
  7. 7.
    The 4 most iconic industrial cyberattacks. (Sentryo). (28 Sept 2016)
  8. 8.
    Meeyoung, C., Park, J.-m.: South Korea blames North Korea for December hack on nuclear operator. Infosec Institute. (17 Mar 2015)
  9. 9.
    Nuclear Material Control Center data leak report says sensitive info unlikely affected. The Mainichi. Retrieved from (19 May 2016)
  10. 10.
    Varuttamaseni, A., Bari, R.A., Youngbl, R.: Construction of a Cyber Attack Model for Nuclear Power Plants. 2017 ANS Annual Conference, pp. 1–10. San Francisco. (2017)
  11. 11.
    Cimpanu, C.: Hackers steal research and user data from Japanese Nuclear Research Lab. Softpedia Niews. (17 Oct 2016)
  12. 12.
    Perlroth, N.: Hackers are targeting nuclear facilities, Homeland Security Dept. and F.B.I. Say. The Newyork Times. (6 July 2017)
  13. 13.
    Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, Graph-Based Network Vulnerability Analysis. 9th ACM Conference on Computer and Communications Security, pp. 217–224. ACM, Washington. (2002)
  14. 14.
    Ahn, W., Chung, M., Min, B.-G., Seo, J.: Development of cyber-attack scenarios for nuclear power plants using scenario graphs. Int. J. Distrib. Sens. Netw. 2015, 12 (2015). Scholar
  15. 15.
    Templeton, S.J., Levitt, K.N.: A requires/provides model for computer attacks. 2000 Workshop on New security Paradigms, pp. 31–38. ACM, Ballycotton, County Cork, Ireland. (2000)
  16. 16.
    Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. The 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 109–118. Washington. (2004)
  17. 17.
    Zhang, T., Hu, M.-Z., Li, D., Sun, L.: An effective method to generate attack graph. In: The Fourth International Conference on Machine Learning and Cybernetics, pp. 3926–3931. IEEE, Guangzhou. (Aug, 2005)
  18. 18.
    Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: IEEE Symposium on Security and Privacy, pp. 273–284. IEEE, Oakland, California. (May 2002)
  19. 19.
    Xinming, O., Boyer, W., McQueen, M.: A scalable approach to attack graph generation. In: The 13th ACM conference on Computer and communications security, pp. 336–345. ACM, Alexandria, Virginia, USA. (2006)
  20. 20.
    Rao, P., Sagonas, K., Swift, T., Warren, D.S., Freire, J.: XSB: A system for efficiently computing. In: International Conference on Logic Programming and Nonmonotonic Reasoning (LPNMR’97), pp. 2–17. Springer, Dagstuhl, Germany. (1997)
  21. 21.
    Sheyner, O., Wing, J.: Tools for generating and analyzing attack graphs. In: International Symposium on Formal Methods for Components and Objects, pp. 344–371. Leiden, The Netherlands. (2003)
  22. 22.
    Yi, S., Peng, Y., Xiong, Y. (eds.): Overview on attack graph generation and visualization technology. In: 2013 International Conference on Anti-Counterfeiting, Security and Identification (ASID), pp. 1–6. IEEE, Shanghai, China. (2013)
  23. 23.
    Amenaza.: Secur/Tree for Attack Tree analysis. (Amenaza Technologies). (2001). Accessed on 10 May 2018
  24. 24.
    Skybox.: Scybox Security. (Skybox Inc) Retrieved 2018 from (2002). Accessed on 10 May 2018
  25. 25.
    Lippmann, R.P., Ingols, K.W.: An Annotated Review of Past Papers on Attack Graphs. Massachusetts Inst of Tech Lexington Lincoln Lab (2015)Google Scholar
  26. 26.
    Swiler, L.P., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: DARPA Information Survivability Conference and Exposition II, 2001, pp. 307–321. IEEE, Anaheim, CA, USA (2001)Google Scholar
  27. 27.
    Institute for Security and Safety (ISS) in Cooperation with the Nuclear Threat Initiative (NTI).: Cyber Security at Nuclear Facilities: National Approache. Research Paper, Institute for Security and Safety (ISS) at the Brandenburg University of Applied Sciences. (2015)
  28. 28.
    Sklyar, V.: Cyber security of safety-critical infrastructures: a case study for nuclear facilities. Inf. Secur. Int. J. 28(1), 98–107 (2012)Google Scholar
  29. 29.
    Stoutland, P.: Cyberattacks on Nuclear Power Plants: How Worried Should We Be?. Nuclear Threat Initiative. (Mar, 2018). Accessed on 16 May 2018
  30. 30.
    Angle, M.G., Madnick, S., Kirtley, J.L., Khan, S.: Identifying and anticipating cyber attacks that could cause physical damage to industrial control systems. IEEE Power Energy Technol. Syst. J. (June, 2019)
  31. 31.
    Carnegie-Mellon-University.: Open Source AADL Tool Environment for the SAE Architecture. (2018)
  32. 32.
    Gacek, A., Backes, J., Whalen, M., Wagner, L., Ghassabani, E.: The JKind model checker. Computer Aided Verification 2018. Oxford, UK. (2018)
  33. 33.
    Microsoft.: Visual Studio. (2018). Accessed on 20 May 2018
  34. 34.
    Li, Y., Ma, J., Chan, A., Huang, Y., Wang, B.: Mechanism model of pressurizer in the pressurized water reactor nuclear. In: 2012 24th Chinese Control and Decision Conference (CCDC), pp. 178–182. IEEE, Taiyuan, China. (2012)
  35. 35.
    USNRC HRTD.: Westinghouse Technology Systems Manual. U.S. Nuclear Regulatory Commission. Accessed on 21 May 2018 (n.d.)
  36. 36.
    USNRC Technical Training Center.: Pressurized Water Reactor Systems. Accessed on 21 May 2018 (n.d.)
  37. 37.
    Green, S.J., Hetsroni, G.: PWR steam generators. Int. J. Multiph. Flow 21(null), 1–97, (1995).
  38. 38.
    Nuclear Power Plant Safety Systems.: Canadian Nuclear Safety Commission. (2016). Accessed on 23 May 2018
  39. 39.
    Razak, T.A., Ibrahim Salim, M.: A study on IDS for preventing Denial of Service attack using outliers techniques. In: 2nd IEEE International Conference on Engineering and Technology (ICETECH), pp. 768–775. IEEE, Coimbatore, India. (Mar 2016)
  40. 40.
    JKind, An infinite-state model checker for safety properties.: Loonwerks. Available (n.d.). Accessed on 11 Nov 2018
  41. 41.
    Halbwachs, N., Caspi, P., Raymond, P., Pilaud, D.: The synchronous data flow programming language LUSTRE. IEEE 79(9), 1305–1320 (Sept, 1991).
  42. 42.
    Uof-Minnesota, R.-C. a.: The Assume Guarantee Reasoning Environment. Pittsburgh, Pennsylvania, USA. (2016). Accessed on 11 Jan 2018
  43. 43.
    HTML5 Web Development Support NetBeans: (2014). Accessed on 17 Feb 2018
  44. 44.
    Tulac.: Happy Birthday NetBeans. J, Interviewer. (17 May 2008)Google Scholar
  45. 45.
    Maven, Using NetBeans with Apache Maven.: NetBeans. (2014). Accessed on 10 Oct 2018
  46. 46.
    Böck, H.: The definitive guide to NetBeans™ Platform 7, Apress. Apress (2011). Scholar
  47. 47.
    David, M.: Visual Studio IDE Offers Many Advantages For Developers. (SearchSoftware Quality) from (9 Sept 2015). Accessed on 20 May 2018

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Mariam Ibrahim
    • 1
    Email author
  • Ahmad Alsheikh
    • 1
  • Qays Al-Hindawi
    • 1
  1. 1.Department of Mechatronics Eng, Faculty of Applied Technical SciencesGerman Jordanian UniversityAmmanJordan

Personalised recommendations