Determining Resiliency Using Attack Graphs

  • Mariam IbrahimEmail author
  • Ahmad Alsheikh
Part of the Studies in Systems, Decision and Control book series (SSDC, volume 255)


System Resiliency is concerned with “its capability to cope with adverse events”. Its quantification allows system designers to assess the level of system security and adopt the best scheme and countermeasures utilizing the available resources. This chapter introduces a novel approach for determining the Level-of-Resilience (LoR) of a system employing its Attack graph constituting distinct attack scenarios corrupting the system. This requires an overall system characterization, defining its architecture and connectivity, components and performance, assets, mitigation, vulnerabilities, and attacks. Two communication networks and two power systems are evaluated, and formally characterized using Architecture Analysis & Design Language (AADL). The developed system designs are then checked with a security property using JKind verifier. The union of the resulted attack sequences/scenarios causing a system breach is the Attack Graph. Each attack sequence has a correlated LoR. Then, by identifying all potential attack scenarios, their worst case LoR can be evaluated as illustrated through the communication networks and power system examples.


Resilience Attack graph Power system Performance 



The authors would like to acknowledge Deanship of Graduation Studies and Scientific Research at the German Jordanian University for the Seed fund SATS 02/2018, and Suha Tayseer Sabha, for her development support in C#.


  1. 1.
    Reza, A., Von Meier, A., Mehrmanesh, L., Mili, L.: On the definition of cyber-physical resilience in power systems. Renew. Sustain. Energy Rev. 58, 1060–1069 (2016)CrossRefGoogle Scholar
  2. 2.
    Holling, C.S.: Resilience and stability of ecological systems. Ann. Rev. Ecol. Syst. 4 1, 1–23 (1973Google Scholar
  3. 3.
    Holling, C.S., Gunderson, L.H., Light, S.: Barriers and Bridges to the Renewal of Ecosystems. Columbia University Press, New York (1995)Google Scholar
  4. 4.
    Walker, B., Carpenter, S., Anderies, J., Abel, N., Cumming, G., Janssen, M., Lebel, L., Norberg, J., Peterson, G.: Resilience management in social-ecological systems: a working hypothesis for a participatory approach. Conserv. Ecol. vol. 6 (2002)Google Scholar
  5. 5.
    Kendra, J., Wachtendorf, T.: Elements of resilience after the world trade center disaster: reconstituting New York City’s Emergency Operations Centre. Disasters 27, 37–53 (2003)CrossRefGoogle Scholar
  6. 6.
    Brown, G., Matthew, C., Javier, S., Kevin, W.: Defending critical infrastructure. Interfaces 36, 530–544 (2006)CrossRefGoogle Scholar
  7. 7.
    Haimes, Y.Y.: On the definition of resilience in systems. Risk Anal. Int. J. 29, 498–501 (2009)CrossRefGoogle Scholar
  8. 8.
    Ji, K., Dong, W.: Resilient control for wireless networked control systems. Int. J. Control Autom. Syst. 9, 285–293 (2011)CrossRefGoogle Scholar
  9. 9.
    Garcia, H.E., Wen-Chiao, L., Semyon, M.M.: A resilient condition assessment monitoring system. In: 5th International Symposium on Resilient Control Systems (ISRCS), IEEE, pp. 98–105 (2012)Google Scholar
  10. 10.
    Ji, K., Yan, L., Linxia, L., Zhen, S., Dong, W.: Prognostics enabled resilient control for model-based building automation systems. In: Proceedings of the 12th Conference of International Building Performance Simulation Association, pp. 286–293 (2011)Google Scholar
  11. 11.
    Dinh, L.T., Hans, P., Xiaodan, G., Sam, M.M.: esilience engineering of industrial processes: principles and contributing factors. J. Loss Prev. Process Ind. 25, 233–241 (2012)CrossRefGoogle Scholar
  12. 12.
    Wei, D., Kun, J.: Resilient industrial control system (RICS): concepts, formulation, metrics, and insights. In 3rd International Symposium on Resilient Control Systems (ISRCS), IEEE, pp. 15–22 (2010)Google Scholar
  13. 13.
    Hosseini, S., Kash, B., Jose, E.R.-M.: A review of definitions and measures of system resilience. Reliab. Eng. Syst. Saf. 145, 47–61 (2016)CrossRefGoogle Scholar
  14. 14.
    Ouyang, M., Wang, Z.: Resilience assessment of interdependent infrastructure systems: with a focus on joint restoration modeling and analysis. Reliab. Eng. Syst. Saf. 141, 74–82 (2015)CrossRefGoogle Scholar
  15. 15.
    Pant, R., Barker, K., Ramirez-Marquez, J., Rocco, C.: Stochastic measures of resilience and their application to container terminals. Comput. Ind. Eng. 70, 183–194 (2014)CrossRefGoogle Scholar
  16. 16.
    Francis, R., Behailu, B.: A metric and frameworks for resilience analysis of engineered and infrastructure systems. Reliab. Eng. Syst. Saf. 121, 90–103 (2014)CrossRefGoogle Scholar
  17. 17.
    Panteli, M., Pierluigi, M., Dimitris, N.T., Elias, K., Nikos, D.H.: Metrics and quantification of operational and infrastructure resilience in power systems. IEEE Trans. Power Syst. 32, 4732–4742 (2017)CrossRefGoogle Scholar
  18. 18.
    MacKenzie, C.A., Kash, B.: Empirical data and regression analysis for estimation of infrastructure resilience with application to electric power outages. J. Infrastruct. Syst. 19, 25–35 (2012)CrossRefGoogle Scholar
  19. 19.
    Panteli, M., Pierluigi, M.: Modeling and evaluating the resilience of critical electrical power infrastructure to extreme weather events. IEEE Syst. J. 11, 1733–1742 (2017)CrossRefGoogle Scholar
  20. 20.
    SEI: Architecture analysis and design language, Carnegie-Mellon University, Pittsburgh, Pennsylvania, USA, [Online]. Available
  21. 21.
    Ibrahim, M.: A Resiliency Measure for Communication Networks, Amman. IEEE, JORDAN (2017)Google Scholar
  22. 22.
    Ibrahim, M., Jun, C., Ratnesh, K.: A resiliency measure for electrical power systems. In: 13th International Workshop on Discrete Event Systems (WODES), pp. 385–390 (2016)Google Scholar
  23. 23.
    Singh, S., Stålmarck, G., Sheeran, M.: Checking safety properties using induction and a SAT-Solver. In: International Conference on Formal Methods in Computer-Aided Design, Berlin, Heidelberg (2000)Google Scholar
  24. 24.
    Alvarez, C., Blesa, M., Serna, M.: The robustness of stability under link and node failures. Theor. Comput. Sci., Elsevier (2011)Google Scholar
  25. 25.
    Craighead, J., Burke, J.: Using the unity game engine to develop sarge: a case study. In: International Conference on Intelligent Robots and Systems (2008)Google Scholar
  26. 26.
    Sethi, A.S., Hnatyshin, V.Y.: The Practical OPNET User Guide For Computer Network Simulation. CRC Press, Tayler and Frances Group (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of Mechatronics Eng., Faculty of Applied Technical SciencesGerman Jordanian UniversityAmmanJordan

Personalised recommendations