Cyber-attack path discovery in a dynamic supply chain maritime risk management system


As of July 2018 University of Brighton Repository is no longer updated. Please see our new repository at

Polatidis, Nikolaos, Pavlidis, Michalis and Mouratidis, Haralambos (2017) Cyber-attack path discovery in a dynamic supply chain maritime risk management system Computer Standards & Interfaces, 56. pp. 74-82. ISSN 0920-5489

[img] Text
1-s2.0-S0920548917302301-main.pdf - Published Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (911kB)


Maritime port infrastructures rely on the use of information systems for collaboration, while a vital part of collaborating is to provide protection to these systems. Attack graph analysis and risk assessment provide information that can be used to protect the assets of a network from cyber-attacks. Furthermore, attack graphs provide functionality that can be used to identify vulnerabilities in a network and how these can be exploited by potential attackers. Existing attack graph generation methods are inadequate in satisfying certain requirements necessary in a dynamic supply chain risk management environment, since they do not consider variables that assist in exploring specific network parts that satisfy certain criteria, such as the entry and target points, the propagation length and the location and capability of the potential attacker. In this paper, we present a cyber-attack path discovery method that is used as a component of a maritime risk management system. The method uses constraints and Depth-first search to effectively generate attack graphs that the administrator is interested in. To support our method and to show its effectiveness we have evaluated it using real data from a maritime supply chain.

Item Type: Journal article
Additional Information: Open access under a Creative Commons license Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)
Uncontrolled Keywords: Cyber-security; Attack path discovery; Risk management system; Maritime supply chain; ISO standards; NIST SP 800-30
Subjects: G000 Computing and Mathematical Sciences > G400 Computing > G420 Networks and Communications
G000 Computing and Mathematical Sciences > G600 Software Engineering > G610 Software Design
DOI (a stable link to the resource): 10.1016/j.csi.2017.09.006
Depositing User: Converis
Date Deposited: 29 Sep 2017 03:01
Last Modified: 21 Dec 2017 14:57

Actions (login required)

View Item View Item


Downloads per month over past year