Liu, Yifan and Li, Shancang
2025.
RAGIIoT: Risk-aware attack graph generation for IIoT via automated CVE-tactic mapping.
Presented at: IEEE/ACM International Symposium on Quality of Service,
Gold Coast, Australia,
2–4 July 2025.
2025 IEEE/ACM 33rd International Symposium on Quality of Service (IWQoS).
IEEE,
10.1109/IWQoS65803.2025.11199982
|
Preview |
PDF
- Accepted Post-Print Version
Download (628kB) | Preview |
Abstract
The complexity of Industrial IoT (IIoT) environments introduces cyber risks, especially where legacy and modern systems converge. This paper focuses on a lightweight dynamic threats analysis framework by converting static attack graphs into dynamic probabilistic attack graphs (PAGs). Utilising realtime anomalies, CVSS vulnerabilities, and MITRE ATT&CK® mappings, it quantifies threat propagation via probabilistic inference. Edges are dynamically weighted by tactic relevance, exploit severity, and device criticality, adapting to evolving attack chains. QoS-aware risk prioritization balances mitigation urgency, asset availability, and performance, optimizing resource allocation. This enables proactive defense in resource-constrained IIoT environments while ensuring operational continuity.
| Item Type: | Conference or Workshop Item (Poster) |
|---|---|
| Date Type: | Published Online |
| Status: | Published |
| Schools: | Schools > Computer Science & Informatics |
| Publisher: | IEEE |
| Date of First Compliant Deposit: | 23 May 2025 |
| Date of Acceptance: | 21 May 2025 |
| Last Modified: | 28 Oct 2025 14:30 |
| URI: | https://orca.cardiff.ac.uk/id/eprint/178462 |
Actions (repository staff only)
 |
Edit Item |
Altmetric
Altmetric