|
Li, Shancang and Liu, Yifan
2025.
RAGIIoT: Risk-aware attack graph generation for IIoT via automated CVE-tactic mapping.
Presented at: IEEE/ACM International Symposium on Quality of Service,
Gold Coast, Australia,
2–4 July 2025.
Item availability restricted. |
![[thumbnail of IWQoS_2025.pdf]](https://orca.cardiff.ac.uk/style/images/fileicons/application_pdf.png "IWQoS_2025.pdf") |
PDF
- Accepted Post-Print Version
Restricted to Repository staff only until 1 February 2028 due to copyright restrictions. Download (628kB) |
Abstract
The complexity of Industrial IoT (IIoT) environments introduces cyber risks, especially where legacy and modern systems converge. This paper focuses on a lightweight dynamic threats analysis framework by converting static attack graphs into dynamic probabilistic attack graphs (PAGs). Utilising real-time anomalies, CVSS vulnerabilities, and MITRE ATT\&CK\textsuperscript{\textregistered} mappings, it quantifies threat propagation via probabilistic inference. Edges are dynamically weighted by tactic relevance, exploit severity, and device criticality, adapting to evolving attack chains. QoS-aware risk prioritization balances mitigation urgency, asset availability, and performance, optimizing resource allocation. This enables proactive defense in resource-constrained IIoT environments while ensuring operational continuity.
| Item Type: | Conference or Workshop Item (Poster) |
|---|---|
| Status: | In Press |
| Schools: | Schools > Computer Science & Informatics |
| Date of First Compliant Deposit: | 23 May 2025 |
| Date of Acceptance: | 21 May 2025 |
| Last Modified: | 26 Jun 2025 15:45 |
| URI: | https://orca.cardiff.ac.uk/id/eprint/178462 |
Actions (repository staff only)
 |
Edit Item |
Download Statistics
Download Statistics