Professional Documents
Culture Documents
1551-3203 © 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications standards/publications/rights/index.html for more information.
Authorized licensed use limited to: KIT Library. Downloaded on April 29,2023 at 16:22:51 UTC from IEEE Xplore. Restrictions apply.
2498 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 6, JUNE 2018
their cybersecurity risk propagation models. They do not work B. Brief Review of BN
in the presence of limited cyberattack data.
A BN is a probabilistic graphical model to describe a set
However, acquiring sufficient knowledge of cyberattacks
of random variables and their conditional dependencies via a
from limited historical data is challenging. It is reported that
directed acyclic graph [17]. It is widely used in probabilistic
290 ICS cybersecurity incidents happened in 2016 [9]. This
estimation [18], fault diagnosis [19], system prediction [20],
number is far less than that of cybersecurity incidents in IT
and pattern recognition [21]. A BN is defined as
systems. Thus, it is difficult to obtain accurate prior knowledge
B = x, g x→x , p
about risk propagation in ICSs. This makes it also difficult to def
(1)
establish a cybersecurity risk propagation model.
To address this issue, an FPBN approach is presented in this where
paper for dynamic risk assessment in ICSs. It consists of an 1) x = (x1 , x2 , . . . , x(x) ) is a set of (x) nodes in total.
FPBN model and a fuzzy approximate dynamic inference al- 2) g x→x is an (x) × (x) incidence matrix that describes
gorithm. The model is designed for analysis and prediction of the relationship between the nodes, it is expressed as
cybersecurity risk. It uses fuzzy probabilities in our approach to x1 , x2 , . . . , x(x)
replace the crisp probabilities required in a standard Bayesian ⎛ ⎞
g1,1 g1,2 · · · g1,(x) x1
network (BN) model. The inference algorithm is for dynamic ⎜ g2,1 g2,2 · · · g2,(x) ⎟ x
assessment of ICS cybersecurity risk. It is integrated with a con- g x→x = ⎜
⎜
⎟ 2 . (2)
⎟
⎜ .. .. .. .. ⎟ ..
fidence index based noise evidence filter for elimination of noise ⎝ . . . . ⎠ .
evidence, thus improving the convergence of the algorithm.
g(x),1 g(x),2 · · · g(x),(x) x(x)
This paper is organized as follows. Section II gives some
background and preliminaries. Section III presents the architec- The definition of incidence matrix element gi,j is
ture of our approach for dynamic assessment of cybersecurity
risk in ICSs. This is followed by FPBN modeling in Section IV 1, node xi is the parent of node mj
gi,j = (3)
for cybersecurity risk propagation. In Section V, a fuzzy proba- 0, otherwise.
bility Bayesian inference algorithm is designed for dynamic risk
3) p = (p1 , p2 , . . . , p(x) ) is a set of conditional probability
assessment. Experiments are conducted in Section VI to demon-
tables, pi is the conditional probability table of node xi .
strate our approach. Finally, Section VII concludes the paper.
Common methods for exact inference in BN are: variable
elimination [22], clique tree propagation [23], and recursive
II. BACKGROUND AND PRELIMINARIES
conditioning and AND/OR search [24]. The complexity of these
A. Cybersecurity Risk Propagation in ICSs methods increases exponentially with the tree width of the net-
work. The most commonly used approximate inference algo-
As an ICS is a cyberphysical system [15], the process of
rithms are importance sampling [25], stochastic Markov chain
cybersecurity risk propagation in ICSs is different from that in
Monte Carlo simulation [26], minibucket elimination [27], and
general network systems. Most ICS attacks aim to vandalize ICS
loopy belief propagation [28].
assets, which include humans, environment, and equipment. To
The set p is generally obtained from statistics and analysis
achieve a destructive purpose, attacks generally behave with part
of big historical data [23], [29]. But for ICSs, the amount of
or all of the following five characteristics:
historical data about cyberattacks is too small to be used for es-
1) infiltrating the field network;
timation of conditional probability table. In this paper, a fuzzy
2) elevating the attacker’s privilege;
conditional probability table is employed, which is easy to ob-
3) launching attacks to invalidate system functions;
tain from a group of experts.
4) causing hazardous incidents;
5) leading to casualties, environment pollution, and other
damages. III. ARCHITECTURE OF OUR FUZZY APPROACH FOR
DYNAMIC CYBERSECURITY RISK ASSESSMENT
Modeling of cybersecurity risk propagation is critical for dy-
namic cybersecurity risk assessment in ICSs. Various models The architecture of our FPBN approach for dynamic cyber-
have been proposed for this purpose in recent years. Exam- security risk assessment in ICSs is shown in Fig. 1.
ples are BN, Petri net, fault tree, attack graph, and attack tree. In the architecture of our approach, there are two types of
However, most of these models are developed for cybersecurity input data: attack evidence and anomaly evidence. The attack
analysis in general IT systems or for system safety analysis in evidence data are from intrusion detection system, while the
ICSs. They do not cover all the above-mentioned five charac- anomaly evidence data are from anomaly detection system. Cy-
teristics of ICS attacks. berattacks and system faults can both generate anomaly evi-
To predict the propagation of cybersecurity risk for ICSs, a dence. System faults can lead to the error of risk assessment.
multilevel BN is proposed in the literature [16]. It is equipped Therefore, to ensure that there is no noise evidence caused by
with multiple domain knowledge about attacks, system func- system faults, attack evidence and the anomaly evidence should
tions, hazardous incidents, and system assets. Therefore, a mul- be filtered first.
tilevel BN can be used to describe the whole cybersecurity risk The FPBN is designed with multidomain knowledge about at-
propagation. It is effective for dynamical assessment of cyber- tacks, system functions, hazardous incidents, and system assets.
security risks in ICSs. In our FPBN, crisp conditional probabilities, which are diffi-
Authorized licensed use limited to: KIT Library. Downloaded on April 29,2023 at 16:22:51 UTC from IEEE Xplore. Restrictions apply.
ZHANG et al.: FPBN APPROACH FOR DYNAMIC CYBERSECURITY RISK ASSESSMENT IN ICSs 2499
literature [12]. At the (t + 1)th iteration, the message that x passes to its parent
Authorized licensed use limited to: KIT Library. Downloaded on April 29,2023 at 16:22:51 UTC from IEEE Xplore. Restrictions apply.
2500 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 6, JUNE 2018
node ∗xi is
⎛ (t+1) ⎞
λx (∗xi = F)
⎜ ⎟
⎜ ⎟
⎝ λ(t+1) (∗x = T) ⎠ =
x i
⎛ ⎞
p(x|∗xi , ∗xi = F)
πx(t) (∗xk )
(t)
λx (x) λx ∗ (x)
⎜ x j
∗x ⎟
β⎜ ⎟
j k
= i
i
⎝ λx (x)
(t)
λx ∗ (x) ∗ ∗
p(x| xi , xi = T) πx ( xk )⎠
(t) ∗
Fig. 3. Relationship between two expression methods.
j
x j ∗x
i k = i
(8)
In (10), α-cuts is another expression method of fuzzy proba-
∗ ∗ ∗
where xi = x \ { xi }, and the operator “\” refers to set sub- bility. For example,
traction. The message that x sends to its child node x∗j is ⎧
⎛ (t+1) ⎞ ⎪ 10u − 2
⎪
⎪ , 0.2 < u ≤ 0.5
πx ∗ (x = F) 3α + 2 8 − 3α ⎨ 3
⎜ j ⎟ α , = 8 − 10u
⎜ ⎟= 10 10 ⎪
⎪ , 0.5 < u ≤ 0.8
⎝ π (t+1) (x = T) ⎠ α ∈[0,1] ⎪
⎩ 3
x∗j 0, otherwise.
⎛ (t) ⎞ The relationship between these two kinds of expression methods
λx (x = F) λx ∗ (x = F) p(x = F|∗x) πx(t) (∗xk )
⎜ k
∗x ⎟ is shown in Fig. 3.
β⎜
⎝λ (x = T)
k
= j k
⎟. In (8) and (9), the function λx (·) is the message that the node
∗
πx ( xk )⎠
(t) ∗
(t)
x λx ∗ (x = T) p(x = T| x)
k
∗x
x sends to itself. It is expressed as
k = j k
(9)
0, when x ∈ E, and its observed value is T
Equations (8) and (9) are derived from the literature [28]. The λx (x = F) =
1, otherwise
symbol “ ∗x ” is a summation operator over all possible states
(12)
of ∗x. For example,
0, when x ∈ E, and its observed value is F
λx (x = T) =
p(x1 )p(x2 ) = p(x1 = F)p(x2 = F) + p(x1 = F)p(x2 = T) 1, otherwise
x1x2 (13)
+ p(x1 = T)p(x2 = F) + p(x1 = T)p(x2 = T).
where E is the evidence set of the ICS:
In (8) and (9), β is a normalization operator. For two fuzzy def
possibilities p̃1 and p̃2 , β(p̃1 , p̃2 ) is defined as E = {x|x ∈ x, x = U}. (14)
⎛ ⎞
E can be obtained by analyzing the result of intrusion detection
⎜ p̃1 ⎟ system and anomaly detection system.
⎜ ⎟
β⎜
⎜ ⎟
⎟ After tth iteration, the fuzzy belief of node x becomes
⎝ p̃ ⎠
2
Bel(t) (x = F) λ(t) (x = F) · π (t) (x = F)
=β
⎛ ⎞ Bel(t) (x = T) λ(t) (x = T) · π (t) (x = T)
L̃−1
1 (α) R̃1−1 (α)
⎜ α , ⎟
⎜ L̃−1 −1 −1 −1
1 (α) + R̃2 (α) R̃1 (α) + L̃2 (α) ⎟ (15)
=⎜ ⎟
α ∈[0,1]
⎜ ⎟
L̃−1 R̃2−1 (α) ⎛ ⎞ ⎛ ⎞
⎝ 2 (α) ⎠ (t)
α , λ(t) (x = F) λx (x = F) λx ∗ (x = F)
L̃2 (α) + R̃1−1 (α)
−1
R̃2−1 (α) + L̃−1
1 (α) ⎜ ⎟ ⎜ j
⎟
α ∈[0,1]
where ⎜
⎝
⎟=⎜
⎠ ⎝
j
⎟
λx ∗ (x = T) ⎠
(t)
(10) λ (x = T)
(t)
λx (x = T)
j
j
where α = L̃(u) is a monotonically increasing function, its (16)
inverse function is L̃−1 (u), α = R̃(u) is a monotonically de-
creasing function, its inverse function is R̃−1 (u). They form the
⎛ ⎞ ⎛ ⎞
membership function of fuzzy probability p̃, which is shown in π (t) (x = F) P (x = F|∗x) πx(t) (∗xk )
⎧ ⎜ ⎟ ⎜ ∗x ⎟
⎨ L̃(u), u ∈ [0, u)
⎪ and ⎜
⎝
⎟ = ⎜
⎠ ⎝
k ⎟.
π (t) (x = T) ∗
P (x = T| x) πx ( xk ) ⎠
(t) ∗
p̃(u) = 1, u ∈ [u, ū] (11)
⎪
⎩
∗x
k
R̃(u), u ∈ (u, 1]. (17)
Authorized licensed use limited to: KIT Library. Downloaded on April 29,2023 at 16:22:51 UTC from IEEE Xplore. Restrictions apply.
ZHANG et al.: FPBN APPROACH FOR DYNAMIC CYBERSECURITY RISK ASSESSMENT IN ICSs 2501
Authorized licensed use limited to: KIT Library. Downloaded on April 29,2023 at 16:22:51 UTC from IEEE Xplore. Restrictions apply.
2502 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 6, JUNE 2018
TABLE I
EVIDENCE EVENTS
Authorized licensed use limited to: KIT Library. Downloaded on April 29,2023 at 16:22:51 UTC from IEEE Xplore. Restrictions apply.
ZHANG et al.: FPBN APPROACH FOR DYNAMIC CYBERSECURITY RISK ASSESSMENT IN ICSs 2503
Authorized licensed use limited to: KIT Library. Downloaded on April 29,2023 at 16:22:51 UTC from IEEE Xplore. Restrictions apply.
2504 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 6, JUNE 2018
the 56th minute, and the other from the 340th minute to the
361st minute. The maximum distance between R̃ and R̃ is
1.660 × 106 . This means that if the noise filter is not applied,
the value of the cybersecurity risk will be disturbed by the noises
caused by system faults. It is also observed that the curve of the
Hamming distance D(R̃ , R̃) is always 0. This confirms that
with the noise filter, the risk error caused by noise evidence
Fig. 10. Curves of Hamming distances.
events is eliminated.
It is worth mentioning that a noise filter should be used with
dence sequence shown in Table I. E is the evidence sequence caution as it may filter out useful information. Assume that an
E together with added noise evidence. The symbol E is the attacker utilizes a zero-day vulnerability to launch a new attack,
evidence sequence derived from the noise filter. The noise in- and the attack is missed out by the intrusion detection system.
validation of functions caused by system faults is designed as The result is that the anomaly evidence caused by this attack
following. From the 45th minute to the 56th minute, the system may be filtered out by the noise filter. Being too sensitive may
function f10 fails. From the 340th minute to the 361st minute, cause some false actions, while being too robust may reduce its
the system function f6 fails. functionality as a noise filter. Therefore, a tradeoff is required
Other simulation settings are as follows. The maximum num- between the sensitivity and robustness to noises by adjusting the
ber of iterations is tm ax = 100. The accuracy Dm in = 1 × 10−4 . parameter Cm in .
The inference process is repeated 5000 times. For each infer-
ence of BN, a stochastic evidence set is generated and sent to D. Case Study 3: Execution Time of Our Approach
the fuzzy probability Bayesian inference engine. All simulations
To demonstrate the execution time performance of our ap-
are conducted on computer with Intel Pentium processor G3220
proach, all execution times of the 5000 simulation runs are
(3M Cache, 3.00GHz) and 4GB DDR3 memory.
recorded. Their distribution is shown in the histogram plot in
In our simulation, the fuzzy probability Bayesian inference
Fig. 11. A quantitative analysis is carried out for Fig. 11. It shows
engine receives evidence sequences E, E and E”. Then, it
that the minimum, maximum, and average execution times are
generates three risk curves R̃, R̃ , and R̃ with these evidence
0.242, 3.074, and 0.648 s, respectively. The execution time per-
sequences E, E , and E , respectively. After that, two Hamming
formance is acceptable to a wide range of industrial process
distances D(R̃ , R̃) and D(R̃ , R̃) are recorded as shown in
control systems. It can be well controlled by two parameters: the
Fig. 10.
maximum number tm ax of iterations, and the accuracy threshold
Filtering out noises, the noise filter helps improve the con-
Dm in .
vergence of the fuzzy probability Bayesian inference algorithm.
This is due to the noise-induced increase in the number of it-
erations in the inference algorithm if the noise is not filtered E. Case Study 4: Scalability of Our Approach
out. To demonstrate this claim, 5000 attack scenarios are gener- To show the scalability of our approach, simulations are car-
ated stochastically according to the BN shown in Fig. 5. Then, ried out to measure possible lower and upper bounds of the ex-
stochastic noises are added to each evidence sequence. These ecution time performance under different problem sizes, which
5000 evidence sequences without noise and 5000 evidence se- are characterized by the number of nodes. For this purpose, 25
quences with noise are sent to the fuzzy probability Bayesian FPBNs are simulated. The minimum and maximum problem
inference engine. Simulation results show that in the presence sizes are 10 and 490, respectively. For each FPBN, the risk as-
of noise, the number of nonconvergence is 493 if the noise is not sessment is repeated for 200 runs. Fig. 12 shows the measured
filtered out. In comparison, in the absence of noise, the number upper and lower bounds together with the best fitting line of
of nonconvergence is reduced to 269, indicating a 45% drop. average execution time performance.
The effectiveness of our noise filter is shown in the plot of In Fig. 12, the best fitting line has the form t = 0.0080201 ×
Hamming distances in Fig. 10. It is seen from Fig. 10 that (m) + 0.01467 with the correlation coefficient r = 0.99968.
D(R̃ , R̃) has two disturbances: one from the 45th minute to This means that the average execution time increases linearly
Authorized licensed use limited to: KIT Library. Downloaded on April 29,2023 at 16:22:51 UTC from IEEE Xplore. Restrictions apply.
ZHANG et al.: FPBN APPROACH FOR DYNAMIC CYBERSECURITY RISK ASSESSMENT IN ICSs 2505
ACKNOWLEDGMENT
The authors would like to thank the anonymous referees for
their critical comments and suggestions, which are invaluable
Fig. 12. Execution time performance of our approach under different for improvement of the quality of this paper.
problem sizes each with 200 runs.
TABLE II REFERENCES
COMPARISON OF OUR APPROACH AND EXISTING APPROACHES
[1] Y. Zhou, Z. Mo, Q. Xiao, S. Chen, and Y. Yin, “Privacy-preserving trans-
portation traffic measurement in intelligent cyber-physical road systems,”
Our Approach Approaches from literature IEEE Trans. Veh. Technol., vol. 65, no. 5, pp. 3749–3759, May 2016.
[2] P. Nuzzo, A. L. Sangiovanni-Vincentelli, D. Bresolin, L. Geretti, and T.
OA [12] [35] [36] [37] [13] [14] [38] Villa, “A platform-based design methodology with contracts and related
tools for the design of cyber-physical systems,” Proc. IEEE, vol. 103,
Is it designed for ICSs? ✗ ✗ ✗ ✗ no. 11, pp. 2104–2132, Nov. 2015.
Is it dynamic risk assessment? ✗ [3] S. Jeschke, C. Brecher, T. Meisen, D. Özdemir, and T. Eschert, Industrial
Does it support fuzzy probability? ✗ ✗ ✗ ✗ ✗ ✗ Internet of Things and Cyber Manufacturing Systems. Cham, Switzerland:
Is it quantitative risk assessment? Springer, 2017, pp. 3–19.
Can it filter noises? ✗ ✗ ✗ ✗ ✗ ✗ ✗ [4] H. Wang, N. Lau, and R. Gerdes, “Application of work domain analysis
Can it address unknown attacks? ✗ ✗ ✗ ✗ ✗ ✗ ✗ for cybersecurity,” in International Conference on Human Aspects of In-
formation Security, Privacy, and Trust. New York, NY, USA: Springer,
2017, pp. 384–395.
[5] B. Miller and D. Rowe, “A survey SCADA of and critical infrastructure
with the increase of the problem size, indicating good scalability incidents,” in Proc. 1st Annu. Conf. Res. Inf. Technol.. New York, NY,
USA: ACM, 2012, pp. 51–56.
of our risk assessment approach. For 490 nodes, the maximum [6] L. J. Trautman and P. C. Ormerod, “Industrial cyber vulnerabili-
execution time of the FPBN is 4.90 s in our simulation environ- ties: Lessons from Stuxnet and the Internet of Things,” Univ. Mi-
ment. ami Law Review, Forthcoming, Jun. 7, 2017. [Online]. Available:
https://ssrn.com/abstract=2982629
[7] E. Nakashima, G. Miller, and J. Tate, “US, Israel developed flame com-
F. Comparison of Various Approaches puter virus to slow Iranian nuclear efforts, officials say,” The Washington
Post, vol. 19, 2012. [Online]: Available: https://www.washingtonpost.
Requirements for cybersecurity risk assessment change from com/world/national-security/us-israel-developed-computer-virus-to-
slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_
a system to another, or from a scenario to another. Therefore, a story.html?utm_term=.26d4f9575892
variety of risk assessment approaches have been developed for [8] P. Paganini, “Israeli road control system hacked, caused traffic
different scenarios or applications. A direct comparison of these jam on Haifa highway,” Hacker News, 2013. [Online]. Avail-
able: https://thehackernews.com/2013/10/israeli-road-control-system-
approaches is unfair for a particular scenario. Instead, a compar- hacked.html
ison of the differences among these approaches will give some [9] “ICS-CERT year in review,” Industrial Control Systems Cyber
insights into the functionality and features of the approaches. Ta- Emergency Response Team, 2016. [Online]. Available: https://ics-cert.us-
cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2016_
ble II provides such a comparison of our approach and existing Final_S508C.pdf
approaches. It is seen from Table II that our approach has more [10] H. Song, G. Fink, and S. Jeschke, Security and Privacy in Cyber-Physical
features than any other existing approaches from the literature. Systems: Foundations, Principles and Applications. Hoboken, NJ, USA:
Wiley, 2017.
[11] M. Ni, J. D. McCalley, V. Vittal, and T. Tayyib, “Online risk-based secu-
VII. CONCLUSION rity assessment,” IEEE Trans. Power Syst., vol. 18, no. 1, pp. 258–265,
Feb. 2003.
Dynamic assessment of cybersecurity risks plays a vital role [12] Q. Zhang, C. Zhou, N. Xiong, Y. Qin, X. Li, and S. Huang, “Multimodel-
in cybersecurity protection of ICSs. Due to the lack of histori- based incident prediction and risk assessment in dynamic cybersecurity
protection for industrial control systems,” IEEE Trans. Syst., Man, Cy-
cal data in ICSs, building a risk propagation model is difficult bern., Syst., vol. 46, no. 10, pp. 1429–1444, Oct. 2016.
for risk assessment. To address this issue, an FPBN approach [13] N. Poolsappasit, R. Dewri, and I. Ray, “Dynamic security risk management
has been presented in this paper for dynamic assessment of using Bayesian attack graphs,” IEEE Trans. Dependable Secure Comput.,
vol. 9, no. 1, pp. 61–74, Jan. 2012.
cybersecurity risks in ICSs. It starts with establishment of an [14] R. Gowland, “The accidental risk assessment methodology for industries
FPBN. To overcome the difficulty of limited historical data, (ARAMIS)/layer of protection analysis (LOPA) methodology: A step for-
fuzzy probabilities have been used in our approach to replace ward towards convergent practices in risk assessment?” J. Hazardous
Mater., vol. 130, no. 3, pp. 307–310, 2006.
crisp probabilities used in standard BN. Then, an approximate [15] R. Baheti and H. Gill, “Cyber-physical systems,” Impact Control Technol.,
dynamic inference algorithm has been designed for dynamic as- vol. 12, pp. 161–166, 2011.
sessment of cybersecurity risks based on the established FPBN. [16] Y. Zhang, G. Tao, and M. Chen, “Relative degrees and adaptive feedback
linearization control of T-S fuzzy systems,” IEEE Trans. Fuzzy Syst.,
It has been integrated with a noise evidence filter for removal vol. 23, no. 6, pp. 2215–2230, Dec. 2015.
of noise evidence caused by system faults. To demonstrate the [17] N. Friedman, D. Geiger, and M. Goldszmidt, “Bayesian network classi-
effectiveness of our presented approach, experiments have been fiers,” Mach. Learn., vol. 29, no. 2/3, pp. 131–163, 1997.
Authorized licensed use limited to: KIT Library. Downloaded on April 29,2023 at 16:22:51 UTC from IEEE Xplore. Restrictions apply.
2506 IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. 14, NO. 6, JUNE 2018
[18] A. Mehmood, A. khanan, A. H. H. M. Mohamed, and H. Song, “ANTSC: Chunjie Zhou received the M.S. and Ph.D. de-
An intelligent naive Bayesian probabilistic estimation practice for traffic grees in control theory and control engineering
flow to form stable clustering in VANET,” IEEE Access, 2017. from Huazhong University of Science and Tech-
[19] B. Cai, L. Huang, and M. Xie, “Bayesian networks in fault diagnosis,” nology, Wuhan, China, in 1991 and 2001, re-
IEEE Trans. Ind. Informat., vol. 2017, no. 13, pp. 2227–2240, Oct. 2017. spectively.
[20] C. Queiroz, A. Mahmood, and Z. Tari, “A probabilistic model to predict He is currently a Professor in the School
the survivability of SCADA systems,” IEEE Trans. Ind. Informat., vol. 9, of Automation, Huazhong University of Science
no. 4, pp. 1975–1985, Nov. 2013. and Technology. His research interests include
[21] M. Kafai and B. Bhanu, “Dynamic Bayesian networks for vehicle classi- safety and security control of industrial control
fication in video,” IEEE Trans. Ind. Informat., vol. 8, no. 1, pp. 100–109, systems, theory and application of networked
Feb. 2012. control systems, and artificial intelligence.
[22] F. G. Cozman et al., “Generalizing variable elimination in Bayesian
Yu-Chu Tian (M’00) received the Ph.D. degree
networks,” in Proc. Workshop Probabilistic Reason. Bayesian Networks
SBIA/Iberamia, 2000, pp. 21–26. in computer and software engineering in 2009
from the University of Sydney, Sydney, NSW,
[23] S. L. Lauritzen and D. J. Spiegelhalter, “Local computations with proba-
Australia, and the Ph.D. degree in industrial
bilities on graphical structures and their application to expert systems,” J.
automation in 1993 from Zhejiang University,
Roy. Stat. Soc. Ser. B (Methodological), pp. 157–224, 1988.
[24] A. Darwiche, “Recursive conditioning,” Artif. Intell., vol. 126, no. 1/2, Hangzhou, China.
Over the last many years, he has worked
pp. 5–41, 2001.
Zhejiang University; Hong Kong University of
[25] A. Salmerón, A. Cano, and S. Moral, “Importance sampling in Bayesian
Technology, Hong Kong, China; Curtin Univer-
networks using probability trees,” Comput. Statist. Data Anal., vol. 34,
sity of Technology, Perth, WA; and the University
no. 4, pp. 387–413, 2000.
of Maryland at College Park, MD, USA. Since
[26] D. Gamerman and H. F. Lopes, Markov Chain Monte Carlo: Stochastic
2002, he has been with Queensland University of Technology, Brisbane,
Simulation for Bayesian Inference. Boca Raton, FL, USA: CRC Press,
2006. QLD, Australia, as a Professor of Computer Science. He has authored
or coauthored a monograph and more than 200 refereed papers, and is
[27] R. Mateescu, K. Kask, and R. Dechter, “Partition-based anytime approx-
the holder of a patent. His research interests include big data computing,
imation for belief updating,” ICS, University of California, Irvine, CA,
cloud computing, real-time computing, computer networks, and control
USA, Tech. Rep., 2001. [Online]. Available: http://www.mathcs.emory.ed
u/∼whalen/Papers/BNs/DistributedBNs/CausalDecomposition/Partition- theory and engineering.
Dr. Tian is the Editor-in-Chief of Springer’s book series Handbook
based%20Anytime%20Approximation%20for%20Belief%20Updating.pdf
of Real-Time Computing (Springer), and an Associate Editor for a few
[28] K. P. Murphy, Y. Weiss, and M. I. Jordan, “Loopy belief propagation
international journals.
for approximate inference: An empirical study,” in Proc. 15th Conf. Un-
certainty Artif. Intell. San Mateo, CA, USA: Morgan Kaufmann, 1999, Naixue Xiong (M’08–SM’12) received the B.E.
pp. 467–475. degree in computer science from the Hubei Uni-
[29] R. N. Aslin, J. R. Saffran, and E. L. Newport, “Computation of conditional versity of Technology, Wuhan, China, in 2001,
probability statistics by 8-month-old infants,” Psychol. Sci., vol. 9, no. 4, the M.E. degree in computer science from Cen-
pp. 321–324, 1998. tral China Normal University, Wuhan, China, in
[30] J. Halliwell and Q. Shen, “Linguistic probabilities: Theory and applica- 2004, and the Ph.D. degrees in software engi-
tion,” Soft Comput.—A Fusion Found., Methodologies Appl., vol. 13, no. 2, neering from Wuhan University, Wuhan, China,
pp. 169–183, 2009. in 2007, and in dependable networks from Japan
[31] J. L. Halliwell, “Linguistic probability theory,” Ph.D. dissertation, Dept. Advanced Institute of Science and Technology,
School Informat., Univ. of Edinburgh, Edinburgh, U.K., 2008. Nomi, Japan, in 2008.
[32] R. Zwick, E. Carlstein, and D. V. Budescu, “Measures of similarity among He is currently a Full Professor in the Depart-
fuzzy concepts: A comparative analysis,” Int. J. Approx. Reason., vol. 1, ment of Business and Computer Science, Southwestern Oklahoma State
no. 2, pp. 221–242, 1987. University, Weatherford, OK, USA. His research interests include cloud
[33] P. Grzegorzewski, “Distances between intuitionistic fuzzy sets and/or computing, security and dependability, parallel and distributed comput-
interval-valued fuzzy sets based on the Hausdorff metric,” Fuzzy Sets ing, networks, and optimization theory.
Syst., vol. 148, no. 2, pp. 319–328, 2004. Dr. Xiong is an Editor-in-Chief, an Associate Editor or an Editor Mem-
[34] A. T. Ihler, W. F. John, III, and A. S. Willsky, “Loopy belief propagation: ber and a Guest Editor for more than ten international journals including
Convergence and effects of message errors,” J. Mach. Learn. Res., vol. 6, an Associate Editor for the IEEE TRANSACTIONS ON SYSTEMS, MAN, &
pp. 905–936, 2005. CYBERNETICS: SYSTEMS, and an Editor-in-Chief for the Journal of Paral-
[35] J. Ren, I. Jenkinson, J. Wang, D. Xu, and J. Yang, “An offshore risk lel & Cloud Computing, Sensor Journal, Wireless Networks, and Mobile
analysis method using fuzzy Bayesian network,” J. Offshore Mech. Arctic Networks and Application.
Eng., vol. 131, no. 4, 2009, Art. no. 041101.
[36] A. A. Cárdenas, S. Amin, Z.-S. Lin, Y.-L. Huang, C.-Y. Huang, and Yuanqing Qin received the M.S. and Ph.D. de-
S. Sastry, “Attacks against process control systems: Risk assessment, grees in control theory and control engineering
detection, and response,” in Proc. 6th ACM Symp. Inf., Comput. Commun. from Huazhong University of Science and Tech-
Security. New York, NY, USA: ACM, 2011, pp. 355–366. nology, Wuhan, China, in 2003 and 2007, re-
[37] C. Alberts, A. Dorofee, J. Stevens, and C. Woody, “Introduction to the spectively.
octave approach. CERT coordination center,” Aug. 2003. [Online]. Avail- He is currently a Lecturer in the Department
able: http://www.dtic.mil/get-tr-doc/pdf?AD=ADA634134 of Control Science and Engineering, Huazhong
[38] K. Wrona and G. Hallingstad, “Real-time automated risk assessment in University of Science & Technology. His re-
protected core networking,” Telecommun. Syst., vol. 45, no. 2, pp. 205– search interests include networked control sys-
214, 2010. tem, artificial intelligent, and machine vision.
Qi Zhang received the M.S. and Ph.D. de- Bowen Hu received the B.S. degrees in automa-
grees in automation in 2012 and 2017 from the tion from Central South University, Changsha,
Huazhong University of Science and Technol- China, in 2015. He is currently working toward
ogy, Wuhan, China, where he is currently work- the Ph.D. degree in control science and con-
ing toward the Ph.D. degree in control science trol engineering at the School of Automation,
and control engineering with the School of Au- Huazhong University of Science and Technol-
tomation. ogy, Wuhan, China.
His research interests include risk assess- His main research interests include indus-
ment and decision-making for industrial control trial control system and smart grid information
systems. security.
Authorized licensed use limited to: KIT Library. Downloaded on April 29,2023 at 16:22:51 UTC from IEEE Xplore. Restrictions apply.