Dynamic Causal Attack Graph based Cyber-security Risk Assessment Framework for CTCS System
Zikai Zhang
TL;DR
The paper tackles cyber-security risk in CTCS by introducing a Dynamic Causal Attack Graph (DCAG) that captures temporal, multi‑stage attack propagation and causal dependencies. It converts attack graphs into DCAGs and employs Bayesian inference together with logic gateway reasoning to quantify risk over time. Through a CTCS‑3 case study, the framework identifies critical assets, models attack propagation, and analyzes risk dynamics, showing how functional safety measures can limit spread and which components are most vulnerable. The approach provides a structured, time‑aware risk assessment that can guide targeted cyber-defense policies in railway signaling systems and can be extended to other train control environments.
Abstract
Protecting the security of the train control system is a critical issue to ensure the safe and reliable operation of high-speed trains. Scientific modeling and analysis for the security risk is a promising way to guarantee system security. However, the representation and assessment of the multi-staged, causally related, and temporal-dynamic changed attack dependencies are difficult in the train control system. To solve the above challenges, a security assessment framework based on the Dynamical Causality Attack Graph (DCAG) model is introduced in this paper. Firstly, the DCAG model is generated based on the attack graph with consideration of temporal attack propagation and multi-stage attack event causality propagation. Then, the DCAG model is analyzed based on Bayesian inference and logic gateway-based inference. Through the case analysis of the CTCS-3 system, the security assessment framework is validated. With the DCAG-based security assessment framework, we can not only perform appropriate security risk quantification calculations, but also explore the importance of different attacks on system security risks, which is helpful in adjusting the cyber security defense policy.