Cyber Threat Investigation of SCADA Modbus Activities
作者: Claude Fachkha
DOI: 10.1109/NTMS.2019.8763817
关键词: De facto standard 、 SCADA 、 Modbus 、 The Internet 、 Service (systems architecture) 、 Computer security 、 Darknet 、 Computer science 、 Address space 、 Industrial control system
摘要: The use of inter-connectivity Supervisory Control and Data Acquisition (SCADA) Industrial Systems (ICS) networks in smart technologies have exposed them to a large variety security threats. Furthermore, very few investigations are done this field from the Internet (cyber) perspective. Therefore, paper investigates unauthorized, malicious suspicious SCADA activities by leveraging darknet address space. In particular, work Modbus service, which is de facto standard protocol for communication it most available used connect electronic devices critical industrial infrastructures. This study based on real data collected throughout one-month period. Among 8 various inferred scanning activities, we find that TCP distributed portscan only non-typical scan. our analyses fingerprint scanners uncover 6 other services tag along with 74% time. Finally, list case studies related synchronized automated campaigns originated unknown sources.
sci-hub.se 参考文章(12)
Shankar Sastry, Saurabh Amin, Alvaro A. Cárdenas, Research challenges for the security of control systems usenix security symposium. pp. 6- ,(2008)
Zakir Durumeric, Michael Bailey, J Alex Halderman, None, An internet-wide view of internet-wide scanning usenix security symposium. pp. 65- 78 ,(2014)
Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, Geoff Huston, None, Internet background radiation revisited internet measurement conference. pp. 62- 74 ,(2010) , 10.1145/1879141.1879149
Kate Munro, Deconstructing Flame: the limitations of traditional defences Computer Fraud & Security. ,vol. 2012, pp. 8- 11 ,(2012) , 10.1016/S1361-3723(12)70102-1
Alberto Dainotti, Alistair King, kc Claffy, Ferdinando Papale, Antonio Pescapè, Analysis of a "/0" stealth scan from a botnet internet measurement conference. pp. 1- 14 ,(2012) , 10.1145/2398776.2398778
H. Sakoe, S. Chiba, Dynamic programming algorithm optimization for spoken word recognition IEEE Transactions on Acoustics, Speech, and Signal Processing. ,vol. 26, pp. 159- 165 ,(1978) , 10.1109/TASSP.1978.1163055
Zhichun Li, Anup Goyal, Yan Chen, Vern Paxson, Towards Situational Awareness of Large-Scale Botnet Probing Events IEEE Transactions on Information Forensics and Security. ,vol. 6, pp. 175- 188 ,(2011) , 10.1109/TIFS.2010.2086445
Jesse Kornblum, Identifying almost identical files using context triggered piecewise hashing Digital Investigation. ,vol. 3, pp. 91- 97 ,(2006) , 10.1016/J.DIIN.2006.06.015
Zhenxin Zhan, Maochao Xu, Shouhuai Xu, A Characterization of Cybersecurity Posture from Network Telescope Data international conference on trusted systems. pp. 105- 126 ,(2014) , 10.1007/978-3-319-27998-5_7
Claude Fachkha, Mourad Debbabi, Darknet as a Source of Cyber Intelligence: Survey, Taxonomy, and Characterization IEEE Communications Surveys and Tutorials. ,vol. 18, pp. 1197- 1227 ,(2016) , 10.1109/COMST.2015.2497690