Passive inference of attacks on SCADA communication protocols
作者: Elias Bou-Harb
关键词: The Internet 、 Denial-of-service attack 、 Internet Protocol 、 Computer security 、 SCADA 、 Modbus 、 Vulnerability 、 Inference 、 Computer science 、 Computer network 、 Malware 、 Communications protocol
摘要: The security of industrial Cyber-Physical Systems (CPS) has been recently receiving significant attention from the research community. While majority such originates control theory domain, very few works proposed viable approaches to problem practical perspective. In this work, we do not claim that propose a particular solution specific related CPS security, but rather present first look into what can help shape these solutions in future. Indeed, our vision and ultimate goal is attempt merge or at least diminish gap between highly theoretical derived insightful empirical experimentation, for securing CPS. Towards goal, believe specimen ever passive measurements real attacks on communication protocols. By analyzing recent one-week dataset rendered by 20 GB unsolicited traffic targeting half million routable, allocated unused Internet Protocol (IP) addresses, shed light attackers' intention actual Specifically, characterize terms their types, frequency, target protocols possible orchestration behavior. Our results demonstrate staggering 3 thousand scanning attempts close 2 denial service various One observation work fact attackers are interested exploiting Modbus protocol; contrast most literature extensively dedicating efforts devise secure models Modbus. We hope paper motivates design tailored leverage tangible vulnerabilities inferred measurements, achieve truly reliable
sci-hub.se 参考文章(23)
Garrison Greenwood, John Gallagher, Eric Matson, Cyber-Physical Systems: The Next Generation of Evolvable Hardware Research and Applications Springer, Cham. ,vol. 1, pp. 285- 296 ,(2015) , 10.1007/978-3-319-13359-1_23
Shankar Sastry, Saurabh Amin, Alvaro A. Cárdenas, Research challenges for the security of control systems usenix security symposium. pp. 6- ,(2008)
Michael VanderZee, Doug Fisher, Gail Powley, Rumi Mohammad, SCADA: Supervisory Control and Data Acquisition Oil and Gas Pipelines: Integrity and Safety Handbook. pp. 13- 26 ,(2015) , 10.1002/9781119019213.CH02
Dina Hadžiosmanović, Lorenzo Simionato, Damiano Bolzoni, Emmanuele Zambon, Sandro Etalle, N-Gram against the Machine: On the Feasibility of the N-Gram Network Analysis for Binary Protocols Research in Attacks, Intrusions, and Defenses. pp. 354- 373 ,(2012) , 10.1007/978-3-642-33338-5_18
S. Gulpanich, A. Numsomran, V. Tipsuwanporn, K. Tirasesth, Distributed control of network devices with remote terminal units international conference on industrial technology. pp. 823- 828 ,(2005) , 10.1109/ICIT.2005.1600749
Joel Thomas Langill, Eric D. Knapp, Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems ,(2011)
James P. Farwell, Rafal Rohozinski, Stuxnet and the Future of Cyber War Survival. ,vol. 53, pp. 23- 40 ,(2011) , 10.1080/00396338.2011.555586
Elias Bou-Harb, Nour-Eddine Lakhdari, Hamad Binsalleeh, Mourad Debbabi, None, Multidimensional investigation of source port 0 probing Digital Investigation. ,vol. 11, pp. S114- S123 ,(2014) , 10.1016/J.DIIN.2014.05.012
Claude Fachkha, Elias Bou-Harb, Amine Boukhtouta, Son Dinh, Farkhund Iqbal, Mourad Debbabi, Investigating the dark cyberspace: Profiling, threat-based analysis and correlation conference on risks and security of internet and systems. pp. 1- 8 ,(2012) , 10.1109/CRISIS.2012.6378947
Marco Caselli, Emmanuele Zambon, Frank Kargl, Sequence-aware Intrusion Detection in Industrial Control Systems Proceedings of the 1st ACM Workshop on Cyber-Physical System Security. pp. 13- 24 ,(2015) , 10.1145/2732198.2732200