Detecting, Fingerprinting and Tracking Reconnaissance Campaigns Targeting Industrial Control Systems
作者: Olivier Cabana , Amr M. Youssef , Mourad Debbabi , Bernard Lebel , Marthe Kassouf
DOI: 10.1007/978-3-030-22038-9_5
关键词:
摘要: Industrial Control Systems (ICS) are attractive targets to attackers because of the significant cyber-physical damage they can inflict. As such, often subjected reconnaissance campaigns aiming at discovering vulnerabilities that be exploited online. these scan large netblocks Internet, some IP packets directed darknet, routable, allocated and unused space. In this paper, we propose a new technique detect, fingerprint, track probing targeting ICS systems by leveraging /13 darknet traffic. Our proposed detects, automatically, in near-real time such generates relevant timely cyber threat intelligence using graph-theoretic methods compare aggregate into campaigns. Besides, it ascribes each observed campaign fingerprint uniquely characterizes allows its tracking over time. has been tested 12.85 TB data, which represents 330 days network traffic received. The result our analysis for discovery not only known legitimate recurrent as those performed Shodan Censys but also uncovers coordinated launched other organizations. Furthermore, give details on linked botnet activity EtherNet/IP protocol.
springer.com
sci-hub.se 参考文章(29)
György Simon, Kuai Xu, Vipin Kumar, Zhi-Li Zhang, Yu Jin, Gray's anatomy: dissecting scanning activities using IP gray space analysis usenix workshop on tackling computer systems problems with machine learning techniques. pp. 2- ,(2007)
Yanli Lv, Yuanlong Li, Shouzhong Tu, Shuang Xiang, Chunhe Xia, Coordinated Scan Detection Algorithm Based on the Global Characteristics of Time Sequence broadband and wireless computing, communication and applications. pp. 199- 206 ,(2014) , 10.1109/BWCCA.2014.64
Allen Gersho, Robert M. Gray, Vector Quantization and Signal Compression ,(1991)
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, A Time Series Approach for Inferring Orchestrated Probing Campaigns by Analyzing Darknet Traffic availability, reliability and security. pp. 180- 185 ,(2015) , 10.1109/ARES.2015.9
Zongqing Lu, Xiao Sun, Yonggang Wen, Guohong Cao, Thomas La Porta, Algorithms and Applications for Community Detection in Weighted Networks IEEE Transactions on Parallel and Distributed Systems. ,vol. 26, pp. 2916- 2926 ,(2015) , 10.1109/TPDS.2014.2370031
CE Shennon, Warren Weaver, A mathematical theory of communication Bell System Technical Journal. ,vol. 27, pp. 379- 423 ,(1948) , 10.1002/J.1538-7305.1948.TB01338.X
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, A Statistical Approach for Fingerprinting Probing Activities availability, reliability and security. pp. 21- 30 ,(2013) , 10.1109/ARES.2013.9
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, Behavioral analytics for inferring large-scale orchestrated probing events international conference on computer communications. pp. 506- 511 ,(2014) , 10.1109/INFCOMW.2014.6849283
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, On detecting and clustering distributed cyber scanning international conference on wireless communications and mobile computing. pp. 926- 933 ,(2013) , 10.1109/IWCMC.2013.6583681
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, On fingerprinting probing activities Computers & Security. ,vol. 43, pp. 35- 48 ,(2014) , 10.1016/J.COSE.2014.02.005