Passive inference of attacks on CPS communication protocols
作者: Elias Bou-Harb , Nasir Ghani , Abdelkarim Erradi , Khaled Shaban
DOI: 10.1016/J.JISA.2018.10.002
关键词:
摘要: Abstract The security of Cyber-Physical Systems (CPS) has been recently receiving significant attention from the research community. While majority such originates control theory domain, few approaches have addressed problem practical perspective. In this work, we do not claim that propose a particular solution to specific related CPS security, but rather present first look into what can help shape these solutions in future. Indeed, our vision and ultimate goal is attempt merge or at least diminish gap between highly theoretical derived insightful empirical experimentation, for securing CPS. Motivated by scarcity malicious data be captured, inferred analyzed within operational settings, paper adopts unique approach derive notions maliciousness based on passive measurements analysis. scrutinizing unsolicited real traffic targeting routable, allocated unused Internet Protocol (IP) addresses (i.e., darknet traffic), shed light attackers’ intentions actual attacks ample communication protocols. To permit analysis, initially devise evaluate novel probabilistic model aims filtering noise misconfiguration traffic) embedded traffic. Subsequently, near real-time inference algorithm designed implemented detect probing denial service activities. end, characterize misdemeanors terms their types, frequency, target protocols possible orchestration behavior. outcome demonstrate staggering 16 thousand scanning attempts close 8 various Further, results uncover stealthy activities proprietary clusters coordinated We concur devised approaches, techniques, methods provide solid step towards better comprehending objectives intents. As such, hope motivates literature design secure tailored models leverage tangible vulnerabilities measurements, achieve truly reliable
sci-hub.se 参考文章(73)
Bruno Dutertre, Steven Cheung, Martin Fong, Alfonso Valdes, Ulf Lindqvist, Keith Skinner, Using Model-based Intrusion Detection for SCADA Networks ,(2006)
Andreas Paul, Franka Schuster, Hartmut König, Towards the protection of industrial control systems: conclusions of a vulnerability analysis of profinet IO international conference on detection of intrusions and malware and vulnerability assessment. pp. 160- 176 ,(2013) , 10.1007/978-3-642-39235-1_10
Stephen McLaughlin, On dynamic malware payloads aimed at programmable logic controllers usenix conference on hot topics in security. pp. 10- 10 ,(2011)
Henrik Sandberg, K. H. Johansson, André Teixeira, On Security Indices for State Estimators in Power Networks Preprints of the First Workshop on Secure Control Systems, CPSWEEK 2010, Stockholm, Sweden. ,(2010)
Zakir Durumeric, Michael Bailey, J Alex Halderman, None, An internet-wide view of internet-wide scanning usenix security symposium. pp. 65- 78 ,(2014)
Dina Hadžiosmanović, Lorenzo Simionato, Damiano Bolzoni, Emmanuele Zambon, Sandro Etalle, N-Gram against the Machine: On the Feasibility of the N-Gram Network Analysis for Binary Protocols Research in Attacks, Intrusions, and Defenses. pp. 354- 373 ,(2012) , 10.1007/978-3-642-33338-5_18
A. Treytl, T. Sauter, C. Schwaiger, Security measures for industrial fieldbus systems - state of the art and solutions for IP-based approaches international workshop on factory communication systems. pp. 201- 209 ,(2004) , 10.1109/WFCS.2004.1377709
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
M. Ford, J. Stevens, J. Ronan, Initial Results from an IPv6 Darknet13 international conference on image and signal processing. pp. 13- 13 ,(2006) , 10.1109/ICISP.2006.14
Christof Störmann, Jan Kästner, Patrick Düssel, Christian Gehl, Pavel Laskov, Jens-Uwe Bußer, Cyber-Critical Infrastructure Protection Using Real-Time Payload-Based Anomaly Detection Critical Information Infrastructures Security. ,vol. 6027, pp. 85- 97 ,(2010) , 10.1007/978-3-642-14379-3_8