A threat model method for ICS malware: the TRISIS case

Proceedings of the 18th ACM International Conference on Computing Frontiers Pub Date : 2021-05-11 DOI:10.1145/3457388.3458868

Yassine Mekdad, Giuseppe Bernieri, M. Conti, A. E. Fergougui

{"title":"A threat model method for ICS malware: the TRISIS case","authors":"Yassine Mekdad, Giuseppe Bernieri, M. Conti, A. E. Fergougui","doi":"10.1145/3457388.3458868","DOIUrl":null,"url":null,"abstract":"Cyber-physical attacks against plants and Critical Infrastructures (CIs) are among the most significant concerns in the 21st century and can lead to devastating consequences. In particular, with the convergence between the Operational Technology (OT) network and the traditional IT network, malware threats for Industrial Control Systems (ICSs) are gradually increasing. In these scenarios, we need to identify potential cyber threats by developing innovative modeling techniques. However, existing malware-based cyber threats modeling techniques are not fully designed for industrial environment. In this paper, we present a threat modeling framework for Industrial Control Systems malware across two different levels: the Extraction Level and the Modeling Level. We evaluate the effectiveness of our model by analyzing the TRISIS cyber attack as a use case. A complex malware developed to cause operational disruption to industrial plants. Our solution outperforms existing malware threat modeling techniques for the ICS environment, and provides useful mitigation strategies to counter malicious activities.","PeriodicalId":136482,"journal":{"name":"Proceedings of the 18th ACM International Conference on Computing Frontiers","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th ACM International Conference on Computing Frontiers","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3457388.3458868","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

Abstract

Cyber-physical attacks against plants and Critical Infrastructures (CIs) are among the most significant concerns in the 21st century and can lead to devastating consequences. In particular, with the convergence between the Operational Technology (OT) network and the traditional IT network, malware threats for Industrial Control Systems (ICSs) are gradually increasing. In these scenarios, we need to identify potential cyber threats by developing innovative modeling techniques. However, existing malware-based cyber threats modeling techniques are not fully designed for industrial environment. In this paper, we present a threat modeling framework for Industrial Control Systems malware across two different levels: the Extraction Level and the Modeling Level. We evaluate the effectiveness of our model by analyzing the TRISIS cyber attack as a use case. A complex malware developed to cause operational disruption to industrial plants. Our solution outperforms existing malware threat modeling techniques for the ICS environment, and provides useful mitigation strategies to counter malicious activities.

查看原文本刊更多论文

一种针对ICS恶意软件的威胁模型方法:TRISIS案例

针对工厂和关键基础设施(CIs)的网络物理攻击是21世纪最令人担忧的问题之一，可能导致毁灭性的后果。特别是随着运营技术(OT)网络与传统IT网络的融合，针对工业控制系统(ics)的恶意软件威胁逐渐增加。在这些情况下，我们需要通过开发创新的建模技术来识别潜在的网络威胁。然而，现有的基于恶意软件的网络威胁建模技术并不完全适合工业环境。在本文中，我们提出了工业控制系统恶意软件的两个不同层次的威胁建模框架:提取层和建模层。我们通过分析TRISIS网络攻击作为一个用例来评估我们模型的有效性。一种复杂的恶意软件，用于破坏工厂的运行。我们的解决方案优于针对ICS环境的现有恶意软件威胁建模技术，并提供有用的缓解策略来对抗恶意活动。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 18th ACM International Conference on Computing Frontiers

自引率

0.00%

发文量