Threat Analysis on Industrial Control System Based on Attacker's Behaviors using Honeypots

2022 IEEE International Conference on Aerospace Electronics and Remote Sensing Technology (ICARES) Pub Date : 2022-11-24 DOI:10.1109/ICARES56907.2022.9993566

Arssy Hasyir Nursidiq, Charles Lim

{"title":"Threat Analysis on Industrial Control System Based on Attacker's Behaviors using Honeypots","authors":"Arssy Hasyir Nursidiq, Charles Lim","doi":"10.1109/ICARES56907.2022.9993566","DOIUrl":null,"url":null,"abstract":"Industrial Control System (ICS) is an information system used in the maintenance and management of critical infrastructures, which usually have distributed control systems, supervisory control, and data acquisition systems to control local processes. These systems may be used in the power distribution system, gas, water, transportation, and production. However, these systems lack authentication and confidentiality which causes the ICS easily compromised by the attacker. To understand the attacker interactions, behaviors, and type of attack that compromised the Industrial Control System (ICS) we used a honeypot to emulate the Industrial Control System (ICS) and collect the data from the attacker. The data collected from the honeypot is further analyzed and mapped to specific MITRE ATT&CK Tactic, Techniques, and Procedures. The mapping results provide the detailed attacker's behaviors and purpose when they try to compromise Industrial Control System (ICS) emulated in our honeypots.","PeriodicalId":252801,"journal":{"name":"2022 IEEE International Conference on Aerospace Electronics and Remote Sensing Technology (ICARES)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Conference on Aerospace Electronics and Remote Sensing Technology (ICARES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICARES56907.2022.9993566","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Industrial Control System (ICS) is an information system used in the maintenance and management of critical infrastructures, which usually have distributed control systems, supervisory control, and data acquisition systems to control local processes. These systems may be used in the power distribution system, gas, water, transportation, and production. However, these systems lack authentication and confidentiality which causes the ICS easily compromised by the attacker. To understand the attacker interactions, behaviors, and type of attack that compromised the Industrial Control System (ICS) we used a honeypot to emulate the Industrial Control System (ICS) and collect the data from the attacker. The data collected from the honeypot is further analyzed and mapped to specific MITRE ATT&CK Tactic, Techniques, and Procedures. The mapping results provide the detailed attacker's behaviors and purpose when they try to compromise Industrial Control System (ICS) emulated in our honeypots.

查看原文本刊更多论文

基于蜜罐攻击者行为的工业控制系统威胁分析

工业控制系统(ICS)是一种用于关键基础设施维护和管理的信息系统，通常具有分布式控制系统、监控系统和数据采集系统来控制局部过程。这些系统可用于电力分配系统，燃气，水，运输和生产。然而，这些系统缺乏身份验证和机密性，使得ICS很容易被攻击者破坏。为了了解攻击者的交互、行为和破坏工业控制系统(ICS)的攻击类型，我们使用蜜罐模拟工业控制系统(ICS)并从攻击者那里收集数据。从蜜罐中收集的数据被进一步分析并映射到特定的MITRE攻击和攻击策略、技术和程序。映射结果提供了攻击者试图破坏蜜罐仿真工业控制系统(ICS)时的详细行为和目的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE International Conference on Aerospace Electronics and Remote Sensing Technology (ICARES)

自引率

0.00%

发文量