防御网络物理系统中的恶意攻击

2013 IEEE 1st International Conference on Cyber-Physical Systems, Networks, and Applications (CPSNA) Pub Date : 2013-09-30 DOI:10.1109/CPSNA.2013.6614240

Chia-Mei Chen, H. Hsiao, Peng-Yu Yang, Ya-Hui Ou

{"title":"防御网络物理系统中的恶意攻击","authors":"Chia-Mei Chen, H. Hsiao, Peng-Yu Yang, Ya-Hui Ou","doi":"10.1109/CPSNA.2013.6614240","DOIUrl":null,"url":null,"abstract":"An increasing number of security incidents on industrial control systems drew a lot of concerns lately. Many attacks involved multiple attack vectors similar to internet attacks. However, CPS are more vulnerable to attacks. To evade detection, a hacker may apply multiple attack stages to gain the access to a control system. For example, he first employs a group of zombies (compromised machines) to identify the vulnerabilities of the target system and the findings would send back to the hacker through a communication channel. Once the correct access information is found by the zombies, the hacker could gain unauthorized access without violating any detection rules. The control system may be compromised by such multi-stage attacks and an appropriate defense mechanism is desired. In order to detect the sequence of such attack, this study correlates network information and system logs to find the stages of the attack. Finite state model, hidden Markov chain, is adopted to identify the multi-stage attacks and to prevent real damage. The results show that the proposed system can identify the multi-stage attacks in the early stage efficiently to prevent further damage in the networks.","PeriodicalId":212743,"journal":{"name":"2013 IEEE 1st International Conference on Cyber-Physical Systems, Networks, and Applications (CPSNA)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":"{\"title\":\"Defending malicious attacks in Cyber Physical Systems\",\"authors\":\"Chia-Mei Chen, H. Hsiao, Peng-Yu Yang, Ya-Hui Ou\",\"doi\":\"10.1109/CPSNA.2013.6614240\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"An increasing number of security incidents on industrial control systems drew a lot of concerns lately. Many attacks involved multiple attack vectors similar to internet attacks. However, CPS are more vulnerable to attacks. To evade detection, a hacker may apply multiple attack stages to gain the access to a control system. For example, he first employs a group of zombies (compromised machines) to identify the vulnerabilities of the target system and the findings would send back to the hacker through a communication channel. Once the correct access information is found by the zombies, the hacker could gain unauthorized access without violating any detection rules. The control system may be compromised by such multi-stage attacks and an appropriate defense mechanism is desired. In order to detect the sequence of such attack, this study correlates network information and system logs to find the stages of the attack. Finite state model, hidden Markov chain, is adopted to identify the multi-stage attacks and to prevent real damage. The results show that the proposed system can identify the multi-stage attacks in the early stage efficiently to prevent further damage in the networks.\",\"PeriodicalId\":212743,\"journal\":{\"name\":\"2013 IEEE 1st International Conference on Cyber-Physical Systems, Networks, and Applications (CPSNA)\",\"volume\":\"54 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-09-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"18\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 IEEE 1st International Conference on Cyber-Physical Systems, Networks, and Applications (CPSNA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CPSNA.2013.6614240\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE 1st International Conference on Cyber-Physical Systems, Networks, and Applications (CPSNA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CPSNA.2013.6614240","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 18

摘要

近年来，越来越多的工业控制系统安全事件引起了人们的广泛关注。许多攻击涉及多个攻击媒介，类似于互联网攻击。然而，CPS更容易受到攻击。为了逃避检测，黑客可以应用多个攻击阶段来获得对控制系统的访问权限。例如，他首先使用一组僵尸(受感染的机器)来识别目标系统的漏洞，然后通过通信通道将发现的漏洞发送回给黑客。一旦僵尸找到正确的访问信息，黑客就可以在不违反任何检测规则的情况下获得未经授权的访问。控制系统可能被这种多阶段攻击所破坏，因此需要适当的防御机制。为了检测这种攻击的顺序，本研究将网络信息与系统日志进行关联，找出攻击的阶段。采用有限状态模型——隐马尔可夫链来识别多阶段攻击，防止实际损害。结果表明，该系统能够在早期有效识别多阶段攻击，防止对网络造成进一步破坏。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Defending malicious attacks in Cyber Physical Systems

An increasing number of security incidents on industrial control systems drew a lot of concerns lately. Many attacks involved multiple attack vectors similar to internet attacks. However, CPS are more vulnerable to attacks. To evade detection, a hacker may apply multiple attack stages to gain the access to a control system. For example, he first employs a group of zombies (compromised machines) to identify the vulnerabilities of the target system and the findings would send back to the hacker through a communication channel. Once the correct access information is found by the zombies, the hacker could gain unauthorized access without violating any detection rules. The control system may be compromised by such multi-stage attacks and an appropriate defense mechanism is desired. In order to detect the sequence of such attack, this study correlates network information and system logs to find the stages of the attack. Finite state model, hidden Markov chain, is adopted to identify the multi-stage attacks and to prevent real damage. The results show that the proposed system can identify the multi-stage attacks in the early stage efficiently to prevent further damage in the networks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 IEEE 1st International Conference on Cyber-Physical Systems, Networks, and Applications (CPSNA)

自引率

0.00%

发文量