ICS-LTU2022:ICS 漏洞数据集

IF 4.8 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Manar Alanazi, Abdun Mahmood, Mohammad Jabed Morshed Chowdhury
{"title":"ICS-LTU2022:ICS 漏洞数据集","authors":"Manar Alanazi,&nbsp;Abdun Mahmood,&nbsp;Mohammad Jabed Morshed Chowdhury","doi":"10.1016/j.cose.2024.104143","DOIUrl":null,"url":null,"abstract":"<div><div>Industrial control systems (ICS) are a collection of control systems and associated instrumentation for controlling and monitoring industrial processes. Critical infrastructure relies on supervisory control and data acquisition (SCADA), a subset of ICS specifically designed for monitoring and controlling industrial processes over large geographic areas. Cyberattacks like the Colonial Pipeline ransomware case have demonstrated how an adversary may compromise critical infrastructure. The Colonial Pipeline ransomware attack led to a week’s pipeline shutdown, causing a gas shortage in the United States. As existing vulnerability assessment tools cannot be used in the context of ICS systems, vulnerability datasets specified for ICSs are needed to evaluate the security weaknesses. Our secondary metadata, ICS-LTU2022, consists of multiple features that can be used for vulnerability assessment and risk evaluation in industrial control systems. A description of the dataset, its characteristics, and data analysis are also presented in this paper. Vulnerability analysis was conducted based on the top 10 vulnerabilities in terms of severity, frequency by year, impact, components of the ICS, and common weaknesses. The ICS-LTU2022 vulnerabilities dataset is updated biannually. Our proposed dataset provides security researchers with the most recent ICS critical vulnerabilities.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"148 ","pages":"Article 104143"},"PeriodicalIF":4.8000,"publicationDate":"2024-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"ICS-LTU2022: A dataset for ICS vulnerabilities\",\"authors\":\"Manar Alanazi,&nbsp;Abdun Mahmood,&nbsp;Mohammad Jabed Morshed Chowdhury\",\"doi\":\"10.1016/j.cose.2024.104143\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Industrial control systems (ICS) are a collection of control systems and associated instrumentation for controlling and monitoring industrial processes. Critical infrastructure relies on supervisory control and data acquisition (SCADA), a subset of ICS specifically designed for monitoring and controlling industrial processes over large geographic areas. Cyberattacks like the Colonial Pipeline ransomware case have demonstrated how an adversary may compromise critical infrastructure. The Colonial Pipeline ransomware attack led to a week’s pipeline shutdown, causing a gas shortage in the United States. As existing vulnerability assessment tools cannot be used in the context of ICS systems, vulnerability datasets specified for ICSs are needed to evaluate the security weaknesses. Our secondary metadata, ICS-LTU2022, consists of multiple features that can be used for vulnerability assessment and risk evaluation in industrial control systems. A description of the dataset, its characteristics, and data analysis are also presented in this paper. Vulnerability analysis was conducted based on the top 10 vulnerabilities in terms of severity, frequency by year, impact, components of the ICS, and common weaknesses. The ICS-LTU2022 vulnerabilities dataset is updated biannually. Our proposed dataset provides security researchers with the most recent ICS critical vulnerabilities.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"148 \",\"pages\":\"Article 104143\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-10-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824004486\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824004486","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

工业控制系统(ICS)是控制系统和相关仪器的集合,用于控制和监测工业流程。关键基础设施依赖于监控和数据采集 (SCADA),它是 ICS 的一个子集,专门用于监控大面积的工业流程。像 Colonial 管道勒索软件这样的网络攻击已经展示了对手是如何破坏关键基础设施的。Colonial 管道勒索软件攻击导致管道关闭一周,造成美国天然气短缺。由于现有的漏洞评估工具无法用于 ICS 系统,因此需要为 ICS 指定漏洞数据集来评估安全漏洞。我们的二级元数据 ICS-LTU2022 包含多种功能,可用于工业控制系统的漏洞评估和风险评价。本文还介绍了数据集的描述、特征和数据分析。漏洞分析是根据前 10 个漏洞的严重性、年度频率、影响、ICS 组件和常见弱点进行的。ICS-LTU2022 漏洞数据集每半年更新一次。我们建议的数据集可为安全研究人员提供最新的 ICS 关键漏洞。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
ICS-LTU2022: A dataset for ICS vulnerabilities
Industrial control systems (ICS) are a collection of control systems and associated instrumentation for controlling and monitoring industrial processes. Critical infrastructure relies on supervisory control and data acquisition (SCADA), a subset of ICS specifically designed for monitoring and controlling industrial processes over large geographic areas. Cyberattacks like the Colonial Pipeline ransomware case have demonstrated how an adversary may compromise critical infrastructure. The Colonial Pipeline ransomware attack led to a week’s pipeline shutdown, causing a gas shortage in the United States. As existing vulnerability assessment tools cannot be used in the context of ICS systems, vulnerability datasets specified for ICSs are needed to evaluate the security weaknesses. Our secondary metadata, ICS-LTU2022, consists of multiple features that can be used for vulnerability assessment and risk evaluation in industrial control systems. A description of the dataset, its characteristics, and data analysis are also presented in this paper. Vulnerability analysis was conducted based on the top 10 vulnerabilities in terms of severity, frequency by year, impact, components of the ICS, and common weaknesses. The ICS-LTU2022 vulnerabilities dataset is updated biannually. Our proposed dataset provides security researchers with the most recent ICS critical vulnerabilities.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Computers & Security
Computers & Security 工程技术-计算机:信息系统
CiteScore
12.40
自引率
7.10%
发文量
365
审稿时长
10.7 months
期刊介绍: Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信