Abstract
Industrial Control Systems (ICS), as a core role in critical national infrastructure, has faced more and more cyber threats. Efficient analysis of the current cyber threat intelligence is crucial for ICS security, which could provide a new insight into the security strategy through threat profiling. However, determining semantics information with relevant attack data packet to profile threat remains a challenge, largely due to the lack of ICS related attack data and appropriate information processing methods. To solve these issues, we developed dozens of honeypots to collect ICS-related attack data and propose a novel framework to analyze the current threat landscape. Through collaborative analysis of the interaction observed accompanied with open-source intelligence, we present threat landscape from three aspects: (1) attack methods, (2) attack pattern, and (3) attack sources. We evaluate our approach with real-world attacking data collected by 35 honeypots in 22 cities for 10 months. The experiment that conducted on the database show that the proposed method presents a considerable performance in terms of efficiency and effectiveness.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)
Bencsáth, B., Pék, G., Buttyán, L., Félegyházi, M.: The cousins of stuxnet: Duqu, flame, and gauss. Futur. Internet 4(4), 971–1003 (2012)
Robinson, M.: The SCADA threat landscape. In: 1st International Symposium for ICS & SCADA Cyber Security Research 2013, ICS-CSR 2013, 16–17 September 2013, Leicester, UK (2013)
Morris, T.H., Gao, W.: Industrial control system cyber attacks. In: 1st International Symposium for ICS & SCADA Cyber Security Research 2013, ICS-CSR 2013, 16–17 September 2013, Leicester, UK (2013)
Serbanescu, A.V., Obermeier, S., Yu, D.: ICS threat analysis using a large-scale honeynet. In: 3rd International Symposium for ICS & SCADA Cyber Security Research 2015, ICS-CSR 2015, 17–18 September 2015. University of Applied Sciences Ingolstadt, Germany (2015)
Koopman, P.: Embedded system security. Computer 37(7), 95–97 (2004)
Buza, D.I., Juhász, F., Miru, G., Félegyházi, M., Holczer, T.: Cryplh: Protecting smart energy systems from targeted attacks with a PLC honeypot. In: Second International Workshop in Smart Grid Security, SmartGridSec, Munich, Germany, 26 February 2014. Revised Selected Papers 2014, pp. 181–192 (2014)
Kuznetsov, V., Sandström, H., Simkin, A.: An evaluation of different ip traceback approaches. In: Proceedings of International Conference on Information and Communications Security, ICICS 2002, Singapore, 9–12 December 2002, pp. 37–48 (2002)
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical network support for IP traceback, pp. 295–306 (2001)
Song, D.X., Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: Proceedings of IEEE Twentieth Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 2001, vol. 2, pp. 878–886 (2000)
Blakely, B.A.: Cyberprints: identifying cyber attackers by feature analysis. In: Proquest Llc (2012)
Dacier, M., Pham, V.H., Thonnard, O.: The wombat attack attribution method: some results. Inf. Syst. Secur. 5905, 19–37 (2009)
Williams, T.J.: The purdue enterprise reference architecture. Comput. Ind. 24(2), 141–158 (1994)
Spitzner, L.: Honeypots: catching the insider threat. In: 19th Annual Computer Security Applications Conference (ACSAC 2003), Las Vegas, NV, USA, 8–12 December 2003, pp. 170–179 (2003)
McGrew, R., Vaughn, R.B.: Experiences with honeypot systems: development, deployment, and analysis. In: Proceedings of 39th Hawaii International International Conference on Systems Science (HICSS-39 2006), CD-ROM/Abstracts, Kauai, HI, USA, 4–7 January 2006 (2006)
Conpot: The conpot project. http://www.conpot.org. Accessed (2016)
Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IOTPOT: Analysing the rise of IOT compromises. In: 9th USENIX Workshop on Offensive Technologies, WOOT 2015, Washington, DC, USA, 10–11 August 2014 (2015)
Vasilomanolakis, E., Srinivasa, S., Cordero, C.G., Mühlhäuser, M.: Multi-stage attack detection and signature generation with ICS honeypots. In: 2016 IEEE/IFIP Network Operations and Management Symposium, NOMS 2016, Istanbul, Turkey, pp. 1227–1232, 25–29 April 2016 (2016)
Antonioli, D., Agrawal, A., Tippenhauer, N.O.: Towards high-interaction virtual ICS honeypots-in-a-box. In: Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, CPS-SPC@CCS 2016, Vienna, Austria, 28 October 2016, pp. 13–22 (2016)
Shodan: The shodan search engine. https://www.shodan.io/. Accessed 2016
Kulis, B., Jordan, M.I.: Revisiting k-means: New algorithms via bayesian nonparametrics. In: Proceedings of the 29th International Conference on Machine Learning, ICML 2012, Edinburgh, Scotland, UK, 26 June–1 July 2012 (2012)
Liu, Y., Li, Z., Xiong, H., Gao, X., Wu, J.: Understanding of internal clustering validation measures. In: The 10th IEEE International Conference on Data Mining, ICDM 2010, 14–17 December 2010, Sydney, Australia, pp. 911–916 (2010)
Caliski, T., Harabasz, J.: A dendrite method for cluster analysis. Commun. Stat. 3(1), 1–27 (1974)
Acknowledgment
This work was supported by the National Key R&D Program of China (2017YFB0802804), Key Program of National Natural Science Foundation of China (U1766215), and National Natural Science Foundation of China (61702503).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Li, K., You, J., Wen, H., Li, H., Sun, L. (2019). Collaborative Intelligence Analysis for Industrial Control Systems Threat Profiling. In: Arai, K., Bhatia, R., Kapoor, S. (eds) Proceedings of the Future Technologies Conference (FTC) 2018. FTC 2018. Advances in Intelligent Systems and Computing, vol 881. Springer, Cham. https://doi.org/10.1007/978-3-030-02683-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-02683-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02682-0
Online ISBN: 978-3-030-02683-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)