Skip to main content
SpringerLink
Log in

Collaborative Intelligence Analysis for Industrial Control Systems Threat Profiling

  • Conference paper
  • First Online:
Proceedings of the Future Technologies Conference (FTC) 2018 (FTC 2018)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 881))

Included in the following conference series:

Abstract

Industrial Control Systems (ICS), as a core role in critical national infrastructure, has faced more and more cyber threats. Efficient analysis of the current cyber threat intelligence is crucial for ICS security, which could provide a new insight into the security strategy through threat profiling. However, determining semantics information with relevant attack data packet to profile threat remains a challenge, largely due to the lack of ICS related attack data and appropriate information processing methods. To solve these issues, we developed dozens of honeypots to collect ICS-related attack data and propose a novel framework to analyze the current threat landscape. Through collaborative analysis of the interaction observed accompanied with open-source intelligence, we present threat landscape from three aspects: (1) attack methods, (2) attack pattern, and (3) attack sources. We evaluate our approach with real-world attacking data collected by 35 honeypots in 22 cities for 10 months. The experiment that conducted on the database show that the proposed method presents a considerable performance in terms of efficiency and effectiveness.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)

    Article  Google Scholar 

  2. Bencsáth, B., Pék, G., Buttyán, L., Félegyházi, M.: The cousins of stuxnet: Duqu, flame, and gauss. Futur. Internet 4(4), 971–1003 (2012)

    Article  Google Scholar 

  3. Robinson, M.: The SCADA threat landscape. In: 1st International Symposium for ICS & SCADA Cyber Security Research 2013, ICS-CSR 2013, 16–17 September 2013, Leicester, UK (2013)

    Google Scholar 

  4. Morris, T.H., Gao, W.: Industrial control system cyber attacks. In: 1st International Symposium for ICS & SCADA Cyber Security Research 2013, ICS-CSR 2013, 16–17 September 2013, Leicester, UK (2013)

    Google Scholar 

  5. Serbanescu, A.V., Obermeier, S., Yu, D.: ICS threat analysis using a large-scale honeynet. In: 3rd International Symposium for ICS & SCADA Cyber Security Research 2015, ICS-CSR 2015, 17–18 September 2015. University of Applied Sciences Ingolstadt, Germany (2015)

    Google Scholar 

  6. Koopman, P.: Embedded system security. Computer 37(7), 95–97 (2004)

    Article  Google Scholar 

  7. Buza, D.I., Juhász, F., Miru, G., Félegyházi, M., Holczer, T.: Cryplh: Protecting smart energy systems from targeted attacks with a PLC honeypot. In: Second International Workshop in Smart Grid Security, SmartGridSec, Munich, Germany, 26 February 2014. Revised Selected Papers 2014, pp. 181–192 (2014)

    Google Scholar 

  8. Kuznetsov, V., Sandström, H., Simkin, A.: An evaluation of different ip traceback approaches. In: Proceedings of International Conference on Information and Communications Security, ICICS 2002, Singapore, 9–12 December 2002, pp. 37–48 (2002)

    Google Scholar 

  9. Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical network support for IP traceback, pp. 295–306 (2001)

    Article  Google Scholar 

  10. Song, D.X., Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: Proceedings of IEEE Twentieth Joint Conference of the IEEE Computer and Communications Societies, INFOCOM 2001, vol. 2, pp. 878–886 (2000)

    Google Scholar 

  11. Blakely, B.A.: Cyberprints: identifying cyber attackers by feature analysis. In: Proquest Llc (2012)

    Google Scholar 

  12. Dacier, M., Pham, V.H., Thonnard, O.: The wombat attack attribution method: some results. Inf. Syst. Secur. 5905, 19–37 (2009)

    Google Scholar 

  13. Williams, T.J.: The purdue enterprise reference architecture. Comput. Ind. 24(2), 141–158 (1994)

    Article  Google Scholar 

  14. Spitzner, L.: Honeypots: catching the insider threat. In: 19th Annual Computer Security Applications Conference (ACSAC 2003), Las Vegas, NV, USA, 8–12 December 2003, pp. 170–179 (2003)

    Google Scholar 

  15. McGrew, R., Vaughn, R.B.: Experiences with honeypot systems: development, deployment, and analysis. In: Proceedings of 39th Hawaii International International Conference on Systems Science (HICSS-39 2006), CD-ROM/Abstracts, Kauai, HI, USA, 4–7 January 2006 (2006)

    Google Scholar 

  16. Conpot: The conpot project. http://www.conpot.org. Accessed (2016)

  17. Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IOTPOT: Analysing the rise of IOT compromises. In: 9th USENIX Workshop on Offensive Technologies, WOOT 2015, Washington, DC, USA, 10–11 August 2014 (2015)

    Google Scholar 

  18. Vasilomanolakis, E., Srinivasa, S., Cordero, C.G., Mühlhäuser, M.: Multi-stage attack detection and signature generation with ICS honeypots. In: 2016 IEEE/IFIP Network Operations and Management Symposium, NOMS 2016, Istanbul, Turkey, pp. 1227–1232, 25–29 April 2016 (2016)

    Google Scholar 

  19. Antonioli, D., Agrawal, A., Tippenhauer, N.O.: Towards high-interaction virtual ICS honeypots-in-a-box. In: Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, CPS-SPC@CCS 2016, Vienna, Austria, 28 October 2016, pp. 13–22 (2016)

    Google Scholar 

  20. Shodan: The shodan search engine. https://www.shodan.io/. Accessed 2016

  21. Kulis, B., Jordan, M.I.: Revisiting k-means: New algorithms via bayesian nonparametrics. In: Proceedings of the 29th International Conference on Machine Learning, ICML 2012, Edinburgh, Scotland, UK, 26 June–1 July 2012 (2012)

    Google Scholar 

  22. Liu, Y., Li, Z., Xiong, H., Gao, X., Wu, J.: Understanding of internal clustering validation measures. In: The 10th IEEE International Conference on Data Mining, ICDM 2010, 14–17 December 2010, Sydney, Australia, pp. 911–916 (2010)

    Google Scholar 

  23. Caliski, T., Harabasz, J.: A dendrite method for cluster analysis. Commun. Stat. 3(1), 1–27 (1974)

    MathSciNet  MATH  Google Scholar 

Download references

Acknowledgment

This work was supported by the National Key R&D Program of China (2017YFB0802804), Key Program of National Natural Science Foundation of China (U1766215), and National Natural Science Foundation of China (61702503).

Author information

Authors and Affiliations

  1. Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, Beijing, China

    Ke Li, Jianzhou You, Hui Wen, Hong Li & Limin Sun

  2. University of Chinese Academy of Sciences, Beijing, China

    Ke Li & Jianzhou You

Authors
  1. Ke Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianzhou You
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hui Wen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Limin Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Limin Sun .

Editor information

Editors and Affiliations

  1. Saga University, Saga, Japan

    Kohei Arai

  2. The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK

    Rahul Bhatia

  3. The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK

    Supriya Kapoor

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, K., You, J., Wen, H., Li, H., Sun, L. (2019). Collaborative Intelligence Analysis for Industrial Control Systems Threat Profiling. In: Arai, K., Bhatia, R., Kapoor, S. (eds) Proceedings of the Future Technologies Conference (FTC) 2018. FTC 2018. Advances in Intelligent Systems and Computing, vol 881. Springer, Cham. https://doi.org/10.1007/978-3-030-02683-7_8

Download citation

Publish with us

Policies and ethics

Search

Navigation