Multi Tree View of Complex Attack – Stuxnet
Stuxnet attack on critical infrastructures is considered as paradigm shift in malware attack approach. The complexity and sophistication involved in this attack make it unique. Attacking approach of the malware, on control infrastructures, is a motivation for academic research. This paper describes the application of the Attack Tree methodology to analyze Stuxnet attack on SCADA system. Root node of the Attack Tree represents the major goal of an attacker and branches represent sub goals. The authors have identified six major goals to penetrate SCADA system, and then have built Attack Trees which demonstrate step by step activity to achieve these goals and sub goals. For each such sub goal, we have found several common categories of attacks which make Stuxnet attack successful and are used to analyze those components of control infrastructure which are susceptible to attacks.
KeywordsMalware Stuxnet SCADA Control infrastructures Attack Trees Attack Goal Attack Sub Goal
Unable to display preview. Download preview PDF.
- 5.Stuxnet: The first weaponized software?, http://www.cs.columbia.edu/~smb/blog//2010-09-27.html
- 6.Cárdenas, A.A., Amin, S., Lin, Z.-S., Huang, Y.-L., Huang, C.-Y., Sastry, S.: Attacks against process control systems: risk assessment, detection and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), pp. 355–366. ACM, New York (2011)Google Scholar
- 7.Schneier, B.: Attack Trees. Dr. Dobb’s Journal 24(12), 21–29 (1999)Google Scholar
- 8.Khand, P.A.: System level security modeling using Attack Trees. In: 2nd International Conference on Computer, Control and Communication, IC4 2009, pp. 1–6 (February 2009)Google Scholar
- 9.Thesis, Efficient Semantics of Parallel and Serial Models of Attack Trees, http://www.cyber.ee/publikatsioonid/20-magistri-ja../JurgensonPhD.pdf
- 10.Supervisory Control and Data Acquisition (SCADA) Systems, http://www.ncs.gov/library/tech_bulletins/2004/tib_04-1.pdf
- 16.Stuxnet: rumors increase, infections spread. Network Security (10), 1–2 (October 2010)Google Scholar
- 18.Morais, A., Martins, E., Cavalli, A., Jimenez, W.: Security Protocol Testing Using Attack Trees. In: International Conference on Computational Science and Engineering, CSE 2009, August 29-31, vol. 2, pp. 690–697 (2009)Google Scholar
- 19.Saini, V., Duan, Q., Paruchuri, V.: Threat modeling using Attack Trees. J. Comput. Sci. Coll. 23(4), 124–131 (2008)Google Scholar
- 20.Camtepe, S.A., Yener, B.: Modeling and detection of complex attacks. In: Third International Conference on Security and Privacy in Communications Networks and the Workshops, SecureComm 2007, September 17-21, pp. 234–243 (2007), doi:10.1109/SECCOM.2007.4550338Google Scholar
- 21.Sungmo Jung,S. K., Song, J.-G.: Design on SCADA Test-bed and Security Device. International Journal of Multimedia and Ubiquitous Engineering 3(4) (October 2008)Google Scholar