Tracking Advanced Persistent Threats in Critical Infrastructures Through Opinion Dynamics
Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and correspondingly deploy accurate response procedures.
KeywordsAdvanced persistent threat Detection Traceability Opinion dynamics
This work has been partially supported by the research project SADCIP (RTC-2016-4847-8), financed by the Ministerio de Economía y Competitividad, and DISS-IIoT, financed by the University of Malaga (UMA) trough the “I Plan Propio de Investigación y Transferencia” of UMA. Likewise, the work of the first author has been partially financed by the Spanish Ministry of Education under the FPU program (FPU15/03213). The authors also thank J. Rodriguez (NICS Lab.) for his valuable comments, support, ideas, and incredible help. You rock.
- 2.Singh, S., Sharma, P.K., Moon, S.Y., Moon, D., Park, J.H.: A comprehensive study on apt attacks countermeasures for future networks communications: challenges solutions. J. Supercomput. 1–32 (2016). https://doi.org/10.1007/s11227-016-1850-4
- 9.Hegselmann, R., Krause, U., et al.: Opinion dynamics and bounded confidence models, analysis, and simulation. J. Artif. Soc. Soc. Simul. 5(3), 1–33 (2002)Google Scholar
- 11.Falliere, N., Murchu, L.O., Chien, E.: W32.stuxnet dossier, version 1.4, February 2011. https://www.symantec.com. Accessed Apr 2018
- 12.Symantec Security Response Attack Investigation Team. Dragonfly: Western energy sector targeted by sophisticated attack group (2017). https://www.symantec.com. Accessed Apr 2018
- 13.SANS Industrial Control Systems. Analysis of the cyber attack on the Ukrainian power grid (2016). https://ics.sans.org. Accessed Apr 2018
- 14.Cherepanov, A.: Telebots are back - supply-chain attacks against Ukraine (2017). https://www.welivesecurity.com. Accessed Apr 2018
- 15.MITRE Corporation. MITRE ATT&CK (2018). https://attack.mitre.org. Accessed Apr 2018
- 17.Hutchins, E.M., Cloppert, M.J., Amin, R.M.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Lead. Issues Inf. Warf. Secur. Res. 1(1), 80 (2011)Google Scholar
- 18.Rubio, J.E., Alcaraz, C., Roman, R., Lopez, J.: Analysis of intrusion detection systems in industrial ecosystems. In: 14th International Conference on Security and Cryptography, pp. 116–128 (2017)Google Scholar
- 19.S2Grupo. Emas SOM - Monitoring System for Industrial Environments (2018). https://s2grupo.es/es/emas-ics/. Accessed Apr 2018