Integration of Cyber Threat Intelligence into Security Onion and Malcolm for the use case of industrial networks-Reference-Cited by-同舟云学术

Integration of Cyber Threat Intelligence into Security Onion and Malcolm for the use case of industrial networks

Published:2023-09-01 Issue:9 Volume:71 Page:802-815
ISSN:0178-2312
Container-title:at - Automatisierungstechnik
language:en
Short-container-title:

Author:

Ackermann Tim¹,Karch Markus¹,Kippe Jörg¹

Affiliation:

1. Fraunhofer IOSB, Industrial Cybersecurity , Karlsruhe , Germany

Abstract

Abstract With the increasing frequency of cyberattacks on Industrial Control Systems (ICS), the subject of cybersecurity is becoming increasingly important. Cyber Threat Intelligence (CTI) provides information about cyber adversaries, including their intentions and attack techniques. This paper analyzes the availability of open-source CTI for ICS, with a particular focus on technical indicators that can aid in detecting cyberattacks. Furthermore, this paper examines the automated integration of CTI data into SIEM systems and introduces CTIExchange as a tool that facilitates this integration by connecting Threat Intelligence Platforms with detection tools.

Publisher

Walter de Gruyter GmbH

Subject

Electrical and Electronic Engineering,Computer Science Applications,Control and Systems Engineering

Link

https://www.degruyter.com/document/doi/10.1515/auto-2023-0057/pdf

Reference22 articles.

1. D. Parsons, “The state of ICS/OT cybersecurity in 2022 and beyond,” Tech. Rep., SANS, 2022.

2. J. L. Rrushi, H. Farhangi, C. Howey, K. Carmichael, and J. Dabell, “A quantitative evaluation of the target selection of havex ICS malware plugin,” in Industrial Control System Security (ICSS) Workshop, 2015.

3. J. Slowik, Anatomy of an attack: detecting and defeating CRASHOVERRIDE, Montreal, Quebec, Canada, Virusbulletin, 2018. Available at: https://www.dragos.com/resource/anatomy-of-an-attack-detecting-and-defeating-crashoverride/.

4. Dragos, TRISIS Malware: Analysis of Safety System Targeted Malware, Version 1.20171213, 2017, Dragos Inc., Available at: https://www.dragos.com/wp-content/uploads/TRISIS-01.pdf.

5. J. Friedman and M. Bouchard, Definitive Guide to Cyber Threat Intelligence, Annapolis, MD, CyberEdge Group, LLC, 2015.