Affiliation:
1. Cardiff University, Cardiff, Cardiff, UK
2. University of Illinois at Chicago, Chicago, Illinois, USA
Abstract
Numerous sophisticated and nation-state attacks on Industrial Control Systems (ICSs) have increased in recent years, exemplified by Stuxnet and Ukrainian Power Grid. Measures to be taken post-incident are crucial to reduce damage, restore control, and identify attack actors involved. By monitoring Indicators of Compromise (IOCs), the incident responder can detect malicious activity triggers and respond quickly to a similar intrusion at an earlier stage. However, to implement IOCs in critical infrastructures, we need to understand their contexts and requirements. Unfortunately, there is no survey paper in the literature on IOC in the ICS environment, and only limited information is provided in research articles. In this article, we describe different standards for IOC representation and discuss the associated challenges that restrict security investigators from developing IOCs in the industrial sectors. We also discuss the potential IOCs against cyber-attacks in ICS systems. Furthermore, we conduct a critical analysis of existing works and available tools in this space. We evaluate the effectiveness of identified IOCs’ by mapping these indicators to the most frequently targeted attacks in the ICS environment. Finally, we highlight the lessons to be learned from the literature and the future problems in the domain along with the approaches that might be taken.
Publisher
Association for Computing Machinery (ACM)
Subject
Artificial Intelligence,Control and Optimization,Computer Networks and Communications,Hardware and Architecture,Human-Computer Interaction
Cited by
11 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献