An Attack Simulation and Evidence Chains Generation Model for Critical Information Infrastructures-Reference-Cited by-同舟云学术

An Attack Simulation and Evidence Chains Generation Model for Critical Information Infrastructures

Published:2022-01-28 Issue:3 Volume:11 Page:404
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Kalogeraki Eleni-Maria^ORCID,Papastergiou Spyridon,Panayiotopoulos Themis

Abstract

Recently, the rapid growth of technology and the increased teleworking due to the COVID-19 outbreak have motivated cyber attackers to advance their skills and develop new sophisticated methods, e.g., Advanced Persistent Threat (APT) attacks, to leverage their cybercriminal capabilities. They compromise interconnected Critical Information Infrastructures (CIIs) (e.g., Supervisory Control and Data Acquisition (SCADA) systems) by exploiting a series of vulnerabilities and launching multiple attacks. In this context, industry players need to increase their knowledge on the security of the CIs they operate and further explore the technical aspects of cyber-attacks, e.g., attack’s course, vulnerabilities exploitability, attacker’s behavior, and location. Several research papers address vulnerability chain discovery techniques. Nevertheless, most of them do not focus on developing attack graphs based on incident analysis. This paper proposes an attack simulation and evidence chains generation model which computes all possible attack paths associated with specific, confirmed security events. The model considers various attack patterns through simulation experiments to estimate how an attacker has moved inside an organization to perform an intrusion. It analyzes artifacts, e.g., Indicators of Compomise (IoCs), and any other incident-related information from various sources, e.g., log files, which are evidence of cyber-attacks on a system or network.

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/11/3/404/pdf

Reference51 articles.

1. Policy Responses to Coronavirus (COVID-19). TELEWORKING in the COVID-19 Pandemic: Trends and Prospects https://www.oecd.org/coronavirus/policy-responses/teleworking-in-the-COVID-19-pandemic-trends-and-prospects-72a416b6/

2. Council Directive 2008/114/EC of 8 December 2008 on the Identification and Designation of European Critical Infrastructures and the Assessment of the Need to Improve Their Protection (ECI Directive);Off. J. Eur. Union (OJ),2008

3. How Ransomware Attacks Health Care Providers and Other Industries https://www.acronis.com/en-us/articles/nhs-cyber-attack/

4. Hackers Breached Colonial Pipeline Using Compromised Password https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password

5. PADRES: Tool for PrivAcy, Data REgulation and Security

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Predicting Attack Paths from Application Security Vulnerabilities Using a Multi-Layer Perceptron;American Journal of Software Engineering and Applications;2024-05-30

2. Key Vulnerable Nodes Discovery Based on Bayesian Attack Subgraphs and Improved Fuzzy C-Means Clustering;Mathematics;2024-05-08

3. A taxonomy for cybersecurity standards;Journal of Surveillance, Security and Safety;2024-04-28

4. Risk Score Estimation of Vulnerabilities Within VulnOS2 Using AlienVault Based on MITRE ATT&CK Model;2023 IEEE 9th Information Technology International Seminar (ITIS);2023-10-18

5. Methodology for Cyber Threat Intelligence with Sensor Integration;CSEI: International Conference on Computer Science, Electronics and Industrial Engineering (CSEI);2023