Affiliation:
1. Department of Electrical Engineering and Information Technology, Faculty of Engineering and Information Technology, George Emil Palade University of Medicine, Pharmacy, Science, and Technology of Targu Mures, 540139 Targu Mures, Romania
Abstract
Advanced Persistent Threats (APTs) represent a complex series of techniques directed against a particular organization, where the perpetrator is able to hide its presence for a longer period of time (e.g., months, years). Previous such attacks have demonstrated the exceptional impact that a cyber attack may have on the operation of Supervisory Control And Data Acquisition Systems (SCADA), and, more specifically, on the underlying physical process. Existing techniques for the detection of APTs focus on aggregating results originating from a collection of anomaly detection agents. However, such approaches may require an extensive time period in case the process is in a steady-state. Conversely, this paper documents E-APTDetect, an approach that uses dynamic attestation and multi-level data fusion for the early detection of APTs. The methodology leverages sensitivity analysis and Dempster-Shafer’s Theory of Evidence as its building blocks. Extensive experiments are performed on a realistic Vinyl Acetate Monomer (VAM) process model. The model contains standard chemical unit operations and typical industrial characteristics, which make it suitable for a large variety of experiments. The experimental results conducted on the VAM process demonstrate E-APTDetect’s ability to efficiently detect APTs, but also highlight key aspects related to the attacker’s advantage. The experiments also highlight that the adversary’s advantage is affected by two major factors: the number of compromised components; and, the precision of manipulation.
Subject
Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science
Reference44 articles.
1. Stuxnet and the vital role of critical infrastructure operators and engineers;Hagerott;Int. J. Crit. Infrastruct. Prot.,2014
2. Turton, W., and Mehrotra, K. (2023, March 05). Hackers Breached Colonial Pipeline Using Compromised Password. Available online: https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password.
3. MacKenzie, H. (2023, March 05). How Dragonfly Hackers and RAT Malware Threaten ICS Security. Available online: https://www.belden.com/blogs/industrial-security/how-dragonfly-hackers-and-rat-malware-threaten-ics-security.
4. Experimental assessment of network design approaches for protecting industrial control systems;Genge;Int. J. Crit. Infrastruct. Prot.,2015
5. A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities;Alshamrani;IEEE Commun. Surv. Tutor.,2019