Multi-stage Cyber-Attacks Detection in the Industrial Control Systems

Bajtoš, Tomáš; Sokol, Pavol; Mézešová, Terézia

doi:10.1007/978-3-030-31328-9_8

Cited by 7 publications

(4 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Correlation can be based on the similarity of events by parameters (for example, source and destination IP addresses and ports), and the scenario can be represented as a graph (Haas and Fischer, 2019;Bajtoš et al, 2020). So SOAAPR (Heigl et al, 2021) (Streaming Outlier Analysis and Attack Pattern Recognition) matches and groups alerts in streaming mode, and the resulting clusters are converted into a graphical representation.…”

Section: Hybrid Modelsmentioning

confidence: 99%

“…Event grouping and pattern searching are characteristic of rule-based and graphical models, while intrusion and anomaly detection and prediction are characteristic of graphical and machine learning models. Recent trends in security event correlation are leading to an increasing use of hybrid AI-models (Haas and Fischer, 2019;Bajtoš et al, 2020;Deng and Hooi, 2021). Such models allow researchers to use the advantages of various correlation methods and offset the disadvantages.…”

Section: Summary Of Ai-based Security Event Correlation Modelsmentioning

confidence: 99%

“…Similarity-based methods have the simplicity of implementation to determine the relationship between a pair of events. However, the difficulty consists in choosing the most efficient way to calculate the event connection (Hostiadi et al, 2019;Bajtoš et al, 2020). Simple matching of event attributes can give a lot of false positives.…”

Section: Summary Of Ai-based Security Event Correlation Modelsmentioning

confidence: 99%

See 2 more Smart Citations

A survey on artificial intelligence techniques for security event correlation: models, challenges, and opportunities

Gaifulina

Kotenko

2023

Artif Intell Rev

View full text Add to dashboard Cite

Information systems need to process a large amount of event monitoring data. The process of finding the relationships between events is called correlation, which creates a context between independent events and previously collected information in real time and normalizes it for subsequent processing. In cybersecurity, events can determine the steps of attackers and can be analyzed as part of a specific attack strategy. In this survey, we present the systematization of security event correlation models in terms of their representation in AI-based monitoring systems as: rule-based, semantic, graphical and machine learning based-models. We define the main directions of current research in the field of AI-based security event correlation and the methods used for the correlation of both single events and their sequences in attack scenarios. We also describe the prospects for the development of hybrid correlation models. In conclusion, we identify the existing problems in the field and possible ways to overcome them.

show abstract

Section: Hybrid Modelsmentioning

confidence: 99%

Section: Summary Of Ai-based Security Event Correlation Modelsmentioning

confidence: 99%

Section: Summary Of Ai-based Security Event Correlation Modelsmentioning

confidence: 99%

See 1 more Smart Citation

A survey on artificial intelligence techniques for security event correlation: models, challenges, and opportunities

Gaifulina

Kotenko

2023

Artif Intell Rev

View full text Add to dashboard Cite

show abstract

“…Dedicated intrusion detection systems (e.g., for smart meters 14 ) and extensions to common IDS tools (e.g., Snort and Bro [15][16][17] ) have been proposed. Valdes 18 introduces an architecture that monitors ICS traffic for irregular patterns.…”

Section: A Glimpse Into Ics Protocol Securitymentioning

confidence: 99%

Industrial control protocols in the Internet core: Dismantling operational practices

2021

View full text Add to dashboard Cite

Industrial control systems (ICS) are managed remotely with the help of dedicated protocols that were originally designed to work in walled gardens. Many of these protocols have been adapted to Internet transport and support wide-area communication. ICS now exchange insecure traffic on an inter-domain level, putting at risk not only common critical infrastructure but also the Internet ecosystem (e.g., by DRDoS attacks). In this paper, we measure and analyze inter-domain ICS traffic at two central Internet vantage points, an IXP and an ISP. These traffic observations are correlated with data from honeypots and Internet-wide scans to separate industrial from non-industrial ICS traffic. We uncover mainly unprotected inter-domain ICS traffic and provide an in-depth view on Internet-wide ICS communication. Our results can be used (i) to create precise filters for potentially harmful non-industrial ICS traffic and (ii) to detect ICS sending unprotected inter-domain ICS traffic, being vulnerable to eavesdropping and traffic manipulation attacks. Additionally, we survey recent security extensions of ICS protocols, of which we find very little deployment. We estimate an upper bound of the deployment status for ICS security protocols in the Internet core.

show abstract

Co-occurrence Based Security Event Analysis and Visualization for Cyber Physical Systems

Kim¹,

Choi²,

Yun³

et al. 2020

Communications in Computer and Information Science

View full text Add to dashboard Cite

Multi-stage Cyber-Attacks Detection in the Industrial Control Systems

Cited by 7 publications

References 29 publications

A survey on artificial intelligence techniques for security event correlation: models, challenges, and opportunities

A survey on artificial intelligence techniques for security event correlation: models, challenges, and opportunities

Industrial control protocols in the Internet core: Dismantling operational practices

Co-occurrence Based Security Event Analysis and Visualization for Cyber Physical Systems

Contact Info

Product

Resources

About