• PDF / 175,507 Bytes
• 9 Pages / 439.37 x 666.142 pts Page_size
• 38 Downloads / 201 Views

DOWNLOAD

REPORT

Abstract An APT is a targeted multi-step attack that uses zero day exploits to achieve its objectives. In order to find solutions to mitigate APT attacks it is important to understand APT anatomy. This paper proposes an APT testing model developed using design research methodology that can be used to develop industrial control security (ICS) mechanisms. The model development followed three steps; identifying the components; identifying and explaining the characteristics in each component and developing the model. Six components were identified to be included in the model; reconnaissance, injection, installation, operation, command and control and termination. The model proposed is envisaged as systematic approach to testing and validation of security mechanisms that are aimed at APT detection in ICS. Keywords Advanced persistent threats Attacks Threats





Industrial control system
Security


1 Introduction Advanced persistent threats (APT) are persistent cyber-attacks that stealthily infiltrate a network [1]. APT use reconnaissance attacks to gain information about their targeted networks. The information from the reconnaissance attack is used to find Mercy Bere-Chitauro (&)
Hippolyte Muyingi
Attlee Gamundani
Shadreck Chitauro Computer Science Department, Namibia University of Science and Technology (formerly Polytechnic of Namibia), Windhoek, Namibia e-mail: [email protected] Hippolyte Muyingi e-mail: [email protected] Attlee Gamundani e-mail: [email protected] Shadreck Chitauro e-mail: [email protected] © Springer Science+Business Media Singapore 2016 S.C. Satapathy et al. (eds.), Proceedings of the International Congress on Information and Communication Technology, Advances in Intelligent Systems and Computing 438, DOI 10.1007/978-981-10-0767-5_64

617

618

Mercy Bere-Chitauro et al.

ways and methods to gain access into the system. Once an APT has found its entry point and positioned itself strategically in the network it establishes a communication channel with its command and control centre. Updates on the APT and further instructions are sent from the command and control centre. Information gathered about the system by the APT is also sent to the command and control centre [2, 3]. APTs are hard to detect in a network because they use sophisticated techniques to camouflage their activities from the usual detection mechanism systems in networks. APTs can also attribute their success to zero-day exploits that are usually entrenched in them to attack networks for the sole purpose of not being detected by intrusion detection systems and antiviruses which normally rely on previously known signatures [4]. The APT; Stuxnet which was discovered in 2010 used zero-day exploits to sabotage Iranian Natanz Nuclear Enrichment facility operations an industrial control system facility [1]. Miniduke a more recently discovered APT which was first announced by FireEye on February 13, 2013 was also targeting industrial control system facilities [5]. ICS are used to automate distri

Recommend Documents

An Attack Execution Model for Industrial Control Systems Security Assessment

175 22 175KB

Cyber Threat Prediction Model Using Security Monitoring System Event

157 35 29MB

Forensic Analysis of Advanced Persistent Threat Attacks in Cloud Environments

240 106 7MB

Teaching Industrial Control System Security Using Collaborative Projects

158 69 9MB

Advanced Persistent Training Take Your Security Awareness Program t

156 82 1MB

Biometric Security Threat

177 75 47MB

Security Threat Assessment

207 72 47MB

Sandbox security model for Hadoop file system

188 31 1MB

Advanced Key Management System (AKMS) for Security in Public Clouds

150 18 29MB

Group Testing Theory in Network Security An Advanced Solution

174 16 2MB

Security Challenges for Industrial IoT

144 16 7MB

Model Reduction for Control System Design

193 79 13MB