论文信息 - Expansion of ICS Testbed for Security Validation based on MITRE ATT&CK Techniques

Expansion of ICS Testbed for Security Validation based on MITRE ATT&CK Techniques

To respond to cyber threats, all systems in an industrial control system (ICS) should be comprehensively monitored and analyzed. However, there is no dataset to perform this integrated monitoring and analysis study. In previous research, the testbed and dataset represented only one specific area, such as the network or physical level. This imposes limitations upon the testing, validating, and user training of the integrated monitoring system. Therefore, we are developing datasets to test systems that integrate and monitor the ICS operated in a wide range of areas. In this paper, we introduce a method to expand the existing testbed so that information can be collected and monitored during an ICS attack based on the MITRE ATT&CK framework. In addition, to create a dataset for simulating large-scale and long-term attack scenarios, a security dataset enrichment tool is proposed.

[1] Eric Michael Hutchins,et al. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[2] Paul D. Rowe,et al. Limitations on observability of effects in cyber-physical systems , 2019, HotSoS.

[3] Rob Sloan,et al. Advanced Persistent Threat , 2014 .

[4] Nils Ole Tippenhauer,et al. SWaT: a water treatment testbed for research and training on ICS security , 2016, 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater).

[5] Branka Stojanovic,et al. APT datasets and attack modeling for automated detection methods: A review , 2020, Comput. Secur..

[6] Jeong-Han Yun,et al. A Comparison of ICS Datasets for Security Research Based on Attack Paths , 2018, CRITIS.

[7] Jeong-Han Yun,et al. Implementation of Programmable CPS Testbed for Anomaly Detection , 2019, CSET @ USENIX Security Symposium.

[8] Wouter Joosen,et al. A descriptive study of Microsoft’s threat modeling technique , 2015, Requirements Engineering.

[9] Binbin Chen,et al. On Practical Threat Scenario Testing in an Electric Power ICS Testbed , 2018, CPSS@AsiaCCS.

[10] Jongwon Choi,et al. Vendor-Independent Monitoring on Programmable Logic Controller Status for ICS Security Log Management , 2019, AsiaCCS.