Design and Development of Automated Threat Hunting in Industrial Control Systems
File version
Accepted Manuscript (AM)
Author(s)
Rajalakshmi, Sidharth
Jaldon, Luigi
Jadidi, Zahra
Pal, Shantanu
Foo, Ernest
Venkatachalam, Nagarajan
Griffith University Author(s)
Primary Supervisor
Other Supervisors
Editor(s)
Date
Size
File type(s)
Location
Pisa, Italy
License
Abstract
Traditional industrial systems, e.g., power plants, water treatment plants, etc., were built to operate highly isolated and controlled capacity. Recently, Industrial Control Systems (ICSs) have been exposed to the Internet for ease of access and adaptation to advanced technologies. However, it creates security vulnerabilities. Attackers often exploit these vulnerabilities to launch attacks on ICSs. Towards this, threat hunting is performed to proactively monitor the security of ICS networks and protect them against threats that could make the systems malfunction. A threat hunter manually identifies threats and provides a hypothesis based on the available threat intelligence. In this paper, we motivate the gap in lacking research in the automation of threat hunting in ICS networks. We propose an automated extraction of threat intelligence and the generation and validation of a hypothesis. We present an automated threat hunting framework based on threat intelligence provided by the ICS MITRE ATT&CK framework to automate the tasks. Unlike other solutions which are cloud-based, costly and prone to human errors, our solution is a central and open-source implemented using different opensource technologies, e.g., Elasticsearch, Conpot, Metasploit, Web Single Page Application (SPA), and a machine learning analyser. Results demonstrate that the solution can identify the network's attacks and alert a threat hunter with a hypothesis generated based on the techniques, tactics, and procedures (TTPs) from ICS MITRE ATT&CK. Then, a machine learning classifier automatically predicts the future actions of the attack.
Journal Title
Conference Title
2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops)
Book Title
Edition
Volume
Issue
Thesis Type
Degree Program
School
Publisher link
Patent number
Funder(s)
Grant identifier(s)
Rights Statement
Rights Statement
Item Access Status
Note
Access the data
Related item(s)
Subject
Control engineering
Computer Science, Information Systems
Computer Science, Interdisciplinary Applications
Computer Science, Theory & Methods
Engineering
Persistent link to this record
Citation
Arafune, M; Rajalakshmi, S; Jaldon, L; Jadidi, Z; Pal, S; Foo, E; Venkatachalam, N, Design and Development of Automated Threat Hunting in Industrial Control Systems, 2022 IEEE Annual Conference on Pervasive Computing and Communications Workshops (PerCom), 2022