Design and Development of Automated Threat Hunting in Industrial Control Systems

Loading...
Thumbnail Image
File version

Accepted Manuscript (AM)

Author(s)
Arafune, Masumi
Rajalakshmi, Sidharth
Jaldon, Luigi
Jadidi, Zahra
Pal, Shantanu
Foo, Ernest
Venkatachalam, Nagarajan
Griffith University Author(s)
Primary Supervisor
Other Supervisors
Editor(s)
Date
2022
Size
File type(s)
Location

Pisa, Italy

License
Abstract

Traditional industrial systems, e.g., power plants, water treatment plants, etc., were built to operate highly isolated and controlled capacity. Recently, Industrial Control Systems (ICSs) have been exposed to the Internet for ease of access and adaptation to advanced technologies. However, it creates security vulnerabilities. Attackers often exploit these vulnerabilities to launch attacks on ICSs. Towards this, threat hunting is performed to proactively monitor the security of ICS networks and protect them against threats that could make the systems malfunction. A threat hunter manually identifies threats and provides a hypothesis based on the available threat intelligence. In this paper, we motivate the gap in lacking research in the automation of threat hunting in ICS networks. We propose an automated extraction of threat intelligence and the generation and validation of a hypothesis. We present an automated threat hunting framework based on threat intelligence provided by the ICS MITRE ATT&CK framework to automate the tasks. Unlike other solutions which are cloud-based, costly and prone to human errors, our solution is a central and open-source implemented using different opensource technologies, e.g., Elasticsearch, Conpot, Metasploit, Web Single Page Application (SPA), and a machine learning analyser. Results demonstrate that the solution can identify the network's attacks and alert a threat hunter with a hypothesis generated based on the techniques, tactics, and procedures (TTPs) from ICS MITRE ATT&CK. Then, a machine learning classifier automatically predicts the future actions of the attack.

Journal Title
Conference Title

2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops)

Book Title
Edition
Volume
Issue
Thesis Type
Degree Program
School
Publisher link
Patent number
Funder(s)
Grant identifier(s)
Rights Statement
Rights Statement
Item Access Status
Note
Access the data
Related item(s)
Subject

Control engineering

Computer Science, Information Systems

Computer Science, Interdisciplinary Applications

Computer Science, Theory & Methods

Engineering

Persistent link to this record
Citation

Arafune, M; Rajalakshmi, S; Jaldon, L; Jadidi, Z; Pal, S; Foo, E; Venkatachalam, N, Design and Development of Automated Threat Hunting in Industrial Control Systems, 2022 IEEE Annual Conference on Pervasive Computing and Communications Workshops (PerCom), 2022