Vulnerability Assessment of Industrial Control System with an Improved CVSS

• URL: http://arxiv.org/abs/2306.08631v1
• Date: Wed, 14 Jun 2023 16:48:06 GMT
• Title: Vulnerability Assessment of Industrial Control System with an Improved CVSS
• Authors: He Wen
• Abstract summary: This study proposes a method to assess the risk of cyberattacks on ICS with an improved Common Vulnerability Scoring System (CVSS) Results show the physical system levels of ICS have the highest severity once cyberattacked.
• Score: 3.9596068699962323
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Cyberattacks on industrial control systems (ICS) have been drawing attention in academia. However, this has not raised adequate concerns among some industrial practitioners. Therefore, it is necessary to identify the vulnerable locations and components in the ICS and investigate the attack scenarios and techniques. This study proposes a method to assess the risk of cyberattacks on ICS with an improved Common Vulnerability Scoring System (CVSS) and applies it to a continuous stirred tank reactor (CSTR) model. The results show the physical system levels of ICS have the highest severity once cyberattacked, and controllers, workstations, and human-machine interface are the crucial components in the cyberattack and defense.

Related papers

• Cyber security of OT networks: A tutorial and overview [1.4361933642658902]
  This manuscript explores the cybersecurity challenges of Operational Technology (OT) networks. OT systems increasingly integrate with Information Technology (IT) systems due to Industry 4.0 initiatives. The study examines key components of OT systems, such as SCADA (Supervisory Control and Data Acquisition), PLCs (Programmable Logic Controllers), and RTUs (Remote Terminal Units)
  arXiv  Detail & Related papers  (2025-02-19T17:23:42Z)
• Evidence-Based Threat Modeling for ICS [0.0]
  ICS environments are vital to the operation of critical infrastructure such as power grids, water treatment facilities, and manufacturing plants. We propose a novel evidence-based methodology to systematically identify threats based on existing CVE entries of components. We have implemented our methodology as a ready-to-use tool and have applied it to a typical SCADA system to demonstrate that our methodology is practical and applicable in real-world settings.
  arXiv  Detail & Related papers  (2024-11-29T15:05:00Z)
• Exploring the Adversarial Vulnerabilities of Vision-Language-Action Models in Robotics [70.93622520400385]
  This paper systematically quantifies the robustness of VLA-based robotic systems. We introduce an untargeted position-aware attack objective that leverages spatial foundations to destabilize robotic actions. We also design an adversarial patch generation approach that places a small, colorful patch within the camera's view, effectively executing the attack in both digital and physical environments.
  arXiv  Detail & Related papers  (2024-11-18T01:52:20Z)
• Countering Autonomous Cyber Threats [40.00865970939829]
  Foundation Models present dual-use concerns broadly and within the cyber domain specifically. Recent research has shown the potential for these advanced models to inform or independently execute offensive cyberspace operations. This work evaluates several state-of-the-art FMs on their ability to compromise machines in an isolated network and investigates defensive mechanisms to defeat such AI-powered attacks.
  arXiv  Detail & Related papers  (2024-10-23T22:46:44Z)
• FaultGuard: A Generative Approach to Resilient Fault Prediction in Smart Electrical Grids [53.2306792009435]
  FaultGuard is the first framework for fault type and zone classification resilient to adversarial attacks. We propose a low-complexity fault prediction model and an online adversarial training technique to enhance robustness. Our model outclasses the state-of-the-art for resilient fault prediction benchmarking, with an accuracy of up to 0.958.
  arXiv  Detail & Related papers  (2024-03-26T08:51:23Z)
• Towards Low-Barrier Cybersecurity Research and Education for Industrial Control Systems [1.2584276673531931]
  We develop a framework to automatically launch cyberattacks, collect data, train machine learning models, and evaluate for practical chemical and manufacturing processes. On our testbed, we validate our proposed intrusion detection model called Minimal Threshold and Window SVM. Results show that MinTWin SVM minimizes false positives and is responsive to physical process anomalies.
  arXiv  Detail & Related papers  (2023-08-31T14:46:05Z)
• A Deep Multi-Modal Cyber-Attack Detection in Industrial Control Systems [1.0312968200748118]
  This research utilizes network and sensor modality data from ICS processed with a deep multi-modal cyber-attack detection model for ICS. Results show that the proposed model can outperform existing single modality models and recent works in the literature.
  arXiv  Detail & Related papers  (2023-04-04T01:27:21Z)
• A Framework for Evaluating the Cybersecurity Risk of Real World, Machine Learning Production Systems [41.470634460215564]
  We develop an extension to the MulVAL attack graph generation and analysis framework to incorporate cyberattacks on ML production systems. Using the proposed extension, security practitioners can apply attack graph analysis methods in environments that include ML components.
  arXiv  Detail & Related papers  (2021-07-05T05:58:11Z)
• Poisoning Attacks on Cyber Attack Detectors for Industrial Control Systems [34.86059492072526]
  We are first to demonstrate such poisoning attacks on ICS online neural network detectors. We propose two distinct attack algorithms, namely, back-gradient based poisoning, and demonstrate their effectiveness on both synthetic and real-world data.
  arXiv  Detail & Related papers  (2020-12-23T14:11:26Z)
• Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain [58.30296637276011]
  This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques. It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
  arXiv  Detail & Related papers  (2020-07-05T18:22:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.