Characterizing Cyber Attacks against Space Systems with Missing Data: Framework and Case Study

• URL: http://arxiv.org/abs/2309.04878v1
• Date: Sat, 9 Sep 2023 21:40:00 GMT
• Title: Characterizing Cyber Attacks against Space Systems with Missing Data: Framework and Case Study
• Authors: Ekzhin Ear, Jose L. C. Remy, Antonia Feffer, Shouhuai Xu,
• Abstract summary: There is no single dataset that documents cyber attacks against space systems that have occurred in the past. This paper proposes a framework, including metrics, while also addressing the missing-data problem. We show how to extrapolate this "low-quality" dataset to derive 4,076 attack technique kill chains.
• Score: 5.715413347864052
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Cybersecurity of space systems is an emerging topic, but there is no single dataset that documents cyber attacks against space systems that have occurred in the past. These incidents are often scattered in media reports while missing many details, which we dub the missing-data problem. Nevertheless, even "low-quality" datasets containing such reports would be extremely valuable because of the dearth of space cybersecurity data and the sensitivity of space systems which are often restricted from disclosure by governments. This prompts a research question: How can we characterize real-world cyber attacks against space systems? In this paper, we address the problem by proposing a framework, including metrics, while also addressing the missing-data problem, by "extrapolating" the missing data in a principled fashion. To show the usefulness of the framework, we extract data for 72 cyber attacks against space systems and show how to extrapolate this "low-quality" dataset to derive 4,076 attack technique kill chains. Our findings include: cyber attacks against space systems are getting increasingly sophisticated; and, successful protection against on-path and social engineering attacks could have prevented 80% of the attacks.

Related papers

• Mind The Gap: Can Air-Gaps Keep Your Private Data Secure? [1.74048653626208]
  'Air-gap' measures keep sensitive data in networks entirely isolated from the Internet. Air-gap networks are relevant today to governmental organizations, healthcare industries, finance sectors, intellectual property and legal firms. Motivated and capable adversaries can use sophisticated attack vectors to penetrate the air-gapped networks, leaking sensitive data outward.
  arXiv  Detail & Related papers  (2024-09-06T11:08:05Z)
• Outer Space Cyberattacks: Generating Novel Scenarios to Avoid Surprise [0.48929202770344377]
  Report offers a scenario-prompt generator that can create more than 4 million unique scenario-prompts. A failure to imagine novel scenarios is a major risk in being taken by surprise and severely harmed. Outer space is the next frontier for cybersecurity.
  arXiv  Detail & Related papers  (2024-06-17T19:20:17Z)
• Evaluating the Security of Satellite Systems [24.312198733476063]
  This paper presents a comprehensive taxonomy of adversarial tactics, techniques, and procedures explicitly targeting satellites. We examine the space ecosystem including the ground, space, Communication, and user segments, highlighting their architectures, functions, and vulnerabilities. We propose a novel extension of the MITRE ATT&CK framework to categorize satellite attack techniques across the adversary lifecycle from reconnaissance to impact.
  arXiv  Detail & Related papers  (2023-12-03T09:38:28Z)
• Critical Infrastructure Security Goes to Space: Leveraging Lessons Learned on the Ground [2.1180074160333815]
  Space systems enable essential communications, navigation, imaging and sensing for a variety of domains. While the space environment brings unique constraints to managing cybersecurity risks, lessons learned about risks and effective defenses in other critical infrastructure domains can help us to design effective defenses for space systems. This paper provides an overview of ICS and space system commonalities, lessons learned about cybersecurity for ICS that can be applied to space systems, and recommendations for future research and development to secure increasingly critical space systems.
  arXiv  Detail & Related papers  (2023-09-26T19:53:40Z)
• Fixed Points in Cyber Space: Rethinking Optimal Evasion Attacks in the Age of AI-NIDS [70.60975663021952]
  We study blackbox adversarial attacks on network classifiers. We argue that attacker-defender fixed points are themselves general-sum games with complex phase transitions. We show that a continual learning approach is required to study attacker-defender dynamics.
  arXiv  Detail & Related papers  (2021-11-23T23:42:16Z)
• Dataset Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses [150.64470864162556]
  This work systematically categorizes and discusses a wide range of dataset vulnerabilities and exploits. In addition to describing various poisoning and backdoor threat models and the relationships among them, we develop their unified taxonomy.
  arXiv  Detail & Related papers  (2020-12-18T22:38:47Z)
• A Targeted Attack on Black-Box Neural Machine Translation with Parallel Data Poisoning [60.826628282900955]
  We show that targeted attacks on black-box NMT systems are feasible, based on poisoning a small fraction of their parallel training data. We show that this attack can be realised practically via targeted corruption of web documents crawled to form the system's training data. Our results are alarming: even on the state-of-the-art systems trained with massive parallel data, the attacks are still successful (over 50% success rate) under surprisingly low poisoning budgets.
  arXiv  Detail & Related papers  (2020-11-02T01:52:46Z)
• Measurement-driven Security Analysis of Imperceptible Impersonation Attacks [54.727945432381716]
  We study the exploitability of Deep Neural Network-based Face Recognition systems. We show that factors such as skin color, gender, and age, impact the ability to carry out an attack on a specific target victim. We also study the feasibility of constructing universal attacks that are robust to different poses or views of the attacker's face.
  arXiv  Detail & Related papers  (2020-08-26T19:27:27Z)
• Data Mining with Big Data in Intrusion Detection Systems: A Systematic Literature Review [68.15472610671748]
  Cloud computing has become a powerful and indispensable technology for complex, high performance and scalable computation. The rapid rate and volume of data creation has begun to pose significant challenges for data management and security. The design and deployment of intrusion detection systems (IDS) in the big data setting has, therefore, become a topic of importance.
  arXiv  Detail & Related papers  (2020-05-23T20:57:12Z)
• On Adversarial Examples and Stealth Attacks in Artificial Intelligence Systems [62.997667081978825]
  We present a formal framework for assessing and analyzing two classes of malevolent action towards generic Artificial Intelligence (AI) systems. The first class involves adversarial examples and concerns the introduction of small perturbations of the input data that cause misclassification. The second class, introduced here for the first time and named stealth attacks, involves small perturbations to the AI system itself.
  arXiv  Detail & Related papers  (2020-04-09T10:56:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.