TMAP: A Threat Modeling and Attack Path Analysis Framework for Industrial IoT Systems (A Case Study of IoM and IoP)
- URL: http://arxiv.org/abs/2312.15319v1
- Date: Sat, 23 Dec 2023 18:32:53 GMT
- Title: TMAP: A Threat Modeling and Attack Path Analysis Framework for Industrial IoT Systems (A Case Study of IoM and IoP)
- Authors: Kumar Saurabh, Deepak Gajjala, Krishna Kaipa, Ranjana Vyas, O. P. Vyas, Rahamatullah Khondoker,
- Abstract summary: To deploy secure Industrial Control and Production Systems (ICPS) in smart factories, cyber threats and risks must be addressed.
Current approaches for threat modeling in cyber-physical systems (CPS) are ad hoc and inefficient.
This paper proposes a novel quantitative threat modeling approach, aiming to identify probable attack vectors, assess the path of attacks, and evaluate the magnitude of each vector.
- Score: 2.9922995594704984
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Industrial cyber-physical systems (ICPS) are gradually integrating information technology and automating industrial processes, leading systems to become more vulnerable to malicious actors. Thus, to deploy secure Industrial Control and Production Systems (ICPS) in smart factories, cyber threats and risks must be addressed. To identify all possible threats, Threat Modeling is a promising solution. Despite the existence of numerous methodological solutions for threat modeling in cyber-physical systems (CPS), current approaches are ad hoc and inefficient in providing clear insights to researchers and organizations involved in IIoT technologies. These approaches lack a comprehensive analysis of cyber threats and fail to facilitate effective path analysis across the ICPS lifecycle, incorporating smart manufacturing technologies and tools. To address these gaps, a novel quantitative threat modeling approach is proposed, aiming to identify probable attack vectors, assess the path of attacks, and evaluate the magnitude of each vector. This paper also explains the execution of the proposed approach with two case studies, namely the industrial manufacturing line, i.e., the Internet of Manufacturing (IoM), and the power and industry, i.e., the Internet of Production (IoP).
Related papers
- The Shadow of Fraud: The Emerging Danger of AI-powered Social Engineering and its Possible Cure [30.431292911543103]
Social engineering (SE) attacks remain a significant threat to both individuals and organizations.
The advancement of Artificial Intelligence (AI) has potentially intensified these threats by enabling more personalized and convincing attacks.
This survey paper categorizes SE attack mechanisms, analyzes their evolution, and explores methods for measuring these threats.
arXiv Detail & Related papers (2024-07-22T17:37:31Z) - Analyzing the Attack Surface and Threats of Industrial Internet of Things Devices [4.252049820202961]
The growing connectivity of industrial devices as a result of the Internet of Things is increasing the risks to Industrial Control Systems.
We present a systematic and holistic procedure for analyzing the attack surface and threats of Industrial Internet of Things devices.
arXiv Detail & Related papers (2024-05-25T17:55:23Z) - Introducing Systems Thinking as a Framework for Teaching and Assessing Threat Modeling Competency [3.467282314524728]
We propose using systems thinking in conjunction with popular and industry-standard threat modeling frameworks like STRIDE for teaching and assessing threat modeling competency.
Students who had both systems thinking and STRIDE instruction identified and attempted to mitigate component-level and systems-level threats.
arXiv Detail & Related papers (2024-04-25T14:21:15Z) - Asset-centric Threat Modeling for AI-based Systems [7.696807063718328]
This paper presents ThreatFinderAI, an approach and tool to model AI-related assets, threats, countermeasures, and quantify residual risks.
To evaluate the practicality of the approach, participants were tasked to recreate a threat model developed by cybersecurity experts of an AI-based healthcare platform.
Overall, the solution's usability was well-perceived and effectively supports threat identification and risk discussion.
arXiv Detail & Related papers (2024-03-11T08:40:01Z) - Managing extreme AI risks amid rapid progress [171.05448842016125]
We describe risks that include large-scale social harms, malicious uses, and irreversible loss of human control over autonomous AI systems.
There is a lack of consensus about how exactly such risks arise, and how to manage them.
Present governance initiatives lack the mechanisms and institutions to prevent misuse and recklessness, and barely address autonomous systems.
arXiv Detail & Related papers (2023-10-26T17:59:06Z) - ANALYSE -- Learning to Attack Cyber-Physical Energy Systems With
Intelligent Agents [0.0]
ANALYSE is a machine-learning-based software suite to let learning agents autonomously find attacks in cyber-physical energy systems.
It is designed to find yet unknown attack types and to reproduce many known attack strategies in cyber-physical energy systems from the scientific literature.
arXiv Detail & Related papers (2023-04-21T11:36:18Z) - Graph Mining for Cybersecurity: A Survey [61.505995908021525]
The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society.
Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities.
With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
arXiv Detail & Related papers (2023-04-02T08:43:03Z) - On a Uniform Causality Model for Industrial Automation [61.303828551910634]
A Uniform Causality Model for various application areas of industrial automation is proposed.
The resulting model describes the behavior of Cyber-Physical Systems mathematically.
It is shown that the model can work as a basis for the application of new approaches in industrial automation that focus on machine learning.
arXiv Detail & Related papers (2022-09-20T11:23:51Z) - Multi Agent System for Machine Learning Under Uncertainty in Cyber
Physical Manufacturing System [78.60415450507706]
Recent advancements in predictive machine learning has led to its application in various use cases in manufacturing.
Most research focused on maximising predictive accuracy without addressing the uncertainty associated with it.
In this paper, we determine the sources of uncertainty in machine learning and establish the success criteria of a machine learning system to function well under uncertainty.
arXiv Detail & Related papers (2021-07-28T10:28:05Z) - Inspect, Understand, Overcome: A Survey of Practical Methods for AI
Safety [54.478842696269304]
The use of deep neural networks (DNNs) in safety-critical applications is challenging due to numerous model-inherent shortcomings.
In recent years, a zoo of state-of-the-art techniques aiming to address these safety concerns has emerged.
Our paper addresses both machine learning experts and safety engineers.
arXiv Detail & Related papers (2021-04-29T09:54:54Z) - Validate and Enable Machine Learning in Industrial AI [47.20869253934116]
Industrial AI promises more efficient future industrial control systems.
The Petuum Optimum system is used as an example to showcase the challenges in making and testing AI models.
arXiv Detail & Related papers (2020-10-30T20:33:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.