Analyzing the Attack Surface and Threats of Industrial Internet of Things Devices

• URL: http://arxiv.org/abs/2405.16318v1
• Date: Sat, 25 May 2024 17:55:23 GMT
• Title: Analyzing the Attack Surface and Threats of Industrial Internet of Things Devices
• Authors: Simon Liebl, Leah Lathrop, Ulrich Raithel, Andreas Aßmuth, Ian Ferguson, Matthias Söllner,
• Abstract summary: The growing connectivity of industrial devices as a result of the Internet of Things is increasing the risks to Industrial Control Systems. We present a systematic and holistic procedure for analyzing the attack surface and threats of Industrial Internet of Things devices.
• Score: 4.252049820202961
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The growing connectivity of industrial devices as a result of the Internet of Things is increasing the risks to Industrial Control Systems. Since attacks on such devices can also cause damage to people and machines, they must be properly secured. Therefore, a threat analysis is required in order to identify weaknesses and thus mitigate the risk. In this paper, we present a systematic and holistic procedure for analyzing the attack surface and threats of Industrial Internet of Things devices. Our approach is to consider all components including hardware, software and data, assets, threats and attacks throughout the entire product life cycle.

Related papers

• Interpretable Cyber Threat Detection for Enterprise Industrial Networks: A Computational Design Science Approach [1.935143126104097]
  We use IS computational design science paradigm to develop a two-stage cyber threat detection system for enterprise-level IS. The first stage generates synthetic industrial network data using a modified generative adversarial network. The second stage develops a novel bidirectional gated recurrent unit and a modified attention mechanism for effective threat detection.
  arXiv  Detail & Related papers  (2024-09-04T19:54:28Z)
• Threat analysis and adversarial model for Smart Grids [1.7482569079741024]
  The cyber domain of this smart power grid opens a new plethora of threats. Different stakeholders including regulation bodies, industry and academy are making efforts to provide security mechanisms to mitigate and reduce cyber-risks. Recent work shows a lack of agreement among grid practitioners and academic experts on the feasibility and consequences of academic-proposed threats. This is in part due to inadequate simulation models which do not evaluate threats based on attackers full capabilities and goals.
  arXiv  Detail & Related papers  (2024-06-17T16:33:46Z)
• Threat Analysis of Industrial Internet of Things Devices [4.505539262528727]
  We examine Industrial Internet of Things devices, identify and rank different sources of threats and describe common threats and vulnerabilities. We recommend a procedure to carry out a threat analysis on these devices.
  arXiv  Detail & Related papers  (2024-05-25T17:45:12Z)
• TMAP: A Threat Modeling and Attack Path Analysis Framework for Industrial IoT Systems (A Case Study of IoM and IoP) [2.9922995594704984]
  To deploy secure Industrial Control and Production Systems (ICPS) in smart factories, cyber threats and risks must be addressed. Current approaches for threat modeling in cyber-physical systems (CPS) are ad hoc and inefficient. This paper proposes a novel quantitative threat modeling approach, aiming to identify probable attack vectors, assess the path of attacks, and evaluate the magnitude of each vector.
  arXiv  Detail & Related papers  (2023-12-23T18:32:53Z)
• Classification of cyber attacks on IoT and ubiquitous computing devices [49.1574468325115]
  This paper provides a classification of IoT malware. Major targets and used exploits for attacks are identified and referred to the specific malware. The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
  arXiv  Detail & Related papers  (2023-12-01T16:10:43Z)
• On the Security Risks of Knowledge Graph Reasoning [71.64027889145261]
  We systematize the security threats to KGR according to the adversary's objectives, knowledge, and attack vectors. We present ROAR, a new class of attacks that instantiate a variety of such threats. We explore potential countermeasures against ROAR, including filtering of potentially poisoning knowledge and training with adversarially augmented queries.
  arXiv  Detail & Related papers  (2023-05-03T18:47:42Z)
• Graph Mining for Cybersecurity: A Survey [61.505995908021525]
  The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society. Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities. With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
  arXiv  Detail & Related papers  (2023-04-02T08:43:03Z)
• A Framework for Evaluating the Cybersecurity Risk of Real World, Machine Learning Production Systems [41.470634460215564]
  We develop an extension to the MulVAL attack graph generation and analysis framework to incorporate cyberattacks on ML production systems. Using the proposed extension, security practitioners can apply attack graph analysis methods in environments that include ML components.
  arXiv  Detail & Related papers  (2021-07-05T05:58:11Z)
• GRAVITAS: Graphical Reticulated Attack Vectors for Internet-of-Things Aggregate Security [5.918387680589584]
  Internet-of-Things (IoT) and cyber-physical systems (CPSs) may consist of thousands of devices connected in a complex network topology. We describe a comprehensive risk management system, called GRAVITAS, for IoT/CPS that can identify undiscovered attack vectors.
  arXiv  Detail & Related papers  (2021-05-31T19:35:23Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)
• Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain [58.30296637276011]
  This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques. It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
  arXiv  Detail & Related papers  (2020-07-05T18:22:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.