Analyzing the Attack Surface and Threats of Industrial Internet of Things Devices

• URL: http://arxiv.org/abs/2405.16318v1
• Date: Sat, 25 May 2024 17:55:23 GMT
• Title: Analyzing the Attack Surface and Threats of Industrial Internet of Things Devices
• Authors: Simon Liebl, Leah Lathrop, Ulrich Raithel, Andreas Aßmuth, Ian Ferguson, Matthias Söllner,
• Abstract summary: The growing connectivity of industrial devices as a result of the Internet of Things is increasing the risks to Industrial Control Systems. We present a systematic and holistic procedure for analyzing the attack surface and threats of Industrial Internet of Things devices.
• Score: 4.252049820202961
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The growing connectivity of industrial devices as a result of the Internet of Things is increasing the risks to Industrial Control Systems. Since attacks on such devices can also cause damage to people and machines, they must be properly secured. Therefore, a threat analysis is required in order to identify weaknesses and thus mitigate the risk. In this paper, we present a systematic and holistic procedure for analyzing the attack surface and threats of Industrial Internet of Things devices. Our approach is to consider all components including hardware, software and data, assets, threats and attacks throughout the entire product life cycle.

Related papers

• Cyber security of OT networks: A tutorial and overview [1.4361933642658902]
  This manuscript explores the cybersecurity challenges of Operational Technology (OT) networks. OT systems increasingly integrate with Information Technology (IT) systems due to Industry 4.0 initiatives. The study examines key components of OT systems, such as SCADA (Supervisory Control and Data Acquisition), PLCs (Programmable Logic Controllers), and RTUs (Remote Terminal Units)
  arXiv  Detail & Related papers  (2025-02-19T17:23:42Z)
• VMGuard: Reputation-Based Incentive Mechanism for Poisoning Attack Detection in Vehicular Metaverse [52.57251742991769]
  vehicular Metaverse guard (VMGuard) protects vehicular Metaverse systems from data poisoning attacks. VMGuard implements a reputation-based incentive mechanism to assess the trustworthiness of participating SIoT devices. Our system ensures that reliable SIoT devices, previously missclassified, are not barred from participating in future rounds of the market.
  arXiv  Detail & Related papers  (2024-12-05T17:08:20Z)
• Countering Autonomous Cyber Threats [40.00865970939829]
  Foundation Models present dual-use concerns broadly and within the cyber domain specifically. Recent research has shown the potential for these advanced models to inform or independently execute offensive cyberspace operations. This work evaluates several state-of-the-art FMs on their ability to compromise machines in an isolated network and investigates defensive mechanisms to defeat such AI-powered attacks.
  arXiv  Detail & Related papers  (2024-10-23T22:46:44Z)
• Interpretable Cyber Threat Detection for Enterprise Industrial Networks: A Computational Design Science Approach [1.935143126104097]
  We use IS computational design science paradigm to develop a two-stage cyber threat detection system for enterprise-level IS. The first stage generates synthetic industrial network data using a modified generative adversarial network. The second stage develops a novel bidirectional gated recurrent unit and a modified attention mechanism for effective threat detection.
  arXiv  Detail & Related papers  (2024-09-04T19:54:28Z)
• Threat Analysis of Industrial Internet of Things Devices [4.505539262528727]
  We examine Industrial Internet of Things devices, identify and rank different sources of threats and describe common threats and vulnerabilities. We recommend a procedure to carry out a threat analysis on these devices.
  arXiv  Detail & Related papers  (2024-05-25T17:45:12Z)
• TMAP: A Threat Modeling and Attack Path Analysis Framework for Industrial IoT Systems (A Case Study of IoM and IoP) [2.9922995594704984]
  To deploy secure Industrial Control and Production Systems (ICPS) in smart factories, cyber threats and risks must be addressed. Current approaches for threat modeling in cyber-physical systems (CPS) are ad hoc and inefficient. This paper proposes a novel quantitative threat modeling approach, aiming to identify probable attack vectors, assess the path of attacks, and evaluate the magnitude of each vector.
  arXiv  Detail & Related papers  (2023-12-23T18:32:53Z)
• Classification of cyber attacks on IoT and ubiquitous computing devices [49.1574468325115]
  This paper provides a classification of IoT malware. Major targets and used exploits for attacks are identified and referred to the specific malware. The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
  arXiv  Detail & Related papers  (2023-12-01T16:10:43Z)
• A Framework for Evaluating the Cybersecurity Risk of Real World, Machine Learning Production Systems [41.470634460215564]
  We develop an extension to the MulVAL attack graph generation and analysis framework to incorporate cyberattacks on ML production systems. Using the proposed extension, security practitioners can apply attack graph analysis methods in environments that include ML components.
  arXiv  Detail & Related papers  (2021-07-05T05:58:11Z)
• GRAVITAS: Graphical Reticulated Attack Vectors for Internet-of-Things Aggregate Security [5.918387680589584]
  Internet-of-Things (IoT) and cyber-physical systems (CPSs) may consist of thousands of devices connected in a complex network topology. We describe a comprehensive risk management system, called GRAVITAS, for IoT/CPS that can identify undiscovered attack vectors.
  arXiv  Detail & Related papers  (2021-05-31T19:35:23Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)
• Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain [58.30296637276011]
  This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques. It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
  arXiv  Detail & Related papers  (2020-07-05T18:22:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.