skip to main content


Title: Poster Abstract: Analysis of Cyber-Security Vulnerabilities of Interconnected Medical Devices
With advances in sensing, networking, and computing, smart medical devices have been widely deployed in various clinical settings. However, cyber attacks on hospital networks and critical medical devices are serious threats to patient safety, security, and privacy. This paper studies the cyber-security attacks that target hospital networks and other interconnected clinical environments. Our goal is to characterize threat models in such environments by studying the public data from vulnerability databases on medical devices and reports on real attacks targeted at hospital networks. We use a keyword-based approach to identify security reports on medical devices. We summarize our observations from the analysis of the vulnerability reports and provide insights into the types and impacts of vulnerabilities.  more » « less
Award ID(s):
1748737
PAR ID:
10191128
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
2019 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE)
Page Range / eLocation ID:
23 to 24
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. null (Ed.)
    The implementation of Internet of Things (IoT) devices in medical environments, has introduced a growing list of security vulnerabilities and threats. The lack of an extensible big data resource that captures medical device vulnerabilities limits the use of Artificial Intelligence (AI) based cyber defense systems in capturing, detecting, and preventing known and future attacks. We describe a system that generates a repository of Cyber Threat Intelligence (CTI) about various medical devices and their known vulnerabilities from sources such as manufacturer and ICS-CERT vulnerability alerts. We augment the intelligence repository with data sources such as Wikidata and public medical databases. The combined resources are integrated with threat intelligence in our Cybersecurity Knowledge Graph (CKG) from previous research. The augmented graph embeddings are useful in querying relevant information and can help in various AI assisted cybersecurity tasks. Given the integration of multiple resources, we found the augmented CKG produced higher quality graph representations. The augmented CKG produced a 31% increase in the Mean Average Precision (MAP) value, computed over an information retrieval task. 
    more » « less
  2. Recent years have witnessed the rise of Internet-of-Things (IoT) based cyber attacks. These attacks, as expected, are launched from compromised IoT devices by exploiting security flaws already known. Less clear, however, are the fundamental causes of the pervasiveness of IoT device vulnerabilities and their security implications, particularly in how they affect ongoing cybercrimes. To better understand the problems and seek effective means to suppress the wave of IoT-based attacks, we conduct a comprehensive study based on a large number of real-world attack traces collected from our honeypots, attack tools purchased from the underground, and information collected from high-profile IoT attacks. This study sheds new light on the device vulnerabilities of today’s IoT systems and their security implications: ongoing cyber attacks heavily rely on these known vulnerabilities and the attack code released through their reports; on the other hand, such a reliance on known vulnerabilities can actually be used against adversaries. The same bug reports that enable the development of an attack at an exceedingly low cost can also be leveraged to extract vulnerability-specific features that help stop the attack. In particular, we leverage Natural Language Processing (NLP) to automatically collect and analyze more than 7,500 security reports (with 12,286 security critical IoT flaws in total) scattered across bug-reporting blogs, forums, and mailing lists on the Internet. We show that signatures can be automatically generated through an NLP-based report analysis, and be used by intrusion detection or firewall systems to effectively mitigate the threats from today’s IoT-based attacks. 
    more » « less
  3. Recent years have witnessed the rise of Internet-of-Things (IoT) based cyber attacks. These attacks, as expected, are launched from compromised IoT devices by exploiting security flaws already known. Less clear, however, are the fundamental causes of the pervasiveness of IoT device vulnerabilities and their security implications, particularly in how they affect ongoing cybercrimes. To better understand the problems and seek effective means to suppress the wave of IoT-based attacks, we conduct a comprehensive study based on a large number of real-world attack traces collected from our honeypots, attack tools purchased from the underground, and information collected from high-profile IoT attacks. This study sheds new light on the device vulnerabilities of today's IoT systems and their security implications: ongoing cyber attacks heavily rely on these known vulnerabilities and the attack code released through their reports; on the other hand, such a reliance on known vulnerabilities can actually be used against adversaries. The same bug reports that enable the development of an attack at an exceedingly low cost can also be leveraged to extract vulnerability-specific features that help stop the attack. In particular, we leverage Natural Language Processing (NLP) to automatically collect and analyze more than 7,500 security reports (with 12,286 security critical IoT flaws in total) scattered across bug-reporting blogs, forums, and mailing lists on the Internet. We show that signatures can be automatically generated through an NLP-based report analysis, and be used by intrusion detection or firewall systems to effectively mitigate the threats from today's IoT-based attacks. 
    more » « less
  4. Abstract

    Networks like those of healthcare infrastructure have been a primary target of cyberattacks for over a decade. From just a single cyberattack, a healthcare facility would expect to see millions of dollars in losses from legal fines, business interruption, and loss of revenue. As more medical devices become interconnected, more cyber vulnerabilities emerge, resulting in more potential exploitation that may disrupt patient care and give rise to catastrophic financial losses. In this paper, we propose a structural model of an aggregate loss distribution across multiple cyberattacks on a prototypical hospital network. Modeled as a mixed random graph, the hospital network consists of various patient‐monitoring devices and medical imaging equipment as random nodes to account for the variable occupancy of patient rooms and availability of imaging equipment that are connected by bidirectional edges to fixed hospital and radiological information systems. Our framework accounts for the documented cyber vulnerabilities of a hospital's trusted internal network of its major medical assets. To our knowledge, there exist no other models of an aggregate loss distribution for cyber risk in this setting. We contextualize the problem in the probabilistic graph‐theoretical framework using a percolation model and combinatorial techniques to compute the mean and variance of the loss distribution for a mixed random network with associated random costs that can be useful for healthcare administrators and cybersecurity professionals to improve cybersecurity management strategies. By characterizing this distribution, we allow for the further utility of pricing cyber risk.

     
    more » « less
  5. Internet of Things (IoT) cyber threats, exemplified by jackware and crypto mining, underscore the vulnerability of IoT devices. Due to the multi-step nature of many attacks, early detection is vital for a swift response and preventing malware propagation. However, accurately detecting early-stage attacks is challenging, as attackers employ stealthy, zero-day, or adversarial machine learning to evade detection. To enhance security, we propose ARIoTEDef, an Adversarially Robust IoT Early Defense system, which identifies early-stage infections and evolves autonomously. It models multi-stage attacks based on a cyber kill chain and maintains stage-specific detectors. When anomalies in the later action stage emerge, the system retroactively analyzes event logs using an attention-based sequence-to-sequence model to identify early infections. Then, the infection detector is updated with information about the identified infections. We have evaluated ARIoTEDef against multi-stage attacks, such as the Mirai botnet. Results show that the infection detector’s average F1 score increases from 0.31 to 0.87 after one evolution round. We have also conducted an extensive analysis of ARIoTEDef against adversarial evasion attacks. Our results show that ARIoTEDef is robust and benefits from multiple rounds of evolution.

     
    more » « less