Industrial control systems (ICS) include systems that control industrial processes in critical infrastructure such as electric grids, nuclear power plants, manufacturing plans, water treatment systems, pharmaceutical plants, and building automation systems. ICS represent complex systems that contain an abundance of unique devices all of which may hold different types of software, including applications, firmware and operating systems. Due to their ability to control physical infrastructure, ICS have more and more become targets of cyber-attacks, increasing the risk of serious damage, negative financial impact, disruption to business operations, disruption to communities, and even the loss of life. Ethical hacking represents one way to test the security of ICS. Ethical hacking consists of using a cyber-attacker's perspective and a variety of cybersecurity tools to actively discover vulnerabilities and entry points for potential cyber-attacks. However, ICS ethical hacking represents a difficult task due to the wide variety of devices found on ICS networks. Most ethical hackers do not hold expertise or knowledge about ICS hardware, device computing elements, protocols, vulnerabilities found on these elements, and exploits used to exploit these vulnerabilities. Effective approaches are needed to reduce the complexity of ICS ethical hacking tasks. In this study, we use ontology modeling, a knowledgemore »
Using Semantic-Web Technologies for Situation Assessments of Ethical Hacking High-Value Targets
Ethical hacking consists of scanning for targets, evaluating the targets, gaining access, maintaining access, and clearing tracks. The evaluation of targets represents a complex task due to the number of IP addresses, domain names, open ports, vulnerabilities, and exploits that must be examined. Ethical hackers synthesize data from various hacking tools to determine targets that are of high value and that are highly susceptible to cyber-attacks. These tasks represent situation assessment tasks. Previous research considers situation assessment tasks to be tasks that involve viewing an initial set of information about a problem and subsequently piecing together more information to solve the problem. Our research used semantic-web technologies, including ontologies, natural language processing (NLP), and semantic queries, to automate the situation assessment tasks conducted by ethical hackers when evaluating targets. More specifically, our research focused on automatically identifying education organizations that use industrial control system protocols which in turn have highly exploitable vulnerabilities and known exploits. We used semantic-web technologies to reduce an initial dataset of 126,636 potential targets to 155 distinct targets with these characteristics. Our research adds to previous research on situation assessment by showing how semantic-web technologies can be used to reduce the complexity of situation assessment tasks.
- Award ID(s):
- 1922202
- Publication Date:
- NSF-PAR ID:
- 10327904
- Journal Name:
- European Conference on Cyber Warfare and Security
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The DeepLearningEpilepsyDetectionChallenge: design, implementation, andtestofanewcrowd-sourced AIchallengeecosystem Isabell Kiral*, Subhrajit Roy*, Todd Mummert*, Alan Braz*, Jason Tsay, Jianbin Tang, Umar Asif, Thomas Schaffter, Eren Mehmet, The IBM Epilepsy Consortium◊ , Joseph Picone, Iyad Obeid, Bruno De Assis Marques, Stefan Maetschke, Rania Khalaf†, Michal Rosen-Zvi† , Gustavo Stolovitzky† , Mahtab Mirmomeni† , Stefan Harrer† * These authors contributed equally to this work † Corresponding authors: rkhalaf@us.ibm.com, rosen@il.ibm.com, gustavo@us.ibm.com, mahtabm@au1.ibm.com, sharrer@au.ibm.com ◊ Members of the IBM Epilepsy Consortium are listed in the Acknowledgements section J. Picone and I. Obeid are with Temple University, USA. T. Schaffter is with Sage Bionetworks, USA. E. Mehmet is with the University of Illinois at Urbana-Champaign, USA. All other authors are with IBM Research in USA, Israel and Australia. Introduction This decade has seen an ever-growing number of scientific fields benefitting from the advances in machine learning technology and tooling. More recently, this trend reached the medical domain, with applications reaching from cancer diagnosis [1] to the development of brain-machine-interfaces [2]. While Kaggle has pioneered the crowd-sourcing of machine learning challenges to incentivise data scientists from around the world to advance algorithm and model design, the increasing complexity of problem statements demands of participants to be expert datamore »
-
Black hat hackers use malicious exploits to circumvent security controls and take advantage of system vulnerabilities worldwide, costing the global economy over $450 billion annually. While many organizations are increasingly turning to cyber threat intelligence (CTI) to help prioritize their vulnerabilities, extant CTI processes are often criticized as being reactive to known exploits. One promising data source that can help develop proactive CTI is the vast and ever-evolving Dark Web. In this study, we adopted the computational design science paradigm to design a novel deep learning (DL)-based exploit-vulnerability attention deep structured semantic model (EVA-DSSM) that includes bidirectional processing and attention mechanisms to automatically link exploits from the Dark Web to vulnerabilities. We also devised a novel device vulnerability severity metric (DVSM) that incorporates the exploit post date and vulnerability severity to help cybersecurity professionals with their device prioritization and risk management efforts. We rigorously evaluated the EVA-DSSM against state-of-the-art non-DL and DL-based methods for short text matching on 52,590 exploit-vulnerability linkages across four testbeds: web application, remote, local, and denial of service. Results of these evaluations indicate that the proposed EVA-DSSM achieves precision at 1 scores 20%-41% higher than non-DL approaches and 4%-10% higher than DL-based approaches. We demonstrated themore »
-
Black hat hackers use malicious exploits to circumvent security controls and take advantage of system vulnerabilities worldwide, costing the global economy over $450 billion annually. While many organizations are increasingly turning to cyber threat intelligence (CTI) to help prioritize their vulnerabilities, extant CTI processes are often criticized as being reactive to known exploits. One promising data source that can help develop proactive CTI is the vast and ever-evolving Dark Web. In this study, we adopted the computational design science paradigm to design a novel deep learning (DL)-based exploit-vulnerability attention deep structured semantic model (EVA-DSSM) that includes bidirectional processing and attention mechanisms to automatically link exploits from the Dark Web to vulnerabilities. We also devised a novel device vulnerability severity metric (DVSM) that incorporates the exploit post date and vulnerability severity to help cybersecurity professionals with their device prioritization and risk management efforts. We rigorously evaluated the EVA-DSSM against state-of-the-art non-DL and DL-based methods for short text matching on 52,590 exploit-vulnerability linkages across four testbeds: web application, remote, local, and denial of service. Results of these evaluations indicate that the proposed EVA-DSSM achieves precision at 1 scores 20% - 41% higher than non-DL approaches and 4% - 10% higher than DL-basedmore »
-
Organizations and communities learn by collecting information both from their direct, experiences and by observing others. Information is translated into knowledge, which is disseminated and used to inform subsequent planning, decisions and actions. Among the experiences and observations of organizations and communities that can be translated into knowledge are crises and disasters, including infections disease outbreaks, water contamination events and natural disasters. Organizational and community learning occurs when knowledge generated in response to crises is applied and when previous events serve as the basis for informing responses to an anticipated risk or emerging crisis. Trial-and-error learning is an ongoing process of experimentation, assessment and evaluation. Through trial and error, it is possible to determine that an activity does not produce desired outcomes, allowing for strategies to be adjusted and refined. Communities and organizations also benefit from observing others facing similar threats and learn from their failures and successes. Vicarious learning is bolstered through publicly available information, such as media reports and web presence, and access to networks of similar organizations. Crises can provide opportunities to re-evaluate fundamental assumptions, norms, processes, structures, plans, technologies, and overall performance. This session provides an overview of learning from crises and presents cases from themore »