Abstract
Industrial Control Systems (ICS) play a crucial role in controlling industrial processes. Unlike conventional IT systems or networks, cyber attacks against ICS can cause destructive physical damage. Zero-day exploits (i.e. unknown exploits) have demonstrated their essential contributions to causing such damage by Stuxnet. In this work, we investigate the possibility of improving the tolerance of a system against zero-day attacks by defending against known weaknesses of the system. We first propose a metric to measure the system tolerance against zero-day attacks, which is the minimum effort required by zero-day exploits to compromise a system. We then apply this metric to evaluate different defensive plans to decide the most effective one in maximising the system tolerance against zero-day attacks. A case study about ICS security management is demonstrated in this paper.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
BSI: Industrial control system security top 10 threats and countermeasures 2014, March 2014. www.allianz-fuer-cybersicherheit.de/ACS/DE/_downloads/ techniker/hardware/BSI-CS_005E.pdf
Christey, S., Glenn, R., et al.: Common weakness enumeration (2013)
U.S. Department of Homeland Security: Common cybersecurity vulnerabilities in industrial control systems (2011). www.ics-cert.us-cert.gov/sites/default/files/ documents/DHS_Common_Cybersecurity_Vulnerabilities_ICS_20110523.pdf
Falliere, N., Murchu, L.O., Chien, E.: W32: Stuxnet dossier. White paper, Symantec Corp., Security Response 5 (2011)
Fielder, A., Li, T., Hankin, C.: Defense-in-depth vs. critical component defense for industrial control systems. In: Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research. British Computer Society (2016)
Fielder, A., Li, T., Hankin, C.: Modelling cost-effectiveness of defenses in industrial control systems. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 187–200. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45477-1_15
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F.: Decision support approaches for cyber security investment. Decis. Support Syst. 86, 13–23 (2016)
Frigault, M., Wang, L.: Measuring network security using Bayesian network-based attack graphs. In: 2008 32nd Annual IEEE International Computer Software and Applications Conference, pp. 698–703, July 2008
Hugin Expert A/S. Hugin lite 8.3 (2016). http://www.hugin.com
ICS-CERT: Incident response activity July 2015–August 2015 (2015). https://ics-cert.us-cert.gov/monitors/ICS-MM201508
ICS-CERT: Incident response activity September 2014–February 2015 (2015). www.ics-cert.us-cert.gov/monitors/ICS-MM201502
Kornecki, A.J., Subramanian, N., Zalewski, J.: Studying interrelationships of safety and security for software assurance in cyber-physical systems: approach based on Bayesian belief networks. In: 2013 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 1393–1399. IEEE (2013)
Langer, R.: Robust Control System Networks-How to Achieve Reliable Control After Stuxnet. Momentum Press, New York (2012)
Li, T., Hankin, C.: A model-based approach to interdependency between safety and security in ICS. In: Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research, pp. 31–41. British Computer Society (2015)
Liu, Y., Man, H.: Network vulnerability assessment using Bayesian networks. In: Defense and Security, pp. 61–71. International Society for Optics and Photonics (2005)
Muñoz-González, L., Sgandurra, D., Barrère, M., Lupu, E.: Exact inference techniques for the dynamic analysis of attack graphs. arXiv preprint arXiv:1510.02427 (2015)
Pearl, J.: Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann, Burlington (2014)
Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secure Comput. 9(1), 61–74 (2012)
Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS) security. NIST special publication (2011). http://csrc.nist.gov/publications/nistpubs/800-82/SP800-82-final.pdf
Wang, L., Jajodia, S., Singhal, A., Cheng, P., Noel, S.: k-zero day safety: a network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Dependable Secure Comput. 11(1), 30–44 (2014)
Wang, L., Zhang, M., Jajodia, S., Singhal, A., Albanese, M.: Modeling network diversity for evaluating the robustness of networks against zero-day attacks. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 494–511. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_28
Weber, P., Medina-Oliva, G., Simon, C., Iung, B.: Overview on Bayesian networks applications for dependability, risk analysis and maintenance areas. Eng. Appl. Artif. Intell. 25(4), 671–682 (2012)
Acknowledgement
This work is funded by the EPSRC project RITICS: Trustworthy Industrial Control Systems (EP/L021013/1).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Li, T., Hankin, C. (2017). Effective Defence Against Zero-Day Exploits Using Bayesian Networks. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds) Critical Information Infrastructures Security. CRITIS 2016. Lecture Notes in Computer Science(), vol 10242. Springer, Cham. https://doi.org/10.1007/978-3-319-71368-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-71368-7_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71367-0
Online ISBN: 978-3-319-71368-7
eBook Packages: Computer ScienceComputer Science (R0)