loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Yixiong Wu 1 ; Jianwei Zhuge 2 ; 1 ; Tingting Yin 1 ; Tianyi Li 3 ; Junmin Zhu 4 ; Guannan Guo 5 ; Yue Liu 6 and Jianju Hu 7

Affiliations: 1 Institute of Network Science and Cyberspace, Tsinghua University, Beijing, China ; 2 Beijing National Research Center for Information Science and Technology, Beijing, China ; 3 Peking University, Beijing, China ; 4 Shanghai Jiao Tong University, Shanghai, China ; 5 School of Computer Science and Technology, University of Science and Technology of China, Hefei, China ; 6 Qi An Xin Technology Research Institute, Beijing, China ; 7 Siemens Ltd., China

Keyword(s): Internet-facing ICS Devices, Passive Vulnerability Assessment, Device Search Engine.

Abstract: The number of Internet-facing industrial control system(ICS) devices has risen rapidly due to remote control demand. Going beyond benefits in maintenance, this also exposes the fragile ICS devices to cyber-attackers. To characterize the security status of Internet-facing ICS devices, we analyze the exposed ICS devices and their vulnerabilities. Considering the ethic, we design and implement ICScope, a passive vulnerability assessment system based on device search engines. Firstly, ICScope extracts the ICS device information from the banners returned by multiple search engines. Then, ICScope filters out the possible ICS honeypots to guarantee accuracy. Finally, ICScope associates ICS vulnerabilities with each ICS device. Over the past year, our measurements cover more than 466,000 IPs. We first perform a comprehensive measurement of Internet-facing ICS devices from Dec 2019 to Jan 2020. We find that there are about 49.58% of Internet-facing ICS devices that can be identified are affec ted by one or more vulnerabilities. We also conduct three times experiments from Jun 2020 to Dec 2020 to monitor the security status of Internet-facing ICS devices. We observe a slowly decreasing trend in the number of vulnerable ICS devices during our experiment period. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.145.36.10

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Wu, Y.; Zhuge, J.; Yin, T.; Li, T.; Zhu, J.; Guo, G.; Liu, Y. and Hu, J. (2021). From Exposed to Exploited: Drawing the Picture of Industrial Control Systems Security Status in the Internet Age. In Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-491-6; ISSN 2184-4356, SciTePress, pages 237-248. DOI: 10.5220/0010327902370248

@conference{icissp21,
author={Yixiong Wu. and Jianwei Zhuge. and Tingting Yin. and Tianyi Li. and Junmin Zhu. and Guannan Guo. and Yue Liu. and Jianju Hu.},
title={From Exposed to Exploited: Drawing the Picture of Industrial Control Systems Security Status in the Internet Age},
booktitle={Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP},
year={2021},
pages={237-248},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010327902370248},
isbn={978-989-758-491-6},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP
TI - From Exposed to Exploited: Drawing the Picture of Industrial Control Systems Security Status in the Internet Age
SN - 978-989-758-491-6
IS - 2184-4356
AU - Wu, Y.
AU - Zhuge, J.
AU - Yin, T.
AU - Li, T.
AU - Zhu, J.
AU - Guo, G.
AU - Liu, Y.
AU - Hu, J.
PY - 2021
SP - 237
EP - 248
DO - 10.5220/0010327902370248
PB - SciTePress