Asiri, Mohammed, Saxena, Neetesh ORCID: https://orcid.org/0000-0002-6437-0807, Gjomemo, Rigel and Burnap, Peter ORCID: https://orcid.org/0000-0003-0396-633X 2023. Understanding indicators of compromise against cyber-attacks in industrial control systems: a security perspective. ACM transactions on cyber-physical systems 7 (2) , pp. 1-33. 10.1145/3587255 |
Preview |
PDF
- Accepted Post-Print Version
Download (1MB) | Preview |
Abstract
Numerous sophisticated and nation-state attacks on Industrial Control Systems (ICSs) have increased in recent years, exemplified by Stuxnet and Ukrainian Power Grid. Measures to be taken post-incident are crucial to reduce damage, restore control, and identify attack actors involved. By monitoring Indicators of Compromise (IOCs), the incident responder can detect malicious activity triggers and respond quickly to a similar intrusion at an earlier stage. However, in order to implement IOCs in critical infrastructures, we need to understand their contexts and requirements. Unfortunately, there is no survey paper in the literature on IOC in the ICS environment and only limited information is provided in research articles. In this paper, we describe different standards for IOC representation and discuss the associated challenges that restrict security investigators from developing IOCs in the industrial sectors. We also discuss the potential IOCs against cyber-attacks in ICS systems. Furthermore, we conduct a critical analysis of existing works and available tools in this space. We evaluate the effectiveness of identified IOCs’ by mapping these indicators to the most frequently targeted attacks in the ICS environment. Finally we highlight the lessons to be learnt from the literature and the future problems in the domain along with the approaches that might be taken.
Item Type: | Article |
---|---|
Date Type: | Publication |
Status: | Published |
Schools: | Computer Science & Informatics |
Publisher: | Association for Computing Machinery (ACM) |
ISSN: | 2378-962X |
Date of First Compliant Deposit: | 3 April 2023 |
Date of Acceptance: | 3 March 2023 |
Last Modified: | 07 Nov 2023 02:29 |
URI: | https://orca.cardiff.ac.uk/id/eprint/158293 |
Citation Data
Cited 9 times in Scopus. View in Scopus. Powered By Scopus® Data
Actions (repository staff only)
Edit Item |