Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Understanding indicators of compromise against cyber-attacks in industrial control systems: a security perspective

Asiri, Mohammed, Saxena, Neetesh ORCID: https://orcid.org/0000-0002-6437-0807, Gjomemo, Rigel and Burnap, Peter ORCID: https://orcid.org/0000-0003-0396-633X 2023. Understanding indicators of compromise against cyber-attacks in industrial control systems: a security perspective. ACM transactions on cyber-physical systems 7 (2) , pp. 1-33. 10.1145/3587255

[thumbnail of _TCPS_accepted_Version___pre_print_ (1).pdf]
Preview
PDF - Accepted Post-Print Version
Download (1MB) | Preview

Abstract

Numerous sophisticated and nation-state attacks on Industrial Control Systems (ICSs) have increased in recent years, exemplified by Stuxnet and Ukrainian Power Grid. Measures to be taken post-incident are crucial to reduce damage, restore control, and identify attack actors involved. By monitoring Indicators of Compromise (IOCs), the incident responder can detect malicious activity triggers and respond quickly to a similar intrusion at an earlier stage. However, in order to implement IOCs in critical infrastructures, we need to understand their contexts and requirements. Unfortunately, there is no survey paper in the literature on IOC in the ICS environment and only limited information is provided in research articles. In this paper, we describe different standards for IOC representation and discuss the associated challenges that restrict security investigators from developing IOCs in the industrial sectors. We also discuss the potential IOCs against cyber-attacks in ICS systems. Furthermore, we conduct a critical analysis of existing works and available tools in this space. We evaluate the effectiveness of identified IOCs’ by mapping these indicators to the most frequently targeted attacks in the ICS environment. Finally we highlight the lessons to be learnt from the literature and the future problems in the domain along with the approaches that might be taken.

Item Type: Article
Date Type: Publication
Status: Published
Schools: Computer Science & Informatics
Publisher: Association for Computing Machinery (ACM)
ISSN: 2378-962X
Date of First Compliant Deposit: 3 April 2023
Date of Acceptance: 3 March 2023
Last Modified: 07 Nov 2023 02:29
URI: https://orca.cardiff.ac.uk/id/eprint/158293

Citation Data

Cited 9 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item

Downloads

Downloads per month over past year

View more statistics