Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

POSTER: Automating ICS Malware Analysis with MITRE ATT&CK

Kurt, Fatih, Saxena, Neetesh ORCID: https://orcid.org/0000-0002-6437-0807, Kumar, Vijay and Theodorakopoulos, george ORCID: https://orcid.org/0000-0003-2701-7809 2025. POSTER: Automating ICS Malware Analysis with MITRE ATT&CK. Presented at: ACM AsiaCCS, Hanoi, Vietnam, 25-29 August 2025. Proceedings of the 20th ACM Asia Conference on Computer and Communications Security. New York, NY, USA: Association for Computing Machinery, pp. 1806-1808. 10.1145/3708821.3735345

[thumbnail of asiaccs2025-posters-paper48.pdf]
Preview
 PDF - Presentation
Download (702kB) | Preview

Abstract

The increasing interconnections and rapid changes in the nature of cyber threats targeting the Industrial Control Systems (ICS), it is crucial to understand how the malware patterns and behavior have evolved over the years. Gaining this understanding allows us to assess the effectiveness of current detection and defense mechanisms. Insights from this work will help in building effective defenses to counter such sophisticated behavior. Traditional threat analysis methods rely on text heavy representations, making it difficult to identify attack trends efficiently. This work improves the usability of the MITRE ATT&CK framework by automating the extraction, comparison, and visualization of malware attack techniques. By analyzing five ICS targeting malware families BlackEnergy, Industroyer, Industroyer2, Pipedream, and Triton, our developed tool identifies recurring adversary tactics and provides structured heatmaps and network graphs for improved threat intelligence. This approach enables analysts to compare malware behaviors more effectively, prioritize security strategies, and strengthen ICS cybersecurity resilience.

Item Type: Conference or Workshop Item (Poster)
Date Type: Published Online
Status: Published
Schools: Schools > Computer Science & Informatics
Publisher: Association for Computing Machinery
ISBN: 9798400714108
Date of Acceptance: 17 April 2025
Last Modified: 28 Aug 2025 12:45
URI: https://orca.cardiff.ac.uk/id/eprint/177987

Actions (repository staff only)

Edit Item Edit Item
Altmetric
Dimensions
Download Statistics

Downloads

Downloads per month over past year

View more statistics

CORE (COnnecting REpositories)


Maintained by Cardiff University IT