國立虎尾科技大學 |

Automated Formulation of Attack Vectors for Industrial Control Systems Security Assessment.

Record Type:	Language materials, printed : Monograph/item
Title/Author:	Automated Formulation of Attack Vectors for Industrial Control Systems Security Assessment./
Author:	Keliris, Anastasis.
Published:	Ann Arbor : ProQuest Dissertations & Theses, : 2019,
Description:	165 p.
Notes:	Source: Dissertation Abstracts International, Volume: 80-06(E), Section: B.
Contained By:	Dissertation Abstracts International80-06B(E).
Subject:	Electrical engineering. -
Online resource:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=10979899
ISBN:	9780438814912

Automated Formulation of Attack Vectors for Industrial Control Systems Security Assessment.
Keliris, Anastasis.

Automated Formulation of Attack Vectors for Industrial Control Systems Security Assessment. - Ann Arbor : ProQuest Dissertations & Theses, 2019 - 165 p.

Source: Dissertation Abstracts International, Volume: 80-06(E), Section: B.

Thesis (Ph.D.)--New York University Tandon School of Engineering, 2019.

The modernization of Industrial Control Systems (ICS), primarily targeting increased efficiency and controllability through integration of Information Technologies (IT) and use of Commercial-Off-The-Shelf (COTS) components, introduced the unwanted side effect of expanding the ICS cybersecurity threat landscape. ICS are facing new security challenges and are exposed to the same vulnerabilities that plague IT, as demonstrated by the increasing number of cyberattack incidents targeting ICS.

ISBN: 9780438814912Subjects--Topical Terms:

596380
Electrical engineering.

Automated Formulation of Attack Vectors for Industrial Control Systems Security Assessment.
LDR:03439nam a2200325 4500 001 931710
005 20190716101636.5
008 190815s2019 ||||||||||||||||| ||eng d
020 $a 9780438814912
035 $a (MiAaPQ)AAI10979899
035 $a (MiAaPQ)poly:10421
035 $a AAI10979899
040 $a MiAaPQ $c MiAaPQ
100 1 $a Keliris, Anastasis. $3 1213922
245 1 0 $a Automated Formulation of Attack Vectors for Industrial Control Systems Security Assessment.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2019
300 $a 165 p.
500 $a Source: Dissertation Abstracts International, Volume: 80-06(E), Section: B.
500 $a Adviser: Michail Maniatakos.
502 $a Thesis (Ph.D.)--New York University Tandon School of Engineering, 2019.
520 $a The modernization of Industrial Control Systems (ICS), primarily targeting increased efficiency and controllability through integration of Information Technologies (IT) and use of Commercial-Off-The-Shelf (COTS) components, introduced the unwanted side effect of expanding the ICS cybersecurity threat landscape. ICS are facing new security challenges and are exposed to the same vulnerabilities that plague IT, as demonstrated by the increasing number of cyberattack incidents targeting ICS.
520 $a Towards effectively assessing the security of ICS environments and accelerating the adoption of effective and robust security mechanisms, this thesis dissects ICS-targeting Advanced Persistent Threats (APTs). Leveraging the generated intelligence, the main contributions of this thesis lie in the structured methodological approaches it proposes and their developed instantiations, that automatically formulate ICS attack vectors for each APT phase. Through this automation, the work in this thesis enables efficient and effective security evaluation of an ICS environment, as well as assessment of ICS-tailored defense mechanisms through the automated formulation of large volume, realistic test cases of attack vectors.
520 $a In particular, the thesis proposes methodological approaches and their instantiations for automating tasks in: 1) Reconnaissance, by proposing and validating an automated methodology for remote fingerprinting of Modbus-enabled devices. 2) Vulnerability discovery, by capturing the unique requirements of ICS equipment cybersecurity assessments, and evaluating Hardware-In-The-Loop testbeds for testing known vulnerabilities and development of zero-day vulnerabilities. 3) Payload design, through the developed Industrial Control Systems Reverse Engineering Framework (ICSREF), which automates the reverse engineering process of Programmable Logic Controller (PLC) binaries. ICSREF can extract process semantics from the PLC binaries controlling a process, enabling impactful process aware attacks. 4) Payload delivery, using a Red-Team-In-a-Box approach where end-to-end attacks are orchestrated and carried out by a commercial smartphone. The smartphone is empowered by the automation of the above steps, and can autonomously formulate and deliver process aware attacks. The thesis applies the automated creation of attack vectors for assessing the effectiveness of machine learning-based ICS defenses.
590 $a School code: 1988.
650 4 $a Electrical engineering. $3 596380
650 4 $a Computer engineering. $3 569006
690 $a 0544
690 $a 0464
710 2 $a New York University Tandon School of Engineering. $b Electrical and Computer Engineering. $3 1190679
773 0 $t Dissertation Abstracts International $g 80-06B(E).
790 $a 1988
791 $a Ph.D.
792 $a 2019
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=10979899