Last Line of Defense: Reliability Through Inducing Cyber Threat Hunting With Deception in SCADA Networks

Ajmal, Abdul Basit; Alam, Masoom; Khaliq, Awais Abdul; Khan, Shawal; Qadir, Zakria; Mahmud, M. A. Parvez

doi:10.1109/access.2021.3111420

Cited by 20 publications

(8 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A decoy plan has been introduced in [183] to assist in mitigating threats against Supervisory Control and Data Acquisition (SCADA). The planned decoy will take unknown threats so that researchers can find the gaps in data [183].Professionals can use SCADA to increase detection abilities more than compared to traditional mechanisms [183]. This tool will help defenders identify malicious attacks in social networks.…”

Section: Social Networkmentioning

confidence: 99%

See 1 more Smart Citation

Turning the Hunted into the Hunter via Threat Hunting: Life Cycle, Ecosystem, Challenges and the Great Promise of AI

Hillier¹,

Karroubi²

2022

Preprint

View full text Add to dashboard Cite

The threat hunting lifecycle is a complex atmosphere that requires special attention from professionals to maintain security. This paper is a collection of recent work that gives a holistic view of the threat hunting ecosystem, identifies challenges, and discusses the future with the integration of artificial intelligence (AI). We specifically establish a life cycle and ecosystem for privacy-threat hunting in addition to identifying the related challenges. We also discovered how critical the use of AI is in threat hunting. This work paves the way for future work in this area as it provides the foundational knowledge to make meaningful advancements for threat hunting.

show abstract

Section: Social Networkmentioning

confidence: 99%

“…Towards other challenges, there is a viable work, [183], that shows last line of defense in reliability through inducing cyber threat hunting with deception in SCADA networks.…”

Section: Other Challengesmentioning

confidence: 99%

Turning the Hunted into the Hunter via Threat Hunting: Life Cycle, Ecosystem, Challenges and the Great Promise of AI

Hillier¹,

Karroubi²

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Recent studies on SCADA system's security have not taken unknown threats into account, which has left a security gap. As a result, taking a proactive approach is generally necessary, like cyber threat hunting 5 . Cyber threat hunting is part of cyber security, which makes user use “new threat intelligence” on the previously obtained information to recognize and categorize potential threats before their launching 1,2 …”

Section: Introductionmentioning

confidence: 99%

“…As a result, taking a proactive approach is generally necessary, like cyber threat hunting. 5 Cyber threat hunting is part of cyber security, which makes user use "new threat intelligence" on the previously obtained information to recognize and categorize potential threats before their launching. 1,2 Cyber security is now utilizing the techniques of artificial intelligence (AI) to defend and mitigate potential cyber threats/attacks.…”

mentioning

confidence: 99%

Explainable artificial intelligence envisioned security mechanism for cyber threat hunting

Kumar

Wazid

Singh

et al. 2023

Security and Privacy

View full text Add to dashboard Cite

Cyber threat hunting proactively searches for cyber threats, which are undetected by the traditional defense mechanisms. It scans deep to identify malicious programs (ie, malware) that escape from detection. It is important because sophisticated cyber threats can bypass the cyber security mechanisms. The performance of the cyber threat hunting can be improved through artificial intelligence (AI), especially, explainable AI (XAI), which adds trust component to the cyber threat hunting process. Due to the inclusion of XAI, the security experts get the full explanations of the detected threats as the working of the detection model in XAI is known. Information, like, which one is a threat, how it has been detected, and why it has been detected, can be obtained very easily due to the inclusion of XAI in the cyber threat hunting. Therefore, an XAI‐envisioned mechanism for cyber threat hunting has been proposed (in short, XAISM‐CTH). The network and threat models of XAISM‐CTH are designed and discussed. The conducted security analysis proves the security of XAISM‐CTH against various potential attacks. XAISM‐CTH also performs better than the other existing schemes. At the end, a practical implementation of XAISM‐CTH has been provided to observe its impact on the performance of the system.

show abstract

“…Furthermore, the ATT&CK for ICS matrix can help determine what types of data sources are required to detect threats in ICS environments [9] [10] [11]. Threat hunting is a human-based approach, and it is prone to human errors [12] [13] [14]. Therefore, automation of the threat hunting process can help reduce human errors and increase detection speed.…”

Section: Introductionmentioning

confidence: 99%

Design and Development of Automated Threat Hunting in Industrial Control Systems

Arafune¹,

Sidharth²,

Luigi³

et al. 2022

Preprint

View full text Add to dashboard Cite

Traditional industrial systems, e.g., power plants, water treatment plants, etc., were built to operate highly isolated and controlled capacity. Recently, Industrial Control Systems (ICSs) have been exposed to the Internet for ease of access and adaptation to advanced technologies. However, it creates security vulnerabilities. Attackers often exploit these vulnerabilities to launch an attack on ICSs. Towards this, threat hunting is performed to proactively monitor the security of ICS networks and protect them against threats that could make the systems malfunction. A threat hunter manually identifies threats and provides a hypothesis based on the available threat intelligence. In this paper, we motivate the gap in lacking research in the automation of threat hunting in ICS networks. We propose an automated extraction of threat intelligence and the generation and validation of a hypothesis. We present an automated threat hunting framework based on threat intelligence provided by the ICS MITRE ATT&CK framework to automate the tasks. Unlike the existing hunting solutions which are cloud-based, costly and prone to human errors, our solution is a central and opensource implemented using different open-source technologies, e.g., Elasticsearch, Conpot, Metasploit, Web Single Page Application (SPA), and a machine learning analyser. Our results demonstrate that the proposed threat hunting solution can identify the network's attacks and alert a threat hunter with a hypothesis generated based on the techniques, tactics, and procedures (TTPs) from ICS MITRE ATT&CK. Then, a machine learning classifier automatically predicts the future actions of the attack.

show abstract

Last Line of Defense: Reliability Through Inducing Cyber Threat Hunting With Deception in SCADA Networks

Cited by 20 publications

References 28 publications

Turning the Hunted into the Hunter via Threat Hunting: Life Cycle, Ecosystem, Challenges and the Great Promise of AI

Turning the Hunted into the Hunter via Threat Hunting: Life Cycle, Ecosystem, Challenges and the Great Promise of AI

Explainable artificial intelligence envisioned security mechanism for cyber threat hunting

Design and Development of Automated Threat Hunting in Industrial Control Systems

Contact Info

Product

Resources

About