Representation and analysis of coordinated attacks

Braynov, Sviatoslav; Jadliwala, Murtuza

doi:10.1145/1035429.1035434

Cited by 35 publications

(31 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The coordinated attacks are difficult to handle due to their diverse attack origin nature [3][4][5]. Coordinated attacks can be modeled and analyzed to avoid detection [2,8]. Coordinated attacks are difficult to differentiate between decoy and actual attacks [2].…”

Section: Introductionmentioning

confidence: 99%

“…Coordinated attacks can be modeled and analyzed to avoid detection [2,8]. Coordinated attacks are difficult to differentiate between decoy and actual attacks [2]. There is a large variety of coordinated attacks [2].…”

Section: Introductionmentioning

confidence: 99%

“…Coordinated attacks are difficult to differentiate between decoy and actual attacks [2]. There is a large variety of coordinated attacks [2]. These coordinated attacks are gaining a lot of attention from both amateur and professional attackers.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

SCADA communication protocols: vulnerabilities, attacks and possible mitigations

Pidikiti

Kalluri

Kumar

et al. 2013

CSIT

View full text Add to dashboard Cite

Current hierarchical SCADA systems uses communication protocols which aren't having the inbuilt security mechanism. This lack of security mechanism will help attackers to sabotage the SCADA system. However, to cripple down the SCADA systems completely coordinated communication channel attacks can be performed. IEC 60870-5-101 and IEC 60870-5-104 protocols are widely used in current SCADA systems in power utilities sector. These protocols are lacking in the application layer and the data link layer security. Application layer security is necessary to protect the SCADA systems from Spoofing and Non-Repudiation attacks. Data link layer security is necessary to protect the systems from the Sniffing, Data modification and Replay attacks. IEC 60870-5-101 & 104 communication protocol vulnerabilities and their exploitation by coordinated attacks are explained in this paper. Proposed experimental research model can be used to mitigate the attacks at application layer and data link layer by adopting the IEC 62351 standards.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

SCADA communication protocols: vulnerabilities, attacks and possible mitigations

Pidikiti

Kalluri

Kumar

et al. 2013

CSIT

View full text Add to dashboard Cite

show abstract

“…Some interesting approaches to perform procedural security have been proposed in the past in [3,4,5,6], and other general security analysis techniques in [7,8]. Voting, however, differs from the environment in which these methodologies are most effective for the following reasons (see also [2,9,10]):…”

Section: Introductionmentioning

confidence: 99%

Assessing Procedural Risks and Threats in e-Voting: Challenges and an Approach

Weldemariam

Villafiorita

Mattioli

2007

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Performing a good security analysis on the design of a system is an essential step in order to guarantee a reasonable level of protection. However, different attacks and threats may be carried out depending on the operational environment in which the system is used, i.e. the procedures that define how to operate the systems. We are interested in reasoning about the security of e-Voting procedures, namely on the risks and attacks that can be carried out during an election. Our focus is more on people and organizations than on systems and technologies. In this paper we describe some ongoing work that we are carrying out within the ProVotE project (a project sponsored by the Autonomous Province of Trento to switch to e-Voting for local elections) to analyze and (possibly) improve procedural security of electronic elections. To do so, we are providing models of the Italian electoral laws using the UML and we are developing a custom methodology for analyzing threats from the models. Our reasoning approach is based on asset mobility, asset values and existence of multiple instances.

show abstract

“…An attacker may steal a database of credit cards for an economic profit, a firm may launch a DoS attack against a competitor's website, and a punk may deface a website for personal satisfaction, or for the sake of proving his hacking skills. Examples of using malicious intelligent agents for distributed coordinated attacks are given in [3,4,5].…”

Section: Introductionmentioning

confidence: 99%