SHARKS: Smart Hacking Approaches for RisK Scanning in Internet-of-Things and Cyber-Physical Systems based on Machine learning

Saha, Tanujay; Aaraj, Najwa; Ajjarapu, Neel; Jha, Niraj K.

doi:10.1109/tetc.2021.3050733

Cited by 24 publications

(19 citation statements)

References 62 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Approaches for RisK Scanning in Internet-of-Things and Cyber-Physical Systems based on Machine Learning), which provides a novel framework for discovering IoT/CPS exploits [17]. Instead of artificially separating a system into different layers, SHARKS eschews a rigid classification and models an exploit chain (attack vector) as it appears to an adversary: a series of steps that begins at an "entry point" (a root node) and ends at a "goal" (a leaf node).…”

Section: Gravitas Builds On the Work Of Sharks (Smart Hackingmentioning

confidence: 99%

“…Our model, called GRAVITAS, overcomes these challenges by combining the hardware, software, and network stack vulnerabilities of a system into a single attack graph. This attack graph, which includes undiscovered vulnerabilities and the connections between them as predicted by the SHARKS ML model [17], contains attack vectors that are passed over by risk management tools that employ only known vulnerabilities. These attack vectors are then assigned risk scores according to a probabilistic method that models the interaction between attack impacts and the graph's vulnerabilities.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

GRAVITAS: Graphical Reticulated Attack Vectors for Internet-of-Things Aggregate Security

Brown,

Saha,

Jha

2021

Preprint

Self Cite

View full text Add to dashboard Cite

Internet-of-Things (IoT) and cyber-physical systems (CPSs) may consist of thousands of devices connected in a complex network topology. The diversity and complexity of these components present an enormous attack surface, allowing an adversary to exploit security vulnerabilities of different devices to execute a potent attack. Though significant efforts have been made to improve the security of individual devices in these systems, little attention has been paid to security at the aggregate level. In this article, we describe a comprehensive risk management system, called GRAVITAS, for IoT/CPS that can identify undiscovered attack vectors and optimize the placement of defenses within the system for optimal performance and cost. While existing risk management systems consider only known attacks, our model employs a machine learning approach to extrapolate undiscovered exploits, enabling us to identify attacks overlooked by manual penetration testing (pen-testing). The model is flexible enough to analyze practically any IoT/CPS and provide the system administrator with a concrete list of suggested defenses that can reduce system vulnerability at optimal cost. GRAVITAS can be employed by governments, companies, and system administrators to design secure IoT/CPS at scale, providing a quantitative measure of security and efficiency in a world where IoT/CPS devices will soon be ubiquitous.

show abstract

Section: Gravitas Builds On the Work Of Sharks (Smart Hackingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

GRAVITAS: Graphical Reticulated Attack Vectors for Internet-of-Things Aggregate Security

Brown,

Saha,

Jha

2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…We target this problem in this article. ML-based attack graphs have been used previously to analyze the security of IoT and cyber-physical systems [6,15]. We use ML on the attack graphs to enable our framework to scale to larger networks.…”

Section: Related Workmentioning

confidence: 99%

“…A new node may be added when a new vulnerability is discovered or when a new vulnerable component is introduced in the 5GCN. Utilization of ML at the system level is inspired by the SHARKS framework [6], where ML was used to discover novel possible exploits in an IoT system. SHARKS is an acronym for Smart Hacking Approaches for RisK Scanning.…”

Section: Introductionmentioning

confidence: 99%

Machine Learning Assisted Security Analysis of 5G-Network-Connected Systems

Saha¹,

Aaraj²,

Jha³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

The core network architecture of telecommunication systems has undergone a paradigm shift in the fifth-generation (5G) networks. 5G networks have transitioned to software-defined infrastructures, thereby reducing their dependence on hardware-based network functions. New technologies, like network function virtualization and software-defined networking, have been incorporated in the 5G core network (5GCN) architecture to enable this transition. This has resulted in significant improvements in efficiency, performance, and robustness of the networks. However, this has also made the core network more vulnerable, as software systems are generally easier to compromise than hardware systems. In this article, we present a comprehensive security analysis framework for the 5GCN. The novelty of this approach lies in the creation and analysis of attack graphs of the software-defined and virtualized 5GCN through machine learning. This analysis points to 119 novel possible exploits in the 5GCN. We demonstrate that these possible exploits of 5GCN vulnerabilities generate five novel attacks on the 5G Authentication and Key Agreement protocol. We combine the attacks at the network, protocol, and the application layers to generate complex attack vectors. In a case study, we use these attack vectors to find four novel security loopholes in WhatsApp running on a 5G network.

show abstract

“…The main areas of research that have gained increased attention in recent years are reliability [3], performance [4] and cyber security [5]. Systems using IoT frameworks produce a lot of data [6] due to the presence of many sensors and actuators, for instance, enabling predictive maintenance with minor manual interaction [7].…”

Section: Introductionmentioning

confidence: 99%

Improving wafer map classification in Industry 4.0

Scheiber¹,

Nartey²,

Zernig³

et al. 2022

2022 IEEE 5th International Conference on Industrial Cyber-Physical Systems (ICPS)

View full text Add to dashboard Cite

At the heart of Industry 4.0. lies the automation of manufacturing processes and interoperability of corresponding applications, in most cases utilizing Cyber-Physical Systems and Internet of Things. Used within diverse industrial areas across the world, these concepts gained more importance in recent years. In the semiconductor industry, continuous improvement of all involved processes is achieved by utilizing these concepts in many different stages of the manufacturing process. This work proposes a machine learning framework that on one hand enhances wafer map classification in the testing stage of semiconductor devices, and on the other hand fulfills the requirements and demands of all involved stakeholders in adopted engineering processes. The core of the proposed system is the Wafer Health Factor, a machine learning framework that detects process deviations in analog wafer test data through pattern recognition. Additional integration of Radon-based features, as well as the use of an ensemble classification framework, boosts model performances in the presented real-world application scenario significantly. Moreover, we also show that the proposed framework performs well on two benchmark data sets from literature, even on small training data sets. We conclude, that the presented framework improves the performance of pattern recognition tasks in realworld applications and thus, enables the automatic and early detection of deviations within semiconductor manufacturing processes.

show abstract

SHARKS: Smart Hacking Approaches for RisK Scanning in Internet-of-Things and Cyber-Physical Systems based on Machine learning

Cited by 24 publications

References 62 publications

GRAVITAS: Graphical Reticulated Attack Vectors for Internet-of-Things Aggregate Security

GRAVITAS: Graphical Reticulated Attack Vectors for Internet-of-Things Aggregate Security

Machine Learning Assisted Security Analysis of 5G-Network-Connected Systems

Improving wafer map classification in Industry 4.0

Contact Info

Product

Resources

About