References & Citations
Computer Science > Cryptography and Security
Title: RAPTOR: Advanced Persistent Threat Detection in Industrial IoT via Attack Stage Correlation
(Submitted on 27 Jan 2023 (v1), revised 9 Feb 2023 (this version, v2), latest version 26 Sep 2023 (v3))
Abstract: IIoT (Industrial Internet-of-Things) systems are getting more prone to attacks by APT (Advanced Persistent Threat) adversaries. Past APT attacks on IIoT systems such as the 2016 Ukrainian power grid attack which cut off the capital Kyiv off power for an hour and the 2017 Saudi petrochemical plant attack which almost shut down the plant's safety controllers have shown that APT campaigns can disrupt industrial processes, shut down critical systems and endanger human lives. In this work, we propose RAPTOR, a system to detect APT campaigns in IIoT environments. RAPTOR detects and correlates various APT attack stages (adapted to IIoT) using multiple data sources. Subsequently, it constructs a high-level APT campaign graph which can be used by cybersecurity analysts towards attack analysis and mitigation. A performance evaluation of RAPTOR's APT stage detection stages shows high precision and low false positive/negative rates. We also show that RAPTOR is able to construct the APT campaign graph for APT attacks (modelled after real-world attacks on ICS/OT infrastructure) executed on our IIoT testbed.
Submission history
From: Ayush Kumar [view email][v1] Fri, 27 Jan 2023 03:56:50 GMT (723kb,D)
[v2] Thu, 9 Feb 2023 14:35:45 GMT (723kb,D)
[v3] Tue, 26 Sep 2023 04:49:44 GMT (593kb,D)
Link back to: arXiv, form interface, contact.