We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:


References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: RAPTOR: Advanced Persistent Threat Detection in Industrial IoT via Attack Stage Correlation

Abstract: IIoT (Industrial Internet-of-Things) systems are getting more prone to attacks by APT (Advanced Persistent Threat) adversaries. Past APT attacks on IIoT systems such as the 2016 Ukrainian power grid attack which cut off the capital Kyiv off power for an hour and the 2017 Saudi petrochemical plant attack which almost shut down the plant's safety controllers have shown that APT campaigns can disrupt industrial processes, shut down critical systems and endanger human lives. In this work, we propose RAPTOR, a system to detect APT campaigns in IIoT environments. RAPTOR detects and correlates various APT attack stages (adapted to IIoT) using multiple data sources. Subsequently, it constructs a high-level APT campaign graph which can be used by cybersecurity analysts towards attack analysis and mitigation. A performance evaluation of RAPTOR's APT stage detection stages shows high precision and low false positive/negative rates. We also show that RAPTOR is able to construct the APT campaign graph for APT attacks (modelled after real-world attacks on ICS/OT infrastructure) executed on our IIoT testbed.
Comments: To be submitted to journal
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:2301.11524 [cs.CR]
  (or arXiv:2301.11524v2 [cs.CR] for this version)

Submission history

From: Ayush Kumar [view email]
[v1] Fri, 27 Jan 2023 03:56:50 GMT (723kb,D)
[v2] Thu, 9 Feb 2023 14:35:45 GMT (723kb,D)

Link back to: arXiv, form interface, contact.