Openly accessible

Last Line of Defense: Reliability through Inducing Cyber Threat Hunting with Deception in SCADA Networks

Ajmal, AB, Alam, M, Khaliq, AA, Khan, S, Qadir, Z and Mahmud, M A Parvez 2021, Last Line of Defense: Reliability through Inducing Cyber Threat Hunting with Deception in SCADA Networks, IEEE Access, vol. 9, pp. 126789-126800, doi: 10.1109/ACCESS.2021.3111420.

Attached Files
Name Description MIMEType Size Downloads

Title Last Line of Defense: Reliability through Inducing Cyber Threat Hunting with Deception in SCADA Networks
Author(s) Ajmal, AB
Alam, M
Khaliq, AA
Khan, S
Qadir, Z
Mahmud, M A ParvezORCID iD for Mahmud, M A Parvez orcid.org/0000-0002-1905-6800
Journal name IEEE Access
Volume number 9
Start page 126789
End page 126800
Total pages 12
Publisher Institute of Electrical and Electronics Engineers
Place of publication Piscataway, N.J.
Publication date 2021
ISSN 2169-3536
2169-3536
Keyword(s) Science & Technology
Technology
Computer Science, Information Systems
Engineering, Electrical & Electronic
Telecommunications
Computer Science
Engineering
Security
Tools
SCADA systems
Protocols
Process control
Open source software
Licenses
Threat hunting
indicators of compromise (IOC)
Industrial Internet of Things (IIoT)
supervisory control and data acquisition (SCADA)
cyber deception
honeypots
decoys
Summary There exists a gap between existing security mechanisms and their ability to detect advancing threats. Antivirus and EDR (End Point Detection and Response) aim to detect and prevent threats; such security mechanisms are reactive. This approach did not prove to be effective in protecting against stealthy attacks. SCADA (Supervisory Control and Data Acquisition) security is crucial for any country. However, SCADA is always an easy target for adversaries due to a lack of security for heterogeneous devices. An attack on SCADA is mainly considered a national-level threat. Recent research on SCADA security has not considered 'unknown threats,' which has left a gap in security. The proactive approach, such as threat hunting, is the need of the hour. In this research, we investigated that threat hunting in conjunction with cyber deception and kill chain has countervailing effects on detecting SCADA threats and mitigating them. We have used the concept of 'decoy farm' in the SCADA network, where all attacks are engaged. Moreover, we present a novel threat detection and prevention approach for SCADA, focusing on unknown threats. To test the effectiveness of approach, we emulated several SCADA, Linux and Windows based attacks on a simulated SCADA network. We have concluded that our approach detects and prevents the attacker before using the current reactive approach and security mechanism for SCADA with enhanced protection for heterogeneous devices. The results and experiments show that the proposed threat hunting approach has significantly improved the threat detection ability
Language eng
DOI 10.1109/ACCESS.2021.3111420
Field of Research 08 Information and Computing Sciences
09 Engineering
10 Technology
HERDC Research category C1 Refereed article in a scholarly journal
Free to Read? Yes
Persistent URL http://hdl.handle.net/10536/DRO/DU:30156124

Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.

Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 0 times in TR Web of Science
Scopus Citation Count Cited 0 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 7 Abstract Views, 1 File Downloads  -  Detailed Statistics
Created: Tue, 28 Sep 2021, 09:19:24 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.