메뉴 건너뛰기




Volumn 12, Issue 2, 2018, Pages 1778-1792

Cyber Stealth Attacks in Critical Information Infrastructures

Author keywords

Control systems; countermeasures; critical infrastructures (CIs); detection and protection; stealth attacks

Indexed keywords

COMPLEX NETWORKS;

EID: 84962499012     PISSN: 19328184     EISSN: 19379234     Source Type: Journal    
DOI: 10.1109/JSYST.2015.2487684     Document Type: Article
Times cited : (44)

References (70)
  • 2
    • 79251485799 scopus 로고    scopus 로고
    • 114/EC of 08 December 2008 on the identification and designation of European CIs and the assessment of the need to improve their protection
    • C. Directive, "114/EC of 08 December 2008 on the identification and designation of European CIs and the assessment of the need to improve their protection," Official J. Eur. Union, vol. 345, 2008, pp. 75-82.
    • (2008) Official J. Eur. Union , vol.345 , pp. 75-82
    • Directive, C.1
  • 3
    • 85046609740 scopus 로고    scopus 로고
    • Washington, DC, USA, Public Law 107-56-Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA Patriot Act) Act of 2001, Oct
    • Congress of the United States of America, Washington, DC, USA, Public Law 107-56-Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA Patriot Act) Act of 2001, Oct. 2001. [Online]. Available: http://www.gpo.gov/ fdsys/pkg/PLAW-107publ56/content-detail.html
    • (2001) Congress of the United States of America
  • 7
    • 85046609824 scopus 로고    scopus 로고
    • Analysis of annual incident reports 2012Aug
    • "Analysis of annual incident reports 2012," ENISA, Heraklion, Greece, Annu. Incident Rep., vol. 13, Aug. 2013, pp. 1-30.
    • (2013) ENISA, Heraklion, Greece, Annu. Incident Rep. , vol.13 , pp. 1-30
  • 8
    • 85046611370 scopus 로고    scopus 로고
    • US DHS ICS-CERT, Incident Response Summary Report, Sep. 2011, last accessed: Jul
    • US DHS ICS-CERT, Incident Response Summary Report, Sep. 2011, last accessed: Jul. 2013. [Online]. Available: http://www.uscert.gov
    • (2013)
  • 9
    • 85046609308 scopus 로고    scopus 로고
    • ICS-Monitor Malware Infections in the Control Environment US DHS ICS-CERT, last accessed: Apr. 2014. [Dec
    • US DHS ICS-CERT, ICS-Monitor Malware Infections in the Control Environment, Dec. 2012, last accessed: Apr. 2014. [Online]. Available: http://www.uscert.gov
    • (2012)
  • 11
    • 85046617097 scopus 로고    scopus 로고
    • European Commission, Directive 2009/140/EC of the European Parliament and of the Council, L337/37, Nov. 2009, last accessed: May
    • European Commission, Directive 2009/140/EC of the European Parliament and of the Council, L337/37, Nov. 2009, last accessed: May 2014. [Online]. Available: https://resilience.enisa.europa.eu/article-13
    • (2014)
  • 12
    • 84939255911 scopus 로고    scopus 로고
    • A system dynamics approach for assessing the impact of cyber attacks on critical infrastructures
    • Sep
    • B. Genge, I. Kiss, and P. Haller, "A system dynamics approach for assessing the impact of cyber attacks on critical infrastructures," Int. J. Critical Infrastruct. Protect., vol. 10, Sep. 2015, pp. 3-17.
    • (2015) Int. J. Critical Infrastruct. Protect. , vol.10 , pp. 3-17
    • Genge, B.1    Kiss, I.2    Haller, P.3
  • 13
    • 80051951235 scopus 로고    scopus 로고
    • Def. Intell., Ottawa, ON, Canada, Tech. Rep., Oct
    • M. Thompson, "Mariposa botnet analysis," Def. Intell., Ottawa, ON, Canada, Tech. Rep., Oct. 2009.
    • (2009) Mariposa Botnet Analysis
    • Thompson, M.1
  • 15
    • 80053011852 scopus 로고    scopus 로고
    • Global energy cyberattacks: Night Dragon
    • McAfee McAfee Labs, Santa Clara, CA, USA, Tech. Rep., Ver. 1.4, Feb
    • McAfee, "Global energy cyberattacks: Night Dragon," McAfee Foundstone Professional Serv., McAfee Labs, Santa Clara, CA, USA, Tech. Rep., Ver. 1.4, Feb. 2011.
    • (2011) McAfee Foundstone Professional Serv.
  • 16
    • 85046617846 scopus 로고    scopus 로고
    • The Nitro attacks: Stealing secrets from the chemical industry
    • Mountain View, CA, USA, October
    • E. Chien and G. OGorman, "The Nitro attacks: Stealing secrets from the chemical industry," Symantec Secur. Response, Mountain View, CA, USA, October 2011.
    • (2011) Symantec Secur. Response
    • Chien, E.1    O'Gorman, G.2
  • 17
    • 85046607896 scopus 로고    scopus 로고
    • Kaspersky Lab Expert, Moscow, Russia, Duqu: Steal Everything, 2011, last accessed: Apr
    • Kaspersky Lab Expert, Moscow, Russia, Duqu: Steal Everything, 2011, last accessed: Apr. 2014. [Online]. Available: http://www.kaspersky.com/ about/press/majormalwareoutbreaks/duqu
    • (2014)
  • 18
    • 84867834950 scopus 로고    scopus 로고
    • Deconstructing Flame: The limitations of traditional defences
    • Oct
    • K. Munro, "Deconstructing Flame: The limitations of traditional defences," Comput. Fraud Secur., vol. 2012, no. 10, pp. 8-11, Oct. 2012.
    • (2012) Comput. Fraud Secur. , vol.2012 , Issue.10 , pp. 8-11
    • Munro, K.1
  • 19
    • 85046606160 scopus 로고    scopus 로고
    • US DHS ICS-CERT ICS-Monitor Incident Response Activity, Apr. last accessed: May 2014
    • US DHS ICS-CERT, "ICS-Monitor Incident Response Activity," Nat. Cybersecur. Commun. Integr. Center, Apr. 2014, last accessed: May 2014. [Online]. Available: https://ics-cert.us-cert.gov
    • (2014) Nat. Cybersecur. Commun. Integr. Center
  • 20
    • 4143141933 scopus 로고    scopus 로고
    • Stealth attacks on ad-hoc wireless networks
    • M. Jakobsson, S. Wetzel, and B. Yener, "Stealth attacks on ad-hoc wireless networks," in Proc. IEEE 58th VTC-Fall, 2003, vol. 3, pp. 2103-2111.
    • (2003) Proc. IEEE 58th VTC-Fall , vol.3 , pp. 2103-2111
    • Jakobsson, M.1    Wetzel, S.2    Yener, B.3
  • 21
    • 84876124711 scopus 로고    scopus 로고
    • Wide-area situational awareness for critical infrastructure protection
    • Apr
    • C. Alcaraz and J. Lopez, "Wide-area situational awareness for critical infrastructure protection," IEEE Comput., vol. 46, no. 4, pp. 30-37, Apr. 2013.
    • (2013) IEEE Comput. , vol.46 , Issue.4 , pp. 30-37
    • Alcaraz, C.1    Lopez, J.2
  • 23
    • 84857516371 scopus 로고    scopus 로고
    • A taxonomy of cyber attacks on SCADA systems
    • B. Zhu, A. Joseph, and S. Sastry, "A taxonomy of cyber attacks on SCADA systems," in Proc. iThings/CPSCom, 2011, pp. 380-388.
    • (2011) Proc. IThings/CPSCom , pp. 380-388
    • Zhu, B.1    Joseph, A.2    Sastry, S.3
  • 24
    • 84958810958 scopus 로고    scopus 로고
    • Taxonomies of cyber adversaries and attacks: A survey of incidents and approaches
    • Livermore, CA, USA, Apr
    • C. Myers, S. Powers, and D. Faissol, "Taxonomies of cyber adversaries and attacks: A survey of incidents and approaches," Lawrence Livermore Nat. Lab., Livermore, CA, USA, Apr. 2009, vol. 7, pp. 1-22.
    • (2009) Lawrence Livermore Nat. Lab. , vol.7 , pp. 1-22
    • Myers, C.1    Powers, S.2    Faissol, D.3
  • 25
    • 10644249488 scopus 로고    scopus 로고
    • Tracking and tracing cyber-attacks: Technical challenges and global policy issues
    • Pittsburgh, PA, USA, DTIC Document, Tech. Rep., Nov
    • H. F. Lipson, "Tracking and tracing cyber-attacks: Technical challenges and global policy issues," Softw. Eng. Inst., Pittsburgh, PA, USA, DTIC Document, Tech. Rep., Nov. 2002.
    • (2002) Softw. Eng. Inst.
    • Lipson, H.F.1
  • 26
    • 85046604724 scopus 로고    scopus 로고
    • ENISA, Heraklion, Greece, Existing Taxonomies, 2005-2013, last accessed: Aug
    • ENISA, Heraklion, Greece, Existing Taxonomies, 2005-2013, last accessed: Aug. 2013. [Online]. Available: http://www.enisa.europa. eu/activities/cert/support/incident-management/browsable/incidenthandling-process/incident-taxonomy/existing-taxonomies
    • (2013)
  • 27
    • 84870843257 scopus 로고    scopus 로고
    • Attack vectors to metering data in smart grids under security constraints
    • F. Skopik and Z. Ma, "Attack vectors to metering data in smart grids under security constraints," in Proc. IEEE 36th COMPSACW, 2012, pp. 134-139.
    • (2012) Proc. IEEE 36th COMPSACW , pp. 134-139
    • Skopik, F.1    Ma, Z.2
  • 30
    • 84962806892 scopus 로고    scopus 로고
    • A short survey of intrusion detection systems
    • V. Marinova-Boncheva, "A short survey of intrusion detection systems," Probl. Eng. Cybern. Robot., vol. 58, pp. 23-30, 2007.
    • (2007) Probl. Eng. Cybern. Robot. , vol.58 , pp. 23-30
    • Marinova-Boncheva, V.1
  • 33
    • 84887371876 scopus 로고    scopus 로고
    • Information theft through covert channel by exploiting HTTP post method
    • N. Tomar and M. S. Gaur, "Information theft through covert channel by exploiting HTTP post method," in Proc. 10th Int. Conf. WOCN, 2013, pp. 1-5.
    • (2013) Proc. 10th Int. Conf. WOCN , pp. 1-5
    • Tomar, N.1    Gaur, M.S.2
  • 34
    • 77749254087 scopus 로고    scopus 로고
    • Covert channels in TCP and IP Headers
    • Las Vegas, NV, USA, Aug. 2-4
    • A. Hintz, "Covert channels in TCP and IP Headers," presented at the DEF CON Security Conf., Las Vegas, NV, USA, Aug. 2-4, 2002.
    • (2002) The DEF CON Security Conf.
    • Hintz, A.1
  • 37
    • 5044231297 scopus 로고    scopus 로고
    • Honeypot and scan detection in intrusion detection system
    • C. Yin, M. Li, J.Ma, and J. Sun, "Honeypot and scan detection in intrusion detection system," in Proc. Can. Conf. Elect. Comput. Eng., 2004, vol. 2, pp. 1107-1110.
    • (2004) Proc. Can. Conf. Elect. Comput. Eng. , vol.2 , pp. 1107-1110
    • Yin, C.1    Li, M.2    Ma, J.3    Sun, J.4
  • 38
    • 85046615646 scopus 로고    scopus 로고
    • IBM IBM X-force trend and risk report IBM, Armonk, NY, USA, Nov
    • IBM, "IBM X-force trend and risk report," IBM, Armonk, NY, USA, Nov. 2013. [Online]. Available: http://xforce.iss.net/xforce/xfdb/405
    • (2013)
  • 41
    • 77955722321 scopus 로고    scopus 로고
    • State-of-The-art of secure ECC implementations: A survey on known side-channel attacks and countermeasures
    • J. Fan et al., "State-of-The-art of secure ECC implementations: A survey on known side-channel attacks and countermeasures," in Proc. IEEE Int. Symp. Hardware-Oriented Secur. Trust, 2010, pp. 76-87.
    • (2010) Proc. IEEE Int. Symp. Hardware-Oriented Secur. Trust , pp. 76-87
    • Fan, J.1
  • 43
    • 69249215749 scopus 로고    scopus 로고
    • Denham Springs, LA, USA, Dec
    • Modbus Application Protocol Specification, Modbus-IDA, Denham Springs, LA, USA, Dec. 2006. [Online]. Available: http://www.modbus. org/docs/ModbusApplicationProtocolV11b.pdf
    • (2006) Modbus Application Protocol Specification, Modbus-IDA
  • 44
    • 34547280256 scopus 로고    scopus 로고
    • Rijid: Random code injection to mask power analysis based side channel attacks
    • J. A. Ambrose, R. G. Ragel, and S. Parameswaran, "RIJID: Random code injection to mask power analysis based side channel attacks," in Proc. 44th Annu. Des. Autom. Conf., 2007, pp. 489-492.
    • (2007) Proc. 44th Annu. Des. Autom. Conf. , pp. 489-492
    • Ambrose, J.A.1    Ragel, R.G.2    Parameswaran, S.3
  • 45
    • 43049179369 scopus 로고    scopus 로고
    • Securing web applications
    • D. Gollmann, "Securing web applications," Inf. Secur. Tech. Rep., vol. 13, no. 1, pp. 1-9, 2008.
    • (2008) Inf. Secur. Tech. Rep. , vol.13 , Issue.1 , pp. 1-9
    • Gollmann, D.1
  • 46
    • 84890009491 scopus 로고    scopus 로고
    • Definition of terms used by the auto-ID labs in the anti-counterfeiting white paper series
    • Adelaide, SA, Australia, Sep
    • A. Grasso and P. H. Cole, "Definition of terms used by the auto-ID labs in the anti-counterfeiting white paper series," Auto-ID Labs Univ. Adelaide, Adelaide, SA, Australia, Sep. 2006.
    • (2006) Auto-ID Labs Univ. Adelaide
    • Grasso, A.1    Cole, P.H.2
  • 47
    • 33745216482 scopus 로고    scopus 로고
    • The essence of command injection attacks in web applications
    • Jan
    • Z. Su and G. Wassermann, "The essence of command injection attacks in web applications," ACM SIGPLAN Notices, vol. 41, no. 1, pp. 372-382, Jan. 2006.
    • (2006) ACM SIGPLAN Notices , vol.41 , Issue.1 , pp. 372-382
    • Su, Z.1    Wassermann, G.2
  • 48
    • 84858250036 scopus 로고    scopus 로고
    • Defending against cross-site scripting attacks
    • Mar
    • L. K. Shar and H. K. Tan, "Defending against cross-site scripting attacks," Computer, vol. 45, no. 3, pp. 55-62, Mar. 2012.
    • (2012) Computer , vol.45 , Issue.3 , pp. 55-62
    • Shar, L.K.1    Tan, H.K.2
  • 49
    • 84928407537 scopus 로고    scopus 로고
    • Noncespaces: Using randomization to enforce information flow tracking and thwart cross-site scripting attacks
    • M. Van Gundy and H. Chen, "Noncespaces: Using randomization to enforce information flow tracking and thwart cross-site scripting attacks," in Proc. NDSS, 2009, pp. 1-13.
    • (2009) Proc. NDSS , pp. 1-13
    • Van Gundy, M.1    Chen, H.2
  • 51
    • 35348860223 scopus 로고    scopus 로고
    • Defeating script injection attacks with browser-enforced embedded policies
    • T. Jim, N. Swamy, and M. Hicks, "Defeating script injection attacks with browser-enforced embedded policies," in Proc. 16th Int. Conf. World Wide Web, 2007, pp. 601-610.
    • (2007) Proc. 16th Int. Conf. World Wide Web , pp. 601-610
    • Jim, T.1    Swamy, N.2    Hicks, M.3
  • 52
    • 85046605440 scopus 로고    scopus 로고
    • OWASP,TheTenMost CriticalWebApplication SecurityRisks,Oct. 2010
    • OWASP,TheTenMost CriticalWebApplication SecurityRisks,Oct. 2010.
  • 53
    • 85046609427 scopus 로고    scopus 로고
    • Symantec, Mountain View, CA, USA, TCP MODBUS-Unauthorized Read Request, last accessed: Apr
    • Symantec, Mountain View, CA, USA, TCP MODBUS-Unauthorized Read Request, last accessed: Apr. 2014. [Online]. Available: http://www. symantec.com/securityresponse/attacksignatures/detail.jsp?asid=20674
    • (2014)
  • 54
    • 85046610470 scopus 로고    scopus 로고
    • National Vulnerability Database NIST, Gaithersburg, MD, USA, Apr
    • National Vulnerability Database, "Vulnerability summary for CVE-2013-0663," NIST, Gaithersburg, MD, USA, Apr. 2013. [Online]. Available: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0663
    • (2013) Vulnerability Summary for CVE-2013-0663
  • 55
    • 85046615765 scopus 로고    scopus 로고
    • US DHS ICS-CERT, Washington, DC, USA Jun. 2013, last accessed: Apr
    • US DHS ICS-CERT, Washington, DC, USA, "ICSA-13-077-01A Schneider Electric PLCs Vulnerabilities," Jun. 2013, last accessed: Apr. 2014. [Online]. Available: http://ics-cert.us-cert.gov/node/642
    • (2014) ICSA-13-077-01A Schneider Electric PLCs Vulnerabilities
  • 58
    • 84863206416 scopus 로고    scopus 로고
    • Intrusion detection for resource-constrained embedded control systems in the power grid
    • Jul
    • J. Reeves, A. Ramaswamy, M. Locasto, S. Bratus, and S. Smith, "Intrusion detection for resource-constrained embedded control systems in the power grid," Int. J. Crit. Infrastruct. Protect., vol. 5, no. 2, pp. 74-83, Jul. 2012.
    • (2012) Int. J. Crit. Infrastruct. Protect. , vol.5 , Issue.2 , pp. 74-83
    • Reeves, J.1    Ramaswamy, A.2    Locasto, M.3    Bratus, S.4    Smith, S.5
  • 59
    • 84857771025 scopus 로고    scopus 로고
    • Specification-based intrusion detection for advanced metering infrastructures
    • R. Berthier and W. H. Sanders, "Specification-based intrusion detection for advanced metering infrastructures," in Proc. IEEE 17th PRDC, 2011, pp. 184-193.
    • (2011) Proc. IEEE 17th PRDC , pp. 184-193
    • Berthier, R.1    Sanders, W.H.2
  • 60
    • 33847297141 scopus 로고    scopus 로고
    • Countermeasures against traffic analysis attacks in wireless sensor networks
    • J. Deng, R. Han, and S. Mishra, "Countermeasures against traffic analysis attacks in wireless sensor networks," in Proc. 1st Int. Conf. SecureComm, 2005, pp. 113-126.
    • (2005) Proc. 1st Int. Conf. SecureComm , pp. 113-126
    • Deng, J.1    Han, R.2    Mishra, S.3
  • 61
    • 85090433665 scopus 로고    scopus 로고
    • Snort-Lightweight intrusion detection for networks
    • Seattle, WA, USA
    • M. Roesch, "Snort-Lightweight intrusion detection for networks," in Proc. 13th USENIX Conf. Syst. Admin., Seattle, WA, USA, 1999, pp. 229-238.
    • (1999) Proc. 13th USENIX Conf. Syst. Admin , pp. 229-238
    • Roesch, M.1
  • 63
  • 65
    • 84885725221 scopus 로고    scopus 로고
    • Protecting critical infrastructures from stealth attacks: A closed-loop approach involving detection and remediation
    • S. Avallone, C. Mazzariello, F. Oliviero, and S. P. Romano, "Protecting critical infrastructures from stealth attacks: A closed-loop approach involving detection and remediation," in Proc. Crit. Inf. Infrastruct. Security, 2013, pp. 209-212.
    • (2013) Proc. Crit. Inf. Infrastruct. Security , pp. 209-212
    • Avallone, S.1    Mazzariello, C.2    Oliviero, F.3    Romano, S.P.4
  • 66
    • 80052933495 scopus 로고    scopus 로고
    • High-speed intrusion detection in support of critical infrastructure protection
    • S. D'Antonio, F. Oliviero, and R. Setola, "High-speed intrusion detection in support of critical infrastructure protection," in Proc. Crit. Inf. Infrastruct. Secur., 2006, pp. 222-234.
    • (2006) Proc. Crit. Inf. Infrastruct. Secur. , pp. 222-234
    • D'Antonio, S.1    Oliviero, F.2    Setola, R.3
  • 67
    • 84887278643 scopus 로고    scopus 로고
    • Attack detection and identification in cyber-physical systems
    • Nov
    • F. Pasqualetti, F. Dorfler, and F. Bullo, "Attack detection and identification in cyber-physical systems," IEEE Trans. Autom. Control, vol. 58, no. 11, pp. 2715-2729, Nov. 2013.
    • (2013) IEEE Trans. Autom. Control , vol.58 , Issue.11 , pp. 2715-2729
    • Pasqualetti, F.1    Dorfler, F.2    Bullo, F.3
  • 68
    • 84893176205 scopus 로고    scopus 로고
    • European Commission Publications Office, COM(2011) 163, Mar
    • European Commission, "ENCOM(2011) 163-Achievements and next steps: Towards global cyber-security," Publications Office, COM(2011) 163, Mar. 2011. [Online]. Available: https://www.eumonitor.eu/9353000/ 1/j9vvik7m1c3gyxp/vio6acq9mbym
    • (2011) ENCOM(2011) 163-Achievements and Next Steps: Towards Global Cyber-security
  • 70
    • 79954605963 scopus 로고    scopus 로고
    • Smart Grid Interoperability Panel Cyber Security Working Group and others NIST, Gaithersburg, MD, USA, NISTIR 7628, Sep
    • Smart Grid Interoperability Panel Cyber Security Working Group and others, "Guidelines for Smart Grid Cyber Security vol. 1-3," NIST, Gaithersburg, MD, USA, NISTIR 7628, Sep. 2010.
    • (2010) Guidelines for Smart Grid Cyber Security , vol.1-3


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.