Last Line of Defense: Reliability Through Inducing Cyber Threat Hunting With Deception in SCADA Networks
There exists a gap between existing security mechanisms and their ability to detect advancing threats. Antivirus and EDR (End Point Detection and Response) aim to detect and prevent threats; such security mechanisms are reactive. This approach did not prove to be effective in protecting against stea...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2021-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9531651/ |
| _version_ | 1828406868617199616 |
|---|---|
| author | Abdul Basit Ajmal Masoom Alam Awais Abdul Khaliq Shawal Khan Zakria Qadir M. A. Parvez Mahmud |
| author_facet | Abdul Basit Ajmal Masoom Alam Awais Abdul Khaliq Shawal Khan Zakria Qadir M. A. Parvez Mahmud |
| author_sort | Abdul Basit Ajmal |
| collection | DOAJ |
| description | There exists a gap between existing security mechanisms and their ability to detect advancing threats. Antivirus and EDR (End Point Detection and Response) aim to detect and prevent threats; such security mechanisms are reactive. This approach did not prove to be effective in protecting against stealthy attacks. SCADA (Supervisory Control and Data Acquisition) security is crucial for any country. However, SCADA is always an easy target for adversaries due to a lack of security for heterogeneous devices. An attack on SCADA is mainly considered a national-level threat. Recent research on SCADA security has not considered “unknown threats,” which has left a gap in security. The proactive approach, such as threat hunting, is the need of the hour. In this research, we investigated that threat hunting in conjunction with cyber deception and kill chain has countervailing effects on detecting SCADA threats and mitigating them. We have used the concept of “decoy farm” in the SCADA network, where all attacks are engaged. Moreover, we present a novel threat detection and prevention approach for SCADA, focusing on unknown threats. To test the effectiveness of approach, we emulated several SCADA, Linux and Windows based attacks on a simulated SCADA network. We have concluded that our approach detects and prevents the attacker before using the current reactive approach and security mechanism for SCADA with enhanced protection for heterogeneous devices. The results and experiments show that the proposed threat hunting approach has significantly improved the threat detection ability. |
| first_indexed | 2024-12-10T11:17:55Z |
| format | Article |
| id | doaj.art-3ef15aef24d14df688f383cefd217234 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-10T11:17:55Z |
| publishDate | 2021-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-3ef15aef24d14df688f383cefd2172342022-12-22T01:51:05ZengIEEEIEEE Access2169-35362021-01-01912678912680010.1109/ACCESS.2021.31114209531651Last Line of Defense: Reliability Through Inducing Cyber Threat Hunting With Deception in SCADA NetworksAbdul Basit Ajmal0https://orcid.org/0000-0003-4418-4959Masoom Alam1https://orcid.org/0000-0001-8839-593XAwais Abdul Khaliq2https://orcid.org/0000-0002-3439-6256Shawal Khan3https://orcid.org/0000-0001-5952-8502Zakria Qadir4https://orcid.org/0000-0002-9596-1765M. A. Parvez Mahmud5https://orcid.org/0000-0002-1905-6800Department of Computer Science, Cyber Security Laboratory, COMSATS University Islamabad, Islamabad, PakistanDepartment of Computer Science, Cyber Security Laboratory, COMSATS University Islamabad, Islamabad, PakistanDepartment of Computer Science, Cyber Security Laboratory, COMSATS University Islamabad, Islamabad, PakistanDepartment of Computer Science, Cyber Security Laboratory, COMSATS University Islamabad, Islamabad, PakistanSchool of Computing Engineering and Mathematics, Western Sydney University, Penrith, NSW, AustraliaSchool of Engineering, Deakin University, Geelong, VIC, AustraliaThere exists a gap between existing security mechanisms and their ability to detect advancing threats. Antivirus and EDR (End Point Detection and Response) aim to detect and prevent threats; such security mechanisms are reactive. This approach did not prove to be effective in protecting against stealthy attacks. SCADA (Supervisory Control and Data Acquisition) security is crucial for any country. However, SCADA is always an easy target for adversaries due to a lack of security for heterogeneous devices. An attack on SCADA is mainly considered a national-level threat. Recent research on SCADA security has not considered “unknown threats,” which has left a gap in security. The proactive approach, such as threat hunting, is the need of the hour. In this research, we investigated that threat hunting in conjunction with cyber deception and kill chain has countervailing effects on detecting SCADA threats and mitigating them. We have used the concept of “decoy farm” in the SCADA network, where all attacks are engaged. Moreover, we present a novel threat detection and prevention approach for SCADA, focusing on unknown threats. To test the effectiveness of approach, we emulated several SCADA, Linux and Windows based attacks on a simulated SCADA network. We have concluded that our approach detects and prevents the attacker before using the current reactive approach and security mechanism for SCADA with enhanced protection for heterogeneous devices. The results and experiments show that the proposed threat hunting approach has significantly improved the threat detection ability.https://ieeexplore.ieee.org/document/9531651/Threat huntingindicators of compromise (IOC)Industrial Internet of Things (IIoT)supervisory control and data acquisition (SCADA)cyber deceptionhoneypots |
| spellingShingle | Abdul Basit Ajmal Masoom Alam Awais Abdul Khaliq Shawal Khan Zakria Qadir M. A. Parvez Mahmud Last Line of Defense: Reliability Through Inducing Cyber Threat Hunting With Deception in SCADA Networks IEEE Access Threat hunting indicators of compromise (IOC) Industrial Internet of Things (IIoT) supervisory control and data acquisition (SCADA) cyber deception honeypots |
| title | Last Line of Defense: Reliability Through Inducing Cyber Threat Hunting With Deception in SCADA Networks |
| title_full | Last Line of Defense: Reliability Through Inducing Cyber Threat Hunting With Deception in SCADA Networks |
| title_fullStr | Last Line of Defense: Reliability Through Inducing Cyber Threat Hunting With Deception in SCADA Networks |
| title_full_unstemmed | Last Line of Defense: Reliability Through Inducing Cyber Threat Hunting With Deception in SCADA Networks |
| title_short | Last Line of Defense: Reliability Through Inducing Cyber Threat Hunting With Deception in SCADA Networks |
| title_sort | last line of defense reliability through inducing cyber threat hunting with deception in scada networks |
| topic | Threat hunting indicators of compromise (IOC) Industrial Internet of Things (IIoT) supervisory control and data acquisition (SCADA) cyber deception honeypots |
| url | https://ieeexplore.ieee.org/document/9531651/ |
| work_keys_str_mv | AT abdulbasitajmal lastlineofdefensereliabilitythroughinducingcyberthreathuntingwithdeceptioninscadanetworks AT masoomalam lastlineofdefensereliabilitythroughinducingcyberthreathuntingwithdeceptioninscadanetworks AT awaisabdulkhaliq lastlineofdefensereliabilitythroughinducingcyberthreathuntingwithdeceptioninscadanetworks AT shawalkhan lastlineofdefensereliabilitythroughinducingcyberthreathuntingwithdeceptioninscadanetworks AT zakriaqadir lastlineofdefensereliabilitythroughinducingcyberthreathuntingwithdeceptioninscadanetworks AT maparvezmahmud lastlineofdefensereliabilitythroughinducingcyberthreathuntingwithdeceptioninscadanetworks |