Automated Attack Planning using a Partially Observable Model for Penetration Testing of Industrial Control Systems
نویسندگان
چکیده
Context Industrial control systems govern important industrial processes as well as many other areas of daily life including building automation and the energy infrastructure. In the past, such systems were rarely networked if at all. Recently, however, a need for a higher degree of communication between different systems as well as other company resources has arisen. While leading to increased productivity and the development of new processes altogether, this also introduced a whole new class of possibles attack vectors. As such systems are usually optimized for their specific purpose and otherwise offer limited computational resources, they often lack security mechanisms found elsewhere. This makes industrial control systems a very interesting and promising target for malicious intruders trying to cause damage on often critical and costly infrastructure. Consequently, there is a desparate need to continuously ensure that ICS are free of devastating vulnerabilities.
منابع مشابه
POMDPs Make Better Hackers: Accounting for Uncertainty in Penetration Testing
Penetration Testing is a methodology for assessing network security, by generating and executing possible hacking attacks. Doing so automatically allows for regular and systematic testing. A key question is how to generate the attacks. This is naturally formulated as planning under uncertainty, i.e., under incomplete knowledge about the network configuration. Previous work uses classical planni...
متن کاملPenetration Testing == POMDP Solving?
Penetration Testing is a methodology for assessing network security, by generating and executing possible attacks. Doing so automatically allows for regular and systematic testing without a prohibitive amount of human labor. A key question then is how to generate the attacks. This is naturally formulated as a planning problem. Previous work (Lucangeli et al. 2010) used classical planning and he...
متن کاملA POMDP Framework to Find Optimal Inspection and Maintenance Policies via Availability and Profit Maximization for Manufacturing Systems
Maintenance can be the factor of either increasing or decreasing system's availability, so it is valuable work to evaluate a maintenance policy from cost and availability point of view, simultaneously and according to decision maker's priorities. This study proposes a Partially Observable Markov Decision Process (POMDP) framework for a partially observable and stochastically deteriorating syste...
متن کاملStochastic Security Constrained Transmission and Battery Expansion Planning In Integrated Gas-Electricity Systems Considering High Penetration of Renewable Resources..
In this study, a new model is proposed to solve the problem of transmission and battery expansion planning considering integrated electricity and gas systems. The presented model is a bi-level stochastic planning model, where transmission and battery expansion planning modeling is done on one level, and gas network modeling is done on the other level. Here, the impact of the high penetration of...
متن کاملPath Planning and Control of an Industrial Robot Used for Opening Tap Hole of an Electric Arc Furnace
The electric arc furnace (EAF) is one of the popular methods of steel production from steel scraps. The plasma arc is used in EAF to generate heat for melting scarp or direct reduced iron (DRI). The liquid metal is drained from the EAF through the tap hole. Nowadays, it is critical to use Automated/robotic tools for opening the tap hole with oxygen lancing. Because many workers have been blinde...
متن کامل