Cyber Threat Analysis based on Characterizing Adversarial Behavior for Energy Delivery System
Recently, Energy Delivery Systems (EDS) has been the target of several sophisticated attacks with potentials for catastrophic damages. These attacks are diverse in techniques, attack progression, and impacts. System administrators require comprehensive analytics to assess their defense against these diverse adversarial strategies. To address this challenge, this paper proposes a methodology to assess cyber threats proactively by characterizing adversary behavior. First, we describe the diﬀerent level of threat indicators and their eﬀectiveness to understand the adversary activity. Next, we integrate static network information with dynamic attack strategy by mapping attack graphs into attacker’s techniques and tactics. This contextual integration provides insights into attacker’s stealthy behavior. Following the enumeration of complexity and eﬀort for attack progression, we devise a metric to quantify the likelihood of an adversary taking an attack path for compromising an asset in EDS. We empirically evaluated our approach within an ICS test-bed. The results show the signiﬁcance of our approach for characterizing adversarial behavior and gaining valuable insights on cyber risk management.
This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
- The following copyright notice applies to all of the above items that appear in IEEE publications: "Personal use of this material is permitted. However, permission to reprint/publish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from IEEE."
- The following copyright notice applies to all of the above items that appear in ACM publications: "© ACM, effective the year of publication shown in the bibliographic information. This file is the author’s version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in the journal or proceedings indicated in the bibliographic data for each item."
- The following copyright notice applies to all of the above items that appear in IFAC publications: "Document is being reproduced under permission of the Copyright Holder. Use or reproduction of the Document is for informational or personal use only."