More Web Proxy on the site http://driver.im/

research-article

ICS-LTU2022: : A dataset for ICS vulnerabilities

Authors: Manar Alanazi, Abdun Mahmood, Mohammad Jabed Morshed ChowdhuryAuthors Info & Claims

Volume 148, Issue C

https://doi.org/10.1016/j.cose.2024.104143

Published: 30 January 2025 Publication History

Abstract

Industrial control systems (ICS) are a collection of control systems and associated instrumentation for controlling and monitoring industrial processes. Critical infrastructure relies on supervisory control and data acquisition (SCADA), a subset of ICS specifically designed for monitoring and controlling industrial processes over large geographic areas. Cyberattacks like the Colonial Pipeline ransomware case have demonstrated how an adversary may compromise critical infrastructure. The Colonial Pipeline ransomware attack led to a week’s pipeline shutdown, causing a gas shortage in the United States. As existing vulnerability assessment tools cannot be used in the context of ICS systems, vulnerability datasets specified for ICSs are needed to evaluate the security weaknesses. Our secondary metadata, ICS-LTU2022, consists of multiple features that can be used for vulnerability assessment and risk evaluation in industrial control systems. A description of the dataset, its characteristics, and data analysis are also presented in this paper. Vulnerability analysis was conducted based on the top 10 vulnerabilities in terms of severity, frequency by year, impact, components of the ICS, and common weaknesses. The ICS-LTU2022 vulnerabilities dataset is updated biannually. Our proposed dataset provides security researchers with the most recent ICS critical vulnerabilities.

Highlights

•

The research collects vulnerability data from public sources, mainly the NVD and CVE.

•

The dataset compiled from these sources is comprehensive, encompassing a wide range of ICS vulnerabilities.

•

The research aims to identify and analyze ICS vulnerability patterns and trends.

•

Insights into ICS cybersecurity are provided through the analysis of vulnerabilities.

•

The main finding, data quality, professional considerations, and threats to validity are discussed.

References

[1]

Abou el Kalam A., Securing SCADA and critical industrial systems: From needs to security mechanisms, Int. J. Crit. Infrastruct. Prot. 32 (2021).

[2]

ACDA C., AVEVA wonderware system platform, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-19-029-03, (Accessed 10 August 2023).

[3]

Ackerman P., Industrial Cybersecurity: Efficiently Monitor the Cybersecurity Posture of Your ICS Environment, Packt Publishing Ltd, 2021.

[4]

Ahmad A., Hadgkiss J., Ruighaver A.B., Incident response teams–challenges in supporting the organisational security function, Comput. Secur. 31 (5) (2012) 643–652.

[5]

Alanazi M., Mahmood A., Chowdhury M.J.M., SCADA vulnerabilities and attacks: A review of the state of the art and open issues, Comput. Secur. 125 (2023),. URL https://www.sciencedirect.com/science/article/pii/S0167404822004205.

Digital Library

[6]

Albasir A., Naik K., Manzano R., Toward improving the security of IoT and CPS devices: An AI approach, Digit. Threats: Res. Pract. 4 (2) (2023) 1–30.

[7]

Alexander O., Belisle M., Steele J., MITRE ATT&CK for Industrial Control Systems: Design and Philosophy, The MITRE Corporation, Bedford, MA, USA, 2020.

[8]

Ali S., Al Balushi T., Nadir Z., Hussain O.K., Cyber Security for Cyber Physical Systems, Springer, 2018.

[9]

Almalawi A., Yu X., Tari Z., Fahad A., Khalil I., An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems, Comput. Secur. 46 (2014) 94–110,. URL https://www.sciencedirect.com/science/article/pii/S0167404814001072.

[10]

Almukaynizi M., Nunes E., Dharaiya K., Senguttuvan M., Shakarian J., Shakarian P., Proactive identification of exploits in the wild through vulnerability mentions online, in: 2017 International Conference on Cyber Conflict (CyCon US), IEEE, Washington, USA, 2017, pp. 82–88,.

[11]

Alsabbagh W., Langendörfer P., Security of programmable logic controllers and related systems: Today and tomorrow, IEEE Open J. Ind. Electron. Soc. 4 (2023) 659–693,.

[12]

Alsmadi I., Dwekat Z., Cantu R., Al-Ahmad B., Vulnerability assessment of industrial systems using Shodan, Cluster Comput. 25 (3) (2022) 1563–1573.

[13]

Andreeva O., Gordeychik S., Gritsai G., Kochetova O., Potseluevskaya E., Sidorov S.I., Timorin A.A., Industrial control systems vulnerabilities statistics, Kaspersky Lab, Report (2016).

[14]

Anwar A., Abusnaina A., Chen S., Li F., Mohaisen D., Cleaning the NVD: Comprehensive quality assessment, improvements, and analyses, IEEE Trans. Dependable Secure Comput. 19 (6) (2022) 4255–4269,.

[15]

Ayub A., Yoo H., Ahmed I., Empirical study of PLC authentication protocols in industrial control systems, in: 2021 IEEE Security and Privacy Workshops, SPW, IEEE, USA, 2021, pp. 383–397,.

[16]

Bada M., Pete I., An exploration of the cybercrime ecosystem around shodan, in: 2020 7th International Conference on Internet of Things: Systems, Management and Security, IOTSMS, IEEE, France, 2020, pp. 1–8,.

[17]

Bakeui M., Flores R., Remorin L., Yarochkin F., 2020 Report on Threats Affecting ICS Endpoints, Trend Micro, Japan, 2021, URL https://www.key4biz.it/wp-content/uploads/2021/07/wp-2020-report-on-threats-affecting-critical-industrial-endpoints.pdf.

[18]

Bala R., Nagpal R., A review on kdd cup99 and nsl nsl-kdd dataset, Int. J. Adv. Res. Comput. Sci. 10 (2) (2019) p64–67.

[19]

Banga A., Gupta D., Bathla R., Towards a taxonomy of cyber attacks on scada system, in: 2019 International Conference on Intelligent Computing and Control Systems, ICCS, IEEE, Madurai, India, 2019, pp. 343–347,.

[20]

Bartman T., Carson K., Securing communications for SCADA and critical industrial systems, in: 2016 69th Annual Conference for Protective Relay Engineers, CPRE, IEEE, College Station, TX, USA, 2016, pp. 1–10,.

[21]

Basnet M., Poudyal S., Ali M.H., Dasgupta D., Ransomware detection using deep learning in the SCADA system of electric vehicle charging station, in: 2021 IEEE PES Innovative Smart Grid Technologies Conference - Latin America (ISGT Latin America), IEEE, Lima, Peru, 2021, pp. 1–5,.

[22]

Batini C., Cappiello C., Francalanci C., Maurino A., Methodologies for data quality assessment and improvement, ACM Comput. Surv. 41 (3) (2009),.

Digital Library

[23]

Beaver J.M., Borges-Hink R.C., Buckner M.A., An evaluation of machine learning methods to detect malicious SCADA communications, in: 2013 12th International Conference on Machine Learning and Applications, Vol. 2, IEEE, Miami, FL, USA, 2013, pp. 54–59,.

Digital Library

[24]

Beresford D., Exploiting siemens simatic s7 plcs, Black Hat USA 16 (2) (2011) 723–733.

[25]

Bhandari G., Naseer A., Moonen L., Cvefixes: automated collection of vulnerabilities and their fixes from open-source software, in: Proceedings of the 17th International Conference on Predictive Models and Data Analytics in Software Engineering, in: PROMISE 2021, Association for Computing Machinery, New York, NY, USA, 2021, pp. 30–39,.

Digital Library

[26]

Blinowski G.J., Piotrowski P., Wiśniewski M., Comparing support vector machine and neural network classifiers of cve vulnerabilities, in: Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT, SciTePress, 2021, pp. 734–740,.

[27]

Bozorgi M., Saul L.K., Savage S., Voelker G.M., Beyond heuristics: Learning to classify vulnerabilities and predict exploits, in: Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD ’10, Association for Computing Machinery, New York, NY, USA, 2010, pp. 105–114,.

Digital Library

[28]

Bulle B.B., Santin A.O., Viegas E.K., dos Santos R.R., A host-based intrusion detection model based on OS diversity for SCADA, in: IECON 2020 the 46th Annual Conference of the IEEE Industrial Electronics Society, IEEE, Singapore, 2020, pp. 691–696,.

Digital Library

[29]

Carcano A., Coletta A., Guglielmi M., Masera M., Fovino I.N., Trombetta A., A multidimensional critical state analysis for detecting intrusions in SCADA systems, IEEE Trans. Ind. Inform. 7 (2011) 179–186. URL https://api.semanticscholar.org/CorpusID:13933599.

[30]

Cárdenas A.A., Amin S., Lin Z.-S., Huang Y.-L., Huang C.-Y., Sastry S., Attacks against process control systems: risk assessment, detection, and response, in: ASIACCS ’11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS ’11, Association for Computing Machinery, New York, NY, USA, 2011, pp. 355–366,.

Digital Library

[31]

Christey S., Martin R.A., Vulnerability type distributions in CVE, 2007, URL http://cwe.mitre.org/documents/vuln-trends.html.

[32]

CISA H., Open automation software OPC systems NET DLL hijacking vulnerability, CISA (2018) URL https://www.cisa.gov/news-events/ics-advisories/icsa-15-344-02.

[33]

CISA H., ABB GATE-E2, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-18-352-01, (Accessed 31 July 2023).

[34]

CISA H., Advantech WebAccess HMI designer, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-20-219-02, (Accessed 31 July 2023).

[35]

CISA H., Advantech WebAccess node: CISA, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-20-128-01, (Accessed 30 July 2023).

[36]

CISA H., Advantech WebAccess vulnerabilities, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-16-014-01, (Accessed 31 July 2023).

[37]

CISA H., Advantech WebAccess/SCADA, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-21-075-01, (Accessed 31 July 2023).

[38]

CISA H., Advantech webop, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-17-227-01, (Accessed 30 July 2023).

[39]

CISA H., Automation direct CLICK PLC CPU modules, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-21-166-02, (Accessed 30 July 2023).

[40]

CISA H., AVEVA enterprise data management web, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-20-254-01, (Accessed 31 July 2023).

[41]

CISA H., FATEK automation WinProladder, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-21-175-01, (Accessed 31 July 2023).

[42]

CISA H., Honeywell ControlEdge PLC and RTU, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-20-175-02, (Accessed 30 July 2023).

[43]

CISA H., Horner automation cscape, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-21-112-01, (Accessed 3 August 2023).

[44]

CISA H., Horner automation cscape csfont, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-22-146-02, Accessed 30 July 2023.

[45]

CISA H., Kunbus PR100088 modbus gateway (update B), 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-19-036-05, (Accessed 31 July 2023).

[46]

CISA H., LCDS - leão consultoria e desenvolvimento de sistemas ltda ME laquis SCADA, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-18-298-02, (Accessed 31 July 2023).

[47]

CISA H., Modbus tools modbus slave, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-22-088-04, (Accessed 28 July 2023).

[48]

CISA H., mySCADA myPRO, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-21-217-03, (Accessed 3 August 2023).

[49]

CISA H., Phoenix contact ILC PLC authentication vulnerabilities, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-16-313-01, (Accessed 31 July 2023).

[50]

CISA H., Rockwell automation CompactLogix 5370, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-19-120-01, (Accessed 31 July 2023).

[51]

CISA H., Rockwell automation studio 5000 logix designer, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-22-090-07, (Accessed 31 July 2023).

[52]

CISA H., Siemens S7-400 CPUs, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-18-317-02, (Accessed 30 July 2023).

[53]

CISA H., Siemens SICAM, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-17-320-02, (Accessed 31 July 2023).

[54]

CISA H., Siemens SRCS VPN feature in SIMATIC CP devices (update A), 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-22-195-12, (Accessed 31 July 2023)).

[55]

CISA H., Vulnerability summary for the week of august 31, 2020, 2023, URL https://www.cisa.gov/news-events/bulletins/sb20-251, (Accessed 31 July 2023).

[56]

CISA H., WECON PLC editor, 2023, URL https://www.cisa.gov/news-events/ics-advisories/icsa-21-315-01, (Accessed 28 July 2023).

[57]

Colbert E.J., Kott A., Cyber-Security of SCADA and Other Industrial Control Systems, Springer, 2016.

[58]

Conklin W.A., IT vs. OT security: A time to consider a change in CIA to include resilienc, in: 2016 49th Hawaii International Conference on System Sciences, HICSS, IEEE, Koloa, HI, USA, 2016, pp. 2642–2647,.

Digital Library

[59]

Eckhart M., Ekelhart A., Lüder A., Biffl S., Weippl E., Security development lifecycle for cyber-physical production systems, in: IECON 2019 - 45th Annual Conference of the IEEE Industrial Electronics Society, Vol. 1, IEEE, Portugal, 2019, pp. 3004–3011,.

Digital Library

[60]

Edkrantz M., Said A., Predicting cyber vulnerability exploits with machine learning, in: Thirteenth Scandinavian Conference on Artificial Intelligence SCAI, IOS Press, Sweden, 2015, pp. 48–57.

[61]

Empl P., Schlette D., Stöger L., Pernul G., Generating ICS vulnerability playbooks with open standards, Int. J. Inf. Secur. 23 (2) (2024) 1215–1230.

[62]

Etzioni A., The private sector: A reluctant partner in cybersecurity, Geo. J. Int’l Aff. 15 (2014) 69.

[63]

Faramondi L., Flammini F., Guarino S., Setola R., A hardware-in-the-loop water distribution testbed dataset for cyber-physical security testing, IEEE Access 9 (2021) 122385–122396,.

[64]

Fauri D., de Wijs B., den Hartog J., Costante E., Zambon E., Etalle S., Encryption in ICS networks: A blessing or a curse?, in: 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm), IEEE, Germany, 2017, pp. 289–294.

[65]

Franco D.J., Muhammed A.B., Subramaniam S.K., Abdullah A., Silva R.M., Akram O.K., A review on current and old SCADA networks applied to water distribution systems, in: 2019 First International Conference of Intelligent Computing and Engineering, ICOICE, IEEE, Hadhramout, Yemen, 2019, pp. 1–11,.

[66]

Gaggero G.B., Machine learning based anomaly detection for cybersecurity monitoring of critical infrastructures, 2022.

[67]

Gharib A., Sharafaldin I., Lashkari A.H., Ghorbani A.A., An evaluation framework for intrusion detection dataset, in: 2016 International Conference on Information Science and Security, ICISS, IEEE, 2016, pp. 1–6,.

[68]

Ghurab M., Gaphari G., Alshami F., Alshamy R., Othman S., A detailed analysis of benchmark datasets for network intrusion detection system, Asian J. Res. Comput. Sci. 7 (4) (2021) 14–33.

[69]

Gkortzis A., Mitropoulos D., Spinellis D., Vulinoss: a dataset of security vulnerabilities in open-source systems, in: MSR ’18: Proceedings of the 15th International Conference on Mining Software Repositories, MSR ’18, Association for Computing Machinery, New York, NY, USA, 2018, pp. 18–21,.

Digital Library

[70]

Golrang A., Golrang A.M., Yildirim Yayilgan S., Elezaj O., A novel hybrid IDS based on modified NSGAII-ANN and random forest, electronics 9 (4) (2020) 577.

[71]

Graff M., Van Wyk K.R., Secure Coding: Principles and Practices, “O’Reilly Media, Inc.”, 2003.

[72]

Guevara I., Fradkin C., Growing ICS vulnerabilities mandate prioritization: Use vulnerability management at the convergence of information and operational technologies to lower risk to industrial control systems, Control Eng. 68 (2) (2021) 31–34.

[73]

Hadžiosmanović D., Sommer R., Zambon E., Hartel P.H., Through the eye of the PLC: semantic security monitoring for industrial processes, in: ACSAC14 Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC ’14, Association for Computing Machinery, New York, NY, USA, 2014, pp. 126–135,.

Digital Library

[74]

Hoque M.S., Jamil N., Amin N., Lam K.-Y., An improved vulnerability exploitation prediction model with novel cost function and custom trained word vector embedding, Sensors 21 (12) (2021),. URL https://www.mdpi.com/1424-8220/21/12/4220.

[75]

Housen-Couriel D., Information sharing for the mitigation of hostile activity in cyberspace: Comparing two nascent models (part 1), Eur. Cybersecur. J. 4 (3) (2018) 44–50.

[76]

Howland H., Cvss: Ubiquitous and broken, Digit. Threats: Res. Pract. 4 (1) (2023) 1–12,.

Digital Library

[77]

HSGAC H., Use of cryptocurrency in ransomware attacks, available data, and national security concerns, 2021, URL https://www.hsgac.senate.gov/wp-content/uploads/imo/media/doc/HSGAC%20Majority%20Cryptocurrency%20Ransomware%20Report_Executive%20Summary.pdf.

[78]

Hui H., McLaughlin K., Sezer S., Vulnerability analysis of S7 PLCs: Manipulating the security mechanism, Int. J. Crit. Infrastruct. Prot. 35 (2021),. URL https://www.sciencedirect.com/science/article/pii/S1874548221000573.

Digital Library

[79]

Humphrey M., Identifying the Critical Success Factors to Improve Information Security Incident Reporting, (Ph.D. thesis) Cranfield University, 2017.

[80]

Igure V.M., Laughter S.A., Williams R.D., Security issues in SCADA networks, Comput. Secur. 25 (7) (2006) 498–506,. URL https://www.sciencedirect.com/science/article/pii/S0167404806000514.

Digital Library

[81]

Jabez J., Muthukumar B., Intrusion detection system (IDS): Anomaly detection using outlier detection approach, Procedia Comput. Sci. 48 (2015) 338–346,. URL https://www.sciencedirect.com/science/article/pii/S1877050915007000, International Conference on Computer, Communication and Convergence (ICCC 2015).

[82]

Jimenez M., Le Traon Y., Papadakis M., [Engineering paper] enabling the continuous analysis of security vulnerabilities with VulData7, in: 2018 IEEE 18th International Working Conference on Source Code Analysis and Manipulation, SCAM, IEEE, Madrid, Spain, 2018, pp. 56–61,.

[83]

Johnson R.E., Survey of SCADA security challenges and potential attack vectors, in: 2010 International Conference for Internet Technology and Secured Transactions, IEEE, London, UK, 2010, pp. 1–5.

[84]

Jung W.-C., Kim J., Park N., Web-browsing application using web scraping technology in Korean network separation application, Symmetry 13 (8) (2021) 1550.

[85]

Kant D., Creutzburg R., Johannsen A., Investigation of risks for critical infrastructures due to the exposure of SCADA systems and industrial controls on the internet based on the search engine shodan, Electron. Imaging 2020 (3) (2020) 1–16,.

[86]

Karatas G., Demir O., Sahingoz O.K., Increasing the performance of machine learning-based IDSs on an imbalanced and up-to-date dataset, IEEE Access 8 (2020) 32150–32162,.

[87]

Khalil S.M., Bahsi H., Korõtko T., Threat modeling of industrial control systems: A systematic literature review, Comput. Secur. (2023).

[88]

Kilman, D., Stamp, J., 2005. Framework for SCADA security policy. Sandia National Laboratories report SAND2005-1002C.

[89]

Kissel R., Stine K.M., Scholl M.A., Rossman H., Fahlsing J., Gulick J., Sp 800-64 rev. 2. security considerations in the system development life cycle, 2008.

[90]

Klahr R., Shah J., Sheriffs P., Rossington T., Pestell G., Button M., Wang V., Cyber security breaches survey, in: A Survey Detailing Business Action or Cyber Security and the Costs and Impacts of Cyber Breaches and Attacks, 2017, Department for Culture, Media; Sport, United Kingdom, 2017.

[91]

Klick J., Lau S., Marzin D., Malchow J.-O., Roth V., Internet-facing PLCs as a network backdoor, in: 2015 IEEE Conference on Communications and Network Security, CNS, IEEE, Florence, Italy, 2015, pp. 524–532,.

[92]

Kuehn P., Bayer M., Wendelborn M., Reuter C., OVANA: An approach to analyze and improve the information quality of vulnerability databases, in: Proceedings of the 16th International Conference on Availability, Reliability and Security, ARES ’21, Association for Computing Machinery, New York, NY, USA, 2021, p. 22,.

Digital Library

[93]

Kuipers D., Fabro M., Control systems cyber security: Defense in depth strategies, Idaho National Lab.(INL), Idaho Falls, ID (United States), 2006.

[94]

Labrotary L., DARPA Intrusion Detection Evaluation Data Set, Massachusetts Institute of technology. Retrieved January, Cambridge, MA, 1999, p. 2009.

[95]

Lakshmi B.S., Kovvuri D., Bolisetti H.N.V., Chikkala D.S., Karri S., Yadlapalli G., A proactive approach for detecting SQL and XSS injection attacks, in: 2024 3rd International Conference on Applied Artificial Intelligence and Computing, ICAAIC, IEEE, Salem, India, 2024, pp. 1415–1420,.

[96]

Larkin R.D., Lopez Jr. J., Butts J.W., Grimaila M.R., Evaluation of security solutions in the SCADA environment, ACM SIGMIS Database: DATABASE Adv. Inf. Syst. 45 (1) (2014) 38–53.

[97]

Lee J.-M., Hong S., Host-oriented approach to cyber security for the scada systems, in: 2020 6th IEEE Congress on Information Science and Technology (CiSt), IEEE, Morocco, 2021, pp. 151–155,.

[98]

Lee W., Stolfo S.J., Mok K.W., Mining in a data-flow environment: Experience in network intrusion detection, in: Proceedings of the Fifth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Association for Computing Machinery ACM, USA, 1999, pp. 114–124.

[99]

Lika R.A., Murugiah D., Brohi S.N., Ramasamy D., NotPetya: Cyber attack prevention through awareness via gamification, in: 2018 International Conference on Smart Computing and Electronic Enterprise, ICSCEE, IEEE, Malaysia, 2018, pp. 1–6,.

[100]

Maesschalck S., Giotsas V., Green B., Race N., Don’t get stung, cover your ICS in honey: How do honeypots fit within industrial control system security, Comput. Secur. 114 (2022).

Digital Library

[101]

Makrakis G.M., Kolias C., Kambourakis G., Rieger C., Benjamin J., Industrial and critical infrastructure security: Technical analysis of real-life security incidents, IEEE Access 9 (2021) 165295–165325,.

[102]

McHugh J., Testing intrusion detection systems: A critique of the 1998 and 1999 NSL-KDDA intrusion detection system evaluations as performed by lincoln laboratory, ACM Trans. Inf. Syst. Secur. 3 (4) (2000) 262–294,.

Digital Library

[103]

McLaughlin S., Konstantinou C., Wang X., Davi L., Sadeghi A.-R., Maniatakos M., Karri R., The cybersecurity landscape in industrial control systems, Proc. IEEE 104 (5) (2016) 1039–1057,.

[104]

McLaughlin S., Konstantinou C., Wang X., Davi L., Sadeghi A.-R., Maniatakos M., Karri R., The cybersecurity landscape in industrial control systems, Proc. IEEE 104 (5) (2016) 1039–1057.

[105]

Meena G., Choudhary R.R., A review paper on IDS classification using KDD 99 and NSL kdd dataset in WEKA, in: 2017 International Conference on Computer, Communications and Electronics (Comptelix), IEEE, India, 2017, pp. 553–558,.

[106]

Miller B., Rowe D., A survey SCADA of and critical infrastructure incidents, in: Proceedings of the 1st Annual Conference on Research in Information Technology, Association for Computing Machinery, New York, NY, USA, 2012, pp. 51–56,.

Digital Library

[107]

Miller T., Staves A., Maesschalck S., Sturdee M., Green B., Looking back to look forward: Lessons learnt from cyber-attacks on industrial control systems, Int. J. Crit. Infrastruct. Prot. 35 (2021),. URL https://www.sciencedirect.com/science/article/pii/S1874548221000524.

Digital Library

[108]

MITRE T., ICS matrix, 2024, URL https://attack.mitre.org/matrices/ics/, Accessed 08 April 2024.

[109]

Morris T., Gao W., Industrial control system traffic data sets for intrusion detection research, in: Butts J., Shenoi S. (Eds.), Critical Infrastructure Protection VIII, Springer Berlin Heidelberg, Berlin, Heidelberg, 2014, pp. 65–78.

[110]

Morris T.H., Thornton Z., Turnipseed I., Industrial control system simulation and data logging for intrusion detection system research, in: 7th Annual Southeastern Cyber Security Summit, CAE, Huntsville, AL, 2015, pp. 3–4.

[111]

Morris T., Vaughn R., Dandass Y.S., A testbed for SCADA control system cybersecurity research and pedagogy, in: Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research, Association for Computing Machinery, NY, USA, 2011, p. 1.

[112]

Moustafa N., Slay J., UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set), in: 2015 Military Communications and Information Systems Conference (MilCIS), IEEE, Canberra, Australia, 2015, pp. 1–6.

[113]

Mubarak S., Habaebi M.H., Islam M.R., Rahman F.D.A., Tahir M., Anomaly detection in ICS datasets with machine learning algorithms, Comput. Syst. Sci. Eng. 37 (1) (2021).

[114]

Nair A., Ray A., Reddy L., Marali M., Mapping of CVE-ID to tactic for comprehensive vulnerability management of ICS, in: Inventive Communication and Computational Technologies: Proceedings of ICICCT 2022, Springer, 2022, pp. 559–571.

[115]

Neuhaus S., Zimmermann T., Security trend analysis with CVE topic models, in: 2010 IEEE 21st International Symposium on Software Reliability Engineering, IEEE, USA, 2010, pp. 111–120,.

Digital Library

[116]

Newman D., KDD cup’99 data sets, Retrieved February 7 (1999) 2010.

[117]

Ortega-Fernandez I., Sestelo M., Burguillo J.C., Pinon-Blanco C., Network intrusion detection system for DDoS attacks in ICS using deep autoencoders, Wirel. Netw. (2023) 1–17.

[118]

Osman F.A., Hashem M.Y., Eltokhy M.A., Secured cloud SCADA system implementation for industrial applications, Multimedia Tools Appl. 81 (7) (2022) 9989–10005.

[119]

Paridari K., O’Mahony N., El-Din Mady A., Chabukswar R., Boubekeur M., Sandberg H., A framework for attack-resilient industrial control systems: Attack detection and controller reconfiguration, Proc. IEEE 106 (1) (2018) 113–128,.

[120]

Park J., Sandhu R., Gupta M., Bhatt S., Activity control design principles: Next generation access control for smart and collaborative systems, IEEE Access 9 (2021) 151004–151022,.

[121]

Pham V., Dang T., CVExplorer: Multidimensional visualization for common vulnerabilities and exposures, in: 2018 IEEE International Conference on Big Data (Big Data), IEEE, Seattle, WA, USA, 2018, pp. 1296–1301,.

[122]

Pidikiti D.S., Kalluri R., Kumar R.S., Bindhumadhava B., SCADA communication protocols: vulnerabilities, attacks and possible mitigations, CSI Trans. ICT 1 (2) (2013) 135–141.

[123]

Pipino L.L., Lee Y.W., Wang R.Y., Data quality assessment, Commun. ACM 45 (4) (2002) 211–218,.

Digital Library

[124]

Pliatsios D., Sarigiannidis P., Lagkas T., Sarigiannidis A.G., A survey on SCADA systems: secure protocols, incidents, threats and tactics, IEEE Commun. Surv. Tutor. 22 (3) (2020) 1942–1976.

[125]

Ponta S.E., Plate H., Sabetta A., Bezzi M., Dangremont C., A manually-curated dataset of fixes to vulnerabilities of open-source software, in: 2019 IEEE/ACM 16th International Conference on Mining Software Repositories, MSR, IEEE, Canada, 2019, pp. 383–387,.

Digital Library

[126]

Pooja T., Shrinivasacharya P., Evaluating neural networks using Bi-Directional LSTM for network IDS (intrusion detection systems) in cyber security, Global Transitions Proceedings 2 (2) (2021) 448–454,. International Conference on Computing System and its Applications (ICCSA- 2021).

[127]

Powell M., Brule J., Pease M., Stouffer K., Tang C., Zimmerman T., Deane C., Hoyt J., Raguso M., Sherule A., et al., Protecting information and system integrity in industrial control system environments, 2022.

[128]

Qi J., Zhang X., McCarty G.W., Sadeghi A.M., Cosh M.H., Zeng X., Gao F., Daughtry C.S., Huang C., Lang M.W., Arnold J.G., Assessing the performance of a physically-based soil moisture module integrated within the soil and water assessment tool, Environ. Model. Softw. 109 (2018) 329–341,.

[129]

Raj G., Singh D., Bansal A., Analysis for security implementation in SDLC, in: 2014 5th International Conference - Confluence the Next Generation Information Technology Summit (Confluence), 2014, pp. 221–226,.

[130]

Reinthal A., Filippakis E.L., Almgren M., Data modelling for predicting exploits, in: Gruschka N. (Ed.), Secure IT Systems, Springer International Publishing, Cham, 2018, pp. 336–351.

[131]

Revathi S., Malathi A., A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection, Int. J. Eng. Res. Technol. (IJERT) 2 (12) (2013) 1848–1853.

[132]

Rodofile N.R., Radke K., Foo E., Framework for SCADA cyber-attack dataset creation, in: Proceedings of the Australasian Computer Science Week Multiconference, ACSW ’17, Association for Computing Machinery, New York, NY, USA, 2017, p. 69,.

Digital Library

[133]

Rodriguez L.G.A., Trazzi J.S., Fossaluza V., Campiolo R., Batista D.M., Analysis of vulnerability disclosure delays from the national vulnerability database, in: Workshop de Segurança Cibernética em Dispositivos Conectados, WSCDC, SBC, 2018.

[134]

Rossberg J., Beginning Application Lifecycle Management, A Press, 2014.

[135]

Ruefle R., Dorofee A., Mundie D., Householder A.D., Murray M., Perl S.J., Computer security incident response team development and evolution, IEEE Secur. Privacy 12 (5) (2014) 16–26,.

[136]

Rytel M., Felkner A., Janiszewski M., Towards a safer internet of things—A survey of IoT vulnerability data sources, Sensors 20 (21) (2020) 5969.

[137]

Sajid A., Abbas H., Saleem K., Cloud-assisted IoT-based SCADA systems security: A review of the state of the art and future challenges, IEEE Access 4 (2016) 1375–1384,.

[138]

Scott M.J., CICP C., Protecting industrial control system software with secure coding practices, ISACA (2023).

[139]

Seacord R.C., Secure Coding in C and C++, Addison-Wesley, 2013.

[140]

Sindhwad P.V., Samant M., Kazi F., Security challenges in cyber physical system communication protocols: Empirical analysis based on disclosed vulnerabilities, in: 2022 IEEE International Conference on Advanced Networks and Telecommunications Systems, ANTS, IEEE, Gandhinagar, Gujarat, India, 2022, pp. 464–469,.

[141]

Smith L.J., Estimating Security Risk in Open Source Package Repositories: An Empirical Analysis and Predictive Model of Software Vulnerabilities, (Ph.D. thesis) Capella University, 2019.

[142]

Stouffer K., Falco J., Scarfone K., et al., Guide to industrial control systems (ICS) security, NIST Special Publication 800 (82) (2011) 16.

[143]

Su T., Sun H., Zhu J., Wang S., Li Y., BAT: Deep learning methods on network intrusion detection using NSL-kdd dataset, IEEE Access 8 (2020) 29575–29585,.

[144]

Suaboot J., Fahad A., Tari Z., Grundy J., Mahmood A.N., Almalawi A., Zomaya A.Y., Drira K., A taxonomy of supervised learning for idss in scada environments, ACM Comput. Surv. 53 (2) (2020) 1–37,.

Digital Library

[145]

Susantha K., Lu D., Wang X., Lessons learned from previous cyberattacks on energy systems–global and Australian context, in: 2023 IEEE International Future Energy Electronics Conference, IFEEC, IEEE, Sydney, Australia, 2023, pp. 550–554,.

[146]

Taormina R., Galelli S., Tippenhauer N.O., Salomons E., Ostfeld A., Characterizing cyber-physical attacks on water distribution systems, J. Water Resour. Plan. Manag. 143 (5) (2017).

[147]

Tavabi N., Goyal P., Almukaynizi M., Shakarian P., Lerman K., DarkEmbed: Exploit prediction with neural language models, in: Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 32, AAAI, California, USA, 2018, pp. 49–52,. URL https://ojs.aaai.org/index.php/AAAI/article/view/11428.

[148]

Tavallaee M., Bagheri E., Lu W., Ghorbani A.A., A detailed analysis of the KDD cup 99 data set, in: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, IEEE, Barcelona, Spain, 2009, pp. 1–6.

[149]

Tavallaee M., Bagheri E., Lu W., Ghorbani A.A., A detailed analysis of the kdd cup 99 dataset, in: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, IEEE, Ottawa, ON, Canada, 2009, pp. 1–6,.

[150]

Tellabi A., Sassmanhausen J., Bajramovic E., Ruland K.C., Overview of authentication and access controls for ICS systems, in: 2018 IEEE 16th International Conference on Industrial Informatics, INDIN, IEEE, Portugal, 2018, pp. 882–889,.

[151]

Thomas R.J., Chothia T., Learning from vulnerabilities-categorising, understanding and detecting weaknesses in industrial control systems, in: Computer Security: ESORICS 2020 International Workshops, CyberICPS, SECPRE, and ADIoT, Guildford, UK, September 14–18, 2020, Revised Selected Papers 6, Springer, Cham, 2020, pp. 100–116.

[152]

Thomas R.J., Gardiner J., Chothia T., Samanis E., Perrett J., Rashid A., Catch me if you can: An in-depth study of CVE discovery time and inconsistencies for managing risks in critical infrastructures, in: Proceedings of the 2020 Joint Workshop on CPS&IoT Security and Privacy, CPSIOTSEC ’20, Association for Computing Machinery, New York, NY, USA, 2020, pp. 49–60,.

Digital Library

[153]

Thomas R.J., Gardiner J., Chothia T., Samanis E., Perrett J., Rashid A., Catch me if you can: An in-depth study of CVE discovery time and inconsistencies for managing risks in critical infrastructures, in: Proceedings of the 2020 Joint Workshop on CPS&IoT Security and Privacy, CPSIOTSEC ’20, Association for Computing Machinery, New York, NY, USA, 2020, pp. 49–60,.

Digital Library

[154]

Upadhyay D., Sampalli S., SCADA (supervisory control and data acquisition) systems: Vulnerability assessment and security recommendations, Comput. Secur. 89 (2020),. URL https://www.sciencedirect.com/science/article/pii/S0167404819302068.

Digital Library

[155]

Ur-Rehman A., Gondal I., Kamruzzaman J., Jolfaei A., Vulnerability modelling for hybrid industrial control system networks, J. Grid Comput. 18 (2020) 863–878.

[156]

Venugopal V., Alves-Foss J., Ravindrababu S.G., Use of an SDN switch in support of NIST ICS security recommendations and least privilege networking, in: Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop, NIST, USA, 2019, pp. 11–20.

[157]

Weiss J., Protecting Industrial Control Systems from Electronic Threats, Momentum Press, 2010.

[158]

Wermann A.G., Bortolozzo M.C., Germano da Silva E., Schaeffer-Filho A., Paschoal Gaspary L., Barcellos M., ASTORIA: A framework for attack simulation and evaluation in smart grids, in: NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, IEEE, Istanbul, Turkey, 2016, pp. 273–280,.

Digital Library

[159]

Williams M.A., Barranco R.C., Naim S.M., Dey S., Shahriar Hossain M., Akbar M., A vulnerability analysis and prediction framework, Comput. Secur. 92 (2020),. URL https://www.sciencedirect.com/science/article/pii/S0167404820300353.

[160]

Williams M.A., Dey S., Barranco R.C., Naim S.M., Hossain M.S., Akbar M., Analyzing evolving trends of vulnerabilities in national vulnerability database, in: 2018 IEEE International Conference on Big Data (Big Data), IEEE, Seattle, WA, USA, 2018, pp. 3011–3020,.

[161]

Williams T.J., et al., A reference model for computer integrated manufacturing (CIM), International Purdue Works 25 (1989).

[162]

Wu Y., Song S., Zhuge J., Yin T., Li T., Zhu J., Guo G., Liu Y., Hu J., Icscope: Detecting and measuring vulnerable ICS devices exposed on the internet, in: International Conference on Information Systems Security and Privacy, Springer, Cham, -, 2021, pp. 1–24,.

[163]

Wueest C., Targeted attacks against the energy sector, Symantec Security Response, Mountain View, CA (2014).

[164]

Yadav G., Paul K., Architecture and security of SCADA systems: A review, Int. J. Crit. Infrastruct. Prot. 34 (2021),. URL https://www.sciencedirect.com/science/article/pii/S1874548221000251.

Digital Library

[165]

Zaman M., Upadhyay D., Lung C.-H., Validation of a machine learning-based IDS design framework using ORNL datasets for power system with SCADA, IEEE Access 11 (2023) 118414–118426,.

[166]

Zardasti L., Yahaya N., Valipour A., Rashid A.S.A., Noor N.M., Review on the identification of reputation loss indicators in an onshore pipeline explosion event, J. Loss Prev. Process Ind. 48 (2017) 71–86.

[167]

Zhang S., Caragea D., Ou X., An empirical study on using the national vulnerability database to predict software vulnerabilities, in: International Conference on Database and Expert Systems Applications, Springer, Berlin, Heidelberg, 2011, pp. 217–231.

[168]

Zohrevand Z., Glasser U., Shahir H.Y., Tayebi M.A., Costanzo R., Hidden Markov based anomaly detection for water supply systems, in: 2016 IEEE International Conference on Big Data (Big Data), IEEE, Washington, DC, USA, 2016, pp. 1551–1560,.

Index Terms

ICS-LTU2022: A dataset for ICS vulnerabilities

Index terms have been assigned to the content through auto-classification.

Recommendations

Virtualization of Industrial Control System Testbeds for Cybersecurity
ICSS '16: Proceedings of the 2nd Annual Industrial Control System Security Workshop

With an immense number of threats pouring in from nation states and hacktivists as well as terrorists and cybercriminals, the requirement of a globally secure infrastructure becomes a major obligation. Most critical infrastructures were primarily ...
Improving SCADA control systems security with software vulnerability analysis
ACMOS'10: Proceedings of the 12th WSEAS international conference on Automatic control, modelling & simulation

Cyber security threats and attacks are greatly affecting the security of critical infrastructure, industrial control systems, and Supervisory Control and Data Acquisition (SCADA) control systems. Despite growing awareness of security issues especially ...
Cyber-Physical Systems Security Based on a Cross-Linked and Correlated Vulnerability Database
Critical Information Infrastructures Security
Abstract
Recent advances in data analytics prompt dynamic data-driven vulnerability assessments whereby data contained from vulnerability-alert repositories as well as from Cyber-physical System (CPS) layer networks and standardised enumerations. Yet, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Computers and Security

Computers and Security Volume 148, Issue C

Jan 2025

1329 pages

Issue’s Table of Contents

The Authors.

Publisher

Elsevier Advanced Technology Publications

United Kingdom

Publication History

Published: 30 January 2025

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Feb 2025

Other Metrics

View Author Metrics

Citations

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents