Creating Synthetic Attacks with Evolutionary Algorithms for Proactive Defense of Industrial Control Systems

Autor: Haynes, Nathan J., Nguyen, Thuy D., Rowe, Neil C.
Rok vydání: 2023
Popis: Proceedings of the 56th Hawaii International Conference on System Sciences | 2023 The article of record as published may be found at ttps://hdl.handle.net/10125/102842 Industrial control systems (ICS) play an important role in critical infrastructure. Cybersecurity defenders can use honeypots (decoy systems) to capture and study malicious ICS traffic. A problem with existing ICS honeypots is their low interactivity, causing intruders to quickly abandon the attack attempts. This research aims to improve ICS honeypots by feeding them realistic artificially generated packets and examining their behavior to proactively identify functional gaps in defenses. Our synthetic attack generator (SAGO) uses an evolutionary algorithm on known attack traffic to create new variants of Log4j exploits (CVE-2021- 44228) and Industroyer2 malware. We tested over 5,200 and 256 unique Log4j and IEC 104 variations respectively, with success rates up to 70 percent for Log4j and 40 percent for IEC 104. We identified improvements to our honeypot’ s interactivity based on its responses to these attacks. Our technique can aid defenders in hardening perimeter protection against new attack variants.
Databáze: OpenAIRE