Creating Synthetic Attacks with Evolutionary Algorithms for Proactive Defense of Industrial Control Systems

Loading...
Thumbnail Image
Authors
Haynes, Nathan J.
Nguyen, Thuy D.
Rowe, Neil C.
Subjects
Advisors
Date of Issue
2023
Date
Publisher
HICSS
Language
Abstract
Industrial control systems (ICS) play an important role in critical infrastructure. Cybersecurity defenders can use honeypots (decoy systems) to capture and study malicious ICS traffic. A problem with existing ICS honeypots is their low interactivity, causing intruders to quickly abandon the attack attempts. This research aims to improve ICS honeypots by feeding them realistic artificially generated packets and examining their behavior to proactively identify functional gaps in defenses. Our synthetic attack generator (SAGO) uses an evolutionary algorithm on known attack traffic to create new variants of Log4j exploits (CVE-2021- 44228) and Industroyer2 malware. We tested over 5,200 and 256 unique Log4j and IEC 104 variations respectively, with success rates up to 70 percent for Log4j and 40 percent for IEC 104. We identified improvements to our honeypot’ s interactivity based on its responses to these attacks. Our technique can aid defenders in hardening perimeter protection against new attack variants.
Type
Conference Paper
Description
Proceedings of the 56th Hawaii International Conference on System Sciences | 2023
The article of record as published may be found at ttps://hdl.handle.net/10125/102842
Department
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
10 p.
Citation
Haynes, Nathaniel, Thuy Nguyen, and Neil Rowe. "Creating Synthetic Attacks with Evolutionary Algorithms for Proactive Defense of Industrial Control Systems." (2023).
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections