2021 |
P. Radoglou-Grammatikis; A. Liatifis; E. Grigoriou; T. Saoulidis; A. Sarigiannidis; T. Lagkas; P. Sarigiannidis , "TRUSTY: A solution for threat hunting using data analysis in critical infrastructures", 2021. Conference Περίληψη | BibTeX | Ετικέτες: Cybersecurity, Dataset, Honeypot, Industrial Internet of Things, Multi-Armed Bandit, Reinforcement Learning, Thompson Sampling | Σύνδεσμοι: @conference{Radoglou-Grammatikis2021485, title = {TRUSTY: A solution for threat hunting using data analysis in critical infrastructures}, author = { P. Radoglou-Grammatikis and A. Liatifis and E. Grigoriou and T. Saoulidis and A. Sarigiannidis and T. Lagkas and P. Sarigiannidis}, url = {https://www.researchgate.net/publication/354396254_TRUSTY_A_Solution_for_Threat_Hunting_Using_Data_Analysis_in_Critical_Infrastructures}, doi = {10.1109/CSR51186.2021.9527936}, year = {2021}, date = {2021-01-01}, journal = {Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021}, pages = {485-490}, abstract = {The rise of the Industrial Internet of Things (IIoT) plays a crucial role in the era of hyper-connected digital economies. Despite the valuable benefits, such as increased resiliency, self-monitoring and pervasive control, IIoT raises severe cybersecurity and privacy risks, allowing cyberattackers to exploit a plethora of vulnerabilities and weaknesses that can lead to disastrous consequences. Although the Intrusion Detection and Prevention Systems (IDPS) constitute valuable solutions, they suffer from several gaps, such as zero-day attacks, unknown anomalies and false positives. Therefore, the presence of supporting mechanisms is necessary. To this end, honeypots can protect the real assets and trap the cyberattackers. In this paper, we provide a web-based platform called TRUSTY , which is capable of aggregating, storing and analysing the detection results of multiple industrial honeypots related to Modbus/Transmission Control Protocol (TCP), IEC 60870-5-104, BACnet, Message Queuing Telemetry Transport (MQTT) and EtherNet/IP. Based on this analysis, we provide a dataset related to honeypot security events. Moreover, this paper provides a Reinforcement Learning (RL) method, which decides about the number of honeypots that can be deployed in an industrial environment in a strategic way. In particular, this decision is converted into a Multi-Armed Bandit (MAB), which is solved with the Thompson Sampling (TS) method. The evaluation analysis demonstrates the efficiency of the proposed method. © 2021 IEEE.}, keywords = {Cybersecurity, Dataset, Honeypot, Industrial Internet of Things, Multi-Armed Bandit, Reinforcement Learning, Thompson Sampling}, pubstate = {published}, tppubtype = {conference} } The rise of the Industrial Internet of Things (IIoT) plays a crucial role in the era of hyper-connected digital economies. Despite the valuable benefits, such as increased resiliency, self-monitoring and pervasive control, IIoT raises severe cybersecurity and privacy risks, allowing cyberattackers to exploit a plethora of vulnerabilities and weaknesses that can lead to disastrous consequences. Although the Intrusion Detection and Prevention Systems (IDPS) constitute valuable solutions, they suffer from several gaps, such as zero-day attacks, unknown anomalies and false positives. Therefore, the presence of supporting mechanisms is necessary. To this end, honeypots can protect the real assets and trap the cyberattackers. In this paper, we provide a web-based platform called TRUSTY , which is capable of aggregating, storing and analysing the detection results of multiple industrial honeypots related to Modbus/Transmission Control Protocol (TCP), IEC 60870-5-104, BACnet, Message Queuing Telemetry Transport (MQTT) and EtherNet/IP. Based on this analysis, we provide a dataset related to honeypot security events. Moreover, this paper provides a Reinforcement Learning (RL) method, which decides about the number of honeypots that can be deployed in an industrial environment in a strategic way. In particular, this decision is converted into a Multi-Armed Bandit (MAB), which is solved with the Thompson Sampling (TS) method. The evaluation analysis demonstrates the efficiency of the proposed method. © 2021 IEEE. |
Διεύθυνση
Internet of Things and Applications Lab
Department of Electrical and Computer Engineering
University of Western Macedonia Campus
ZEP Area, Kozani 50100
Greece
Πληροφορίες Επικοινωνίας
tel: +30 2461 056527
Email: ithaca@uowm.gr