The impressive growth of the IoT we witnessed in the recent years came together with a surge in cyber attacks that target it. Factories adhering to digital transformation programs are quickly adopting the IoT paradigm and are thus increasingly exposed to a large number of cyber threats that need to be detected, analyzed and appropriately mitigated. In this scenario, a common approach that is used in large organizations is to setup an attack triage system. In this setting, security operators can cherry-pick new attack patterns requiring further in-depth investigation from a mass of known attacks that can be managed automatically. In this paper, we propose an attack triage system that helps operators to quickly identify attacks with unknown behaviors, and later analyze them in detail. The novelty introduced by our solution is in the usage of process mining techniques to model known attacks and identify new variants. We demonstrate the feasibility of our approach through an evaluation based on three well-known IoT botnets, BASHLITE, LIGHTAIDRA and MIRAI, and on real current attack patterns collected through an IoT honeypot.
Triage of IoT Attacks Through Process Mining / Coltellese, Simone; Maria Maggi, Fabrizio; Marrella, Andrea; Massarelli, Luca; Querzoni, Leonardo. - 11877:(2019), pp. 326-344. (Intervento presentato al convegno On the Move to Meaningful Internet Systems: OTM 2019 Conferences tenutosi a Rhodes; Greece) [10.1007/978-3-030-33246-4_22].
Triage of IoT Attacks Through Process Mining
Andrea Marrella
;Luca Massarelli;Leonardo Querzoni
2019
Abstract
The impressive growth of the IoT we witnessed in the recent years came together with a surge in cyber attacks that target it. Factories adhering to digital transformation programs are quickly adopting the IoT paradigm and are thus increasingly exposed to a large number of cyber threats that need to be detected, analyzed and appropriately mitigated. In this scenario, a common approach that is used in large organizations is to setup an attack triage system. In this setting, security operators can cherry-pick new attack patterns requiring further in-depth investigation from a mass of known attacks that can be managed automatically. In this paper, we propose an attack triage system that helps operators to quickly identify attacks with unknown behaviors, and later analyze them in detail. The novelty introduced by our solution is in the usage of process mining techniques to model known attacks and identify new variants. We demonstrate the feasibility of our approach through an evaluation based on three well-known IoT botnets, BASHLITE, LIGHTAIDRA and MIRAI, and on real current attack patterns collected through an IoT honeypot.File | Dimensione | Formato | |
---|---|---|---|
Coltellese_Postprint_Triage_2019.pdf
accesso aperto
Tipologia:
Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.11 MB
Formato
Adobe PDF
|
1.11 MB | Adobe PDF | |
Coltellese_Triage_2019.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
5.63 MB
Formato
Adobe PDF
|
5.63 MB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.