Collaborative intelligence analysis for industrial control systems threat profiling

Abstract

Industrial Control Systems (ICS), as a core role in critical national infrastructure, has faced more and more cyber threats. Efficient analysis of the current cyber threat intelligence is crucial for ICS security, which could provide a new insight into the security strategy through threat profiling. However, determining semantics information with relevant attack data packet to profile threat remains a challenge, largely due to the lack of ICS related attack data and appropriate information processing methods. To solve these issues, we developed dozens of honeypots to collect ICS-related attack data and propose a novel framework to analyze the current threat landscape. Through collaborative analysis of the interaction observed accompanied with open-source intelligence, we present threat landscape from three aspects: (1) attack methods, (2) attack pattern, and (3) attack sources. We evaluate our approach with real-world attacking data collected by 35 honeypots in 22 cities for 10 months. The experiment that conducted on the database show that the proposed method presents a considerable performance in terms of efficiency and effectiveness.