A threat model method for ICS malware

The TRISIS case

Conference paper (2021)

Authors

Yassine Mekdad Moulay Ismail University

Giuseppe Bernieri Università degli Studi di Padova

M. Conti Università degli Studi di Padova

Abdeslam El Fergougui Moulay Ismail University

Affiliation

External organisation

Malware analysis Diamond model ICS cyber kill chain Industrial control system

More Info

expand_more

To reference this document use:

http://resolver.tudelft.nl/uuid:252ec847-c75c-402e-acf4-e24832b97fc1

Published Date

2021

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Affiliation

External organisation

Abstract

Cyber-physical attacks against plants and Critical Infrastructures (CIs) are among the most significant concerns in the 21st century and can lead to devastating consequences. In particular, with the convergence between the Operational Technology (OT) network and the traditional IT network, malware threats for Industrial Control Systems (ICSs) are gradually increasing. In these scenarios, we need to identify potential cyber threats by developing innovative modeling techniques. However, existing malware-based cyber threats modeling techniques are not fully designed for industrial environment. In this paper, we present a threat modeling framework for Industrial Control Systems malware across two different levels: the Extraction Level and the Modeling Level. We evaluate the effectiveness of our model by analyzing the TRISIS cyber attack as a use case. A complex malware developed to cause operational disruption to industrial plants. Our solution outperforms existing malware threat modeling techniques for the ICS environment, and provides useful mitigation strategies to counter malicious activities.