Analysis of cyber-attacks in IoT-based critical infrastructures

Year 2019, Volume: 8 Issue: 4, 122 - 133, 01.12.2019

Resul Das Muhammet Zekeriya Gündüz

Abstract

Every country in the world has many different critical infrastructures such as electronic communication, energy, banking and finance, critical public services, transportation and water management which are of great importance. Each country has different strategies for sector-based critical infrastructure. Especially today, it is vital to protect these critical infrastructures from cyber-attacks. This paper examines the attacks on critical infrastructures, especially in recent years, and presents the most common attacks. Furthermore, security approaches to mitigate or prevent IP-based cyber attacks are mentioned.

Keywords

Internet of Things, IoT-based critical infrastructures, smart grid, cyber-attacks, cyber security

References

• M. Z. Gunduz and R. Das, “Internet of things (IoT): Evolution, components and applications fields,” Pamukkale University, Journal of Engineering Sciences, vol. 24, no. 2, pp. 327–335, 2018.
• M. Abomhara and G. M. Kİien, “Cyber Security and the Inter- net of Things: Vulnerabilities, Threats, Intruders and Attacks,” Journal of Cyber Security and Mobility, vol. 4, pp. 65–88, Jan. 2015.
• U. D. Ani, J. D. M. Watson, J. R. C. Nurse, A. Cook, and C. Maple, “A Review of Critical Infrastructure Protection Approaches: Improving Security through Responsiveness to the Dynamic Modelling Landscape,” arXiv:1904.01551 [cs], Apr. 2019. arXiv: 1904.01551.
• A. Cardenas, “Cyber-Physical Systems Security,” Jan. 2019.
• M. Baykara and R. Da¸s, “A survey on potential applications of honeypot technology in intrusion detection systems,” Interna- tional Journal of Computer Networks And Applications, vol. 2, no. 5, pp. 203–211, 2015.
• S. Sa˘gıro˘glu and B. Arslan, “Fighting with Cyber Terror and Terrorism: Threats and Precautions,” in 4th International Conference on Computer Science and Engineering (UBMK), pp. 239–244, Sept. 2019.
• J. Pacheco, V. H. Benitez, and Z. Pan, “Security framework for IoT end nodes with neural networks,” International Journal of Machine Learning and Computing, vol. 9, pp. 381–386, Aug. 2019.
• L. Horwitz, “Internet of Things-The future of IoT miniguide: The burgeoning IoT market continues,” July 2019. Cisco.
• G. Tuna, R. Das, and V. C. Gungor, “Communications Tech- nologies for Smart Grid Applications: A Review of Advances and Challenges,” in Smart Grid Analytics for Sustainability and Urbanization, pp. 215–235, 2018.
• K. Kimani, V. Oduol, and K. Langat, “Cyber security challenges for IoT-based smart grid networks,” International Journal of Critical Infrastructure Protection, vol. 25, pp. 36–49, June 2019.
• L. J. Wells, J. A. Camelio, C. B. Williams, and J. White, “Cyber-physical security challenges in manufacturing systems,” Manufacturing Letters, vol. 2, pp. 74–77, Apr. 2014.
• A. Humayed, J. Lin, F. Li, and B. Luo, “Cyber-Physical Systems Security-A Survey,” IEEE Internet of Things Journal, vol. 4, pp. 1802–1831, Dec. 2017.
• B. Miller and D. Rowe, “A survey SCADA of and critical infrastructure incidents,” in Proceedings of the 1st Annual conference on Research in information technology - RIIT ’12, (Calgary, Alberta, Canada), p. 51, ACM Press, 2012.
• C. Kim, “Cyber-resilient industrial control system with diversi- fied architecture and bus monitoring,” in 2016 World Congress on Industrial Control Systems Security (WCICSS), pp. 1–6, Dec. 2016.
• D. E. Whitehead, K. Owens, D. Gammel, and J. Smith, “Ukraine cyber-induced power outage: Analysis and practical mitigation strategies,” in 2017 70th Annual Conference for Protective Relay Engineers (CPRE), pp. 1–8, Apr. 2017. ISSN: 2474-9753.
• X. Liu, C. Qian, W. G. Hatcher, H. Xu, W. Liao, and W. Yu, “Secure Internet of Things (IoT)-Based Smart-World Critical In- frastructures: Survey, Case Study and Research Opportunities,” IEEE Access, vol. 7, pp. 79523–79544, 2019.
• N. Tariq, M. Asim, and F. A. Khan, “Securing SCADA-based Critical Infrastructures: Challenges and Open Issues,” Procedia Computer Science, vol. 155, pp. 612–617, Jan. 2019.
• H. S. Sanchez, D. Rotondo, T. Escobet, V. Puig, and J. Quevedo, “Bibliographical review on cyber attacks from a control oriented perspective,” Annual Reviews in Control, vol. 48, pp. 103–128, Jan. 2019.
• E. Luiijf, I. Žutautait˙e, and B. M. Hämmerli, Critical Infor- mation Infrastructures Security: 13th International Conference, CRITIS 2018, Kaunas, Lithuania, September,. Jan. 2019.
• I. Stellios, P. Kotzanikolaou, M. Psarakis, C. Alcaraz, and J. Lopez, “A Survey of IoT-Enabled Cyberattacks: Assessing Attack Paths to Critical Infrastructures and Services,” IEEE Communications Surveys Tutorials, vol. 20, no. 4, pp. 3453– 3495, 2018.
• J. Wilkins, “Can biometrics secure manufacturing?,” Biometric Technology Today, vol. 2019, pp. 9–11, Jan. 2019.
• G. Tonn, J. P. Kesan, L. Zhang, and J. Czajkowski, “Cyber risk and insurance for transportation infrastructure,” Transport Policy, vol. 79, pp. 103–114, July 2019.
• L. Coventry and D. Branley, “Cybersecurity in healthcare: A narrative review of trends, threats and ways forward,” Maturitas, vol. 113, pp. 48–52, July 2018.
• “Cyberattacks blamed for Sunday’s internet disruption across Turkey,” DailySabah, Oct. 2019.
• K. E. Hemsley and D. R. O. E. Fisher, “History of Industrial Control System Cyber Incidents,” Tech. Rep. INL/CON-18- 44411-Rev002, Idaho National Lab. (INL), Idaho Falls, ID (United States), Dec. 2018.
• Y. Mo, T. H. J. Kim, K. Brancik, D. Dickinson, H. Lee, A. Perrig, and B. Sinopoli, “Cyber-Physical Security of a Smart Grid Infrastructure,” Proceedings of the IEEE, vol. 100, pp. 195–209, Jan. 2012.
• M. Li, W. Huang, Y. Wang, W. Fan, and J. Li, “The study of APT attack stage model,” in 2016 IEEE/ACIS 15th International Conference on Computer and Information Science (ICIS), pp. 1– 5, June 2016. ISSN: null.
• M. Z. Gündüz and R. Da¸s, “Social Engineering: Common Attacks And Countermeasures,” in 9th International Conference on Information Security And Cryptology, pp. 11–18, 2016.
• R. Da¸s, A. Karabade, and G. Tuna, “Common network attack types and defense mechanisms,” in 2015 23nd Signal Processing and Communications Applications Conference (SIU), pp. 2658– 2661, May 2015. ISSN: 2165-0608.
• D. Demirol, R. Da¸s, and M. Baykara, “SQL enjeksiyon saldırı uygulaması ve güvenlik önerileri,” in 1st International Sympo- sium on Digital Forensics and Security (ISDFS’13), (Elazı˘g), pp. 62–66, Fırat Üniversitesi, 2013.
• M. Z. Gunduz and R. Das, “Analysis of cyber-attacks on smart grid applications,” in 2018 International Conference on Artificial Intelligence and Data Processing (IDAP), pp. 1–5, Sept. 2018.
• I. Ghafir and V. Prenosil, “Advanced Persistent Threat Attack Detection: An Overview,” vol. 4, pp. 50–54, Dec. 2014.
• M. Baykara and R. Das, “A novel hybrid approach for detection of web-based attacks in intrusion detection systems,” Interna- tional Journal of Computer Networks And Applications, vol. 4, pp. 62–76, Apr. 2017.
• M. Baykara and R. Das, “A novel honeypot based secu- rity approach for real-time intrusion detection and prevention systems,” Journal of Information Security and Applications, vol. 41, pp. 103–116, Aug. 2018.
• Y. Yang, T. Littler, S. Sezer, K. McLaughlin, and H. F. Wang, “Impact of cyber-security issues on Smart Grid,” in 2011 2nd IEEE PES International Conference and Exhibition on Innovative Smart Grid Technologies, pp. 1–7, Dec. 2011.
• E. Bou-Harb, C. Fachkha, M. Pourzandi, M. Debbabi, and C. Assi, “Communication security for smart grid distribution networks,” IEEE Communications Magazine, vol. 51, pp. 42– 49, Jan. 2013.
• V. Krylov and K. Kravtsov, “IP Fast Hopping Protocol Design,” in Proceedings of the 10th Central and Eastern European Software Engineering Conference in Russia, 2014.
• A. S. Sani, D. Yuan, J. Jin, L. Gao, S. Yu, and Z. Y. Dong, “Cyber security framework for Internet of Things-based En- ergy Internet,” Future Generation Computer Systems, vol. 93, pp. 849–859, Apr. 2019.