Discover the ICS Landmarks Based on Multi-stage Clue Mining

Abstract

AbstractIn recent years, the rapidly increasing landscape of industrial control systems (ICS) devices has made the ICS geolocation more important. However, IP-based geolocation cannot provide high accuracy geographical locations for ICS devices. Commercial databases only provide coarse mappings between IP hosts and physical locations. Measured-based geolocation relies on the number of high-quality landmarks. In this paper, we present a novel framework called OSI-Geo for serving high-quality landmark mining of ICS devices. The main idea is that there are many location-indicating clues in the open-source information exposed by ICS devices, which can be utilized to find their physical locations. The OSI-Geo automatically collects location-indicating clues to generate ICS landmarks at large-scale. We conduct real-world experiments for validating the effectiveness and performance of our method. The results show that OSI-Geo can accurately collect clues with over 99% recall and precision. Based on those clues, 36,872 stable landmarks, covering 162 countries and 5,596 cities, are obtained. Among them, there are 30,290 (82%) fine-grained landmarks accurate to street-level at least. The accuracy of IP geolocation has been improved significantly based on the ICS landmarks. Thus, OSI-Geo achieves effectively landmark mining for ICS devices. KeywordsICS devicesIP geolocationLandmark miningNetwork measurement