Abstract

Industrial control system (ICS) devices play a crucial role in critical infrastructures, such as power grid. In recent years, numerous ICS devices are accessible on the Internet, resulting in potential security issues. However, there is a lack of deep understanding of these devices’ characteristics in the cyberspace. In this paper, we take the first step in this direction by investigating these visible ICS devices on the Internet. Because of the critical nature of ICSs, the detection of online ICS devices should be done in a nonintrusive and timely manner. We first analyze 17 industrial protocols widely used in ICSs and train a probability model through the learning algorithm to improve detection accuracy. Then, we discover online ICS devices in the IPv4 space while reducing the negative effects caused by industrial honeypots and dynamic IP addresses. To observe the dynamics of ICS devices in a relatively long run, we have deployed our discovery system on Amazon EC2 and detected online ICS devices in the whole IPv4 space for eight times from August 2015 to March 2016. Based on the ICS device data collection, we conduct a comprehensive data analysis to characterize the usage of ICS devices, especially in answer to the following three questions: 1) what are the distribution features of ICS devices; 2) who use these ICS devices; and 3) what are the functions of these ICS devices.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.