+1 Recommend
1 collections
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      SAMIIT: Spiral Attack Model in IIoT Mapping Security Alerts to Attack Life Cycle Phases


      1 , 1

      5th International Symposium for ICS & SCADA Cyber Security Research 2018 (ICS-CSR 2018)

      ICS & SCADA Cyber Security Research

      29 - 30 August 2018

      Industrial Internet of Things, Attack Life Cycle, Security Alerts, Machine Learning Classification

      Read this article at

          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.


          Sophisticated attacks such as NightDragon and Crashoverride have shown a multi-step multi-domain attack life cycle in Industrial Internet of Things (IIoT). Security analysts use cyber kill chain reference model to describe attack phases and adversary actions at each phase, link individual attacks into broader campaigns, and also identify courses of action. Although the model is widely studied and applied by IT security people, less is known and used in IIoT. In this research, we first review and evaluate several models proposed for attack life cycle in IT and IIoT. Next, a spiral attack model is proposed to map IIoT cyber intrusions to different attack phases and architectural levels of IIoT environments. Finally, we present a machine learning classification approach for mapping security alerts to IIoT attack phases and architectural layers. The results show the accuracy of the mapping mechanism and how it helps analysts in security operation centers to prioritize alerts and derive risk scores corresponding to each alert.

          Related collections

          Most cited references 32

          • Record: found
          • Abstract: not found
          • Article: not found

          W32. stuxnet dossier

            • Record: found
            • Abstract: not found
            • Article: not found

            Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains

              • Record: found
              • Abstract: not found
              • Conference Proceedings: not found

              Towards effective security control assignment in the Industrial Internet of Things


                Author and article information

                August 2018
                August 2018
                : 11-20
                [1 ]Accenture Technology Labs Arlington, Virginia, USA
                © Hassanzadeh et al. Published by BCS Learning and Development Ltd. Proceedings of ICS & SCADA 2018

                This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

                5th International Symposium for ICS & SCADA Cyber Security Research 2018
                ICS-CSR 2018
                University of Hamburg, Germany
                29 - 30 August 2018
                Electronic Workshops in Computing (eWiC)
                ICS & SCADA Cyber Security Research
                Product Information: 1477-9358BCS Learning & Development
                Self URI (journal page): https://ewic.bcs.org/
                Electronic Workshops in Computing


                Comment on this article