Benchmarking vulnerability scanners: An experiment on SCADA devices and scientific instruments

2017 IEEE International Conference on Intelligence and Security Informatics (ISI) Pub Date : 2017-07-01 DOI:10.1109/ISI.2017.8004879

Malaka El, Emma McMahon, S. Samtani, Mark W. Patton, Hsinchun Chen

{"title":"Benchmarking vulnerability scanners: An experiment on SCADA devices and scientific instruments","authors":"Malaka El, Emma McMahon, S. Samtani, Mark W. Patton, Hsinchun Chen","doi":"10.1109/ISI.2017.8004879","DOIUrl":null,"url":null,"abstract":"Cybersecurity is a critical concern in society today. One common avenue of attack for malicious hackers is exploiting vulnerable websites. It is estimated that there are over one million websites that are attacked daily. Two emerging targets of such attacks are Supervisory Control and Data Acquisition (SCADA) devices and scientific instruments. Vulnerability assessment tools can help provide owners of these devices with the knowledge on how to protect their infrastructure. However, owners face difficulties in identifying which tools are ideal for their assessments. This research aims to benchmark two state-of-the-art vulnerability assessment tools, Nessus and Burp Suite, in the context of SCADA devices and scientific instruments. We specifically focus on identifying the accuracy, scalability, and vulnerability results of the scans. Results of our study indicate that both tools together can provide a comprehensive assessment of the vulnerabilities in SCADA devices and scientific instruments.","PeriodicalId":423696,"journal":{"name":"2017 IEEE International Conference on Intelligence and Security Informatics (ISI)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE International Conference on Intelligence and Security Informatics (ISI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISI.2017.8004879","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

Abstract

Cybersecurity is a critical concern in society today. One common avenue of attack for malicious hackers is exploiting vulnerable websites. It is estimated that there are over one million websites that are attacked daily. Two emerging targets of such attacks are Supervisory Control and Data Acquisition (SCADA) devices and scientific instruments. Vulnerability assessment tools can help provide owners of these devices with the knowledge on how to protect their infrastructure. However, owners face difficulties in identifying which tools are ideal for their assessments. This research aims to benchmark two state-of-the-art vulnerability assessment tools, Nessus and Burp Suite, in the context of SCADA devices and scientific instruments. We specifically focus on identifying the accuracy, scalability, and vulnerability results of the scans. Results of our study indicate that both tools together can provide a comprehensive assessment of the vulnerabilities in SCADA devices and scientific instruments.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

对漏洞扫描器进行基准测试:对SCADA设备和科学仪器的实验

网络安全是当今社会的一个关键问题。恶意黑客攻击的一个常见途径是利用易受攻击的网站。据估计，每天有超过一百万个网站受到攻击。这类攻击的两个新目标是监控和数据采集(SCADA)设备和科学仪器。漏洞评估工具可以帮助这些设备的所有者了解如何保护其基础设施。然而，所有者在确定哪些工具对他们的评估是理想的方面面临困难。本研究旨在对两种最先进的漏洞评估工具Nessus和Burp Suite在SCADA设备和科学仪器的背景下进行基准测试。我们特别关注识别扫描的准确性、可伸缩性和漏洞结果。我们的研究结果表明，这两种工具可以共同提供SCADA设备和科学仪器漏洞的综合评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2017 IEEE International Conference on Intelligence and Security Informatics (ISI)

自引率

0.00%

发文量