对工业设备扫描仪的潜力、风险和预防措施的重要分析

IF 10.4 1区 计算机科学 Q1 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS Journal of Industrial Information Integration Pub Date : 2024-05-04 DOI:10.1016/j.jii.2024.100623
Mohammad Borhani, Gurjot Singh Gaba, Juan Basaez, Ioannis Avgouleas, Andrei Gurtov
{"title":"对工业设备扫描仪的潜力、风险和预防措施的重要分析","authors":"Mohammad Borhani,&nbsp;Gurjot Singh Gaba,&nbsp;Juan Basaez,&nbsp;Ioannis Avgouleas,&nbsp;Andrei Gurtov","doi":"10.1016/j.jii.2024.100623","DOIUrl":null,"url":null,"abstract":"<div><p>Industrial device scanners allow anyone to scan devices on private networks and the Internet. They were intended as network security tools, but they are commonly exploited as attack tools, as scanning can reveal vulnerable devices. However, from a defensive perspective, this vulnerability disclosure could be used to secure devices if characteristics such as type, model, manufacturer, and firmware could be identified. Automated scanning reports can help to apply security measures before an attacker finds a vulnerability. A complete device recognition procedure can then be seen as the basis for auditing networks and identifying vulnerabilities to mitigate cyber-attacks, especially among Industrial Internet of Things (IIoT) devices that are part of critical systems. In this survey, considering SCADA (Supervisory Control and Data Acquisition) systems as monitoring and control components of essential infrastructure, we focus on analyzing the architectures, specifications, and constraints of several industrial device scanners. In addition, we examine the information revealed by the scanners to identify the threats posed by them on industrial systems and networks. We analyze monthly and yearly statistics of cyber-attack incidents to investigate the role of these scanners in accelerating attacks. By presenting the findings of an experimentation, we highlight how easily anyone could identify hundreds of Internet-connected industrial devices in Sweden, which could lead to a major service interruption in industrial environments designed for minimal human involvement. We also discuss several methods to avoid scanners or reduce their identifying capabilities to conceal industrial devices from unauthorized access.</p></div>","PeriodicalId":55975,"journal":{"name":"Journal of Industrial Information Integration","volume":"41 ","pages":"Article 100623"},"PeriodicalIF":10.4000,"publicationDate":"2024-05-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2452414X24000670/pdfft?md5=e6aee547d6d83a56a1b8f87d3225fa84&pid=1-s2.0-S2452414X24000670-main.pdf","citationCount":"0","resultStr":"{\"title\":\"A critical analysis of the industrial device scanners’ potentials, risks, and preventives\",\"authors\":\"Mohammad Borhani,&nbsp;Gurjot Singh Gaba,&nbsp;Juan Basaez,&nbsp;Ioannis Avgouleas,&nbsp;Andrei Gurtov\",\"doi\":\"10.1016/j.jii.2024.100623\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Industrial device scanners allow anyone to scan devices on private networks and the Internet. They were intended as network security tools, but they are commonly exploited as attack tools, as scanning can reveal vulnerable devices. However, from a defensive perspective, this vulnerability disclosure could be used to secure devices if characteristics such as type, model, manufacturer, and firmware could be identified. Automated scanning reports can help to apply security measures before an attacker finds a vulnerability. A complete device recognition procedure can then be seen as the basis for auditing networks and identifying vulnerabilities to mitigate cyber-attacks, especially among Industrial Internet of Things (IIoT) devices that are part of critical systems. In this survey, considering SCADA (Supervisory Control and Data Acquisition) systems as monitoring and control components of essential infrastructure, we focus on analyzing the architectures, specifications, and constraints of several industrial device scanners. In addition, we examine the information revealed by the scanners to identify the threats posed by them on industrial systems and networks. We analyze monthly and yearly statistics of cyber-attack incidents to investigate the role of these scanners in accelerating attacks. By presenting the findings of an experimentation, we highlight how easily anyone could identify hundreds of Internet-connected industrial devices in Sweden, which could lead to a major service interruption in industrial environments designed for minimal human involvement. We also discuss several methods to avoid scanners or reduce their identifying capabilities to conceal industrial devices from unauthorized access.</p></div>\",\"PeriodicalId\":55975,\"journal\":{\"name\":\"Journal of Industrial Information Integration\",\"volume\":\"41 \",\"pages\":\"Article 100623\"},\"PeriodicalIF\":10.4000,\"publicationDate\":\"2024-05-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S2452414X24000670/pdfft?md5=e6aee547d6d83a56a1b8f87d3225fa84&pid=1-s2.0-S2452414X24000670-main.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Industrial Information Integration\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2452414X24000670\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Industrial Information Integration","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2452414X24000670","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 0

摘要

工业设备扫描仪允许任何人扫描专用网络和互联网上的设备。这些扫描仪原本是作为网络安全工具使用的,但由于扫描可以发现易受攻击的设备,因此它们通常被用作攻击工具。不过,从防御的角度来看,如果可以识别设备的类型、型号、制造商和固件等特征,这种漏洞披露可以用来保护设备的安全。自动扫描报告有助于在攻击者发现漏洞之前采取安全措施。完整的设备识别程序可作为审计网络和识别漏洞的基础,以减少网络攻击,尤其是作为关键系统一部分的工业物联网(IIoT)设备。在本调查中,考虑到 SCADA(监控和数据采集)系统是重要基础设施的监控组件,我们重点分析了几种工业设备扫描仪的架构、规格和限制因素。此外,我们还研究了扫描仪揭示的信息,以确定它们对工业系统和网络构成的威胁。我们分析了网络攻击事件的月度和年度统计数据,以研究这些扫描仪在加速攻击中所起的作用。通过介绍一项实验的结果,我们强调了任何人都能轻易识别瑞典数百台连接互联网的工业设备,这可能会导致为尽量减少人工参与而设计的工业环境中的重大服务中断。我们还讨论了几种避开扫描仪或降低其识别能力的方法,以隐藏工业设备,防止未经授权的访问。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
A critical analysis of the industrial device scanners’ potentials, risks, and preventives

Industrial device scanners allow anyone to scan devices on private networks and the Internet. They were intended as network security tools, but they are commonly exploited as attack tools, as scanning can reveal vulnerable devices. However, from a defensive perspective, this vulnerability disclosure could be used to secure devices if characteristics such as type, model, manufacturer, and firmware could be identified. Automated scanning reports can help to apply security measures before an attacker finds a vulnerability. A complete device recognition procedure can then be seen as the basis for auditing networks and identifying vulnerabilities to mitigate cyber-attacks, especially among Industrial Internet of Things (IIoT) devices that are part of critical systems. In this survey, considering SCADA (Supervisory Control and Data Acquisition) systems as monitoring and control components of essential infrastructure, we focus on analyzing the architectures, specifications, and constraints of several industrial device scanners. In addition, we examine the information revealed by the scanners to identify the threats posed by them on industrial systems and networks. We analyze monthly and yearly statistics of cyber-attack incidents to investigate the role of these scanners in accelerating attacks. By presenting the findings of an experimentation, we highlight how easily anyone could identify hundreds of Internet-connected industrial devices in Sweden, which could lead to a major service interruption in industrial environments designed for minimal human involvement. We also discuss several methods to avoid scanners or reduce their identifying capabilities to conceal industrial devices from unauthorized access.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Industrial Information Integration
Journal of Industrial Information Integration Decision Sciences-Information Systems and Management
CiteScore
22.30
自引率
13.40%
发文量
100
期刊介绍: The Journal of Industrial Information Integration focuses on the industry's transition towards industrial integration and informatization, covering not only hardware and software but also information integration. It serves as a platform for promoting advances in industrial information integration, addressing challenges, issues, and solutions in an interdisciplinary forum for researchers, practitioners, and policy makers. The Journal of Industrial Information Integration welcomes papers on foundational, technical, and practical aspects of industrial information integration, emphasizing the complex and cross-disciplinary topics that arise in industrial integration. Techniques from mathematical science, computer science, computer engineering, electrical and electronic engineering, manufacturing engineering, and engineering management are crucial in this context.
期刊最新文献
Enhancing mixed gas discrimination in e-nose system: Sparse recurrent neural networks using transient current fluctuation of SMO array sensor An effective farmer-centred mobile intelligence solution using lightweight deep learning for integrated wheat pest management TRIPLE: A blockchain-based digital twin framework for cyber–physical systems security Industrial information integration in deep space exploration and exploitation: Architecture and technology Interoperability levels and challenges of digital twins in cyber–physical systems
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1