FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4381162139> ?p ?o ?g. }

• W4381162139 endingPage "695" @default.
• W4381162139 startingPage "688" @default.
• W4381162139 abstract "In the initial stages of industrial control system (ICS) penetration testing, pentesters conduct reconnaissance by using various tools including Nmap, Shodan, Maltego, Google, Google Hacking Database (GHDB), Recon-ng and more. Testers use various reconnaissance techniques (RTs) within the tools to directly access ICS devices. Many novice ICS-pentesters stop their reconnaissance work upon successfully accessing an ICS device. However, continuing to conduct reconnaissance after initial access can lead to pentesters finding even more information to find more ICS devices, ICS networks, and ways to make ICS exploitation more effective. Our research motivation stems from finding ways to explicitly model the continuation of using RTs once an ICS device is accessed. Knowledge graphs offer an approach for linking RTs together and creating chains of RTs.&#x0D; &#x0D; MITRE ATT&CK ICS provides a matrix of ICS adversarial behaviours. The matrix consists of main exploit tactics and techniques used to accomplish these tactics. Example techniques include ICS alarm suppression, blocking command messages, starting a device, and stopping services. ATT&CK ICS also provides ICS data sources that defenders use to detect the adversarial techniques. Application logs, files, logon sessions, network traffic, and operational databases represent some of the ICS data sources. We reasoned that if adversaries could find the ICS data sources and discover the ability to modify the data sources, then adversaries could cover their tracks to successfully carry out ICS tactics. For example, ICS attackers could modify log entries to hide the attacker’s steps or ICS attackers could delete alarm notifications that showed that ICS attackers changed ICS settings.&#x0D; &#x0D; In this work in progress research, we used knowledge-graph modelling techniques to link together RTs with ICS data sources, the ability to modify the data sources, the ability to then cover tracks of ICS techniques, and the impact of techniques on accomplishing ICS tactics. We named the graph RT-ICS Graph. With knowledge graph queries and shortest-path algorithms run over the RT-ICS graph, we showed how RTs can explicitly lead to impacts on adversaries carrying out ICS tactics. The accomplishment of ICS tactics can cause severe damage or harm." @default.
• W4381162139 created "2023-06-20" @default.
• W4381162139 creator A5025265537 @default.
• W4381162139 date "2023-06-19" @default.
• W4381162139 modified "2023-10-07" @default.
• W4381162139 title "Reconnaissance Techniques and Industrial Control System Tactics Knowledge Graph" @default.
• W4381162139 doi "https://doi.org/10.34190/eccws.22.1.1221" @default.
• W4381162139 hasPublicationYear "2023" @default.
• W4381162139 type Work @default.
• W4381162139 citedByCount "0" @default.
• W4381162139 crossrefType "journal-article" @default.
• W4381162139 hasAuthorship W4381162139A5025265537 @default.
• W4381162139 hasBestOaLocation W43811621391 @default.
• W4381162139 hasConcept C154945302 @default.
• W4381162139 hasConcept C165696696 @default.
• W4381162139 hasConcept C2775924081 @default.
• W4381162139 hasConcept C37736160 @default.
• W4381162139 hasConcept C38652104 @default.
• W4381162139 hasConcept C40071531 @default.
• W4381162139 hasConcept C41008148 @default.
• W4381162139 hasConcept C86844869 @default.
• W4381162139 hasConceptScore W4381162139C154945302 @default.
• W4381162139 hasConceptScore W4381162139C165696696 @default.
• W4381162139 hasConceptScore W4381162139C2775924081 @default.
• W4381162139 hasConceptScore W4381162139C37736160 @default.
• W4381162139 hasConceptScore W4381162139C38652104 @default.
• W4381162139 hasConceptScore W4381162139C40071531 @default.
• W4381162139 hasConceptScore W4381162139C41008148 @default.
• W4381162139 hasConceptScore W4381162139C86844869 @default.
• W4381162139 hasIssue "1" @default.
• W4381162139 hasLocation W43811621391 @default.
• W4381162139 hasOpenAccess W4381162139 @default.
• W4381162139 hasPrimaryLocation W43811621391 @default.
• W4381162139 hasRelatedWork W1987059498 @default.
• W4381162139 hasRelatedWork W2943873441 @default.
• W4381162139 hasRelatedWork W2987285902 @default.
• W4381162139 hasRelatedWork W3006507989 @default.
• W4381162139 hasRelatedWork W3163508776 @default.
• W4381162139 hasRelatedWork W3165212065 @default.
• W4381162139 hasRelatedWork W3176479423 @default.
• W4381162139 hasRelatedWork W4250073058 @default.
• W4381162139 hasRelatedWork W4285792982 @default.
• W4381162139 hasRelatedWork W4292148085 @default.
• W4381162139 hasVolume "22" @default.
• W4381162139 isParatext "false" @default.
• W4381162139 isRetracted "false" @default.
• W4381162139 workType "article" @default.