Abstract

We perform a detailed survey and analysis of the most significant attacks, which have targeted industrial control systems over the past decade, based on detailed incident reports from scientific and non-traditional resources. This work is the first that considers together a comprehensive set of real-world cyber-attacks with the purpose of deriving a set of common features focusing particularly on the process control network. Each attack is decomposed to provide a comprehensive overview followed by a discussion of the commonalities identified across attacks. To achieve this, each attack is modelled using Attack Trees with Sequential AND, and mapped to the industrial control system Cyber Kill Chain. We focus on the methods of intrusion rather than the identification of actors. This article can be read in two parts: first, an analysis of each attack, and secondly a discussion of the derived commonalities. The resulting commonalities can be used to develop improved detection strategies to detect modern adversarial techniques and tactics.

中文翻译：

---

关键基础设施控制系统上已知网络攻击的分解和顺序与分析

摘要

我们根据科学和非传统资源的详细事件报告，对过去十年中针对工业控制系统的最重大攻击进行了详细的调查和分析。这项工作是第一个将全面的现实网络攻击集合在一起考虑的目的，目的是得出一组集中于过程控制网络的通用功能。分解每种攻击以提供全面的概述，然后讨论各种攻击中确定的共性。为此，使用带有顺序AND的攻击树对每种攻击进行建模，并将其映射到工业控制系统Cyber​​ Kill Chain。我们专注于入侵方法，而不是角色识别。本文分为两部分：第一部分，对每种攻击的分析，其次讨论衍生的共性。由此产生的共性可用于开发改进的检测策略，以检测现代对抗技术和战术。