Cyber Threats to Industrial IoT: A Survey on Attacks and Countermeasures
Abstract
:1. Introduction
2. Metasurvey
- Man-in-the-Middle (MitM). In this type of attack, the attacker intercepts and monitors the network traffic, inputs manipulated data during transmission, and sends it to the receiver [17,18]. In the event of a successful breach, he takes over the session and maintains the connection from a spoofed IP to avoid detection [19,20].
- Virus, Trojan Horse, and Worms. An attacker could send malicious code to MTU after launching a MitM or Masquerade attack [24,25,26]. Malicious code can either allow unauthorized users to access the infected system and use it to launch other attacks on other infrastructure, or it could spread to the network and infect MSU/MTU, often causing unstable behavior or even total system collapse [27,28].
- Doorknob Rattling. It is related to the preparatory actions used to prepare for an attack, including legitimate procedures for testing the system, for instance limited attempts to access the system with random criteria in order to evaluate the readiness and the responsiveness of security measures [40,41].
3. Cyber Threats and Its Countermeasures
3.1. Phishing Attacks
3.2. Ransomware Attacks
3.3. Protocols Attacks
3.3.1. Attacks in Physical, Data-Link, Network, and Transport Layers
3.3.2. Attacks in Application Layer
3.4. Supply Chain Attacks
3.5. Systems Attacks
4. Discussion
5. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Kannengiesser, U.; Müller, H. Towards viewpoint-oriented engineering for Industry 4.0: A standards-based approach. In Proceedings of the 2018 IEEE Industrial Cyber-Physical Systems (ICPS), St. Petersburg, Russia, 15–18 May 2018; pp. 51–56. [Google Scholar] [CrossRef]
- Banafa, A. 2 The Industrial Internet of Things (IIoT): Challenges, requirements and benefits. In Secure and Smart Internet of Things (IoT): Using Blockchain and AI; River Publishers: Gistrup, Denmark, 2018; pp. 7–12. [Google Scholar]
- Mumtaz, S.; Alsohaily, A.; Pang, Z.; Rayes, A.; Tsang, K.F.; Rodriguez, J. Massive internet of things for industrial applications: Addressing wireless IIoT connectivity challenges and ecosystem fragmentation. IEEE Ind. Electron. Mag. 2017, 11, 28–33. [Google Scholar] [CrossRef]
- Juarez, F.A.B. Cybersecurity in an Industrial Internet of Things Environment (IIoT) challenges for standards systems and evaluation models. In Proceedings of the 2019 8th International Conference On Software Process Improvement (CIMPS), Leon, Guanajuato, Mexico, 23–25 October 2019; pp. 1–6. [Google Scholar] [CrossRef]
- Kargl, F.; van der Heijden, R.W.; Konig, H.; Valdes, A.; Dacier, M.C. Insights on the security and dependability of industrial control systems. IEEE Secur. Priv. 2014, 12, 75–78. [Google Scholar] [CrossRef]
- Falco, G.; Caldera, C.; Shrobe, H. IIoT cybersecurity risk modeling for SCADA systems. IEEE Internet Things J. 2018, 5, 4486–4495. [Google Scholar] [CrossRef]
- Lee, C.-H.; Wu, Z.-L.; Chiu, Y.-T.; Chen, V.-S. Heterogeneous industrial iot integration for manufacturing production. In Proceedings of the 2019 International Symposium on Intelligent Signal Processing and Communication Systems (ISPACS), Taipei, Taiwan, 3–6 December 2019; pp. 1–2. [Google Scholar] [CrossRef]
- Panchal, A.C.; Khadse, V.M.; Mahalle, P.N. Security issues in IIoT: A comprehensive survey of attacks on IIoT and its countermeasures. In Proceedings of the 2018 IEEE Global Conference on Wireless Computing and Networking (GCWCN), Lonavala, India, 23–24 November 2018; pp. 124–130. [Google Scholar] [CrossRef]
- Zhou, C.; Wang, Z.; Huang, W.; Guo, Y. Research on network security attack detection algorithm in smart grid system. In Proceedings of the 2017 International Conference on Computer Technology, Electronics and Communication (ICCTEC), Dalian, China, 19–21 December 2017; pp. 1407–1410. [Google Scholar] [CrossRef]
- Irmak, E.; Erkek, I. An overview of cyber-attack vectors on SCADA systems. In Proceedings of the 2018 6th International Symposium on Digital Forensic and Security (ISDFS), Antalya, Turkey, 22–25 March 2018; pp. 1–5. [Google Scholar] [CrossRef]
- Kang, D.-H.; Kim, B.-K.; Na, J.-C. Cyber threats and defence approaches in SCADA systems. In Proceedings of the 16th International Conference on Advanced Communication Technology, Pyeongchang, Korea, 16–19 February 2014; pp. 324–327. [Google Scholar] [CrossRef] [Green Version]
- Gebremichael, T.; Ledwaba, L.P.I.; Eldefrawy, M.H.; Hancke, G.P.; Pereira, N.; Gidlund, M.; Akerberg, J. Security and privacy in the industrial internet of things: Current standards and future challenges. IEEE Access 2020, 8, 152351–152366. [Google Scholar] [CrossRef]
- Ghosh, S.; Sampalli, S. A survey of security in SCADA networks: Current issues and future challenges. IEEE Access 2019, 7, 135812–135831. [Google Scholar] [CrossRef]
- Physical Layer Security in Wireless Networks with Passive and Active Eavesdroppers—IEEE Conference Publication. Available online: https://ieeexplore.ieee.org/document/6503890 (accessed on 16 February 2021).
- Zeng, Y.; Zhang, R. Active eavesdropping via spoofing relay attack. In Proceedings of the 2016 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Shanghai, China, 20–25 March 2016; pp. 2159–2163. [Google Scholar] [CrossRef] [Green Version]
- Shafie, A.E.; Chihaoui, H.; Hamila, R.; Al-Dhahir, N.; Gastli, A.; Ben-Brahim, L. Impact of passive and active security attacks on MIMO smart grid communications. IEEE Syst. J. 2019, 13, 2873–2876. [Google Scholar] [CrossRef]
- Eigner, O.; Kreimel, P.; Tavolato, P. Detection of man-in-the-middle attacks on industrial control networks. In Proceedings of the 2016 International Conference on Software Security and Assurance (ICSSA), St. Polten, Austria, 24–25 August 2016; pp. 64–69. [Google Scholar] [CrossRef]
- Lan, H.; Zhu, X.; Sun, J.; Li, S. Traffic data classification to detect man-in-the-middle attacks in industrial control system. In Proceedings of the 2019 6th International Conference on Dependable Systems and Their Applications (DSA), Harbin, China, 3–6 January 2020; pp. 430–434. [Google Scholar] [CrossRef]
- Andreica, G.R.; Bozga, L.; Zinca, D.; Dobrota, V. Denial of service and man-in-the-middle attacks against IoT devices in a GPS-based monitoring software for intelligent transportation systems. In Proceedings of the 2020 19th RoEduNet Conference: Networking in Education and Research (RoEduNet), Bucharest, Romania, 11–12 December 2020; pp. 1–4. [Google Scholar] [CrossRef]
- Esfahani, A.; Mantas, G.; Ribeiro, J.; Bastos, J.; Mumtaz, S.; Violas, M.A.; De Oliveira Duarte, A.M.; Rodriguez, A. An efficient web authentication mechanism preventing man-in-the-middle attacks in industry 4.0 supply chain. IEEE Access 2019, 7, 58981–58989. [Google Scholar] [CrossRef]
- Wardega, K.; Tron, R.; Li, W. Resilience of multi-robot systems to physical masquerade attacks. In Proceedings of the 2019 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA, 19–23 May 2019; pp. 120–125. [Google Scholar] [CrossRef] [Green Version]
- Ustun, T.S.; Farooq, S.M.; Hussain, S.M.S. A novel approach for mitigation of replay and masquerade attacks in smartgrids using IEC 61850 standard. IEEE Access 2019, 7, 156044–156053. [Google Scholar] [CrossRef]
- Xiang, Z.; Guangyu, H.; Zhigong, W. Masquerade detection using support vector machines in the smart grid. In Proceedings of the 2014 Seventh International Joint Conference on Computational Sciences and Optimization, Beijing, China, 4–6 July 2014; pp. 30–34. [Google Scholar] [CrossRef]
- Al-Rabiaah, S. The ‘Stuxnet’ virus of 2010 as an example of a ‘APT’ and its ‘Recent’ variances. In Proceedings of the 2018 21st Saudi Computer Society National Computer Conference (NCC), Riyadh, Saudi Arabia, 25–26 April 2018; pp. 1–5. [Google Scholar] [CrossRef]
- Zou, J.; Jin, X.; Zhang, L.; Wang, Y.; Li, B. A case study of anomaly detection in industrial environments. In Proceedings of the 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), New York, NY, USA, 1–3 August 2019; pp. 294–298. [Google Scholar] [CrossRef]
- Lin, J.; Liu, L. Research on security detection and data analysis for industrial internet. In Proceedings of the 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C), Sofia, Bulgaria, 22–26 July 2019; pp. 466–470. [Google Scholar] [CrossRef]
- Berhe, A.B.; Kim, K.; Tizazu, G.A. Industrial control system security framework for ethiopia. In Proceedings of the 2017 Ninth International Conference on Ubiquitous and Future Networks (ICUFN), Milan, Italy, 4–7 July 2017; pp. 814–817. [Google Scholar] [CrossRef]
- Shang, W.; Cui, J.; Song, C.; Zhao, J.; Zeng, P. Research on industrial control anomaly detection based on FCM and SVM. In Proceedings of the 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), New York, NY, USA, 1–3 August 2018; pp. 218–222. [Google Scholar] [CrossRef]
- Borgiani, V.; Moratori, P.; Kazienko, J.F.; Tubino, E.R.; Quincozes, S.E. Towards a distributed approach for detection and mitigation of denial of service attacks within industrial internet of things. IEEE Internet Things J. 2020, 1. [Google Scholar] [CrossRef]
- Tan, Z.; Jamdagni, A.; He, X.; Nanda, P.; Liu, R.P.; Hu, J. Detection of denial-of-service attacks based on computer vision techniques. IEEE Trans. Comput. 2015, 64, 2519–2533. [Google Scholar] [CrossRef]
- Serror, M.; Hack, S.; Henze, M.; Schuba, M.; Wehrle, K. Challenges and opportunities in securing the industrial internet of things. IEEE Trans. Ind. Inform. 2020, 1. [Google Scholar] [CrossRef]
- Biswas, R.; Wu, J.; Li, X. A capacity-aware distributed denial-of-service attack in low-power and lossy networks. In Proceedings of the 2019 IEEE 40th Sarnoff Symposium, Newark, NJ, USA, 23–24 September 2019; pp. 1–6. [Google Scholar] [CrossRef]
- Sahu, S.S.; Priyadarshini, P.; Bilgaiyan, S. Curbing distributed denial of service attack by traffic filtering in wireless sensor network. In Proceedings of the Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT), Hefei, China, 11–13 July 2014; pp. 1–6. [Google Scholar] [CrossRef]
- Ficco, M.; Palmieri, F. Introducing fraudulent energy consumption in cloud infrastructures: A new generation of denial-of-service attacks. IEEE Syst. J. 2017, 11, 460–470. [Google Scholar] [CrossRef]
- Memmi, G.; Kapusta, K.; Qiu, H. Data protection: Combining fragmentation, encryption, and dispersion. In Proceedings of the 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), Shanghai, China, 5–7 August 2015; pp. 1–9. [Google Scholar] [CrossRef]
- Suciu, I.; Vilajosana, X.; Adelantado, F. An analysis of packet fragmentation impact in LPWAN. In Proceedings of the 2018 IEEE Wireless Communications and Networking Conference (WCNC), Barcelona, Spain, 15–18 April 2018; pp. 1–6. [Google Scholar] [CrossRef] [Green Version]
- Makris, P.; Skoutas, D.N.; Skianis, C. A survey on context-aware mobile and wireless networking: On networking and computing environments’ integration. IEEE Commun. Surv. Tutor. 2013, 15, 362–386. [Google Scholar] [CrossRef]
- Li, Y. A vulnerability risk assessment method for industrial control system. In Proceedings of the 2020 International Conference on Computer Communication and Network Security (CCNS), Xi’an, China, 21–23 August 2020; pp. 146–152. [Google Scholar] [CrossRef]
- Delignat-Lavaud, A.; Fournet, C.; Kohlweiss, M.; Parno, B. Cinderella: Turning shabby X.509 certificates into elegant anonymous credentials with the magic of verifiable computation. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, 22–26 May 2016; pp. 235–254. [Google Scholar] [CrossRef]
- Repp, P. Diagnostics and assessment of the industrial network security expert system. In Proceedings of the 2017 International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM), St. Petersburg, Russia, 16–19 May 2017; pp. 1–5. [Google Scholar] [CrossRef]
- Chen, H.; Hu, M.; Yan, H.; Yu, P. Research on industrial internet of things security architecture and protection strategy. In Proceedings of the 2019 International Conference on Virtual Reality and Intelligent Systems (ICVRIS), Jishou, China, 14–15 September 2019; pp. 365–368. [Google Scholar] [CrossRef]
- Mikhalevich, I.F.; Trapeznikov, V.A. Critical infrastructure security: Alignment of views. In Proceedings of the 2019 Systems of Signals Generating and Processing in the Field of on Board Communications, Moscow, Russia, 20–21 March 2019; pp. 1–5. [Google Scholar] [CrossRef]
- Kolowrocki, K.; Soszynska-Budny, J. Critical infrastructure safety indicators. In Proceedings of the 2018 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM), Bangkok, Thailand, 16–19 December 2018; pp. 1761–1764. [Google Scholar] [CrossRef]
- Liu, X.; Qian, C.; Hatcher, W.G.; Xu, H.; Liao, W.; Yu, W. Secure Internet of Things (IoT)-based smart-world critical infrastructures: Survey, case study and research opportunities. IEEE Access 2019, 7, 79523–79544. [Google Scholar] [CrossRef]
- Roman, R. Trust and reputation systems for wireless sensor networks. In Security and Privacy in Mobile and Wireless Networking; Troubador Publishing Ltd.: Leicester, UK, 2009; pp. 105–128. [Google Scholar]
- Chandrasekaran, M.; Chinchani, R.; Upadhyaya, S. PHONEY: Mimicking user response to detect phishing attacks. In Proceedings of the 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks(WoWMoM’06), Buffalo-Niagara Falls, NY, USA, 26–29 June 2006. [Google Scholar] [CrossRef]
- McRae, C.M.; Vaughn, R.B. Phighting the phisher: Using web bugs and honeytokens to investigate the source of phishing attacks. In Proceedings of the 2007 40th Annual Hawaii International Conference on System Sciences (HICSS’07), Waikoloa, HI, USA, 3–6 January 2007; p. 270c. [Google Scholar] [CrossRef]
- Ajlouni, M.I.A.; Hadi, W.; Alwedyan, J. Detecting phishing websites using associative classification. J. Inf. Eng. Appl. 2013, 3, 6–10. [Google Scholar]
- Jain, A.; Richariya, V. Implementing a web browser with phishing detection techniques. arXiv 2011, arXiv:1110.0360. [Google Scholar]
- Demertzis, K.; Iliadis, L. Evolving smart URL filter in a zone-based policy firewall for detecting algorithmically generated malicious domains. In Statistical Learning and Data Sciences; Springer: Cham, Switzerland, 2015; pp. 223–233. [Google Scholar] [CrossRef]
- Yan, X.; Xu, Y.; Cui, B.; Zhang, S.; Guo, T.; Li, C. Learning URL embedding for malicious website detection. IEEE Trans. Ind. Inform. 2020, 16, 6673–6681. [Google Scholar] [CrossRef]
- Gu, G.; Porras, P.; Yegneswaran, V.; Fong, M. BotHunter: Detecting Malware Infection through IDS-Driven Dialog Correlation. Presented at the 16th {USENIX} Security Symposium ({USENIX} Security 07). 2007. Available online: https://www.usenix.org/conference/16th-usenix-security-symposium/bothunter-detecting-malware-infection-through-ids-driven (accessed on 24 January 2021).
- Ma, J.; Saul, L.K.; Savage, S.; Voelker, G.M. Beyond blacklists: Learning to detect malicious web sites from suspicious URLs. In Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining—KDD’09, Paris, France, 28 June–1 July 2009; p. 1245. [Google Scholar] [CrossRef]
- McGrath, D.K.; Gupta, M. Behind phishing: An examination of phisher modi operandi. In Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, Bloomington, IN, USA, 15 April 2008; pp. 1–8. [Google Scholar]
- Xie, Y.; Yu, F.; Achan, K.; Panigrahy, R.; Hulten, G.; Osipkov, I. Spamming Botnet: Signatures and Characteristics. August 2008. Available online: https://www.microsoft.com/en-us/research/publication/spamming-botnet-signatures-and-characteristics/ (accessed on 24 January 2021).
- Stalmans, E.; Irwin, B. A framework for DNS based detection and mitigation of malware infections on a network. In Proceedings of the 2011 Information Security for South Africa, Johannesburg, South Africa, 15–17 August 2011; pp. 1–8. [Google Scholar] [CrossRef] [Green Version]
- Al-Hawawreh, M.; den Hartog, F.; Sitnikova, E. Targeted ransomware: A new cyber threat to edge system of brownfield industrial internet of things. IEEE Internet Things J. 2019, 6, 7137–7151. [Google Scholar] [CrossRef]
- Erebus Linux Ransomware: Impact to Servers and Countermeasures—Security News. Available online: https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/erebus-linux-ransomware-impact-to-servers-and-countermeasures (accessed on 20 January 2021).
- Alhawi, O.M.K.; Baldwin, J.; Dehghantanha, A. Leveraging machine learning techniques for windows ransomware network traffic detection. In Cyber Threat Intelligence; Dehghantanha, A., Conti, M., Dargahi, T., Eds.; Springer International Publishing: Cham, Switzerland, 2018; pp. 93–106. [Google Scholar]
- Almashhadani, A.O.; Kaiiali, M.; Sezer, S.; O’Kane, P. A multi-classifier network-based crypto ransomware detection system: A case study of locky ransomware. IEEE Access 2019, 7, 47053–47067. [Google Scholar] [CrossRef]
- Maiorca, D.; Mercaldo, F.; Giacinto, G.; Visaggio, C.A.; Martinelli, F. R-PackDroid: API package-based characterization and detection of mobile ransomware. In Proceedings of the Symposium on Applied Computing, Marrakech, Morocco, 3–7 April 2017; pp. 1718–1723. [Google Scholar] [CrossRef]
- Sgandurra, D.; Muñoz-González, L.; Mohsen, R.; Lupu, E.C. Automated Dynamic Analysis of Ransomware: Benefits, Limitations and Use for Detection. ArXiv160903020 Cs. September 2016. Available online: http://arxiv.org/abs/1609.03020 (accessed on 20 January 2021).
- Tseng, A.; Chen, Y.; Kao, Y.; Lin, T. Deep learning for ransomware detection. IEICE Tech. Rep. 2016, 116, 87–92. [Google Scholar]
- Tournier, J.; Lesueur, F.; Mouël, F.L.; Guyon, L.; Ben-Hassine, H. A survey of IoT protocols and their security issues through the lens of a generic IoT stack. Internet Things 2020, 100264. [Google Scholar] [CrossRef]
- Butun, I.; Osterberg, P.; Song, H. Security of the internet of things: Vulnerabilities, attacks, and countermeasures. IEEE Commun. Surv. Tutor. 2020, 22, 616–644. [Google Scholar] [CrossRef] [Green Version]
- Varga, P.; Plosz, S.; Soos, G.; Hegedus, C. Security threats and issues in automation IoT. In Proceedings of the 2017 IEEE 13th International Workshop on Factory Communication Systems (WFCS), Trondheim, Norway, 31 May–2 June 2017; pp. 1–6. [Google Scholar] [CrossRef]
- Hossain, M.M.; Fotouhi, M.; Hasan, R. Towards an analysis of security issues, challenges, and open problems in the internet of things. In Proceedings of the 2015 IEEE World Congress on Services, New York City, NY, USA, 27 June–2 July 2015; pp. 21–28. [Google Scholar] [CrossRef]
- Muraleedharan, R.; Osadciw, L. Cross layer denial of service attacks in wireless sensor network using swarm intelligence. In Proceedings of the 2006 40th Annual Conference on Information Sciences and Systems, Princeton, NJ, USA, 22–24 March 2006; pp. 1653–1658. [Google Scholar] [CrossRef]
- Antonopoulos, A.; Verikoukis, C.; Skianis, C.; Akan, O.B. Energy efficient network coding-based MAC for cooperative ARQ wireless networks. Ad Hoc Netw. 2013, 11, 190–200. [Google Scholar] [CrossRef] [Green Version]
- Mouaatamid, O.E.; Lahmer, M.; Belkasmi, M. Internet of Things Security: Layered Classification of Attacks and Possible Countermeasures. Electron. J. Inf. Technol. 2016. Available online: http://www.webmail.revue-eti.net/index.php/eti/article/view/98 (accessed on 20 January 2021).
- Usman, M.; Raponi, S.; Qaraqe, M.; Oligeri, G. KaFHCa: Key-Establishment via Frequency Hopping Collisions. arXiv201009642 Cs. Octember 2020. Available online: http://arxiv.org/abs/2010.09642 (accessed on 20 January 2021).
- Hennebert, C.; Santos, J.D. Security protocols and privacy issues into 6LoWPAN stack: A synthesis. IEEE Internet Things J. 2014, 1, 384–398. [Google Scholar] [CrossRef]
- Adnan, A.H.; Abdirazak, M.; Shamsuzzaman Sadi, A.B.M.; Anam, T.; Khan, S.Z.; Rahman, M.M.; Omar, M.M. A comparative study of WLAN security protocols: WPA, WPA2. In Proceedings of the 2015 International Conference on Advances in Electrical Engineering (ICAEE), Dhaka, Bangladesh, 17–19 December 2015; pp. 165–169. [Google Scholar] [CrossRef]
- Raza, S.; Wallgren, L.; Voigt, T. SVELTE: Real-Time intrusion detection in the internet of things. Ad Hoc Netw. 2013, 11, 2661–2674. [Google Scholar] [CrossRef]
- Ahmed, A.S.A.M.S.; Hassan, R.; Othman, N.E. IPv6 neighbor discovery protocol specifications, threats and countermeasures: A survey. IEEE Access 2017, 5, 18187–18210. [Google Scholar] [CrossRef]
- Unsal, E.; Çebi, Y. Denial of Service Attacks in WSN. In Proceedings of the International Symposium on Computing in Science & Engineering, Izmir, Turkey, 4–6 September 2013. [Google Scholar]
- Ferrag, M.A.; Maglaras, L.A.; Janicke, H.; Jiang, J.; Shu, L. Authentication protocols for internet of things: A comprehensive survey. Secur. Commun. Netw. 2017, 2017, 1–41. [Google Scholar] [CrossRef]
- El-hajj, M.; Chamoun, M.; Fadlallah, A.; Serhrouchni, A. Analysis of authentication techniques in Internet of Things (IoT). In Proceedings of the 2017 1st Cyber Security in Networking Conference (CSNet), Rio de Janeiro, Brazil, 18–20 October 2017; pp. 1–3. [Google Scholar] [CrossRef]
- Eddy, W.M. Defenses against TCP SYN flooding attacks. Internet Protoc. J. 2006, 9, 2–16. [Google Scholar]
- Andy, S.; Rahardjo, B.; Hanindhito, B. Attack scenarios and security analysis of MQTT communication protocol in IoT system. In Proceedings of the 2017 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI), Yogyakarta, Indonesia, 19–21 September 2017; pp. 1–6. [Google Scholar] [CrossRef]
- Singh, M.; Rajan, M.A.; Shivraj, V.L.; Balamuralidhar, P. Secure MQTT for Internet of Things (IoT). In Proceedings of the 2015 Fifth International Conference on Communication Systems and Network Technologies, Gwalior, India, 4–6 April 2015; pp. 746–751. [Google Scholar] [CrossRef]
- Morris, T.H.; Thornton, Z.; Turnipseed, I. Industrial control system simulation and data logging for intrusion detection system research. In Proceedings of the 7th Annual Southeastern Cyber Security Summit, Huntsville, AL, USA, 3–4 June 2015; pp. 3–4. [Google Scholar]
- Chromik, J.; Remke, A.; Haverkort, B.R.; Geist, G. A Parser for Deep Packet Inspection of IEC-104: A practical solution for industrial applications. In Proceedings of the 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks—Industry Track, Portland, OR, USA, 24–27 June 2019; pp. 5–8. [Google Scholar] [CrossRef]
- Liang, W.; Li, K.-C.; Long, J.; Kui, X.; Zomaya, A.Y. An industrial network intrusion detection algorithm based on multifeature data clustering optimization model. IEEE Trans. Ind. Inform. 2020, 16, 2063–2071. [Google Scholar] [CrossRef]
- Constantinides, C.; Shiaeles, S.; Ghita, B.; Kolokotronis, N. A novel online incremental learning intrusion prevention system. In Proceedings of the 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Canary Islands, Spain, 24–26 June 2019; pp. 1–6. [Google Scholar] [CrossRef]
- Deng, L.; Peng, Y.; Liu, C.; Xin, X.; Xie, Y. Intrusion detection method based on support vector machine access of modbus TCP protocol. In Proceedings of the 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Chengdu, China, 15–18 December 2016; pp. 380–383. [Google Scholar] [CrossRef]
- Farooq, M.J.; Zhu, Q. IoT supply chain security: Overview, challenges, and the road ahead. ArXiv190807828 Cs. July 2019. Available online: http://arxiv.org/abs/1908.07828 (accessed on 19 January 2021).
- Radanliev, P.; De Roure, D.; Page, K.; Nurse, J.R.C.; Montalvo, R.M.; Santos, O.; Maddox, L.T.; Burnap, P. Cyber Risk at the Edge: Current and Future Trends on Cyber Risk Analytics and Artificial Intelligence in the Industrial Internet of Things and Industry 4.0 Supply Chains. December 2020. Available online: https://www.preprints.org/manuscript/201903.0123/v2 (accessed on 19 January 2021).
- Kieras, T.; Farooq, J.; Zhu, Q. RIoTS: Risk analysis of IoT supply chain threats. In Proceedings of the 2020 IEEE 6th World Forum on Internet of Things (WF-IoT), New Orleans, LA, USA, 2–16 June 2020. [Google Scholar]
- Mercaldo, F.; Martinelli, F.; Santone, A. Real-Time SCADA attack detection by means of formal methods. In Proceedings of the 2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Napoli, Italy, 12–14 June 2019; pp. 231–236. [Google Scholar] [CrossRef]
- Demertzis, K.; Iliadis, L.; Bougoudis, I. Gryphon: A semi-supervised anomaly detection system based on one-class evolving spiking neural network. Neural Comput. Appl. 2020, 32, 4303–4314. [Google Scholar] [CrossRef]
- Xing, L.; Demertzis, K.; Yang, J. Identifying data streams anomalies by evolving spiking restricted Boltzmann machines. Neural Comput. Appl. 2020, 32, 6699–6713. [Google Scholar] [CrossRef]
- Demertzis, K.; Iliadis, L.S.; Anezakis, V.-D. An innovative soft computing system for smart energy grids cybersecurity. Adv. Build. Energy Res. 2018, 12, 3–24. [Google Scholar] [CrossRef]
- Demertzis, K.; Iliadis, L.; Tziritas, N.; Kikiras, P. Anomaly detection via blockchained deep learning smart contracts in industry 4.0. Neural Comput. Appl. 2020, 32, 17361–17378. [Google Scholar] [CrossRef]
- Garcia, L.A.; Brasser, F.; Cintuglu, M.H.; Sadeghi, A.-R.; Mohammed, O.; Zonouz, S.A. Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit. In Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, USA, 26 February–1 March 2017. [Google Scholar] [CrossRef]
- Zhou, L.; Guo, H. Anomaly detection methods for IIoT networks. In Proceedings of the 2018 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI), Singapore, 31 July–2 August 2018; pp. 214–219. [Google Scholar] [CrossRef]
- Genge, B.; Haller, P.; Enachescu, C. Anomaly detection in aging industrial internet of things. IEEE Access 2019, 7, 74217–74230. [Google Scholar] [CrossRef]
- Cook, A.A.; Misirli, G.; Fan, Z. Anomaly detection for IoT time-series data: A survey. IEEE Internet Things J. 2020, 7, 6481–6494. [Google Scholar] [CrossRef]
- Gaddam, A.; Wilkin, T.; Angelova, M. Anomaly detection models for detecting sensor faults and outliers in the IoT—A survey. In Proceedings of the 2019 13th International Conference on Sensing Technology (ICST), Sydney, NSW, Australia, 2–4 December 2019; pp. 1–6. [Google Scholar] [CrossRef]
- Deorankar, A.V.; Thakare, S.S. Survey on anomaly detection of (IoT)—Internet of Things cyberattacks using machine learning. In Proceedings of the 2020 Fourth International Conference on Computing Methodologies and Communication (ICCMC), Erode, India, 11–13 March 2020; pp. 115–117. [Google Scholar] [CrossRef]
- Formby, D.; Beyah, R. Temporal execution behavior for host anomaly detection in programmable logic controllers. IEEE Trans. Inf. Forensics Secur. 2020, 15, 1455–1469. [Google Scholar] [CrossRef]
- Nakamura, E.T.; Ribeiro, S.L. A privacy, security, safety, resilience and reliability focused risk assessment methodology for IIoT systems steps to build and use secure IIoT systems. In Proceedings of the 2018 Global Internet of Things Summit (GIoTS), Bilbao, Spain, 4–7 June 2018; pp. 1–6. [Google Scholar] [CrossRef]
- Sengupta, J. A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT. J. Netw. Comput. Appl. 2020, 149, 102481. [Google Scholar] [CrossRef]
- Demertzis, K.; Kikiras, P.; Tziritas, N.; Sanchez, S.; Iliadis, L. The next generation cognitive security operations center: Network flow forensics using cybersecurity intelligence. Big Data Cogn. Comput. 2018, 2, 35. [Google Scholar] [CrossRef] [Green Version]
- Al-Hawawreh, M.; Sitnikova, E. Leveraging deep learning models for ransomware detection in the industrial internet of things environment. In Proceedings of the 2019 Military Communications and Information Systems Conference (MilCIS), Canberra, ACT, Australia, 12–14 November 2019; pp. 1–6. [Google Scholar] [CrossRef]
- Brugman, J.; Khan, M.; Kasera, S.; Parvania, M. Cloud based intrusion detection and prevention system for industrial control systems using software defined networking. In Proceedings of the 2019 Resilience Week (RWS), San Antonio, TX, USA, 4–7 November 2019; pp. 98–104. [Google Scholar] [CrossRef]
- Nyasore, O.N.; Zavarsky, P.; Swar, B.; Naiyeju, R.; Dabra, S. Deep packet inspection in industrial automation control system to mitigate attacks exploiting modbus/TCP vulnerabilities. In Proceedings of the 2020 IEEE 6th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), Baltimore, MD, USA, 25–27 May 2020; pp. 241–245. [Google Scholar] [CrossRef]
- Demertzis, K.; Iliadis, L. A hybrid network anomaly and intrusion detection approach based on evolving spiking neural network classification. In E-Democracy, Security, Privacy and Trust in a Digital World; Sideridis, A.B., Kardasiadou, Z., Yialouris, C.P., Zorkadis, V., Eds.; Springer International Publishing: Cham, Switzerland, 2014; Volume 441, pp. 11–23. [Google Scholar]
- Hu, W.; Li, M.; Yuan, C.; Zhang, C.; Wang, J. Diversity in neural architecture search. In Proceedings of the 2020 International Joint Conference on Neural Networks (IJCNN), Glasgow, UK, 19–24 July 2020; pp. 1–8. [Google Scholar] [CrossRef]
- McLaughlin, S.; Konstantinou, C.; Wang, X.Y.; Davi, L.; Sadeghi, A.-R.; Maniatakos, M.; Karri, R. The cybersecurity landscape in industrial control systems. Proc. IEEE 2016, 104, 1039–1057. [Google Scholar] [CrossRef]
- Li, Y.; Xu, L.; Shu, W.; Tao, J.; Mei, K. AutoGesNet: Auto gesture recognition network based on neural architecture search. In Proceedings of the 2020 12th International Conference on Advanced Computational Intelligence (ICACI), Dali, China, 14–16 August 2020; pp. 257–262. [Google Scholar] [CrossRef]
Layer/Level | Protocols | Threats | Countermeasures |
---|---|---|---|
Physical Layer and Data Link layer | IEEE 802.15.4 BLE WiFi LTE | Jamming DoS attacks | Packets’ rerouting to alternative routes [68] |
Collision/Exhaustion/ Unfairness attacks | FHSS techniques [70,71] | ||
Data Transit Attacks | Data encryption algorithms [72,73] | ||
Network Layer | IPv4/IPv6 RPL 6LoWPAN | Routing and DoS Attacks | Ingress filtering and IDS solutions [65,74] |
Data Transit Attacks | Compressed Transport protocols (for instance DTL) [72] | ||
Threats to Neighbor Discovery Protocol (IPv4/IPv6) | Use of IPsec, SEND protocols [75] | ||
Transport Layer | De-Synchronization | Sending control flags that synchronize endpoints | Message authentication [77] |
SYN-flooding | System flooding during the SYN handshaking phase | Optimizations in transport layer apply network filtering [79] | |
MQTT | Data Transit Attacks, Scalable Key management | Secure MQTT, ABE algorithm [81] |
ID | Cyber Threats | Countermeasures | |
---|---|---|---|
1 | Phishing attacks The attacker, masquerading as a trusted entity. | Breach of IIoT systems Control of operation systems that are linked to it | PHONEY for auto detection and analysis of phishing attacks [46] Intelligence Web Application Firewall (IWAF) [104] URL Embedding (UE) [51] Detecting botnets by mapping a sequence model based on extracting URLs from spam mails [56] Smart URL Filter in a zone-based policy firewall for detecting algorithmically generated malicious domains names [50] |
2 | Ransomware attacks Type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. | DoS attacks, data encryption | Next Generation firewalls with improved traffic filtering capabilities [57] Machine learning techniques [59] Intrusion detection system [60] Hybrid detection systems [105] |
3 | Protocols Attacks Any threat in protocol stack of IIoT | Jamming DoS attacks | Packets’ rerouting to alternative routes [68] |
Collision/exhaustion/unfairness attacks | FHSS techniques [70,71] | ||
Data transit attacks | Data encryption algorithms [72,73] | ||
Routing and DoS Attacks | Ingress filtering and IDS solutions [65,74] | ||
Data transit attacks | Compressed transport protocols (for instance DTL) [72] | ||
Threats to neighbor discovery protocol (IPv4/IPv6) | Use of IPsec, SEND protocols [75] | ||
Sending control flags that synchronize endpoints | Message authentication [77] | ||
System flooding during the SYN handshaking phase | Optimizations in transport layer apply network filtering [79] | ||
Data transit attacks, scalable key management | Secure MQTT, ABE algorithm [81] | ||
SCADA modbus attacks | Intrusion detection and prevention system [106,107] | ||
4 | Supply chain attacks A cyber-attack that seeks to damage an industry or organization by targeting less-secure elements in the supply chain. | Backdoors installation Very hard to detect | View the ecosystem from a supply chain viewpoint and control the risk [87] Self-adapting supply chain system with artificial intelligence (AI), machine learning (ML), and real-time intelligence for predictive cyber risk analytics [88] |
5 | Systems Attacks Unauthorized access into an industrial system in order to cause harm. | Man-in-the-Middle attacks Mechanically control the dynamically rearranging centrifugation, or reprogram the complex programmable logic controller (PLC) devices in order to speed up or slow down their operations | System logs modelling [90] Deep learning smart contracts for the security and functionality of industrial applications, providing a decentralized, reliable, peer-to-peer network for communication between SCADA devices [90] Hybrid network anomaly and intrusion detection approach based on evolving spiking neural network classification [108] CUmulative SUM (CUSUM) algorithm [101] |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Tsiknas, K.; Taketzis, D.; Demertzis, K.; Skianis, C. Cyber Threats to Industrial IoT: A Survey on Attacks and Countermeasures. IoT 2021, 2, 163-186. https://doi.org/10.3390/iot2010009
Tsiknas K, Taketzis D, Demertzis K, Skianis C. Cyber Threats to Industrial IoT: A Survey on Attacks and Countermeasures. IoT. 2021; 2(1):163-186. https://doi.org/10.3390/iot2010009
Chicago/Turabian StyleTsiknas, Konstantinos, Dimitrios Taketzis, Konstantinos Demertzis, and Charalabos Skianis. 2021. "Cyber Threats to Industrial IoT: A Survey on Attacks and Countermeasures" IoT 2, no. 1: 163-186. https://doi.org/10.3390/iot2010009