RULE-BASED APPROACH USING THREATGET FOR AUTOMATICALLY GENERATING ATTACK PATHS IN INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS

Abdelkader Shaaban; Korbinian Christl; Christoph Schmittner

doi:10.35011/IDIMT-2024-195

RULE-BASED APPROACH USING THREATGET FOR AUTOMATICALLY GENERATING ATTACK PATHS IN INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS

Abdelkader Shaaban (Author and Speaker), Korbinian Christl, Christoph Schmittner

Security & Communication Technologies

Research output: Chapter in Book or Conference Proceedings › Conference Proceedings with Oral Presentation › peer-review

Abstract

The rapid development and integration of Internet-based technologies in recent years have become essential for fully automating industrial control systems and enhancing decision-making, precision, and efficiency in managing complex and large-scale production systems. However, due to these remote connections, any vulnerable cybersecurity point could expose the entire system to cyberattacks. Therefore, it is essential and highly needed in such complex systems to identify any possible threats that could be triggered within the system. Additionally, building all possible paths based on the identified threats will be essential to highlight all attack paths that could pave the way for attackers to reach malicious goals. This paper introduces a novel, rule-based approach to determine and build any possible attack paths for critical assets in complex systems such as automated industrial environments. This approach is part of ThreatGet, which deeply investigates all attack steps, emphasizing the violated security prop

Original language	English
Title of host publication	IDIMT-2024 Changes to ICT, Management, and Business Processes through AI
Subtitle of host publication	32nd Interdisciplinary Information Management Talks
Editors	Petr Doucek, Michael Sonntag, Lea Nedomova
Chapter	Autonomous Vehicles
Pages	195-202
Number of pages	8
Volume	53
DOIs	https://doi.org/10.35011/IDIMT-2024-195
Publication status	Published - Sept 2024
Event	Interdisciplinary Information Management Talks - Czech Republic, Hradec Králové, Czech Republic Duration: 4 Sept 2024 → 6 Sept 2024 https://idimt.org/

Conference

Conference	Interdisciplinary Information Management Talks
Abbreviated title	IDIMT2024
Country/Territory	Czech Republic
City	Hradec Králové
Period	4/09/24 → 6/09/24
Internet address	https://idimt.org/

Research Field

Dependable Systems Engineering

Keywords

cybersecurity
attack paths
industrial automation and control systems

Access to Document

10.35011/IDIMT-2024-195

Cite this

Shaaban, A., Christl, K., & Schmittner, C. (2024). RULE-BASED APPROACH USING THREATGET FOR AUTOMATICALLY GENERATING ATTACK PATHS IN INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS. In P. Doucek, M. Sonntag, & L. Nedomova (Eds.), IDIMT-2024 Changes to ICT, Management, and Business Processes through AI: 32nd Interdisciplinary Information Management Talks (Vol. 53, pp. 195-202) https://doi.org/10.35011/IDIMT-2024-195

Shaaban, Abdelkader ; Christl, Korbinian ; Schmittner, Christoph. / RULE-BASED APPROACH USING THREATGET FOR AUTOMATICALLY GENERATING ATTACK PATHS IN INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS. IDIMT-2024 Changes to ICT, Management, and Business Processes through AI: 32nd Interdisciplinary Information Management Talks. editor / Petr Doucek ; Michael Sonntag ; Lea Nedomova. Vol. 53 2024. pp. 195-202

@inproceedings{94de173c151845c18da1b9707b892230,

title = "RULE-BASED APPROACH USING THREATGET FOR AUTOMATICALLY GENERATING ATTACK PATHS IN INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS",

abstract = "The rapid development and integration of Internet-based technologies in recent years have become essential for fully automating industrial control systems and enhancing decision-making, precision, and efficiency in managing complex and large-scale production systems. However, due to these remote connections, any vulnerable cybersecurity point could expose the entire system to cyberattacks. Therefore, it is essential and highly needed in such complex systems to identify any possible threats that could be triggered within the system. Additionally, building all possible paths based on the identified threats will be essential to highlight all attack paths that could pave the way for attackers to reach malicious goals. This paper introduces a novel, rule-based approach to determine and build any possible attack paths for critical assets in complex systems such as automated industrial environments. This approach is part of ThreatGet, which deeply investigates all attack steps, emphasizing the violated security prop",

keywords = "cybersecurity, attack paths, industrial automation and control systems",

author = "Abdelkader Shaaban and Korbinian Christl and Christoph Schmittner",

year = "2024",

month = sep,

doi = "10.35011/IDIMT-2024-195",

language = "English",

isbn = " 978-3-99151-527-2",

volume = "53",

pages = "195--202",

editor = "Petr Doucek and Michael Sonntag and Lea Nedomova",

booktitle = "IDIMT-2024 Changes to ICT, Management, and Business Processes through AI",

note = "Interdisciplinary Information Management Talks, IDIMT2024 ; Conference date: 04-09-2024 Through 06-09-2024",

url = "https://idimt.org/",

}

Shaaban, A , Christl, K & Schmittner, C 2024, RULE-BASED APPROACH USING THREATGET FOR AUTOMATICALLY GENERATING ATTACK PATHS IN INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS. in P Doucek, M Sonntag & L Nedomova (eds), IDIMT-2024 Changes to ICT, Management, and Business Processes through AI: 32nd Interdisciplinary Information Management Talks. vol. 53, pp. 195-202, Interdisciplinary Information Management Talks, Hradec Králové, Czech Republic, 4/09/24. https://doi.org/10.35011/IDIMT-2024-195

RULE-BASED APPROACH USING THREATGET FOR AUTOMATICALLY GENERATING ATTACK PATHS IN INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS. / Shaaban, Abdelkader (Author and Speaker); Christl, Korbinian ; Schmittner, Christoph.
IDIMT-2024 Changes to ICT, Management, and Business Processes through AI: 32nd Interdisciplinary Information Management Talks. ed. / Petr Doucek; Michael Sonntag; Lea Nedomova. Vol. 53 2024. p. 195-202.

Research output: Chapter in Book or Conference Proceedings › Conference Proceedings with Oral Presentation › peer-review

TY - GEN

T1 - RULE-BASED APPROACH USING THREATGET FOR AUTOMATICALLY GENERATING ATTACK PATHS IN INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS

AU - Christl, Korbinian

AU - Schmittner, Christoph

A2 - Shaaban, Abdelkader

A2 - Doucek, Petr

A2 - Sonntag, Michael

A2 - Nedomova, Lea

PY - 2024/9

Y1 - 2024/9

N2 - The rapid development and integration of Internet-based technologies in recent years have become essential for fully automating industrial control systems and enhancing decision-making, precision, and efficiency in managing complex and large-scale production systems. However, due to these remote connections, any vulnerable cybersecurity point could expose the entire system to cyberattacks. Therefore, it is essential and highly needed in such complex systems to identify any possible threats that could be triggered within the system. Additionally, building all possible paths based on the identified threats will be essential to highlight all attack paths that could pave the way for attackers to reach malicious goals. This paper introduces a novel, rule-based approach to determine and build any possible attack paths for critical assets in complex systems such as automated industrial environments. This approach is part of ThreatGet, which deeply investigates all attack steps, emphasizing the violated security prop

AB - The rapid development and integration of Internet-based technologies in recent years have become essential for fully automating industrial control systems and enhancing decision-making, precision, and efficiency in managing complex and large-scale production systems. However, due to these remote connections, any vulnerable cybersecurity point could expose the entire system to cyberattacks. Therefore, it is essential and highly needed in such complex systems to identify any possible threats that could be triggered within the system. Additionally, building all possible paths based on the identified threats will be essential to highlight all attack paths that could pave the way for attackers to reach malicious goals. This paper introduces a novel, rule-based approach to determine and build any possible attack paths for critical assets in complex systems such as automated industrial environments. This approach is part of ThreatGet, which deeply investigates all attack steps, emphasizing the violated security prop

KW - cybersecurity

KW - attack paths

KW - industrial automation and control systems

UR - https://idimt.org/wp-content/uploads/2024/09/IDIMT-2024-proceedings.pdf

U2 - 10.35011/IDIMT-2024-195

DO - 10.35011/IDIMT-2024-195

M3 - Conference Proceedings with Oral Presentation

SN - 978-3-99151-527-2

VL - 53

SP - 195

EP - 202

BT - IDIMT-2024 Changes to ICT, Management, and Business Processes through AI

T2 - Interdisciplinary Information Management Talks

Y2 - 4 September 2024 through 6 September 2024

ER -

Shaaban A , Christl K , Schmittner C. RULE-BASED APPROACH USING THREATGET FOR AUTOMATICALLY GENERATING ATTACK PATHS IN INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS. In Doucek P, Sonntag M, Nedomova L, editors, IDIMT-2024 Changes to ICT, Management, and Business Processes through AI: 32nd Interdisciplinary Information Management Talks. Vol. 53. 2024. p. 195-202 doi: 10.35011/IDIMT-2024-195

RULE-BASED APPROACH USING THREATGET FOR AUTOMATICALLY GENERATING ATTACK PATHS IN INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS

Abstract

Conference

Research Field

Keywords

Access to Document

Other files and links

Fingerprint

Cite this