Expansion of ICS Testbed for Security Validation based on MITRE ATT&CK Techniques
Seungoh Choi, Jongwon Choi, Jeong-Han Yun, Byung-Gil Min, and HyoungChun Kim, The Affiliated Institute of ETRI
To respond to cyber threats, all systems in an industrial control system (ICS) should be comprehensively monitored and analyzed. However, there is no dataset to perform this integrated monitoring and analysis study. In previous research, the testbed and dataset represented only one specific area, such as the network or physical level. This imposes limitations upon the testing, validating, and user training of the integrated monitoring system. Therefore, we are developing datasets to test systems that integrate and monitor the ICS operated in a wide range of areas. In this paper, we introduce a method to expand the existing testbed so that information can be collected and monitored during an ICS attack based on the MITRE ATT&CK framework. In addition, to create a dataset for simulating large-scale and long-term attack scenarios, a security dataset enrichment tool is proposed.
View the full CSET '20 program at https://www.usenix.org/conference/cset20/workshop-program