Top

Published in:

2022 | OriginalPaper | Chapter

Discover the ICS Landmarks Based on Multi-stage Clue Mining

Authors : Jie Liu, Jinfa Wang, Peipei Liu, Hongsong Zhu, Limin Sun

Published in: Wireless Algorithms, Systems, and Applications

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In recent years, the rapidly increasing landscape of industrial control systems (ICS) devices has made the ICS geolocation more important. However, IP-based geolocation cannot provide high accuracy geographical locations for ICS devices. Commercial databases only provide coarse mappings between IP hosts and physical locations. Measured-based geolocation relies on the number of high-quality landmarks. In this paper, we present a novel framework called OSI-Geo for serving high-quality landmark mining of ICS devices. The main idea is that there are many location-indicating clues in the open-source information exposed by ICS devices, which can be utilized to find their physical locations. The OSI-Geo automatically collects location-indicating clues to generate ICS landmarks at large-scale. We conduct real-world experiments for validating the effectiveness and performance of our method. The results show that OSI-Geo can accurately collect clues with over 99% recall and precision. Based on those clues, 36,872 stable landmarks, covering 162 countries and 5,596 cities, are obtained. Among them, there are 30,290 (82%) fine-grained landmarks accurate to street-level at least. The accuracy of IP geolocation has been improved significantly based on the ICS landmarks. Thus, OSI-Geo achieves effectively landmark mining for ICS devices.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Multi-view Pre-trained Model for Code Vulnerability Identification

next chapter Dynamic Mode-Switching-Based Worker Selection for Mobile Crowd Sensing

MaxMind GeoLite2. https: //www.maxmind.com/en/geoip2-databases

IP2Location. https://www.ip2location.com

IPAPI. https://ipapi.com.

M-Lab. https://www.measurementlab.net/

PingER. https://www-iepm.slac.stanford.edu/pinger/,

Adrian, D., Durumeric, Z., Singh, G.: Zippier ZMap: internet-wide scanning at 10 Gbps. In: 8th USENIX Workshop on Offensive Technologies (WOOT 14) (2014)

Devlin, J., Chang, M.W., Lee, K.: BERT: pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018)

Durumeric, Z., Adrian, D., Mirian, A.: A search engine backed by internet-wide scanning. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 542–553 (2015)

Eriksson, B., Barford, P.: Maggs: posit: a lightweight approach for IP geolocation. ACM SIGMETRICS Perform. Eval. Rev. 40(2), 2–11 (2012)CrossRef

Gharaibeh, M., Shah, A., Huffaker, B.: A look at router geolocation in public and commercial databases. In: Proceedings of the 2017 Internet Measurement Conference, pp. 463–469 (2017)

Gueye, B., Ziviani, A., Crovella, M.: Constraint-based geolocation of internet hosts. IEEE/ACM Trans. Netw. 14(6), 1219–1232 (2006)CrossRef

Guo, C., Liu, Y., Shen, W.: Mining the web and the internet for accurate IP address geolocations. In: IEEE INFOCOM 2009, pp. 2841–2845. IEEE (2009)

Huffaker, B., Fomenkov, M., Claffy, K.: Drop: DNS-based router positioning. ACM SIGCOMM Comput. Commun. Rev. 44(3), 5–13 (2014)CrossRef

Katz-Bassett, E., John, J.P., Krishnamurthy, A.: Towards IP geolocation using delay and topology measurements. In: Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, pp. 71–84 (2006)

10.

Laki, S., Mátray, P., Hága, P.: Spotter: a model based active geolocation service. In: 2011 Proceedings IEEE INFOCOM, pp. 3173–3181. IEEE (2011)

11.

Liu, H., Zhang, Y., Zhou, Y.: Mining checkins from location-sharing services for client-independent IP geolocation. In: IEEE INFOCOM 2014-IEEE Conference on Computer Communications, pp. 619–627. IEEE (2014)

12.

Liu, J., Chang, W.C., Wu, Y.: Deep learning for extreme multi-label text classification. In: Proceedings of the 40th International ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 115–124 (2017)

13.

McLaughlin, S., Konstantinou, C., Wang, X.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016)CrossRef

14.

Mirian, A., Ma, Z., Adrian, D.: An internet-wide view of ICS devices. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST), pp. 96–103. IEEE (2016)

15.

Qi, P., Zhang, Y., Zhang, Y., Bolton, J., Manning, C.D.: Stanza: a Python natural language processing toolkit for many human languages. In: Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics: System Demonstrations (2020). https://nlp.stanford.edu/pubs/qi2020stanza.pdf

16.

Tata, S., Patel, J.M.: Estimating the selectivity of TF-IDF based cosine similarity predicates. ACM SIGMOD Rec. 36(2), 7–12 (2007)CrossRef

17.

Wang, Y., Burgener, D., Flores, M.: Towards street-level client-independent IP geolocation. In: 8th USENIX Symposium on Networked Systems Design and Implementation (NSDI 11) (2011)

18.

Wang, Y., Wang, X., Zhu, H., Zhao, H., Li, H., Sun, L.: ONE-Geo: client-independent IP geolocation based on owner name extraction. In: Biagioni, E.S., Zheng, Y., Cheng, S. (eds.) WASA 2019. LNCS, vol. 11604, pp. 346–357. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23597-0_28CrossRef

19.

Wang, Z., Li, Q., Song, J.: Towards IP-based geolocation via fine-grained and stable webcam landmarks. In: Proceedings of The Web Conference 2020, pp. 1422–1432 (2020)

20.

Wong, B., Stoyanov, I., Sirer, E.G.: Octant: a comprehensive framework for the geolocalization of internet hosts. In: NSDI. vol. 7, pp. 23–23 (2007)

21.

Xu, W., Tao, Y., Guan, X.: The landscape of industrial control systems (ICS) devices on the internet. In: 2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), pp. 1–8. IEEE (2018)

Title: Discover the ICS Landmarks Based on Multi-stage Clue Mining
Authors: Jie Liu
Jinfa Wang
Peipei Liu
Hongsong Zhu
Limin Sun
Publisher: Springer Nature Switzerland
Book: Wireless Algorithms, Systems, and Applications
Print ISBN: 978-3-031-19210-4

Electronic ISBN: 978-3-031-19211-1

Copyright Year: 2022
DOI: https://doi.org/10.1007/978-3-031-19211-1_12

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"