Riya Kedia,Pooja Jha,M. Dehury,Sahil Prasad Bejo,B. Kumar,Pallab Banerjee

DOI: https://doi.org/10.1109/WCONF58270.2023.10235163

2023-07-14

Abstract:Currently, because almost all interactions occur online, internet security is a critical concern. Penetration testing evaluates network and system security while also revealing security weaknesses. Piercing testing is carry out to ensure that there are no security flaws in the system or network that would permit unauthorised access. Penetration testing, often known as Pen Testing, is a collection of processes designed to track down vulnerabilities in a network or system, or online application that an attacker may exploit. It assists to confirm the effectiveness and efficiency of the different security measures put in place. This document concisely describes the foundations of penetration testing as well as illustrates how and where to deploy and utilise several tools and methodologies for penetration testing using Kali Linux for detecting system vulnerabilities: and provide a review of firewalls, networking protocols, as well as basic security problems that must be addressed in the goal of better protection of the system, ending after analysing the results.

Computer Science

He-Jun Lu,Yang Yu

DOI: https://doi.org/10.1155/2021/5570001

IF: 2.3

2021-02-27

Complexity

Abstract:Aiming at the vulnerability of wireless network, this paper proposed a method of WiFi penetration testing based on Kali Linux which is divided into four stages: preparation, information collection, simulation attack, and reporting. By using the methods of monitoring, scanning, capturing, data analysis, password cracking, fake wireless access point spoofing, and other methods, the WiFi network penetration testing with Kali Linux is processed in the simulation environment. The experimental results show that the method of WiFi network penetration testing with Kali Linux has a good effect on improving the security evaluation of WiFi network.

mathematics, interdisciplinary applications,multidisciplinary sciences

Teddy Surya Gunawan,Muhammad Kassim Lim,Nurul Fariza Zulkurnain,Mira Kartiwi

DOI: https://doi.org/10.11591/ijeecs.v11.i1.pp51-59

2018-07-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:The massive development of technology especially in computers, mobile devices, and networking has bring security issue forward as primarily concern. The computers and mobile devices connected to Internet are exposed to numerous threats and exploits. With the utilization of penetration testing, vulnerabilities of a system can be identified and simulated attack can be launched to determine how severe the vulnerabilities are. This paper reviewed some of the security concepts, including penetration testing, security analysis, and security audit. On the other hand, Kali Linux is the most popular penetration testing and security audit platform with advanced tools to detect any vulnerabilities uncovered in the target machine. For this purpose, Kali Linux setup and installation will be described in more details. Moreover, a method to install vulnerable server was also presented. Further research including simulated attacks to vulnerable server on both web and firewall system will be conducted.

Yinan Wang,Gangfeng Yan,Ronghao Zheng

DOI: https://doi.org/10.3390/app8050768

2018-01-01

Applied Sciences

Abstract:The integration of modern computing and advanced communication with power grids has led to the emergence of electrical cyber-physical systems (ECPSs). However, the massive application of communication technologies makes the power grids become more vulnerable to cyber attacks. In this paper, we study the vulnerability of ECPSs and develop defence strategies against cyber attacks. Detection and protection algorithms are proposed to deal with the emergency of cascading failures. Moreover, we propose a weight adjustment strategy to solve the unbalanced power flows problem which is caused by splitting incidents. A MATLAB-based platform with advantages of easy programming, fast calculation, and no damage to systems is built for the offline simulation and analysis of the vulnerability of ECPSs. We also propose a five-aspect method of vulnerability assessment which includes the robustness, economic costs, degree of damage, vulnerable equipment, and trip point. The study is of significance to decision makers as they can get specific advice and defence strategies about a special power system.

Yanmiao Zhang,Xiaoyu Ji,Yushi Cheng,Wenyuan Xu

DOI: https://doi.org/10.23919/ChiCC.2019.8866144

2019-01-01

Abstract:As a modern power transmission network, smart grid connects abundant terminal devices and plays an important role in our daily life. However, along with its growth are the security threats. Different from the separated environment previously, an adversary nowadays can destroy the power system by attacking its terminal devices. As a result, it's critical to ensure the security and safety of terminal devices. To achieve it, detecting the pre-existing vulnerabilities in the terminal program and enhancing its security, are of great importance and necessity. In this paper. we introduce Cker, a novel vulnerability detection tool for smart grid devices, which generates an program model based on device sources and sets rules to perform model checking. We utilize the static analysis to extract necessary information and build corresponding program models. By further checking the model with pre-defined vulnerability patterns, we achieve security detection and error reporting. The evaluation results demonstrate that our method can effectively detect vulnerabilities in smart devices with an acceptable accuracy and false positive rate. In addition, as Cker is realized by pure python. it can be easily scaled to other platforms.

Mengxiang Liu,Zexuan Jin,Jinhui Xia,Mingyang Sun,Ruilong Deng,Peng Cheng

DOI: https://doi.org/10.1109/infocomwkshps51825.2021.9484453

2021-01-01

Abstract:In DC microgrids (DCmGs), distributed control is becoming a promising framework due to prominent scalability and efficiency. To transmit essential data and information for system control, various communication network topologies and protocols have been employed in modern DCmGs. However, such communication also exposes the DCmG to unexpected cyber attacks. In this demo, a scalable cyber security testbed is established for conducting hardware-in-the-loop (HIL) exper-iments and comprehensively investigating the security impact on DCmGs. Specifically, the testbed employs a Typhoon HIL 602+ emulator, which is professional in power electronics system emulation, to demonstrate four (12 at most) distributed energy resources (DERs). The communication network is implemented through the self-loop RS-232 interface. Based on the testbed, we systematically investigate the impact of two kinds of typical cyber attacks (i.e., false data injection and replay attacks). Experimental results show that both attacks will deteriorate the point-of-common coupling (PCC) voltages of the DERs and jeopardize the stability of the whole DCmG.

Ramiro Ramirez,Chun-Kai Chang,Shu-Hao Liang

DOI: https://doi.org/10.3390/electronics12051195

IF: 2.9

2023-03-02

Electronics

Abstract:Programming logic controllers (PLCs) are vital components for conveyors in production lines, and the sensors and actuators controlled underneath the PLCs represent critical points in the manufacturing process. Attacks targeting the exploitation of PLC vulnerabilities have been on the rise recently. In this study, a PLC test platform aims to analyze the vulnerabilities of a typical industrial setup and perform cyberattack exercises to review the system cybersecurity challenges. The PLC test platform is a sorting machine consisting of an automatic conveyor belt, two Mitsubishi FX5U-32M PLCs, and accessories for material sorting, and Modbus is the selected protocol for data communication. The O.S. on the attacker is Kali ver. 2022.3, runs Nmap and Metasploit to exploit the target Modbus registers. On the other hand, the target host runs the O.S., Ubuntu 22.04 in the cyberattack exercises. The selected attack method for this study is packet reply which can halt operations sending custom data packets to the PLC. In summary, this study provides a basic step-by-step offensive strategy targeting register modification, and the testbed represents a typical industrial environment and its vulnerabilities against cyberattacks with common open-source tools.

engineering, electrical & electronic,computer science, information systems,physics, applied

A. M. Elhanafi,M. Hasibuan

DOI: https://doi.org/10.56211/sudo.v1i4.160

2022-12-08

Abstract:Sebuah perusahaan yang berkembang memerlukan sebuah website untuk menunjang kegiatan operasionalnya, namun yang sering menjadi permasalahan adalah bagaimana cara mengamankan data yang ada di web server agar terhindar dari pihak yang tidak bersangkutan. Dalam penelitian ini akan ditulis bagaimana cara mengetahui tingkat keamanan pada web server diva karaoke dengan melakukan pengujian penetrasi dalam suatu sistem dengan menggunakan perangkat lunak virtualisasi virtualbox untuk mengeksekusi sistem operasi kali linux. Pengujian penetrasi ini hanya untuk menguji tingkat keamanan sistem jaringan web server diva karaoke dengan menggunakan uji coba non destruktif yaitu uji coba yang tidak membuat kerusakan sistem. Penelitian ini dilakukan dengan melakukan analisis dan perancangan dengan menggunakan tools-tools yang ada di kali linux. Hasil penelitian ini menunjukkan tingkat kerentanan pada web server diva karaoke masih rendah, dibuktikan dengan adanya beberapa port TCP yang terbuka, situs web beresiko terhadap serangan clickjacking. Selain itu penelitian ini juga dapat menjadi tolak ukur sejauh mana perusahaan yang dievaluasi ini sudah bisa mengamankan data dari pihak yang seharusnya tidak mendapatkan akses terhadap data.

Limei Ma,Dongmei Zhao,Yijun Gao,Chen Zhao

DOI: https://doi.org/10.21307/ijanmc-2019-045

2019-01-01

Abstract:Abstract In this paper, the current popular SSH password brute force cracking tool is researched, analyzed and summarized. The ssh_login module in Metasploit is used to brute force the SSH service to finally obtain the password. The Brute Spray tool is used to automatically call Medusa to blast the service, demonstrating SSH. The process of brute force cracking has certain reference value for penetration attack testing and security defense.

Kalinath Katuri,Ioannis Zografopoulos,Ha Thi Nguyen,Charalambos Konstantinou

2023-04-15

Abstract:Smart grid advancements and the increased integration of digital devices have transformed the existing power grid into a cyber-physical energy system. This reshaping of the current power system can make it vulnerable to cyberattacks, which could cause irreversible damage to the energy infrastructure resulting in the loss of power, equipment damage, etc. Constant threats emphasize the importance of cybersecurity investigations. At the same time, developing cyber-physical system (CPS) simulation testbeds is crucial for vulnerability assessment and the implementation and validation of security solutions. In this paper, two separate real-time CPS testbeds are developed based on the availability of local research facilities for impact analysis of denial-of-service (DoS) attacks on microgrids. The two configurations are implemented using two different digital real-time simulator systems, one using the real-time digital simulator (RTDS) with a hardware-in-the-loop (HIL) setup and the other one using OPAL-RT with ExataCPS to emulate the cyber-layer infrastructure. Both testbeds demonstrate the impact of DoS attacks on microgrid control and protection operation.

Systems and Control,Cryptography and Security

Chiem Trieu Phong,Wei Qi Yan

DOI: https://doi.org/10.4018/ijdcf.2014100104

2014-01-01

International Journal of Digital Crime and Forensics

Abstract:Penetration testing is an effort to attack a system using similar techniques and tools adopted by real hackers. The ultimate goal of penetration testing is to call to light as many existing vulnerabilities as possible, then come up with practical solutions to remediate the problems; thus, enhance the system security as a whole. The paper introduces concepts and definitions related to penetration testing, together with different models and methodologies to conduct a penetration test. A wide range of penetration testing state-of-the-art, as well as related tools (both commercial and free open source available on the market) are also presented in relatively rich details.

Denys Mishchenko,Irina Oleinikova,László Erdődi,Basanta Raj Pokhrel

DOI: https://doi.org/10.1109/access.2024.3375401

IF: 3.9

2024-03-19

IEEE Access

Abstract:The rapid digitalization of power systems involves enhanced interconnectivity, intelligence, and cost-efficiency across all components. In the era of Industry 5.0, the criticality of energy supply makes power systems prime targets for attacks, highlighting the need for the creation and evaluation of solutions against cyber-physical threats. Testbeds have emerged as essential tools for these purposes by representing real-world power systems in controlled environments and simulating cyber-physical attack-defense experiments. This paper introduces a Cyber-Physical Security (CPS) testbed rooted in the Smart Grid Architecture Model (SGAM) and developed adversary setup within the National Smart Grid Laboratory at the Norwegian University of Science and Technology. By adhering to the SGAM framework, this study delves into the classification and assessment of threats within the structure of the CPS testbed, examining vulnerabilities at distinct structural levels. Significantly, the strategic placement of the adversary setup within these levels enables a comprehensive evaluation of cyber-physical vulnerabilities in simulated systems, thereby facilitating the assessment of protective measures. Furthermore, this research presents case studies using three data sources as an aggregated dynamic power system model simulated in the real-time digital simulator OPAL-RT, real power grid, and playback of previously recorded data frames using virtual phasor measurement units functionality. The focus of this work is on the analysis of the five most common cyberattacks on power systems, such as passive and active reconnaissance, interruption in communication, TCP packet injection, and men-in-the-middle attacks utilizing the C37.118.2-2011 protocol. The results of the case studies illustrate the framework for the adversary setup and provide proof-of-concept attack scenarios for evaluation purposes. As part of future work, we intend to expand upon this research with a defender setup and implement more sophisticated, stealthy attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Polina Zilberman,Rami Puzis,Sunders Bruskin,Shai Shwarz,Yuval Elovici

DOI: https://doi.org/10.48550/arXiv.2003.01518

2020-10-02

Abstract:Threat emulators are tools or sets of scripts that emulate cyber attacks or malicious behavior. They can be used to create and launch single procedure attacks and multi-step attacks; the resulting attacks may be known or unknown cyber attacks. The motivation for using threat emulators varies and includes the need to perform automated security audits in organizations or reduce the size of red teams in order to lower pen testing costs; or the desire to create baseline tests for security tools under development or supply pen testers with another tool in their arsenal. In this paper, we review and compare various open-source threat emulators. We focus on tactics and techniques from the MITRE ATT&CK Enterprise matrix and determine whether they can be performed and tested with the emulators. We develop a comprehensive methodology for our qualitative and quantitative comparison of threat emulators with respect to general features, such as prerequisites, attack definition, cleanup, and more. Finally, we discuss the circumstances in which one threat emulator is preferred over another. This survey can help security teams, security developers, and product deployment teams examine their network environment or products with the most suitable threat emulator. Using the guidelines provided, a team can select the threat emulator that best meets their needs without evaluating all of them.

Cryptography and Security

Venkata S. Koganti,Mohammad Ashrafuzzaman,Ananth A. Jillepalli,Frederick T. Sheldon

DOI: https://doi.org/10.1109/malware.2017.8323960

2017-10-01

Abstract:Industrial Control Systems (ICS), at the heart of critical infrastructures, have been developing into more and more powerful tools over the years with the incorporation of networking and cyber, among other, technologies. As with great power comes great risks, ICS's inherited risks and vulnerabilities not only from the cyber domain but also gave rise to unique security risks and vulnerabilities. Security management, i.e., identifying vulnerabilities, assessing threats, preventing and tolerating malicious and harmful activities, mitigating and recovering from attacks, etc., for ICS's have been identified as a key, if not the key, area for the protection of critical infrastructures. The importance of a test-bed mimicking a real-life ICS and having capabilities to support ICS security management is paramount. In this paper, after briefly surveying the vulnerabilities in ICS and surveying the existing ICS test-beds, we describe the implementation of a virtual ICS testbed controlling the distribution breaker system of a power grid. We also describe simulating two cyber attacks using the testbed.

V. Balatska,M. Shabatura

DOI: https://doi.org/10.32447/20784643.20.2019.01

2020-01-22

Bulletin of Lviv State University of Life Safety

Abstract:For today, computer networks are an integral part of our daily lives. As the analysis shows, the network is ex-tremely vulnerable, it can serve as a place of information leakage, changes of configuration of settings and modification of data by the attackers. There are many more threats, and the security of the network requires a great deal of attention to ensure the security of the network in order to maintain the confidentiality and integrity of the data. Organizations must regularly assess the vulnerability of the entire network to test the security level and strengthen the network. We use vulnerability scanners to find weaknesses, which are useful for detecting security vulnerabilities on a case-by-case basis and across the network as a whole. The purpose of the work is to explore the computer network for vulnerabilities using the Nessus Professional scanner. Research Methods – network scanning by Nessus Professional vulnerability scanner. The Nessus Professional vulnerability scanner from Tenable Network Security, which is freely available, was used for the research. The Nessus Professional scanner has been found to have better functionality and performance than other available scanners. The only downside to the scanner is its cost per year, as well as scanning a large number of hosts on the network at a time (over 100 hosts). After the scanner was successfully installed, carried out it was in-spected from the moment it was launched to the generation of host test reports. For the work, the Lviv State University of Life Safety network was tested. In the post-scan report, which is displayed in HTML format, you can see scan details for each host; the number and nature of vulnerabilities; the error correction dashboard. According to the results of testing, vulnerabilities of low, medium and high levels of hazards were identified, totaling 376. Vulnerabilities were ana-lyzed based on the obtained results, namely: a brief description and a way to solve the problem.

Junho Hong,Ying Chen,Chen-Ching Liu,Manimaran Govindarasu

DOI: https://doi.org/10.1007/978-3-662-45928-7_10

2015-01-01

Abstract:The physical system of the power grids relies on the cyber system for monitoring, control, and operation. As a result, the reliable operation of power grids is highly dependent on the associated cyber infrastructures. The integrated cyber and physical system of power grids creates a large and complex infrastructure. Due to the high penetration of Information and Communications Technology (ICT), Supervisory Control And Data Acquisition (SCADA) systems are highly interconnected with one another, resulting in higher vulnerability with respect to cyber intrusions. Recent reports indicate that cyber-attacks are increasingly likely for the critical infrastructures, e.g., control centers, nuclear power plants, and substations. These attacks may cause significant damages on the power grid. Cyber security research for the power grid is a high priority subject for the emerging smart grid environment.Substations in the power grid are critical as they are installed with power system components such as transformers, busbars, circuit breakers, and Intelligent Electronic Devices (IEDs). Measurements from substations are used as input to Energy Management System (EMS) software applications, including state estimation and optimal power flow. These cyber and physical devices can be physically or electrically connected. For example, a protection and control unit of a transformer is connected to the user-interface via the substation local area network.Remote access to substation networks is a common way for maintenance of substation facilities. However, there are many potential cyber security issues including remote access connection. Simultaneous cyber intrusions to important substations may trigger multiple, cascaded sequences of events, leading to a blackout. As a result, it is crucial to enhance the cyber security of substations and analyze cyber and physical security as one integrated structure in order to enhance the resilience of power grids. The mitigation strategy is vital to cyber-physical security of substations in order to stop the attack, disconnect the intruder, and restore the power system to a normal state. Mitigation methods can be taken on the cyber (ICT) side and physical (power system) side. The key to cyber mitigation is to find anomaly activities or malicious behaviors, and disconnect or stop the intrusion.A cyber-physical testbed is critical for the study of cyber-physical security of power systems. For reason of security by power companies, real measurements (e.g., voltages, currents and binary status) and ICT data (e.g., communication protocols, system logs, and security logs) are not available. A testbed is a good alternative to acquire realistic cyber (i.e., ICT data) and physical (i.e., power system measurements) system data for research and demonstration purposes. The cyber-physical testbed provides a realistic environment to study the interactions between a complex power system and the ICT system. It is important to study the cause-effect relationships of cyber intrusions, vulnerability and resilience of power systems, as well as the performance and reliability of applications in a realistic environment provided by a testbed.

Jie Su,Zhen Hong,Lei Ye,Tao Liu,Sizhuang Liang,Shouling Ji,Gagangeet Singh Aujla,Reheem Beyah,Zhenyu Wen

DOI: https://doi.org/10.1109/tce.2023.3347651

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:As a typical representative of the Internet of Energy (IoE) intelligent era, consumer electronic (CE) devices continue to evolve at a remarkable pace. Computers, as typical and essential CE devices, have been instrumental in enhancing efficiency, communication, entertainment, and information access. As part of this evolution, a significant trend in computer design focuses on achieving low power consumption while maintaining high performance. For instance, a computer’s central processing unit (CPU) dynamically modulates its output power in response to the varying workload demands of running applications. However, these power efficiency mechanisms may inadvertently introduce implicit patterns into the operational states of CE devices. Particularly, the power consumption of a CE device executing various tasks can manifest distinguishable temporal patterns, thereby exposing potential vulnerabilities. Thus, this work aims to investigate the vulnerabilities of CE devices on power consumption mechanisms. We focus on exploring the possibility of using alternating current (AC) power consumption to infer the running applications on a consumer computer. To achieve that, we construct a physical attack system that employs data acquisition, processing, classification, and inference stages to establish a “profiler" for application profiling. The extensive experiment results on the self-collected power consumption dataset (36 applications) demonstrate the effectiveness of the attacking system.

Ayush Kumar,David K. Yau

2023-07-06

Abstract:In this work, we propose a testbed environment to capture the attack strategies of an adversary carrying out a cyber-attack on an enterprise network. The testbed contains nodes with known security vulnerabilities which can be exploited by hackers. Participants can be invited to play the role of a hacker (e.g., black-hat, hacktivist) and attack the testbed. The testbed is designed such that there are multiple attack pathways available to hackers. We describe the working of the testbed components and discuss its implementation on a VMware ESXi server. Finally, we subject our testbed implementation to a few well-known cyber-attack strategies, collect data during the process and present our analysis of the data.

Cryptography and Security

Shishir Kumar Shandilya,Chirag Ganguli,Ivan Izonin,Prof Atulya Kumar Nagar

DOI: https://doi.org/10.1016/j.dib.2022.108771

2022-11-24

Abstract:To determine the effectiveness of any defense mechanism, there is a need for comprehensive real-time network data that solely references various attack scenarios based on older software versions or unprotected ports, and so on. This presented dataset has entire network data at the time of several cyber attacks to enable experimentation on challenges based on implementing defense mechanisms on a larger scale. For collecting the data, we captured the network traffic of configured virtual machines using Wireshark and tcpdump. To analyze the impact of several cyber attack scenarios, this dataset presents a set of ten computers connected to Router1 on VLAN1 in a Docker Bridge network, that try and exploit each other. It includes browsing the web and downloading foreign packages including malicious ones. Also, services like File Transfer Protocol (FTP) and Secure Shell (SSH) were exploited using several attack mechanisms. The presented dataset shows the importance of updating and patching systems to protect themselves to a greater extent, by following attack tactics on older versions of packages as compared to the newer and updated ones. This dataset also includes an Apache Server hosted on a different subset of VLAN2 which is connected to the VLAN1 to demonstrate isolation and cross- VLAN communication. The services on this web server were also exploited by the previously stated ten computers. The attack types include Distributed Denial of Service, SQL Injection, Account Takeover, Service Exploitation (SSH, FTP), DNS and ARP Spoofing, Scanning and Firewall Searching and Indexing (using Nmap), Hammering the services to brute-force passwords and usernames, Malware attacks, Spoofing, and Man-in-the-Middle Attack. The attack scenarios also show various scanning mechanisms and the impact of Insider Threats on the entire network.

Vivek Kumar Singh,Manimaran Govindarasu

DOI: https://doi.org/10.1007/978-3-030-54275-7_22

2020-09-22

Abstract:Today’s electric power grid is a complex, automated, and interconnected cyber-physical system (CPS) that relies on supervisory control and data acquisition (SCADA)-based communication infrastructure for operating wide-area monitoring, protection, and control (WAMPAC) applications. With a push towards making the grid smarter, the critical SCADA infrastructure like power system is getting exposed to countless cyberattacks that necessitate the development of state-of-the-art intrusion detection systems (IDS) to provide comprehensive security solutions at different layers in the smart grid network. While considering the continuously evolving attack surfaces at physical, communication, and application layers, existing conventional IDS solutions are insufficient and incapable to resolve multi-dimensional cybersecurity threats because of their specific nature of the operation, either a data-centric or protocol-centric, to detect specific types of attacks. This chapter presents a hybrid intrusion detection system framework by integrating a network-based IDS, model-based IDS, and state-of-the-art machine learning-based IDS to detect unknown and stealthy cyberattacks targeting the SCADA networks. We have applied the cyber-kill model to develop and demonstrate attack vectors and their associated mechanisms. The hybrid IDS utilizes attack signatures in grid measurements and network packets as well as leverages secure phasor measurements to detect different stages of cyber-attacks while following the kill-chain process. As a proof of concept, we present the experimental case study in the context of centralized wide-area protection (CWAP) cybersecurity by utilizing resources of the PowerCyber testbed at Iowa State University (ISU). We also describe different classes of implemented cyber-attacks and generated heterogeneous datasets using the IEEE 39 bus system. Finally, the performance of the hybrid IDS is evaluated based in terms of detection rate in real-time cyber-physical environment.