From Tactics to Techniques: A Systematic Attack Modeling for Advanced Persistent Threats in Industrial Control Systems

Advanced Persistent Threats (APTs) targeting Industrial Control Systems (ICS) have emerged as a significant challenge in the cybersecurity landscape. These sophisticated attacks can lead to catastrophic consequences on critical infrastructure and services. This paper presents an innovative attack model for ICS-APT attacks designed to provide adequate defense against real-world threats. By examining and analyzing real-world APT attacks against ICS, we identify common and unique characteristics across different attacks, bridging the gap between high-level features and low-level behaviors. We further demonstrate the effectiveness of our proposed model by simulating a false data injection attack on a realistic ICS testbed, utilizing the identified Tactics, Techniques, and Procedures (TTPs) and stages of an APT attack. This simulation enables us to validate the model's accuracy and identify potential challenges in mitigating such complex threats. Our proposed model leverages this systematic understanding of attacker behavior, allowing for accurate characterization of attack patterns. It empowers analysts with the tools and insights needed to counteract and mitigate the risk posed by ICS-APT attacks, contributing to the protection of critical infrastructure and enhancing cybersecurity resilience in the face of evolving threats.