Securing Industrial Control Systems using Ontologies

By Ansh (Mentor: Dr. Thomas Heverin)

Is it possible to collect, organize, and systemically retrieve information used to hack Industrial Control Systems?

✅ Yes. Let's use Ontologies.

What are Ontologies?

Ontologies are a way to represent information (usually in the form of graphs). Each node of the graph represents an entity and each line represents a relation between different entities.

Alt. Ontologies are formal representations of concepts, relations, and individuals in a graphical manner.

What are Industrial Control Systems?

Industrial Control Systems (ICS) are systems that can be used to control physical infrastructures like security systems, power plants, electrical grids, and HVAC systems.
The exploitation of these devices can lead to the loss of valuable infrastructure, financial impact, disruption to business operations, and even loss of life.

What is Ethical Hacking?

Ethical Hacking is the practice of emulating a malicious actor and penetrating systems, servers, or hosts with the intention of finding new vulnerabilities and patching them.

Proof of Concept

Information used to Hack WebCTRL 6.5 running on the BACnet Protocol

Methodology

Using Protege, we developed our own ontology that links data about hacking ICS in a semantic manner i.e. subject predicate object
Through SPARQL Queries we organized information as knowledge about particular systems, exploits, vulnerabilities, and technologies

SPARQL Queries

SELECT ?CVE ?AttackVector ?AttackComplexity
WHERE {
	?CVE ics:AttackComplexity ?AttackComplexity .
	?CVE ics:AttackVector ?AttackVector .
	FILTER(?AttackVector = "Network" && ?AttackComplexity = "Low")
}

SELECT ?Vulnerability ?Exploit_Name ?Function 
WHERE { 
	?Software ics:hasVulnerability ?Vulnerability . 
	?Software ics:hasFunction ?Function . 
	?Vulnerability ics:isExploitedBy ?Exploit . 
	?Exploit ics:exploitName ?Exploit_Name . 
} 
ORDER BY ?Function DESC(?Vulnerability)

Output

Which vulnerabilities have 'Low' Attack Complexity and can be hacked across networks?

Display the name of exploits for vulnerabilities and what functions could be impacted in the network.

More Research