Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Discover the ICS Landmarks Based on Multi-stage Clue Mining

  • Conference paper
  • First Online:
Wireless Algorithms, Systems, and Applications (WASA 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13473))

  • 1407 Accesses

Abstract

In recent years, the rapidly increasing landscape of industrial control systems (ICS) devices has made the ICS geolocation more important. However, IP-based geolocation cannot provide high accuracy geographical locations for ICS devices. Commercial databases only provide coarse mappings between IP hosts and physical locations. Measured-based geolocation relies on the number of high-quality landmarks. In this paper, we present a novel framework called OSI-Geo for serving high-quality landmark mining of ICS devices. The main idea is that there are many location-indicating clues in the open-source information exposed by ICS devices, which can be utilized to find their physical locations. The OSI-Geo automatically collects location-indicating clues to generate ICS landmarks at large-scale. We conduct real-world experiments for validating the effectiveness and performance of our method. The results show that OSI-Geo can accurately collect clues with over 99% recall and precision. Based on those clues, 36,872 stable landmarks, covering 162 countries and 5,596 cities, are obtained. Among them, there are 30,290 (82%) fine-grained landmarks accurate to street-level at least. The accuracy of IP geolocation has been improved significantly based on the ICS landmarks. Thus, OSI-Geo achieves effectively landmark mining for ICS devices.

Supported by National Key Research and Development Program of China under Grant 2020YFB2103803.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    MaxMind GeoLite2. https: //www.maxmind.com/en/geoip2-databases

  2. 2.

    IP2Location. https://www.ip2location.com

  3. 3.

    IPAPI. https://ipapi.com.

  4. 4.

    M-Lab. https://www.measurementlab.net/

  5. 5.

    PingER. https://www-iepm.slac.stanford.edu/pinger/,

References

  1. Adrian, D., Durumeric, Z., Singh, G.: Zippier ZMap: internet-wide scanning at 10 Gbps. In: 8th USENIX Workshop on Offensive Technologies (WOOT 14) (2014)

    Google Scholar 

  2. Devlin, J., Chang, M.W., Lee, K.: BERT: pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018)

  3. Durumeric, Z., Adrian, D., Mirian, A.: A search engine backed by internet-wide scanning. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 542–553 (2015)

    Google Scholar 

  4. Eriksson, B., Barford, P.: Maggs: posit: a lightweight approach for IP geolocation. ACM SIGMETRICS Perform. Eval. Rev. 40(2), 2–11 (2012)

    Article  Google Scholar 

  5. Gharaibeh, M., Shah, A., Huffaker, B.: A look at router geolocation in public and commercial databases. In: Proceedings of the 2017 Internet Measurement Conference, pp. 463–469 (2017)

    Google Scholar 

  6. Gueye, B., Ziviani, A., Crovella, M.: Constraint-based geolocation of internet hosts. IEEE/ACM Trans. Netw. 14(6), 1219–1232 (2006)

    Article  Google Scholar 

  7. Guo, C., Liu, Y., Shen, W.: Mining the web and the internet for accurate IP address geolocations. In: IEEE INFOCOM 2009, pp. 2841–2845. IEEE (2009)

    Google Scholar 

  8. Huffaker, B., Fomenkov, M., Claffy, K.: Drop: DNS-based router positioning. ACM SIGCOMM Comput. Commun. Rev. 44(3), 5–13 (2014)

    Article  Google Scholar 

  9. Katz-Bassett, E., John, J.P., Krishnamurthy, A.: Towards IP geolocation using delay and topology measurements. In: Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, pp. 71–84 (2006)

    Google Scholar 

  10. Laki, S., Mátray, P., Hága, P.: Spotter: a model based active geolocation service. In: 2011 Proceedings IEEE INFOCOM, pp. 3173–3181. IEEE (2011)

    Google Scholar 

  11. Liu, H., Zhang, Y., Zhou, Y.: Mining checkins from location-sharing services for client-independent IP geolocation. In: IEEE INFOCOM 2014-IEEE Conference on Computer Communications, pp. 619–627. IEEE (2014)

    Google Scholar 

  12. Liu, J., Chang, W.C., Wu, Y.: Deep learning for extreme multi-label text classification. In: Proceedings of the 40th International ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 115–124 (2017)

    Google Scholar 

  13. McLaughlin, S., Konstantinou, C., Wang, X.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016)

    Article  Google Scholar 

  14. Mirian, A., Ma, Z., Adrian, D.: An internet-wide view of ICS devices. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST), pp. 96–103. IEEE (2016)

    Google Scholar 

  15. Qi, P., Zhang, Y., Zhang, Y., Bolton, J., Manning, C.D.: Stanza: a Python natural language processing toolkit for many human languages. In: Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics: System Demonstrations (2020). https://nlp.stanford.edu/pubs/qi2020stanza.pdf

  16. Tata, S., Patel, J.M.: Estimating the selectivity of TF-IDF based cosine similarity predicates. ACM SIGMOD Rec. 36(2), 7–12 (2007)

    Article  Google Scholar 

  17. Wang, Y., Burgener, D., Flores, M.: Towards street-level client-independent IP geolocation. In: 8th USENIX Symposium on Networked Systems Design and Implementation (NSDI 11) (2011)

    Google Scholar 

  18. Wang, Y., Wang, X., Zhu, H., Zhao, H., Li, H., Sun, L.: ONE-Geo: client-independent IP geolocation based on owner name extraction. In: Biagioni, E.S., Zheng, Y., Cheng, S. (eds.) WASA 2019. LNCS, vol. 11604, pp. 346–357. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23597-0_28

    Chapter  Google Scholar 

  19. Wang, Z., Li, Q., Song, J.: Towards IP-based geolocation via fine-grained and stable webcam landmarks. In: Proceedings of The Web Conference 2020, pp. 1422–1432 (2020)

    Google Scholar 

  20. Wong, B., Stoyanov, I., Sirer, E.G.: Octant: a comprehensive framework for the geolocalization of internet hosts. In: NSDI. vol. 7, pp. 23–23 (2007)

    Google Scholar 

  21. Xu, W., Tao, Y., Guan, X.: The landscape of industrial control systems (ICS) devices on the internet. In: 2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), pp. 1–8. IEEE (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Jie Liu, Jinfa Wang, Peipei Liu, Hongsong Zhu & Limin Sun

  2. Institute of Information Engineering Chinese Academy of Sciences, Beijing, China

    Jie Liu, Jinfa Wang, Peipei Liu, Hongsong Zhu & Limin Sun

Authors
  1. Jie Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jinfa Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peipei Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hongsong Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Limin Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jinfa Wang .

Editor information

Editors and Affiliations

  1. Dalian University of Technology, Dalian, China

    Lei Wang

  2. Ben-Gurion University of the Negev, Beer-Sheva, Israel

    Michael Segal

  3. Chang Gung University, Taiwan, China

    Jenhui Chen

  4. Tianjin University, Tianjin, China

    Tie Qiu

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, J., Wang, J., Liu, P., Zhu, H., Sun, L. (2022). Discover the ICS Landmarks Based on Multi-stage Clue Mining. In: Wang, L., Segal, M., Chen, J., Qiu, T. (eds) Wireless Algorithms, Systems, and Applications. WASA 2022. Lecture Notes in Computer Science, vol 13473. Springer, Cham. https://doi.org/10.1007/978-3-031-19211-1_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-19211-1_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-19210-4

  • Online ISBN: 978-3-031-19211-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation