This chapter provides a comprehensive examination of the active cyber defense cycle, encompassing threat information collection, detection techniques, and incident response processes. It offers insights into advanced persistent threats (APTs) and equips readers with skills in network traffic analysis and endpoint monitoring to identify suspicious activities. The chapter emphasizes the importance of cyber resilience and adherence to regulatory frameworks, such as the NIST Cybersecurity Framework. It explores the application of machine learning and deep learning techniques for threat identification and the protection of cyber-physical systems (CPS) against cyberattacks. Additionally, the chapter discusses strategies for cyber threat hunting, task prioritization procedures, and the deployment of honeypots and decoy systems. The following chapter will address resilience testing, red teaming exercises, and recovery strategies for Industrial Control Systems (ICS) in the aftermath of a cyberattack.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Strengthening ICS Attack Resiliency: Advanced Incident Response, Threat Intelligence, and Cyber-Physical Systems Monitoring

  • Mohammad Ashiqur Rahman,
  • Syed Bahauddin Alam,
  • Kishor Datta Gupta,
  • Roy George,
  • Sunzida Siddique,
  • Kazuma Kobayashi

摘要

This chapter provides a comprehensive examination of the active cyber defense cycle, encompassing threat information collection, detection techniques, and incident response processes. It offers insights into advanced persistent threats (APTs) and equips readers with skills in network traffic analysis and endpoint monitoring to identify suspicious activities. The chapter emphasizes the importance of cyber resilience and adherence to regulatory frameworks, such as the NIST Cybersecurity Framework. It explores the application of machine learning and deep learning techniques for threat identification and the protection of cyber-physical systems (CPS) against cyberattacks. Additionally, the chapter discusses strategies for cyber threat hunting, task prioritization procedures, and the deployment of honeypots and decoy systems. The following chapter will address resilience testing, red teaming exercises, and recovery strategies for Industrial Control Systems (ICS) in the aftermath of a cyberattack.