Expansion of ICS Testbed for Security Validation based on MITRE ATT&CK Techniques


Seungoh Choi, Jongwon Choi, Jeong-Han Yun, Byung-Gil Min, and HyoungChun Kim, The Affiliated Institute of ETRI

Long Preliminary Work Paper


To respond to cyber threats, all systems in an industrial control system (ICS) should be comprehensively monitored and analyzed. However, there is no dataset to perform this integrated monitoring and analysis study. In previous research, the testbed and dataset represented only one specific area, such as the network or physical level. This imposes limitations upon the testing, validating, and user training of the integrated monitoring system. Therefore, we are developing datasets to test systems that integrate and monitor the ICS operated in a wide range of areas. In this paper, we introduce a method to expand the existing testbed so that information can be collected and monitored during an ICS attack based on the MITRE ATT&CK framework. In addition, to create a dataset for simulating large-scale and long-term attack scenarios, a security dataset enrichment tool is proposed.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {256932,
author = {Seungoh Choi and Jongwon Choi and Jeong-Han Yun and Byung-Gil Min and HyoungChun Kim},
title = {Expansion of {ICS} Testbed for Security Validation based on {MITRE} ATT\&CK Techniques},
booktitle = {13th {USENIX} Workshop on Cyber Security Experimentation and Test ({CSET} 20)},
year = {2020},
url = {https://www.usenix.org/conference/cset20/presentation/choi},
publisher = {{USENIX} Association},
month = aug,

Presentation Video