Benchmarking vulnerability scanners: An experiment on SCADA devices and scientific instruments

Malaka El, Emma McMahon, Sagar Samtani, Mark Patton, Hsinchun Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Cybersecurity is a critical concern in society today. One common avenue of attack for malicious hackers is exploiting vulnerable websites. It is estimated that there are over one million websites that are attacked daily. Two emerging targets of such attacks are Supervisory Control and Data Acquisition (SCADA) devices and scientific instruments. Vulnerability assessment tools can help provide owners of these devices with the knowledge on how to protect their infrastructure. However, owners face difficulties in identifying which tools are ideal for their assessments. This research aims to benchmark two state-of-The-Art vulnerability assessment tools, Nessus and Burp Suite, in the context of SCADA devices and scientific instruments. We specifically focus on identifying the accuracy, scalability, and vulnerability results of the scans. Results of our study indicate that both tools together can provide a comprehensive assessment of the vulnerabilities in SCADA devices and scientific instruments.

Original languageEnglish (US)
Title of host publication2017 IEEE International Conference on Intelligence and Security Informatics
Subtitle of host publicationSecurity and Big Data, ISI 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages83-88
Number of pages6
ISBN (Electronic)9781509067275
DOIs
StatePublished - Aug 8 2017
Event15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017 - Beijing, China
Duration: Jul 22 2017Jul 24 2017

Other

Other15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017
CountryChina
CityBeijing
Period7/22/177/24/17

Fingerprint

Benchmarking
Data acquisition
Websites
Experiments
Scalability
Experiment
Vulnerability
Owners
Web sites
Assessment tools
Attack

Keywords

  • benchmark
  • Burp
  • Nessus
  • SCADA
  • scientific instruments
  • vulnerability assessment tools

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Cite this

El, M., McMahon, E., Samtani, S., Patton, M., & Chen, H. (2017). Benchmarking vulnerability scanners: An experiment on SCADA devices and scientific instruments. In 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017 (pp. 83-88). [8004879] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISI.2017.8004879

Benchmarking vulnerability scanners : An experiment on SCADA devices and scientific instruments. / El, Malaka; McMahon, Emma; Samtani, Sagar; Patton, Mark; Chen, Hsinchun.

2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 83-88 8004879.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

El, M, McMahon, E, Samtani, S, Patton, M & Chen, H 2017, Benchmarking vulnerability scanners: An experiment on SCADA devices and scientific instruments. in 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017., 8004879, Institute of Electrical and Electronics Engineers Inc., pp. 83-88, 15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017, Beijing, China, 7/22/17. https://doi.org/10.1109/ISI.2017.8004879
El M, McMahon E, Samtani S, Patton M, Chen H. Benchmarking vulnerability scanners: An experiment on SCADA devices and scientific instruments. In 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 83-88. 8004879 https://doi.org/10.1109/ISI.2017.8004879
El, Malaka ; McMahon, Emma ; Samtani, Sagar ; Patton, Mark ; Chen, Hsinchun. / Benchmarking vulnerability scanners : An experiment on SCADA devices and scientific instruments. 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 83-88
@inproceedings{242059fc36fb47ff9ef11a7fc8b3944b,
title = "Benchmarking vulnerability scanners: An experiment on SCADA devices and scientific instruments",
abstract = "Cybersecurity is a critical concern in society today. One common avenue of attack for malicious hackers is exploiting vulnerable websites. It is estimated that there are over one million websites that are attacked daily. Two emerging targets of such attacks are Supervisory Control and Data Acquisition (SCADA) devices and scientific instruments. Vulnerability assessment tools can help provide owners of these devices with the knowledge on how to protect their infrastructure. However, owners face difficulties in identifying which tools are ideal for their assessments. This research aims to benchmark two state-of-The-Art vulnerability assessment tools, Nessus and Burp Suite, in the context of SCADA devices and scientific instruments. We specifically focus on identifying the accuracy, scalability, and vulnerability results of the scans. Results of our study indicate that both tools together can provide a comprehensive assessment of the vulnerabilities in SCADA devices and scientific instruments.",
keywords = "benchmark, Burp, Nessus, SCADA, scientific instruments, vulnerability assessment tools",
author = "Malaka El and Emma McMahon and Sagar Samtani and Mark Patton and Hsinchun Chen",
year = "2017",
month = "8",
day = "8",
doi = "10.1109/ISI.2017.8004879",
language = "English (US)",
pages = "83--88",
booktitle = "2017 IEEE International Conference on Intelligence and Security Informatics",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

TY - GEN

T1 - Benchmarking vulnerability scanners

T2 - An experiment on SCADA devices and scientific instruments

AU - El, Malaka

AU - McMahon, Emma

AU - Samtani, Sagar

AU - Patton, Mark

AU - Chen, Hsinchun

PY - 2017/8/8

Y1 - 2017/8/8

N2 - Cybersecurity is a critical concern in society today. One common avenue of attack for malicious hackers is exploiting vulnerable websites. It is estimated that there are over one million websites that are attacked daily. Two emerging targets of such attacks are Supervisory Control and Data Acquisition (SCADA) devices and scientific instruments. Vulnerability assessment tools can help provide owners of these devices with the knowledge on how to protect their infrastructure. However, owners face difficulties in identifying which tools are ideal for their assessments. This research aims to benchmark two state-of-The-Art vulnerability assessment tools, Nessus and Burp Suite, in the context of SCADA devices and scientific instruments. We specifically focus on identifying the accuracy, scalability, and vulnerability results of the scans. Results of our study indicate that both tools together can provide a comprehensive assessment of the vulnerabilities in SCADA devices and scientific instruments.

AB - Cybersecurity is a critical concern in society today. One common avenue of attack for malicious hackers is exploiting vulnerable websites. It is estimated that there are over one million websites that are attacked daily. Two emerging targets of such attacks are Supervisory Control and Data Acquisition (SCADA) devices and scientific instruments. Vulnerability assessment tools can help provide owners of these devices with the knowledge on how to protect their infrastructure. However, owners face difficulties in identifying which tools are ideal for their assessments. This research aims to benchmark two state-of-The-Art vulnerability assessment tools, Nessus and Burp Suite, in the context of SCADA devices and scientific instruments. We specifically focus on identifying the accuracy, scalability, and vulnerability results of the scans. Results of our study indicate that both tools together can provide a comprehensive assessment of the vulnerabilities in SCADA devices and scientific instruments.

KW - benchmark

KW - Burp

KW - Nessus

KW - SCADA

KW - scientific instruments

KW - vulnerability assessment tools

UR - http://www.scopus.com/inward/record.url?scp=85030256065&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85030256065&partnerID=8YFLogxK

U2 - 10.1109/ISI.2017.8004879

DO - 10.1109/ISI.2017.8004879

M3 - Conference contribution

AN - SCOPUS:85030256065

SP - 83

EP - 88

BT - 2017 IEEE International Conference on Intelligence and Security Informatics

PB - Institute of Electrical and Electronics Engineers Inc.

ER -