CYBERSECURITY ANALYSIS OF WEB-ORIENTED INDUSTRIAL IOT-SYSTEMS

Authors

DOI:

https://doi.org/10.30837/ITSSI.2023.24.131

Keywords:

cyber security; IoT; Industry 4.0; web-oriented systems; web-application security; detection of vulnerabilities; detection of web attacks

Abstract

In modern world cybersecurity ensuring is one of the most crucial issues, especially in the context of the dynamic development of web-oriented industrial Internet of Things (IoT) systems. The subject of research of the paper is cybersecurity ensuring of web-oriented industrial IoT systems. The purpose of the paper is to analyze existing methods of cybersecurity analysis, identify limitations, and formulate requirements for a new assessment concept, which includes ways to eliminate identified limitations. Tasks to be solved: analysis of existing methods, tools and technologies for the organization of web-oriented industrial IoT systems and the problems of ensuring their cyber security. Applied methods: source analysis, system analysis. Obtained results: The analysis of sources has shown that the problems of industrial IoT systems cybersecurity ensuring are relevant due to the use in one system of both the latest information technologies (IT) and traditional operational technologies (OT), such as industrial protocols, etc. In addition, the ever-increasing number and types of attacks aimed specifically at industrial IoT systems are additional drivers for the further development of the cybersecurity assessing and ensuring methods. A generalized concept of the cybersecurity assessing and ensuring process of web-oriented industrial IoT systems is proposed, which includes the stages of identification, analysis, security enhancement, detection and protection. Conclusions: The issue of the cybersecurity ensuring of the web-oriented industrial IoT systems is extremely relevant, and the existing analysis methods and ensuring means do not fully satisfy the existing requirements for such systems. That is why the development and implementation of the proposed concept of cybersecurity assessing and ensuring will allow to significantly influence the improvement of industrial IoT systems cybersecurity.

Author Biographies

Eugene Merzlikin, National Aerospace University "Kharkiv Aviation Institute"

PhD Student, Computer Systems, Networks and Cybersecurity Department

Ievgen Babeshko, National Aerospace University "Kharkiv Aviation Institute"

PhD (Engineering Sciences), Associate Professor, Associate Professor at the Computer Systems, Networks and Cybersecurity Department

References

Список літератури

García-Valls M., Dubey A., Botti V. Introducing the new paradigm of Social Dispersed Computing: Applications, Technologies and Challenges. Journal of Systems Architecture. 2018. № 91. P. 83–102. DOI: https://doi.org/10.1016/j.sysarc.2018.05.007

W3C. The World Wide Web Consortium. The World Wide Web Consortium. 2021. URL: www.w3.org (дата звернення 30.05.2022).

Fielding R., Gettys J., Mogul J., Frystyk H., Masinter L., Leach P., Berners-Lee T. HyperText Transfer Protocol v1.1 HTTP (RFC 2616). The Internet Society: Reston, VA, USA. 1999. URL: https://datatracker.ietf.org/doc/html/rfc2616

Rescorla E. HTTP over TLS, RFC 1818. Internet Engineering Task Force. 2000. URL: https://datatracker.ietf.org/doc/rfc2818/

Fielding R. T. Representational State Transfer (REST). Architectural Styles and the Design of Network-based Software Architectures. University of California, Irvine. CA, USA. 2000. Vol. 5. P. 76–147. URL: https://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm

Pedreira V., Barros D., Pinto P. A Review of Attacks, Vulnerabilities, and Defenses in Industry 4.0 with New Challenges on Data Sovereignty Ahead, Sensors. MDPI Journals, Sensors. 2021. Vol. 21(15). № 5189. DOI: https://doi.org/10.3390/s21155189

García-Valls M., Song L. Improving Security of Web Servers in Critical IoT Systems through Self-Monitoring of Vulnerabilities. MDPI Journals, Sensors. 2022. Vol. 22. № 5004. DOI: https://doi.org/10.3390/s22135004

Fang Z., Fu H., Gu T., Qian Z., Jaeger T., Hu P., Mohapatra P. A model checking-based security analysis framework for IoT systems. Journal of High-Confidence Computing. 2021. № 100004. DOI: https://doi.org/10.1016/j.hcc.2021.100004

Sarwar A., Alnajim A., Marwat S. N. K., Ahmed S., Alyahya S., Khan W. U. Enhanced Anomaly Detection System for IoT Based on Improved Dynamic SBPSO. MDPI Journals, Sensors. 2022. Vol. 22. № 4926. DOI: https://doi.org/10.3390/s22134926

Ervural B. C., Ervural B. Overview of Cyber Security in the Industry 4.0 Era. Managing The Digital Transformation. 2017. P. 267–284. DOI: https://doi.org/10.1007/978-3-319-57870-5_16

Alaoui R. L., Nfaoui E. H. Deep Learning for Vulnerability and Attack Detection on Web Applications: A Systematic Literature Review. MDPI Journals, Future Internet. 2022. Vol. 14. № 118. DOI: https://doi.org/10.3390/fi14040118

Al-Garadi M. A., Mohamed A., Al-Ali A. K., Guizani M., et al. A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security. IEEE Internet of Things Journal. 2020. № 19890478. DOI: https://doi.org/10.1109/COMST.2020.2988293

Shahid J., Hameed M. K., Javed I. T., Qureshi K. N., Ali M., Crespi N. A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions. MDPI Journals, Applied Sciences. 2022. Vol. 12. № 4077. DOI: https://doi.org/10.3390/app12084077

Pathak G., Gutierrez J., Ghobakhlou A., Rehman S. U. LPWAN Key Exchange: A Centralised Lightweight Approach. MDPI Journals, Sensors. 2022. Vol. 22. № 5065. DOI: https://doi.org/10.3390/s22135065

Surej H. I., Ma M., Su R. A FeedForward–Convolutional Neural Network to Detect Low-Rate DoS in IoT. Engineering Applications of Artificial Intelligence. 2022. Vol. 114. № 105059. DOI: https://doi.org/10.1016/j.engappai.2022.105059

Ferrer B. R., Mohammed W. M., Chen E., Martinez Lastra J. L. Connecting Web-Based IoT Devices to a CloudBased Manufacturing Platform. IEEE Internet of Things Journal. 2017. № 17431808. DOI: https://doi.org/10.1109/IECON.2017.8217516

Aazam M., Zeadally S., Harras K. A. Deploying Fog Computing in Industrial Internet of Things and Industry 4.0. IEEE Internet of Things Journal. 2018. № 18133157. DOI: https://doi.org/10.1109/TII.2018.2855198

Kabla H., Anbar M., Manickam S., Al-Amiedy T. A., Cruspe P. B., Al-Ani A. K., Karuppayah S. Applicability of Intrusion Detection System on Ethereum Attacks: A Comprehensive Review. IEEE Access Journal. 2022. Vol. 10. № 21863800. DOI: https://doi.org/10.1109/ACCESS.2022.3188637

Gupta A. The IoT Hacker’s Handbook. Apress Berkeley. CA, 2019. 320 p. DOI: https://doi.org/10.1007/978-1-4842-4300-8

Doupé A., Cova M., Vigna G. Why Johnny can’t pentest: An analysis of black-box web vulnerability scanners. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Bonn, Germany. 2010. Springer: Berlin/Heidelberg. Germany. 2010. P. 111–131. DOI: https://doi.org/10.1007/978-3-642-14215-4_7

Bau J., Bursztein E., Gupta D., Mitchell J. State of the Art: Automated Black-Box Web Application Vulnerability Testing. IEEE Symposium on Security and Privacy. Oakland. CA. USA. 2010. P. 332–345. DOI: https://doi.org/10.1109/SP.2010.27

Parvez M., Zavarsky P., Khoury N. Analysis of effectiveness of black-box web application scanners in detection of stored SQL injection and stored XSS vulnerabilities. IEEE: Piscataway. NJ. USA. 2015. P. 186–191. DOI: https://doi.org/10.1109/ICITST.2015.7412085

Suteva N., Zlatkovski D., Mileva A. Evaluation and testing of several free/open source web vulnerability scanners. Conference for Informatics and Information Technology (CIIT 2013). Bitola. Macedonia. 2013. Р. 221–224. URL: https://www.researchgate.net/publication/261033249_Evaluation_and_Testing_of_Several_FreeOpen_Source_Web_Vulnerability_Scanners

Idrissi S., Berbiche N., Guerouate F., Shibi M. Performance evaluation of web application security scanners for prevention and protection against vulnerabilities. International Journal of Applied Engineering Research. 2017. Vol. 12. № 21. P. 11068–11076. URL: https://www.ripublication.com/ijaer17/ijaerv12n21_76.pdf

Momeni E., Cardie C., Diakopoulos N. A survey on assessment and ranking methodologies for user-generated content on the web. ACM Comput. Surv. (CSUR). 2015. Vol. 48(3). Р. 1–49. DOI: https://doi.org/10.1145/2811282

Kumar M., Majithia S., Bhushan S. An Efficient Model for Web Vulnerabilities Detection based on Probabilistic Classification. Int. J. Technol. Comput. (IJTC). Techlive Solut. 2016. P. 50–58. URL: www.semanticscholar.org/paper/An-Efficient-Model-for-Web-Vulnerabilities-based-on-Kumar-Majithia/f09ddc0501358e234a5f8e9ebec359beb91db8f1 (дата звернення 12.04.2022).

Raj G., Mahajan M., Singh D. Security testing for monitoring web service using Cloud. IEEE: Piscataway. NJ, USA. 2018. № 18043392. P. 316–321. DOI: https://doi.org/10.1109/ICACCE.2018.8441734

Ahmed M., Adil M., Latif S. Web application prototype: State-of-art survey evaluation. IEEE: Piscataway. NJ, USA. 2015. № 15756740. P. 19–24. DOI: https://doi.org/10.1109/NSEC.2015.7396339

Hasan A., Meva D. Web Application Safety by Penetration Testing. Int. J. Adv. Stud. Sci. Res. 2018. URL: www.academia.edu/38248493/Web_Application_Safety_by_Penetration_Testing (дата звернення 12.04.2022).

Mohammed R. Assessment of Web Scanner Tools. Int. J. Comput. Appl. 2016. Vol. 133(5). Р. 1–4. DOI: https://doi.org/10.5120/ijca2016907794

Curphey M., Arawo R. Web application security assessment tools. IEEE Secur. Priv. 2006. Vol. 4. P. 32–41. DOI: https://doi.org/10.1109/MSP.2006.108

Fang Y., Long X., Liu L., Huang C. DarkHunter: A fingerprint recognition model for web automated scanners based on CNN. 2nd International Conference on Cryptography, Security and Privacy. Guiyang, China. 2018. ACM: New York, NY, USA. 2018. P. 10–15. DOI: https://doi.org/10.1145/3199478.3199504

Alsaleh M., Alomar N., Alshreef M., Alarifi A., Al-Salman A. Performance-based comparative assessment of open source web vulnerability scanners. Secur. Commun. Netw. 2017. URL: www.hindawi.com/journals/scn/2017/6158107 (дата звернення 12.04. 2022).

Terry M., Oigiagbe O. D., Acharya S. A comprehensive security assessment toolkit for healthcare systems. Colonial Academic Alliance Undergraduate Research Journal. 2015. Vol. 4. P. 1–6. URL: https://scholarworks.wm.edu/caaurj/vol4/iss1/6

Furrer F. J. Safety and Security of Cyber-Physical Systems. Engineering dependable Software using Principle-based Development. 2022. 521 р. DOI: https://doi.org/10.1007/978-3-658-37182-1

Wu D., Ren A., Zhang W., Fan F., Liu P., Fu X., Terpenny J. Cybersecurity for digital manufacturing. J. Manuf. Syst. 2018. Vol. 48. P. 3–12. DOI: https://doi.org/10.1016/j.jmsy.2018.03.006

Bublil S., Kessler A. How Industrial IoT could Trigger the Next Cyber Catastrophe. 2020. URL: www.kovrr.com/reports/how-industrial-iot-could-trigger-the-next-cyber-catastrophe-2 (дата звернення 22.03.2020).

Henriquez M. Hacker breaks into Florida water treatment facility, changes chemical levels. Security Magazine. 2021. URL: https://www.securitymagazine.com/articles/94552-hacker-breaks-into-florida-water-treatment-facility-changes-chemical-levels (дата звернення 9.02.2021).

ISO/IEC 27001. Information Technology. Security Techniques. Information Security Management Systems-Requirements. ISO/IEC International Standards Organization: Geneva, Switzerland. 2005. URL: https://www.google.com/aclksa=l&ai=DChcSEwjp6qK3paCAAxWgn2gJHddUA2QYABABGgJ3Zg&sig=AOD64_1a4QKpT5Or3O6oATYqyvW4zlqgQ&q&adurl&ved=2ahUKEwifwpG3paCAAxWTiFwKHThIBeIQ0Qx6BAgPEAE

Top 10 Web Application Security Risks. The OWASP Foundation. 2022. URL: https://www.owasp.org (дата звернення 30.05.2022).

Agreindra Helmiawan M., Firmansyah E., Fadil I., Sofivan Y., Mahardika F., Guntara A. Analysis of Web Security Using Open Web Application Security Project 10. 8th International Conference on Cyber and IT Service Management (CITSM). Pangkal, Indonesia. 2020. P. 1–5. DOI: https://doi.org/10.1109/CITSM50537.2020.9268856

OWASP Application Security Verification Standard. OWASP. 2022. URL: http://www.owasp.org/index.php/ASVS (дата звернення 20.02.2022).

Morozova O. I., Nicheporuk A. O., Tets'kyy A. H., Tkachov V. M. Methods and technologies for ensuring cybersecurity of industrial and web-based systems and networks. National Aerospace University – "Kharkiv Aviation Institute": Scientific work. № 4. 2021. Р. 145–156 DOI: https://doi.org/10.32620/reks.2021.4.12

Bhorkar G. Security Analysis of an Operations Support System. School of Science. Master’s Programme in Computer, Communication and Information Sciences. Aalto University. 2017. URL: https://aaltodoc.aalto.fi/handle/123456789/29252 (дата звернення 12.04.2022).

Seng L. K., Ithnin N., Said S. Z. M. The approaches to quantify web application security scanners quality: a review. Int. J. Adv. Comput. Res. 2018. Vol. 8. P. 285–312. DOI: https://doi.org/10.19101/IJACR.2018.838012

Common Vulnerabilities and Exposures. URL: https://cve.mitre.org/

National Vulnerability Database. URL: https://nvd.nist.gov/

MITRE ATT&CK for ICS. URL: https://attack.mitre.org/techniques/ics/

References

García-Valls, M., Dubey, A., Botti, V. (2018), "Introducing the new paradigm of Social Dispersed Computing: Applications, Technologies and Challenges", Journal of Systems Architecture, No. 91. P. 83–102. DOI: https://doi.org/10.1016/j.sysarc.2018.05.007.

"W3C. The World Wide Web Consortium, The World Wide Web Consortium 2021", available at: www.w3.org. (last accessed 30.05.2022).

Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T. (1999), "HyperText Transfer Protocol v1.1; HTTP (RFC 2616)", The Internet Society: Reston, VA, USA, available at: https://datatracker.ietf.org/doc/html/rfc2616

Rescorla, E. (2000), "HTTP over TLS, RFC 1818", Internet Engineering Task Force, available at: https://datatracker.ietf.org/doc/rfc2818/

Fielding, R.T. (2000), "Representational State Transfer (REST). Architectural Styles and the Design of Network-based Software Architectures", University of California, Irvine, CA, USA, Vol. 5, P. 76–147, available at: https://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm

Pedreira, V., Barros, D., Pinto, P. (2021), "A Review of Attacks, Vulnerabilities, and Defenses in Industry 4.0 with New Challenges on Data Sovereignty Ahead, Sensors", MDPI Journals, Sensors, Vol. 21(15), No. 5189. DOI: https://doi.org/10.3390/s21155189

García-Valls, M., Song, L. (2022), "Improving Security of Web Servers in Critical IoT Systems through Self-Monitoring of Vulnerabilities", MDPI Journals, Sensors, Vol. 22, No. 5004. DOI: https://doi.org/10.3390/s22135004

Fang, Z., Fu, H., Gu, T., Qian, Z., Jaeger, T., Hu, P., Mohapatra, P. (2021), "A model checking-based security analysis framework for IoT systems", Journal of High-Confidence Computing, No. 100004. DOI: https://doi.org/10.1016/j.hcc.2021.100004

Sarwar, A., Alnajim, A., Marwat, S. N. K., Ahmed, S., Alyahya, S., Khan, W.U. (2022), "Enhanced Anomaly Detection System for IoT Based on Improved Dynamic SBPSO", MDPI journals, Sensors, Vol. 22, No. 4926. DOI: https://doi.org/10.3390/s22134926

Ervural, B. C., Ervural, B. (2017), "Overview of Cyber Security in the Industry 4.0 Era", Managing the Digital Transformation, P. 267–284. DOI: https://doi.org/10.1007/978-3-319-57870-5_16

Alaoui, R. L., Nfaoui, E. H. (2022), "Deep Learning for Vulnerability and Attack Detection on Web Applications: A Systematic Literature Review", MDPI Jjournals, Future Internet, Vol. 14, No. 118. DOI: https://doi.org/10.3390/fi14040118

Al-Garadi, M. A., Mohamed, A., Al-Ali, A., Guizani, M. et al. (2020), "A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security", IEEE Internet of Things Journal, No. 19890478. DOI: https://doi.org/10.1109/COMST.2020.2988293

Shahid, J., Hameed, M. K., Javed, I. T., Qureshi, K. N., Ali, M., Crespi, N. (2022), "Comparative Study of Web Application Security Parameters: Current Trends and Future Directions", MDPI Journals, Applied Sciences, Vol. 12, No. 4077. DOI: https://doi.org/10.3390/app12084077

Pathak, G., Gutierrez, J., Ghobakhlou, A., Rehman, S. U. (2022), "LPWAN Key Exchange: A Centralised Lightweight Approach", MDPI Journals, Sensors, Vol. 22, No. 5065. DOI: https://doi.org/10.3390/s22135065

Surej, H. I., Ma, M., Su, R. (2022), "A Feed Forward–Convolutional Neural Network to Detect Low-Rate DoS in IoT", Engineering Applications of Artificial Intelligence, Vol. 114, No. 105059. DOI: https://doi.org/10.1016/j.engappai.2022.105059

Ferrer, B. R., Mohammed, W. M., Chen, E., Martinez Lastra, J. L. (2017), "Connecting Web-Based IoT Devices to a CloudBased Manufacturing Platform", IEEE Internet of Things Journal, No. 17431808. DOI: https://doi.org/10.1109/IECON.2017.8217516

Aazam, M., Zeadally, S., Harras, K. A. (2018), "Deploying Fog Computing in Industrial Internet of Things and Industry 4.0", IEEE Internet of Things Journal, No. 18133157. DOI: https://doi.org/10.1109/TII.2018.2855198

Kabla, H., Anbar, M., Manickam, S., Al-Amiedy, T. A., Cruspe, P. B., Al-Ani, A. K., Karuppayah, S. (2022), "Applicability of Intrusion Detection System on Ethereum Attacks: A Comprehensive Review", IEEE Access Journal, Vol. 10, No. 21863800. DOI: https://doi.org/10.1109/ACCESS.2022.3188637

Gupta, A. (2019), The IoT Hacker’s Handbook, Apress Berkeley, CA, 320 p. DOI: https://doi.org/10.1007/978-1-4842-4300-8

Doupé, A., Cova, M., Vigna, G. (2010), "Why Johnny can’t pentest: An analysis of black-box web vulnerability scanners", In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Bonn, Germany, Springer: Berlin/Heidelberg, Germany. P. 111–131. DOI: https://doi.org/10.1007/978-3-642-14215-4_7

Bau, J., Bursztein, E., Gupta, D., Mitchell, J. (2010), "State of the Art: Automated Black-Box Web Application Vulnerability Testing", IEEE Symposium on Security and Privacy, Oakland, CA, USA, P. 332–345. DOI: https://doi.org/10.1109/SP.2010.27

Parvez, M., Zavarsky, P., Khoury, N. (2015), "Analysis of effectiveness of black-box web application scanners in detection of stored SQL injection and stored XSS vulnerabilities", IEEE: Piscataway, NJ, USA, P. 186–191. DOI: https://doi.org/10.1109/ICITST.2015.7412085

Suteva, N., Zlatkovski, D., Mileva, A. (2013), "Evaluation and testing of several free/open source web vulnerability scanners", Conference for Informatics and Information Technology (CIIT 2013), Bitola, Macedonia, Р. 221-224, available at: https://www.researchgate.net/publication/261033249_Evaluation_and_Testing_of_Several_FreeOpen_Source_Web_Vulnerability_Scanners

Idrissi, S., Berbiche, N., Guerouate, F., Shibi, M. (2017), "Performance evaluation of web application security scanners for prevention and protection against vulnerabilities", International Journal of Applied Engineering Research, Vol. 12, No. 21, P. 11068–11076, available at: https://www.ripublication.com/ijaer17/ijaerv12n21_76.pdf

Momeni, E., Cardie, C., Diakopoulos, N. (2015), "A survey on assessment and ranking methodologies for user-generated content on the web", ACM Comput. Surv (CSUR), Vol. 48(3), Р. 1–49. DOI: https://doi.org/10.1145/2811282

Kumar, M., Majithia, S., Bhushan, S. (2016), "An Efficient Model for Web Vulnerabilities Detection based on Probabilistic Classification", Int. J. Technol. Comput. (IJTC), Techlive Solut, P. 50–58, available at: www.semanticscholar.org/paper/An-Efficient-Model-for-Web-Vulnerabilities-based-on-Kumar-Majithia/f09ddc0501358e234a5f8e9ebec359beb91db8f1. (last accessed 12.04.2022).

Raj, G., Mahajan, M., Singh, D. (2018), "Security testing for monitoring web service using Cloud", IEEE: Piscataway, NJ, USA, No. 18043392. P. 316–321. DOI: https://doi.org/10.1109/ICACCE.2018.8441734

Ahmed, M., Adil, M., Latif, S. (2015), "Web application prototype: State-of-art survey evaluation", IEEE: Piscataway, NJ, USA, No. 15756740, P. 19–24. DOI: https://doi.org/10.1109/NSEC.2015.7396339

Hasan, A., Meva, D. (2018), "Web Application Safety by Penetration Testing", Int. J. Adv. Stud. Sci. Res., available at: www.academia.edu/38248493/Web_Application_Safety_by_Penetration_Testing (last accessed 12.04.2022)

Mohammed, R. (2016), "Assessment of Web Scanner Tools", Int. J. Comput. Appl., Vol. 133(5), Р. 1–4. DOI: https://doi.org/10.5120/ijca2016907794

Curphey, M., Arawo, R. (2006), "Web application security assessment tools", IEEE Secur. Priv., Vol. 4, P. 32–41. DOI: https://doi.org/10.1109/MSP.2006.108

Fang, Y., Long, X., Liu, L., Huang, C. (2018), "DarkHunter: A fingerprint recognition model for web automated scanners based on CNN", 2nd International Conference on Cryptography, Security and Privacy, Guiyang, China, ACM: New York, USA, P. 10–15. DOI: https://doi.org/10.1145/3199478.3199504

Alsaleh, M., Alomar, N., Alshreef, M., Alarifi, A., Al-Salman, A. (2017), "Performance-based comparative assessment of open source web vulnerability scanners", Secur. Commun. Netw, available at: www.hindawi.com/journals/scn/2017/6158107 (last accessed 12.04. 2022).

Terry, M., Oigiagbe, O. D., Acharya, S. (2015), "A comprehensive security assessment toolkit for healthcare systems", Colonial Academic Alliance Undergraduate Research Journal, Vol. 4, P. 1–6, available at: https://scholarworks.wm.edu/caaurj/vol4/iss1/6

Furrer, F. J. (2022), Safety and Security of Cyber-Physical Systems, Engineering dependable Software using Principle-based Development, 521 р. DOI: https://doi.org/10.1007/978-3-658-37182-1

Wu, D., Ren, A., Zhang, W., Fan, F., Liu, P., Fu, X., Terpenny, J. (2018), "Cybersecurity for digital manufacturing", J. Manuf. Syst., Vol. 48, P. 3–12. DOI: https://doi.org/10.1016/j.jmsy.2018.03.006

Bublil, S., Kessler, A. (2020), "How Industrial IoT could Trigger the Next Cyber Catastrophe", available at: www.kovrr.com/reports/how-industrial-iot-could-trigger-the-next-cyber-catastrophe-2 (last accessed 22.03.2020)

Henriquez, M. (2021), "Hacker breaks into Florida water treatment facility, changes chemical levels", Security Magazine, available at: https://www.securitymagazine.com/articles/94552-hacker-breaks-into-florida-water-treatment-facility-changes-chemical-levels (last accessed 9.02.2021)

ISO/IEC 27001 (2005), "Information Technology. Security Techniques", Information Security Management Systems–Requirements. ISO/IEC International Standards Organization: Geneva, Switzerland, available at: https://www.google.com/aclk?sa=l&ai=DChcSEwjp6qK3paCAAxWgn2gJHddUA2QYABABGgJ3Zg&sig=AOD64_1a4QKpT5Or3O6oAT-YqyvW4zlqgQ&q&adurl&ved=2ahUKEwifwpG3paCAAxWTiFwKHThIBeIQ0Qx6BAgPEAE

"Top 10 Web Application Security Risks" (2022), The OWASP Foundation, available at: https://www.owasp.org (last accessed 30.05.2022).

Helmiawan, M. A., Firmansyah, E., Fadil, I., Sofivan, Y., Mahardika, F., Guntara, A. (2020), "Analysis of Web Security Using Open Web Application Security Project 10", International Conference on Cyber and IT Service Management (CITSM), Pangkal, Indonesia, P. 1–5. DOI: https://doi.org/10.1109/CITSM50537.2020.9268856

OWASP Application Security Verification Standard, (2022), OWASP, available at: http://www.owasp.org/index.php/ASVS (last accessed 20.02.2022).

Morozova, O. I., Nicheporuk, A. O., Tets'kyy, A. H., Tkachov, V. M. (2021), "Methods and technologies for ensuring cybersecurity of industrial and web-based systems and networks", National Aerospace University – "Kharkiv Aviation Institute": Scientific work, No. 4. Р. 145–156. DOI: https://doi.org/10.32620/reks.2021.4.12

Bhorkar, G. (2017), "Security Analysis of an Operations Support System", School of Science, Master’s Programme in Computer, Communication and Information Sciences, Aalto University, available at: https://aaltodoc.aalto.fi/handle/123456789/29252 (last accessed 12.04.2022).

Seng, L. K., Ithnin, N., Said, S. Z. M. (2018), "The approaches to quantify web application security scanners quality: a review", Int. J. Adv. Comput. Res., Vol. 8, P. 285–312. DOI: https://doi.org/10.19101/IJACR.2018.838012

"Common Vulnerabilities and Exposures", available at: https://cve.mitre.org/

"National Vulnerability Database", available at: https://nvd.nist.gov/

"MITRE ATT&CK for ICS", available at: https://attack.mitre.org/techniques/ics/

Published

2023-11-13

How to Cite

Merzlikin, E., & Babeshko, I. (2023). CYBERSECURITY ANALYSIS OF WEB-ORIENTED INDUSTRIAL IOT-SYSTEMS. INNOVATIVE TECHNOLOGIES AND SCIENTIFIC SOLUTIONS FOR INDUSTRIES, (2 (24), 131–144. https://doi.org/10.30837/ITSSI.2023.24.131