The global surge in electric vehicle(EV)adoption is proportionally expanding the EV charging station(EVCS)infrastructure,thereby increasing the attack surface and potential impact of security breaches within this crit...The global surge in electric vehicle(EV)adoption is proportionally expanding the EV charging station(EVCS)infrastructure,thereby increasing the attack surface and potential impact of security breaches within this critical ecosystem.While ISO 15118 standardizes EV-EVCS communication,its underspecified security guidelines and the variability in manufacturers’implementations frequently result in vulnerabilities that can disrupt charging services,compromise user data,or affect power grid stability.This research introduces a systematic black-box fuzzing methodology,accompanied by an open-source tool,to proactively identify and mitigate such security flaws in EVCS firmware operating under ISO 15118.The proposed approach systematically evaluates EVCS behavior by leveraging the state machine defined in the ISO 15118 standard for test case generation and execution,enabling platform-agnostic testing at the application layer.Message sequences,corresponding to valid andmutated traversals of the protocol’s state machine,are generated to uncover logical errors and improper input handling.Themethodology comprises state-aware initial sequence generation,simulated V2G session establishment,targeted message mutation correlated with defined protocol states,and rigorous response analysis to detect anomalies and system crashes.Experimental validation on an open-source EVCS implementation identified five vulnerabilities.These included session integrity weaknesses allowing unauthorized interruptions,billing manipulation through invalid metering data acceptance,and resource exhaustion vulnerabilities from specific parameter malformations leading to denial-of-service.The findings confirm the proposed method’s capability in pinpointing vulnerabilities often overlooked by standard conformance tests,thus offering a robust and practical solution for enhancing the security and resilience of the rapidly growing EV charging infrastructure.展开更多
The accelerated global adoption of electric vehicles(EVs)is driving significant expansion and increasing complexity within the EV charging infrastructure,consequently presenting novel and pressing cybersecurity challe...The accelerated global adoption of electric vehicles(EVs)is driving significant expansion and increasing complexity within the EV charging infrastructure,consequently presenting novel and pressing cybersecurity challenges.While considerable effort has focused on preventative cybersecurity measures,a critical deficiency persists in structured methodologies for digital forensic analysis following security incidents,a gap exacerbated by system heterogeneity,distributed digital evidence,and inconsistent logging practices which hinder effective incident reconstruction and attribution.This paper addresses this critical need by proposing a novel,data-driven forensic framework tailored to the EV charging infrastructure,focusing on the systematic identification,classification,and correlation of diverse digital evidence across its physical,network,and application layers.Our methodology integrates open-source intelligence(OSINT)with advanced system modeling based on a three-layer cyber-physical system architecture to comprehensively map potential evidentiary sources.Key contributions include a comprehensive taxonomy of cybersecurity threats pertinent to EV charging ecosystems,detailed mappings between these threats and the resultant digital evidence to guide targeted investigations,the formulation of adaptable forensic investigation workflows for various incident scenarios,and a critical analysis of significant gaps in digital evidence availability within current EV charging systems,highlighting limitations in forensic readiness.The practical application and utility of this method are demonstrated through illustrative case studies involving both empirically-derived and virtual incident scenarios.The proposed datadriven approach is designed to significantly enhance digital forensic capabilities,support more effective incident response,strengthen compliance with emerging cybersecurity regulations,and ultimately contribute to bolstering the overall security,resilience,and trustworthiness of this increasingly vital critical infrastructure.展开更多
The rapid proliferation of Internet of Things(IoT)technology has facilitated automation across various sectors.Nevertheless,this advancement has also resulted in a notable surge in cyberattacks,notably botnets.As a re...The rapid proliferation of Internet of Things(IoT)technology has facilitated automation across various sectors.Nevertheless,this advancement has also resulted in a notable surge in cyberattacks,notably botnets.As a result,research on network analysis has become vital.Machine learning-based techniques for network analysis provide a more extensive and adaptable approach in comparison to traditional rule-based methods.In this paper,we propose a framework for analyzing communications between IoT devices using supervised learning and ensemble techniques and present experimental results that validate the efficacy of the proposed framework.The results indicate that using the proposed ensemble techniques improves accuracy by up to 1.7%compared to single-algorithm approaches.These results also suggest that the proposed framework can flexibly adapt to general IoT network analysis scenarios.Unlike existing frameworks,which only exhibit high performance in specific situations,the proposed framework can serve as a fundamental approach for addressing a wide range of issues.展开更多
With the continuous expansion of digital infrastructures,malicious behaviors in host systems have become increasingly sophisticated,often spanning multiple processes and employing obfuscation techniques to evade detec...With the continuous expansion of digital infrastructures,malicious behaviors in host systems have become increasingly sophisticated,often spanning multiple processes and employing obfuscation techniques to evade detection.Audit logs,such as Sysmon,offer valuable insights;however,existing approaches typically flatten event sequences or rely on generic graph models,thereby discarding the natural parent-child process hierarchy that is critical for analyzing multiprocess attacks.This paper proposes a structure-aware threat detection framework that transforms audit logs into a unified two-dimensional(2D)spatio-temporal representation,where process hierarchy is modeled as the spatial axis and event chronology as the temporal axis.In addition,entropy-based features are incorporated to robustly capture obfuscated and non-linguistic strings,overcoming the limitations of semantic embeddings.The model’s performance was evaluated on publicly available datasets,achieving competitive results with an accuracy exceeding 95%and an F1-score of at least 0.94.The proposed approach provides a promising and reproducible solution for detecting attacks with unknown indicators of compromise(IoCs)by analyzing the relationships and behaviors of processes recorded in large-scale audit logs.展开更多
基金support of the Korea Internet&Security Agency(KISA)—Information Security Specialized University Support Project(50%)supported by a grant from the Korea Electric Power Corporation(R24XO01-4,50%)for basic research and development projects starting in 2024.
文摘The global surge in electric vehicle(EV)adoption is proportionally expanding the EV charging station(EVCS)infrastructure,thereby increasing the attack surface and potential impact of security breaches within this critical ecosystem.While ISO 15118 standardizes EV-EVCS communication,its underspecified security guidelines and the variability in manufacturers’implementations frequently result in vulnerabilities that can disrupt charging services,compromise user data,or affect power grid stability.This research introduces a systematic black-box fuzzing methodology,accompanied by an open-source tool,to proactively identify and mitigate such security flaws in EVCS firmware operating under ISO 15118.The proposed approach systematically evaluates EVCS behavior by leveraging the state machine defined in the ISO 15118 standard for test case generation and execution,enabling platform-agnostic testing at the application layer.Message sequences,corresponding to valid andmutated traversals of the protocol’s state machine,are generated to uncover logical errors and improper input handling.Themethodology comprises state-aware initial sequence generation,simulated V2G session establishment,targeted message mutation correlated with defined protocol states,and rigorous response analysis to detect anomalies and system crashes.Experimental validation on an open-source EVCS implementation identified five vulnerabilities.These included session integrity weaknesses allowing unauthorized interruptions,billing manipulation through invalid metering data acceptance,and resource exhaustion vulnerabilities from specific parameter malformations leading to denial-of-service.The findings confirm the proposed method’s capability in pinpointing vulnerabilities often overlooked by standard conformance tests,thus offering a robust and practical solution for enhancing the security and resilience of the rapidly growing EV charging infrastructure.
基金supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(RS-2023-00242528,50%)supported by a grant from the Korea Electric Power Corporation(R24XO01-4,50%)for basic research and development projects starting in 2024.
文摘The accelerated global adoption of electric vehicles(EVs)is driving significant expansion and increasing complexity within the EV charging infrastructure,consequently presenting novel and pressing cybersecurity challenges.While considerable effort has focused on preventative cybersecurity measures,a critical deficiency persists in structured methodologies for digital forensic analysis following security incidents,a gap exacerbated by system heterogeneity,distributed digital evidence,and inconsistent logging practices which hinder effective incident reconstruction and attribution.This paper addresses this critical need by proposing a novel,data-driven forensic framework tailored to the EV charging infrastructure,focusing on the systematic identification,classification,and correlation of diverse digital evidence across its physical,network,and application layers.Our methodology integrates open-source intelligence(OSINT)with advanced system modeling based on a three-layer cyber-physical system architecture to comprehensively map potential evidentiary sources.Key contributions include a comprehensive taxonomy of cybersecurity threats pertinent to EV charging ecosystems,detailed mappings between these threats and the resultant digital evidence to guide targeted investigations,the formulation of adaptable forensic investigation workflows for various incident scenarios,and a critical analysis of significant gaps in digital evidence availability within current EV charging systems,highlighting limitations in forensic readiness.The practical application and utility of this method are demonstrated through illustrative case studies involving both empirically-derived and virtual incident scenarios.The proposed datadriven approach is designed to significantly enhance digital forensic capabilities,support more effective incident response,strengthen compliance with emerging cybersecurity regulations,and ultimately contribute to bolstering the overall security,resilience,and trustworthiness of this increasingly vital critical infrastructure.
基金supported by Innovative Human Resource Development for Local Intellectualization program through the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(IITP2024-00156287,50%)funded by the Institute for Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2022-0-01203,Regional Strategic Industry Convergence Security Core Talent Training Business,50%).
文摘The rapid proliferation of Internet of Things(IoT)technology has facilitated automation across various sectors.Nevertheless,this advancement has also resulted in a notable surge in cyberattacks,notably botnets.As a result,research on network analysis has become vital.Machine learning-based techniques for network analysis provide a more extensive and adaptable approach in comparison to traditional rule-based methods.In this paper,we propose a framework for analyzing communications between IoT devices using supervised learning and ensemble techniques and present experimental results that validate the efficacy of the proposed framework.The results indicate that using the proposed ensemble techniques improves accuracy by up to 1.7%compared to single-algorithm approaches.These results also suggest that the proposed framework can flexibly adapt to general IoT network analysis scenarios.Unlike existing frameworks,which only exhibit high performance in specific situations,the proposed framework can serve as a fundamental approach for addressing a wide range of issues.
基金supported by the Nuclear Safety Research Program through Korea Foundation of Nuclear Safety(KoFONS)using the financial resource granted by the Nuclear Safety and Security Commission(NSSC)of the Republic of Korea(Grant number:2106061,50%)supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(RS-2025-25394739,Development of Security Enhancement Technology for Industrial Control Systems Based on S/HBOM Supply Chain Protection,50%).
文摘With the continuous expansion of digital infrastructures,malicious behaviors in host systems have become increasingly sophisticated,often spanning multiple processes and employing obfuscation techniques to evade detection.Audit logs,such as Sysmon,offer valuable insights;however,existing approaches typically flatten event sequences or rely on generic graph models,thereby discarding the natural parent-child process hierarchy that is critical for analyzing multiprocess attacks.This paper proposes a structure-aware threat detection framework that transforms audit logs into a unified two-dimensional(2D)spatio-temporal representation,where process hierarchy is modeled as the spatial axis and event chronology as the temporal axis.In addition,entropy-based features are incorporated to robustly capture obfuscated and non-linguistic strings,overcoming the limitations of semantic embeddings.The model’s performance was evaluated on publicly available datasets,achieving competitive results with an accuracy exceeding 95%and an F1-score of at least 0.94.The proposed approach provides a promising and reproducible solution for detecting attacks with unknown indicators of compromise(IoCs)by analyzing the relationships and behaviors of processes recorded in large-scale audit logs.
