A Diamond Model Approach to Analyzing GhostSec's Intrusion Paths

Cheng Ying He; Nai Yu Chen; Jung Shian Li; I-Hsien Liu

A Diamond Model Approach to Analyzing GhostSec's Intrusion Paths

Cheng Ying He
, Nai Yu Chen
, Jung Shian Li
, I-Hsien Liu

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The convergence of Operational Technology (OT) and Information Technology (IT) has heightened risks for critical infrastructure (CI) and industrial control systems (ICS), leading to a surge in diverse and sophisticated OT attacks with severe consequences. Thus, this study combines the Diamond Model with the Cyber Kill Chain to analyze potential attack paths and methods in the GhostSec case, where attackers compromised a Berghof PLC to demonstrate their access capabilities. Understanding these attack paths offers valuable insights into adversary strategies, aiding in the development of defense measures to prevent similar attacks.

Original language	English
Title of host publication	Proceedings of The 2025 International Conference on Artificial Life and Robotics, ICAROB 2025
Editors	Yingmin Jia, Takao Ito, Ju-Jang Lee
Publisher	ALife Robotics Corporation Ltd
Pages	114-118
Number of pages	5
ISBN (Print)	9784991333729
Publication status	Published - 2025
Event	30th International Conference on Artificial Life and Robotics, ICAROB 2025 - Oita, Japan Duration: 2025 Feb 13 → 2025 Feb 16

Publication series

Name	Proceedings of International Conference on Artificial Life and Robotics
ISSN (Electronic)	2435-9157

Conference

Conference	30th International Conference on Artificial Life and Robotics, ICAROB 2025
Country/Territory	Japan
City	Oita
Period	25-02-13 → 25-02-16

All Science Journal Classification (ASJC) codes

Artificial Intelligence
Computer Vision and Pattern Recognition
Hardware and Architecture
Information Systems
Control and Systems Engineering
Electrical and Electronic Engineering
Modelling and Simulation

Cite this

He, C. Y., Chen, N. Y., Li, J. S., & Liu, I.-H. (2025). A Diamond Model Approach to Analyzing GhostSec's Intrusion Paths. In Y. Jia, T. Ito, & J.-J. Lee (Eds.), Proceedings of The 2025 International Conference on Artificial Life and Robotics, ICAROB 2025 (pp. 114-118). (Proceedings of International Conference on Artificial Life and Robotics). ALife Robotics Corporation Ltd.

He, Cheng Ying ; Chen, Nai Yu ; Li, Jung Shian et al. / A Diamond Model Approach to Analyzing GhostSec's Intrusion Paths. Proceedings of The 2025 International Conference on Artificial Life and Robotics, ICAROB 2025. editor / Yingmin Jia ; Takao Ito ; Ju-Jang Lee. ALife Robotics Corporation Ltd, 2025. pp. 114-118 (Proceedings of International Conference on Artificial Life and Robotics).

@inproceedings{e7528cc3ba094c0e86f4e20afade5fa1,

title = "A Diamond Model Approach to Analyzing GhostSec's Intrusion Paths",

abstract = "The convergence of Operational Technology (OT) and Information Technology (IT) has heightened risks for critical infrastructure (CI) and industrial control systems (ICS), leading to a surge in diverse and sophisticated OT attacks with severe consequences. Thus, this study combines the Diamond Model with the Cyber Kill Chain to analyze potential attack paths and methods in the GhostSec case, where attackers compromised a Berghof PLC to demonstrate their access capabilities. Understanding these attack paths offers valuable insights into adversary strategies, aiding in the development of defense measures to prevent similar attacks.",

author = "He, \{Cheng Ying\} and Chen, \{Nai Yu\} and Li, \{Jung Shian\} and I-Hsien Liu",

note = "Publisher Copyright: {\textcopyright} The 2025 International Conference on Artificial Life and Robotics (ICAROB2025).; 30th International Conference on Artificial Life and Robotics, ICAROB 2025 ; Conference date: 13-02-2025 Through 16-02-2025",

year = "2025",

language = "English",

isbn = "9784991333729",

series = "Proceedings of International Conference on Artificial Life and Robotics",

publisher = "ALife Robotics Corporation Ltd",

pages = "114--118",

editor = "Yingmin Jia and Takao Ito and Ju-Jang Lee",

booktitle = "Proceedings of The 2025 International Conference on Artificial Life and Robotics, ICAROB 2025",

}

He, CY, Chen, NY, Li, JS & Liu, I-H 2025, A Diamond Model Approach to Analyzing GhostSec's Intrusion Paths. in Y Jia, T Ito & J-J Lee (eds), Proceedings of The 2025 International Conference on Artificial Life and Robotics, ICAROB 2025. Proceedings of International Conference on Artificial Life and Robotics, ALife Robotics Corporation Ltd, pp. 114-118, 30th International Conference on Artificial Life and Robotics, ICAROB 2025, Oita, Japan, 25-02-13.

A Diamond Model Approach to Analyzing GhostSec's Intrusion Paths. / He, Cheng Ying; Chen, Nai Yu; Li, Jung Shian et al.
Proceedings of The 2025 International Conference on Artificial Life and Robotics, ICAROB 2025. ed. / Yingmin Jia; Takao Ito; Ju-Jang Lee. ALife Robotics Corporation Ltd, 2025. p. 114-118 (Proceedings of International Conference on Artificial Life and Robotics).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - A Diamond Model Approach to Analyzing GhostSec's Intrusion Paths

AU - He, Cheng Ying

AU - Chen, Nai Yu

AU - Li, Jung Shian

AU - Liu, I-Hsien

N1 - Publisher Copyright: © The 2025 International Conference on Artificial Life and Robotics (ICAROB2025).

PY - 2025

Y1 - 2025

N2 - The convergence of Operational Technology (OT) and Information Technology (IT) has heightened risks for critical infrastructure (CI) and industrial control systems (ICS), leading to a surge in diverse and sophisticated OT attacks with severe consequences. Thus, this study combines the Diamond Model with the Cyber Kill Chain to analyze potential attack paths and methods in the GhostSec case, where attackers compromised a Berghof PLC to demonstrate their access capabilities. Understanding these attack paths offers valuable insights into adversary strategies, aiding in the development of defense measures to prevent similar attacks.

AB - The convergence of Operational Technology (OT) and Information Technology (IT) has heightened risks for critical infrastructure (CI) and industrial control systems (ICS), leading to a surge in diverse and sophisticated OT attacks with severe consequences. Thus, this study combines the Diamond Model with the Cyber Kill Chain to analyze potential attack paths and methods in the GhostSec case, where attackers compromised a Berghof PLC to demonstrate their access capabilities. Understanding these attack paths offers valuable insights into adversary strategies, aiding in the development of defense measures to prevent similar attacks.

UR - https://www.scopus.com/pages/publications/85219523443

UR - https://www.scopus.com/pages/publications/85219523443#tab=citedBy

M3 - Conference contribution

AN - SCOPUS:85219523443

SN - 9784991333729

T3 - Proceedings of International Conference on Artificial Life and Robotics

SP - 114

EP - 118

BT - Proceedings of The 2025 International Conference on Artificial Life and Robotics, ICAROB 2025

A2 - Jia, Yingmin

A2 - Ito, Takao

A2 - Lee, Ju-Jang

PB - ALife Robotics Corporation Ltd

T2 - 30th International Conference on Artificial Life and Robotics, ICAROB 2025

Y2 - 13 February 2025 through 16 February 2025

ER -

A Diamond Model Approach to Analyzing GhostSec's Intrusion Paths

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Other files and links

Fingerprint

Cite this