@inproceedings{242059fc36fb47ff9ef11a7fc8b3944b,
title = "Benchmarking vulnerability scanners: An experiment on SCADA devices and scientific instruments",
abstract = "Cybersecurity is a critical concern in society today. One common avenue of attack for malicious hackers is exploiting vulnerable websites. It is estimated that there are over one million websites that are attacked daily. Two emerging targets of such attacks are Supervisory Control and Data Acquisition (SCADA) devices and scientific instruments. Vulnerability assessment tools can help provide owners of these devices with the knowledge on how to protect their infrastructure. However, owners face difficulties in identifying which tools are ideal for their assessments. This research aims to benchmark two state-of-The-Art vulnerability assessment tools, Nessus and Burp Suite, in the context of SCADA devices and scientific instruments. We specifically focus on identifying the accuracy, scalability, and vulnerability results of the scans. Results of our study indicate that both tools together can provide a comprehensive assessment of the vulnerabilities in SCADA devices and scientific instruments.",
keywords = "Burp, Nessus, SCADA, benchmark, scientific instruments, vulnerability assessment tools",
author = "Malaka El and Emma McMahon and Sagar Samtani and Mark Patton and Hsinchun Chen",
note = "Funding Information: ACKNOWLEDGEMENTS This material is based upon work supported in part by the National Science Foundation (DUE-1303362). Publisher Copyright: {\textcopyright} 2017 IEEE.; 15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017 ; Conference date: 22-07-2017 Through 24-07-2017",
year = "2017",
month = aug,
day = "8",
doi = "10.1109/ISI.2017.8004879",
language = "English (US)",
series = "2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "83--88",
editor = "Lina Zhou and Wang, {G. Alan} and Chunxiao Xing and Bo Luo and Xiaolong Zheng and Hui Zhang",
booktitle = "2017 IEEE International Conference on Intelligence and Security Informatics",
}