Abstract
Industrial control systems are critical infrastructure of nation. ICSs are sensor-actuator networks that control physical systems. The core components are Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA), distributed control systems (DCS). Traditional ICS had specialized hardware without Internet connection. Nowadays ICS are commodity computers comes with high configuration and internet connection which makes it defenseless for most common attacks. Defensive mechanism are limited because ICSs are not using typical solutions like anti-viruses. They developed a malware-tolerant ICS network architecture that operate in secure manner even if attacker can attack on some of components. They provide ProVerif proofs to show the correctness of the network protocol. They added self-healing mechanism they implemented it on top of FreeRTOS and ARM TrustZone. The architecture automatically repair ordinary and malicious faults is known as self-healing. Governmental organizations recommend a strategy called “defense in depth” which tries to deploy defenses at every layer of the network. But author of paper use new approach. They distribute trust over each component on the network so malware cannot break the security policies. This approach is called malware tolerant.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS) security. NIST Spec. Publ. 800(82), 16 (2011)
Bennett, S.: A brief history of automatic control. IEEE Control Syst. Mag. 16(3), 17–25 (1996)
Gicsp, E.H., Assante, M., Conway, T.: An abbreviated history of automation & industrial controls systems and cybersecurity (2014)
Stouffer, K., Falco, J., Proctor, F.: The NIST Process Control Security Requirements Forum (PCSRF) and the future of industrial control system security. In: TAPPI Paper Summit, Atlanta, GA, 2004
Daniels, A., Salter, W.: What is SCADA? In: International Conference on Accelerator and Large Experimental Physics Control Systems, pp. 339–343 (1999)
Coates, G.M., et al.: A trust system architecture for SCADA network security. IEEE Trans. Power Del. 25(1), 158–169 (2010)
Gligor, A., Turc, T.: Development of a service-oriented SCADA system. In: Emerging Markets Queries in Finance and Business, vol. 3, pp. 256–261 (2012)
Rrushi, J., Bellettini, C., Damiani, E.: Composite Intrusion Detection in Process Control Networks. Università degli Studi di Milano (2009)
Tan, K., Lee, T., Soh, C.Y.: Internet-based monitoring of distributed control systems—an undergraduate experiment. IEEE Trans. Educ. 45(2) (2002)
Modbus.org. [Online]. Available: http://www.modbus.org/docs/ModbusNews_Dec2009.pdf. Accessed 15 Mar (2019)
Berge, J.: Fieldbuses for Process Control: Engineering, Operation, and Maintenance. ISA (2002)
DNP Users Group: Distributed Network Protocol Specification (2007)
Rockwell Automation. DeviceNet Adaptation of CIP. ODVA Website (2017)
Massioni, P., Verhaegen, M.: Distributed control for identical dynamically coupled systems: a decomposition approach. IEEE Trans. Autom. Control 54(1), 124–135 (2009)
Quinton, B.R., Wilton, S.J.E.: Post-silicon debug using programmable logic cores. In: Proceedings of Conference on Field-Programmable Technology (FPT), pp. 241–248 (2005)
Irfan, M., Saad, N., Ibrahim, R., Asirvadam, V.S.: Development of an intelligent condition monitoring system for AC induction motors using PLC. In: IEEE Business Engineering and Industrial Applications Colloquium (BEIAC), pp. 789–794, 7–9 Apr 2013
Chumachenko, K.: Machine Learning Methods for Malware Detection and Classification. XAMK (2017)
Pirscoveanu, R., Hansen, S., Larsen, T., Stevanovic, M., Pedersen, J., Czech, A.: Analysis of malware behavior: type classification using machine learning. In: International Conference on Cyber Situational Awareness Data Analytics and Assessment (CyberSA), London, pp. 1–7 (2015)
ICS Malware—NJCCIC. NJCCIC (2019). [Online]. Available: https://www.cyber.nj.gov/threat-profiles/ics-malware-variants/. Accessed 19 Mar 2019
Available: https://www.fireeye.com/blog/threatresearch/2016/06/irongate_ics_malware.html. Accessed 19 Mar 2019
Industroyer: ICS were developed decades ago with no security in mind. WeLiveSecurity. [Online]. Available: https://www.welivesecurity.com/2017/06/19/industroyer-interview-ics-developed-decades-ago-no-security-mind/ (2019). Accessed 19 Mar 2019
Kim, H.C., Keromytis, A.D., Covington, M., Sahita, R.: Capturing information flow with concatenated dynamic taint analysis. In: Proceedings: International Conference on Availability Reliability and Security, pp. 355–362 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Dutta, N., Tanchak, K., Delvadia, K. (2020). Modern Methods for Analyzing Malware Targeting Control Systems. In: Pricop, E., Fattahi, J., Dutta, N., Ibrahim, M. (eds) Recent Developments on Industrial Control Systems Resilience. Studies in Systems, Decision and Control, vol 255. Springer, Cham. https://doi.org/10.1007/978-3-030-31328-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-31328-9_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-31327-2
Online ISBN: 978-3-030-31328-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)