Towards Non-intrusive Malware Detection for Industrial Control Systems

Prashant Hari Narayan Rajput, Michail Maniatakos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The convergence of the Operational Technology (OT) sector with the Internet of Things (IoT) devices has increased cyberattacks on prominent OT devices such as Programmable Logic Controllers (PLCs). These devices have limited computational capabilities, no antivirus support, strict real-time requirements, and often older, unpatched operating systems. The use of traditional malware detection approaches can impact the real-time performance of such devices. Due to these constraints, we propose Amaya, an external malware detection mechanism based on a combination of signature detection and machine learning. This technique employs remote analysis of malware binaries collected from the main memory of the PLC by a non-intrusive method using the Joint Test Action Group (JTAG) port. We evaluate Amaya against in-the-wild malware for ARM and x86 architecture, achieving an accuracy of 98 % and 94.7%, respectively. Furthermore, we analyze concept drift, spatial experimental bias, and the effects of downsampling the feature vector to understand the behavior of the model in a real-world setting.

Original languageEnglish (US)
Title of host publicationProceedings of the 2021 Design, Automation and Test in Europe, DATE 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1703-1706
Number of pages4
ISBN (Electronic)9783981926354
DOIs
StatePublished - Feb 1 2021
Event2021 Design, Automation and Test in Europe Conference and Exhibition, DATE 2021 - Virtual, Online
Duration: Feb 1 2021Feb 5 2021

Publication series

NameProceedings -Design, Automation and Test in Europe, DATE
Volume2021-February
ISSN (Print)1530-1591

Conference

Conference2021 Design, Automation and Test in Europe Conference and Exhibition, DATE 2021
CityVirtual, Online
Period2/1/212/5/21

Keywords

  • JTAG
  • SVM
  • entropy
  • malware detection

ASJC Scopus subject areas

  • General Engineering

Fingerprint

Dive into the research topics of 'Towards Non-intrusive Malware Detection for Industrial Control Systems'. Together they form a unique fingerprint.

Cite this