A System-level Behavioral Detection Framework for Compromised CPS Devices

Babun, Leonardo; Aksu, Hidayet; Uluagac, A. Selcuk

doi:10.1145/3355300

Cited by 29 publications

(7 citation statements)

References 61 publications

(82 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to see the effects of different amount of obfuscations, we firstly obfuscated 25% of the function names in the source and header files of Webminerpool. Then, we increased the number of function names to 50%, 75%, and finally, to 100% in which every function name was obfuscated, excluding C memory management functions (i.e., memset, memcpy, malloc and free) [38], [39], [40]. Figure 7 shows the gray-scale image representations of the resulting miner samples.…”

Section: E Minos Against Obfuscationmentioning

confidence: 99%

MINOS: A Lightweight Real-Time Cryptojacking Detection System

Naseem¹,

Arış²,

Babun³

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

Emerging WebAssembly(Wasm)-based cryptojacking malware covertly uses the computational resources of users without their consent or knowledge. Indeed, most victims of this malware are unaware of such unauthorized use of their computing power due to techniques employed by cryptojacking malware authors such as CPU throttling and obfuscation. A number of dynamic analysis-based detection mechanisms exist that aim to circumvent such techniques. However, since these mechanisms use dynamic features, the collection of such features, as well as the actual detection of the malware, require that the cryptojacking malware run for a certain amount of time, effectively mining for that period, and therefore causing significant overhead. To solve these limitations, in this paper, we propose MINOS, a novel, extremely lightweight cryptojacking detection system that uses deep learning techniques to accurately detect the presence of unwarranted Wasm-based mining activity in real-time. MINOS uses an image-based classification technique to distinguish between benign webpages and those using Wasm to implement unauthorized mining. Specifically, the classifier implements a convolutional neural network (CNN) model trained with a comprehensive dataset of current malicious and benign Wasm binaries. MINOS achieves exceptional accuracy with a low TNR and FPR. Moreover, our extensive performance analysis of MINOS shows that the proposed detection technique can detect mining activity instantaneously from the most current in-the-wild cryptojacking malware with an accuracy of 98.97%, in an average of 25.9 milliseconds while using a maximum of 4% of the CPU and 6.5% of RAM, proving that MINOS is highly effective while lightweight, fast, and computationally inexpensive. * Minos is the beast in Dante's Divine Comedy that acts as a judge in underworld and decides which layer of the hell the sinner goes to.

show abstract

Section: E Minos Against Obfuscationmentioning

confidence: 99%

MINOS: A Lightweight Real-Time Cryptojacking Detection System

Naseem¹,

Arış²,

Babun³

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

show abstract

“…Data integrity attacks [13,21,25,29,40,41,48,49,53,55,[59][60][61][62]70,75,76] Unusual consumption behaviors and measurements [6,24,27,32,34,35,38,46,52,67,68,[71][72][73] Network intrusions [16,18,19,56,63,69] Network infrastructure anomalies [14,15,17,20,22,33,39,47,58,64] Electrical data anomalies [7,23,26,36,…”

Section: Study Object Papermentioning

confidence: 99%

A Review of Smart Grid Anomaly Detection Approaches Pertaining to Artificial Intelligence

Guato Burgos,

Morato,

Vizcaino Imacaña

2024

Applied Sciences

View full text Add to dashboard Cite

The size of power grids and a complex technological infrastructure with higher levels of automation, connectivity, and remote access make it necessary to be able to detect anomalies of various kinds using optimal and intelligent methods. This paper is a review of studies related to the detection of anomalies in smart grids using AI. Digital repositories were explored considering publications between the years 2011 and 2023. Iterative searches were carried out to consider studies with different approaches, propose experiments, and help identify the most applied methods. Seven objects of study related to anomalies in SG were identified: attacks on data integrity, unusual measurements and consumptions, intrusions, network infrastructure, electrical data, identification of cyber-attacks, and use of detection devices. The issues relating to cybersecurity prove to be widely studied, especially to prevent intrusions, fraud, data falsification, and uncontrolled changes in the network model. There is a clear trend towards the conformation of anomaly detection frameworks or hybrid solutions. Machine learning, regression, decision trees, deep learning, support vector machines, and neural networks are widely used. Other proposals are presented in novel forms, such as federated learning, hyperdimensional computing, and graph-based methods. More solutions are needed that do not depend on a lot of data or knowledge of the network model. The use of AI to solve SG problems is generating an evolution towards what could be called next-generation smart grids. At the end of this document is a list of acronyms and terminology.

show abstract

“…• Device Behaviour: Different types of industrial devices behave differently. Even similar devices can act differently, depending on their tasks [17]. Such vagueness can lead to mistakenly identifying benign devices as a compromise.…”

Section: Technicalmentioning

confidence: 99%

“…This is because attackers often use these components in the pages they alert or upload after an attack. Babunet al [17] designed a system-level framework capable of detecting compromised CPS smart grid devices using system and function-level call tracing techniques. The proposed framework combines function and system call analysis to provide detailed activity of a device from both kernel and application-level.…”

Section: Machine Learning and Deep Learning Techniquesmentioning

confidence: 99%

Understanding Indicators of Compromise against Cyber-attacks in Industrial Control Systems: A Security Perspective

Asiri

Saxena

Gjomemo

et al. 2023

ACM Trans. Cyber-Phys. Syst.

View full text Add to dashboard Cite

Numerous sophisticated and nation-state attacks on Industrial Control Systems (ICSs) have increased in recent years, exemplified by Stuxnet and Ukrainian Power Grid. Measures to be taken post-incident are crucial to reduce damage, restore control, and identify attack actors involved. By monitoring Indicators of Compromise (IOCs), the incident responder can detect malicious activity triggers and respond quickly to a similar intrusion at an earlier stage. However, in order to implement IOCs in critical infrastructures, we need to understand their contexts and requirements. Unfortunately, there is no survey paper in the literature on IOC in the ICS environment and only limited information is provided in research articles. In this paper, we describe different standards for IOC representation and discuss the associated challenges that restrict security investigators from developing IOCs in the industrial sectors. We also discuss the potential IOCs against cyber-attacks in ICS systems. Furthermore, we conduct a critical analysis of existing works and available tools in this space. We evaluate the effectiveness of identified IOCs’ by mapping these indicators to the most frequently targeted attacks in the ICS environment. Finally we highlight the lessons to be learnt from the literature and the future problems in the domain along with the approaches that might be taken.

show abstract

A System-level Behavioral Detection Framework for Compromised CPS Devices

Cited by 29 publications

References 61 publications

MINOS: A Lightweight Real-Time Cryptojacking Detection System

MINOS: A Lightweight Real-Time Cryptojacking Detection System

A Review of Smart Grid Anomaly Detection Approaches Pertaining to Artificial Intelligence

Understanding Indicators of Compromise against Cyber-attacks in Industrial Control Systems: A Security Perspective

Contact Info

Product

Resources

About