Proceedings ArticleDOI
Phase-Space Detection of Cyber Events
Jarilyn M. Hernández,Aaron Ferber,Stacy J. Prowell,Lee M. Hively +3 more
- pp 13
TLDR
To detect cyber-attacks in EDS, a framework for gathering and analyzing timing data is developed that involves establishing a baseline execution profile and then capturing the effect of perturbations in the state from injecting various malware.Abstract:
Energy Delivery Systems (EDS) are a network of processes that produce, transfer and distribute energy. EDS are increasingly dependent on networked computing assets, as are many Industrial Control Systems. Consequently, cyber-attacks pose a real and pertinent threat, as evidenced by Stuxnet, Shamoon and Dragonfly. Hence, there is a critical need for novel methods to detect, prevent, and mitigate effects of such attacks. To detect cyber-attacks in EDS, we developed a framework for gathering and analyzing timing data that involves establishing a baseline execution profile and then capturing the effect of perturbations in the state from injecting various malware. The data analysis was based on nonlinear dynamics and graph theory to improve detection of anomalous events in cyber applications. The goal was the extraction of changing dynamics or anomalous activity in the underlying computer system. Takens' theorem in nonlinear dynamics allows reconstruction of topologically invariant, time-delay-embedding states from the computer data in a sufficiently high-dimensional space. The resultant dynamical states were nodes, and the state-to-state transitions were links in a mathematical graph. Alternatively, sequential tabulation of executing instructions provides the nodes with corresponding instruction-to-instruction links. Graph theorems guarantee graph-invariant measures to quantify the dynamical changes in the running applications. Results showed a successful detection of cyber events.read more
Citations
More filters
Proceedings ArticleDOI
Phase Space Detection of Virtual Machine Cyber Events Through Hypervisor-Level System Call Analysis
Joel Dawson,Jeffrey Todd McDonald,Lee M. Hively,Todd R. Andel,Mark Yampolskiy,Charles Hubbard +5 more
TL;DR: This research validate that the approach of Oak Ridge National Laboratory's Beholder project is applicable to the context of rootkit detection within a running virtual machine, and demonstrates that this technique is effective in flagging variance between the timing traces of an infected and an uninfected machine, thus indicating the presence of a running rootkit.
Proceedings ArticleDOI
Towards Malware Detection via CPU Power Consumption: Data Collection Design and Analytics
Robert A. Bridges,Jarilyn M. Hernández Jiménez,Jeffrey A. Nichols,Katerina Goseva-Popstojanova,Stacy J. Prowell +4 more
TL;DR: In this paper, an experimental design and algorithm for power-based malware detection on general-purpose computers is presented, which allows programmatic collection of CPU power profiles for a fixed set of non-malicious benchmarks, first running in an uninfected state and then in an infected state with malware running along with nonmalicious software.
Posted Content
Towards Malware Detection via CPU Power Consumption: Data Collection Design and Analytics (Extended Version).
Robert A. Bridges,Jarilyn M. Hernández Jiménez,Jeffrey A. Nichols,Katerina Goseva-Popstojanova,Stacy J. Prowell +4 more
TL;DR: This paper proposes an unsupervised, one-class anomaly detection ensemble and compares its perfor-mance with several supervised, kernel-based SVM classifiers (trained on clean and infected profiles) in detecting previously unseen malware.
Proceedings ArticleDOI
Malware Detection Using Power Consumption and Network Traffic Data
TL;DR: This paper is focused on malware detection using power consumption and network traffic data collected using the authors' experimental testbed, and feature selection based on information gain was used to identify the smallest numbers of features sufficient to successfully distinguish malware from non-malicious software.
Proceedings ArticleDOI
The Effect on Network Flows-Based Features and Training Set Size on Malware Detection
TL;DR: Adding network flows-based features improved significantly the performance of malware detection and J48 and PART were the best performing learners, with the highest F-score and G-score values.
References
More filters
Book ChapterDOI
Differential Power Analysis
TL;DR: In this paper, the authors examine specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. And they also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.
Book
Graph Theory
J. A. Bondy,U.S.R Murty +1 more
TL;DR: This book provides a systematic treatment of the theory of graphs without sacrificing its intuitive and aesthetic appeal, and is suitable as a textbook for advanced undergraduate and beginning graduate students in mathematics and computer science.
Book
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
TL;DR: In this paper, the authors present a comprehensive treatment of power analysis attacks and countermeasures, based on the principle that the only way to defend against such attacks is to understand them.
Book
Power Analysis Attacks: Revealing the Secrets of Smart Cards
TL;DR: This volume explains how power analysis attacks work and provides an extensive discussion of countermeasures like shuffling, masking, and DPA-resistant logic styles to decide how to protect smart cards.