Availability attacks on computing systems through alteration of environmental control: smart malware approach

Abstract

In this paper, we demonstrate the feasibility of smart malware that advances state-of-the-art attacks by (i) indirectly attacking a computing infrastructure through a cyber-physical system (CPS) that manages the environment in which the computing enterprise operates, (ii) disguising its malicious actions as accidental failures, and (iii) self-learning attack strategies from cyber-physical system measurement data. We address all aspects of the malware, including the construction of the self-learning malware and the launch of a failure injection attack. We validate the attacks in a data-driven CPS simulation environment developed as part of this study.