防止恶意软件在AMI中的传播

2013 IEEE International Conference on Smart Grid Communications (SmartGridComm) Pub Date : 2013-12-19 DOI:10.1109/SmartGridComm.2013.6688003

Younghee Park, D. Nicol, Huaiyu Zhu, Cheol Won Lee

{"title":"防止恶意软件在AMI中的传播","authors":"Younghee Park, D. Nicol, Huaiyu Zhu, Cheol Won Lee","doi":"10.1109/SmartGridComm.2013.6688003","DOIUrl":null,"url":null,"abstract":"Malware can disrupt the operation of services in advanced metering infrastructure (AMI), which is at risk due to connectivity with the global Internet. In motion, malware may hide within the data payloads of legitimate AMI control traffic, implying the need for deep packet inspection. Some of the inspections one may make look for consistency with respect to data available only at the application layer, requiring one to position the analysis high in the protocol stack. Towards this end we propose a policy engine that examines both ingress and egress traffic to the AMI application layer. Policy engine rules may refer to the structure and behavior of the AMI protocol, and may also perform multi-stage analysis of data payloads looking for evidence that executable code is carried, rather than data. Our experimental results demonstrate that the policy engine is able to accurately distinguish between legitimate traffic and malware bearing traffic.","PeriodicalId":136434,"journal":{"name":"2013 IEEE International Conference on Smart Grid Communications (SmartGridComm)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2013-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Prevention of malware propagation in AMI\",\"authors\":\"Younghee Park, D. Nicol, Huaiyu Zhu, Cheol Won Lee\",\"doi\":\"10.1109/SmartGridComm.2013.6688003\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malware can disrupt the operation of services in advanced metering infrastructure (AMI), which is at risk due to connectivity with the global Internet. In motion, malware may hide within the data payloads of legitimate AMI control traffic, implying the need for deep packet inspection. Some of the inspections one may make look for consistency with respect to data available only at the application layer, requiring one to position the analysis high in the protocol stack. Towards this end we propose a policy engine that examines both ingress and egress traffic to the AMI application layer. Policy engine rules may refer to the structure and behavior of the AMI protocol, and may also perform multi-stage analysis of data payloads looking for evidence that executable code is carried, rather than data. Our experimental results demonstrate that the policy engine is able to accurately distinguish between legitimate traffic and malware bearing traffic.\",\"PeriodicalId\":136434,\"journal\":{\"name\":\"2013 IEEE International Conference on Smart Grid Communications (SmartGridComm)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-12-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 IEEE International Conference on Smart Grid Communications (SmartGridComm)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SmartGridComm.2013.6688003\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE International Conference on Smart Grid Communications (SmartGridComm)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SmartGridComm.2013.6688003","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

摘要

恶意软件可以破坏高级计量基础设施(AMI)服务的运行，这些基础设施由于与全球互联网的连接而处于危险之中。在运动中，恶意软件可能隐藏在合法AMI控制流量的数据有效负载中，这意味着需要进行深度数据包检查。有些检查可能会寻找仅在应用层可用的数据的一致性，这需要将分析放在协议栈的高位。为此，我们提出了一个策略引擎，用于检查AMI应用层的入口和出口流量。策略引擎规则可以引用AMI协议的结构和行为，还可以对数据有效负载执行多阶段分析，寻找携带可执行代码而不是数据的证据。实验结果表明，该策略引擎能够准确区分合法流量和恶意流量。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Prevention of malware propagation in AMI

Malware can disrupt the operation of services in advanced metering infrastructure (AMI), which is at risk due to connectivity with the global Internet. In motion, malware may hide within the data payloads of legitimate AMI control traffic, implying the need for deep packet inspection. Some of the inspections one may make look for consistency with respect to data available only at the application layer, requiring one to position the analysis high in the protocol stack. Towards this end we propose a policy engine that examines both ingress and egress traffic to the AMI application layer. Policy engine rules may refer to the structure and behavior of the AMI protocol, and may also perform multi-stage analysis of data payloads looking for evidence that executable code is carried, rather than data. Our experimental results demonstrate that the policy engine is able to accurately distinguish between legitimate traffic and malware bearing traffic.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 IEEE International Conference on Smart Grid Communications (SmartGridComm)

自引率

0.00%

发文量