{"title":"ICS工程工作站检测DLL注入的PEB-LDR数据分析技术研究","authors":"Junwon Kim, Jiho Shin, Jung-Taek Seo","doi":"10.1145/3440943.3444734","DOIUrl":null,"url":null,"abstract":"In the field of Industrial Control Systems (ICS), engineering workstations are used to manage and control processes better. It can involve monitoring the status of the PLC (Programming Logic Controller) constituting the ICS and observing the PLC data in real time using the HMI function. Nonetheless, it is possible to gain control of SCADA through a DLL injection, which can cause a fatal accident. Therefore, this paper proposes a method of detecting the DLL Injection of engineering workstations used in the ICS environment and a technique to detect data change due to DLL Injection by analyzing PEB-LDR data. We also propose a method of detecting malicious DLL when such is suspected to have been loaded. As a result, successful detection was realized using the suggested method when DLL Injection occurred, and a warning message could be displayed.","PeriodicalId":310247,"journal":{"name":"Proceedings of the 2020 ACM International Conference on Intelligent Computing and its Emerging Applications","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Research on PEB-LDR Data Analysis Technique for DLL Injection Detection on ICS Engineering Workstation\",\"authors\":\"Junwon Kim, Jiho Shin, Jung-Taek Seo\",\"doi\":\"10.1145/3440943.3444734\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the field of Industrial Control Systems (ICS), engineering workstations are used to manage and control processes better. It can involve monitoring the status of the PLC (Programming Logic Controller) constituting the ICS and observing the PLC data in real time using the HMI function. Nonetheless, it is possible to gain control of SCADA through a DLL injection, which can cause a fatal accident. Therefore, this paper proposes a method of detecting the DLL Injection of engineering workstations used in the ICS environment and a technique to detect data change due to DLL Injection by analyzing PEB-LDR data. We also propose a method of detecting malicious DLL when such is suspected to have been loaded. As a result, successful detection was realized using the suggested method when DLL Injection occurred, and a warning message could be displayed.\",\"PeriodicalId\":310247,\"journal\":{\"name\":\"Proceedings of the 2020 ACM International Conference on Intelligent Computing and its Emerging Applications\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2020 ACM International Conference on Intelligent Computing and its Emerging Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3440943.3444734\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 ACM International Conference on Intelligent Computing and its Emerging Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3440943.3444734","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Research on PEB-LDR Data Analysis Technique for DLL Injection Detection on ICS Engineering Workstation
In the field of Industrial Control Systems (ICS), engineering workstations are used to manage and control processes better. It can involve monitoring the status of the PLC (Programming Logic Controller) constituting the ICS and observing the PLC data in real time using the HMI function. Nonetheless, it is possible to gain control of SCADA through a DLL injection, which can cause a fatal accident. Therefore, this paper proposes a method of detecting the DLL Injection of engineering workstations used in the ICS environment and a technique to detect data change due to DLL Injection by analyzing PEB-LDR data. We also propose a method of detecting malicious DLL when such is suspected to have been loaded. As a result, successful detection was realized using the suggested method when DLL Injection occurred, and a warning message could be displayed.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
