Abstract
Over the course of the past few decades, it has been abundantly clear that modern cybercrime committed against ICS has been expanding at an exponential rate. Operational Technology, also known as OT, has been the target of different types of attacks using a variety of tactics and approaches that have been specially tailored against them. Malwares, especially like backdoors, are the most prominent types of these attacks. Major constituents of OT are the Supervisory Control and Data Acquisition systems (SCADA), Programmable Logic Controllers (PLC), and Distributed Control Systems (DCS). It is harder to patch the existing vulnerabilities due to its devastating effect on the availability of the service. Attacks against the ICS have disastrous repercussions for the nation’s security. Industries have encountered many of them such as Stuxnet, BlackEnergy, CrashOverRide and many in the past years. Malwares that are polymorphic and metamorphic, both of which have efficient mutational features, are largely responsible for the exponential increase in the variability of malwares. The efficient categorization of the malware samples is a crucial and challenging task. This study mainly focuses on the efficient categorization of the huge samples of malware from nine different scandalous families, using their byte files. These byte file samples were passed into 3 different machine learning algorithms (k-neighbor, logistic regression, random forest), from which the best results were obtained from the random forest algorithm with a larger number of samples. The Identification results with the small dataset demonstrates that Random forest is not suited for the identification of malware that vary their signature. The feature extraction and the application of the machine learning algorithm aids the process and opens a wide scope for future research on this area.
Similar content being viewed by others
References
Zhu, X.: Resilient Control and Intrusion Detection for SCADA Systems. University of California, Berkeley (2011)
Nicholson, A., Webber, S., Dyer, S., Patel, T., Janicke, H.: SCADA security in the light of cyber-warfare. Comput. Secur. 31(4), 418–436 (2012)
Vieira, G.E., Herrmann, J.W., Lin, E.: Rescheduling manufacturing systems: a framework of strategies, policies, and methods. J. Sched. 6(1), 39–62 (2003)
Zhu, B., Joseph, A., Sastry, S.: A taxonomy of cyber-attacks on SCADA systems. In: 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing, pp. 380–388. IEEE (2011)
Gupta, R.A., Chow, M.Y.: Networked control system: overview and research trends. IEEE Trans. Industr. Electron. 57(7), 2527–2535 (2009)
Geiger, M., Bauer, J., Masuch, M., Franke, J.: An analysis of black energy 3, crashoverride, and trisis, three malware approaches targeting operational technology systems. In: 2020 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), vol. 1, pp. 1537–1543. IEEE (2020)
Anson, S.: Applied Incident Response. Wiley, Hoboken (2020)
Al-Hawawreh, M., Den Hartog, F., Sitnikova, E.: Targeted ransomware: a new cyber threat to the edge system of brownfield industrial internet of things. IEEE Internet Things J. 6(4), 7137–7151 (2019)
McFail, M., Hanna, J., Rebori-Carretero, D.: Detection Engineering in Industrial Control Systems. Ukraine 2016 Attack: Sandworm Team and Industroyer Case Study. MITRE CORP MCLEAN VA (2022)
Reinhold, T., Reuter, C.: Towards a cyber weapons assessment model-assessment of the technical features of malicious software. IEEE Trans. Technol. Soc. 3, 226–239 (2021)
Alladi, T., Chamola, V., Zeadally, S.: Industrial control systems: cyberattack trends and countermeasures. Comput. Commun. 155, 1–8 (2020)
Chen, K., et al.: Finding unknown malice in 10 seconds: mass vetting for new threats at the {Google-Play} scale. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 659–674 (2015)
Rathore, H., Sahay, S.K., Rajvanshi, R., Sewak, M.: Identification of significant permissions for efficient android malware detection. In: Gao, H., J. Durán Barroso, R., Shanchen, P., Li, R. (eds.) BROADNETS 2020. LNICSSITE, vol. 355, pp. 33–52. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-68737-3_3
Akram, Z., Majid, M., Habib, S.: A systematic literature review: usage of logistic regression for malware detection. In: 2021 International Conference on Innovative Computing (ICIC), pp. 1–8. IEEE (2021)
Morales-Molina, C.D., Santamaria-Guerrero, D., Sanchez-Perez, G., Perez-Meana, H., Hernandez-Suarez, A.: Methodology for malware classification using a random forest classifier. In: 2018 IEEE International Autumn Meeting on Power, Electronics and Computing (ROPEC), pp. 1–6. IEEE (2018)
Abdualgalil, B., Abraham, S.: Applications of machine learning algorithms and performance comparison: a review. In: 2020 International Conference on Emerging Trends in Information Technology and Engineering (ic-ETITE), pp. 1–6. IEEE (2020)
Gao, Y., Hasegawa, H., Yamaguchi, Y., Shimada, H.: Malware detection using gradient boosting decision trees with customized log loss function. In: 2021 International Conference on Information Networking (ICOIN), pp. 273–278. IEEE, January 2021
Babun, L., Aksu, H., Uluagac, A.S.:. A system-level behavioral detection framework for compromised CPS devices: Smart-grid case. ACM Trans. Cyber- Phys. Syst. 4(2), 1–28 (2019)
Naeem, H., Guo, B., Naeem, M.R., Vasan, D.: Visual malware classification using local and global malicious patterns. J. Comput. (6), 73–83 (2019)
Tuptuk, N., Hazell, P., Watson, J., Hailes, S.:.A systematic review of the state of cyber-security in water systems. Water 13(1), 81 (2021)
Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security—A survey. IEEE Internet Things J. 4(6), 1802–1831 (2017)
Hassanzadeh, A., Rasekh, A., Galelli, S., Aghashahi, M., Taormina, R., Ostfeld, A., Banks, M.K.: A review of cybersecurity incidents in the water sector. J. Environ. Eng. 146(5), 03120003 (2020)
Kirasich, K., Smith, T., Sadler, B.: Random forest vs logistic regression: binary classification for heterogeneous datasets. SMU Data Sci. Rev. 1(3), 9 (2018)
Mienye, I.D., Sun, Y.: A survey of ensemble learning: Concepts, algorithms, applications, and prospects. IEEE Access 10, 99129–99149 (2022)
.Priya, A., Garg, S., Tigga, N.P.: Predicting anxiety, depression and stress in modern life using machine learning algorithms. Procedia Comput. Sci. 167, 1258–1267 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Rai, M.K., Srilakshmi, K.V., Sharma, P. (2023). Protecting OT Hosts with Intelligent Model-Based Defense System Against Malware Families. In: Chaubey, N., Thampi, S.M., Jhanjhi, N.Z., Parikh, S., Amin, K. (eds) Computing Science, Communication and Security. COMS2 2023. Communications in Computer and Information Science, vol 1861. Springer, Cham. https://doi.org/10.1007/978-3-031-40564-8_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-40564-8_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-40563-1
Online ISBN: 978-3-031-40564-8
eBook Packages: Computer ScienceComputer Science (R0)