Younghee Park, D. Nicol, Huaiyu Zhu, Cheol Won Lee
{"title":"防止恶意软件在AMI中的传播","authors":"Younghee Park, D. Nicol, Huaiyu Zhu, Cheol Won Lee","doi":"10.1109/SmartGridComm.2013.6688003","DOIUrl":null,"url":null,"abstract":"Malware can disrupt the operation of services in advanced metering infrastructure (AMI), which is at risk due to connectivity with the global Internet. In motion, malware may hide within the data payloads of legitimate AMI control traffic, implying the need for deep packet inspection. Some of the inspections one may make look for consistency with respect to data available only at the application layer, requiring one to position the analysis high in the protocol stack. Towards this end we propose a policy engine that examines both ingress and egress traffic to the AMI application layer. Policy engine rules may refer to the structure and behavior of the AMI protocol, and may also perform multi-stage analysis of data payloads looking for evidence that executable code is carried, rather than data. Our experimental results demonstrate that the policy engine is able to accurately distinguish between legitimate traffic and malware bearing traffic.","PeriodicalId":136434,"journal":{"name":"2013 IEEE International Conference on Smart Grid Communications (SmartGridComm)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2013-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Prevention of malware propagation in AMI\",\"authors\":\"Younghee Park, D. Nicol, Huaiyu Zhu, Cheol Won Lee\",\"doi\":\"10.1109/SmartGridComm.2013.6688003\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malware can disrupt the operation of services in advanced metering infrastructure (AMI), which is at risk due to connectivity with the global Internet. In motion, malware may hide within the data payloads of legitimate AMI control traffic, implying the need for deep packet inspection. Some of the inspections one may make look for consistency with respect to data available only at the application layer, requiring one to position the analysis high in the protocol stack. Towards this end we propose a policy engine that examines both ingress and egress traffic to the AMI application layer. Policy engine rules may refer to the structure and behavior of the AMI protocol, and may also perform multi-stage analysis of data payloads looking for evidence that executable code is carried, rather than data. Our experimental results demonstrate that the policy engine is able to accurately distinguish between legitimate traffic and malware bearing traffic.\",\"PeriodicalId\":136434,\"journal\":{\"name\":\"2013 IEEE International Conference on Smart Grid Communications (SmartGridComm)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-12-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 IEEE International Conference on Smart Grid Communications (SmartGridComm)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SmartGridComm.2013.6688003\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE International Conference on Smart Grid Communications (SmartGridComm)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SmartGridComm.2013.6688003","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Malware can disrupt the operation of services in advanced metering infrastructure (AMI), which is at risk due to connectivity with the global Internet. In motion, malware may hide within the data payloads of legitimate AMI control traffic, implying the need for deep packet inspection. Some of the inspections one may make look for consistency with respect to data available only at the application layer, requiring one to position the analysis high in the protocol stack. Towards this end we propose a policy engine that examines both ingress and egress traffic to the AMI application layer. Policy engine rules may refer to the structure and behavior of the AMI protocol, and may also perform multi-stage analysis of data payloads looking for evidence that executable code is carried, rather than data. Our experimental results demonstrate that the policy engine is able to accurately distinguish between legitimate traffic and malware bearing traffic.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
