MALWARE DETECTION METHOD FOR THE INDUSTRIAL CONTROL SYSTEMS

被引：0

作者：

Peng, Yong ^{[1
,2
]}

Liang, Jie ^{[2
]}

Xu, Guoai ^{[1
]}

机构：

[1] Beijing Univ Posts & Telecommun, Beijing, Peoples R China

[2] China Informat Technol Secur Evaluat Ctr, Beijing, Peoples R China

来源：

PROCEEDINGS OF 2016 4TH IEEE INTERNATIONAL CONFERENCE ON CLOUD COMPUTING AND INTELLIGENCE SYSTEMS (IEEE CCIS 2016) | 2016年

关键词：

industrial control system; security; fuzz test;

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Industrial control system(ICS) is floorboard of control system in industrial production. With the transformation and upgrading of ICS, more IT technologies are used in it. The security problem has been paid more and more attention in recent years. In this paper, we proposed a fuzz test based method to detect the malware in the industrial control systems. In the proposed method, we use the configuration file of industrial control software as the taint source file of taint analysis and the sample file of fuzzing. First, find key data which is most likely to have potential safety hazard in the configuration file through dynamic taint analysis. Then, mutate the data and generate abnormal data file. Last, we do the fuzz test. By using this method, we can detect most of the security hazards

引用

页码：255 / 259

页数：5

共 8 条

[1] Bekrar S., 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation (ICST 2012), P818, DOI 10.1109/ICST.2012.182
[2] Devarajan G., DEFCON 15 HACK C
[3] Dynamics M., MU TEST SUIT
[4] Gjendemsjo M., 2013, CREATING WEAPON MASS
[5] Keith S, 2007, GUIDE IND CONTROL SY, P13
[6] Piggin R., 2014, CYB SEC IND CONTR SY, P1
[7] TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection
Wang, Tielei
Wei, Tao
Gu, Guofei
Zou, Wei
[J]. 2010 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 2010, : 495 - +
[8] Wurldtech, ACH TEST PLATF

← 1 →