Detection of x86 malware in AMI data payloads

Vignesh Babu, David Malcolm Nicol

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Malware can spread uncontrollably if left unchecked and can cause significant damage to the Advanced Metering Infrastructure (AMI) and ultimately to the underlying power grid. Application layer protocols used in the AMI are capable of carrying large payloads which could be potentially used to hide malware. Fortunately, application layer traffic in the AMI is not expected to contain executable content and hence the problem of malware detection in data payloads simply changes to the problem of executable content detection. In this paper, we propose a policy engine implementation which sits between the network and application layers and performs comprehensive syntactic and semantic rule checks on each received packet and for the presence of encryption, ARM or x86 executable content. The policy engine is integrated with the C12.22 protocol library and is primarily targeted for deployment in head end systems.

Original languageEnglish (US)
Title of host publication2015 IEEE International Conference on Smart Grid Communications, SmartGridComm 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages617-622
Number of pages6
ISBN (Electronic)9781467382892
DOIs
StatePublished - Mar 17 2016
EventIEEE International Conference on Smart Grid Communications, SmartGridComm 2015 - Miami, United States
Duration: Nov 1 2015Nov 5 2015

Publication series

Name2015 IEEE International Conference on Smart Grid Communications, SmartGridComm 2015

Other

OtherIEEE International Conference on Smart Grid Communications, SmartGridComm 2015
CountryUnited States
CityMiami
Period11/1/1511/5/15

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Energy Engineering and Power Technology
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Detection of x86 malware in AMI data payloads'. Together they form a unique fingerprint.

  • Cite this

    Babu, V., & Nicol, D. M. (2016). Detection of x86 malware in AMI data payloads. In 2015 IEEE International Conference on Smart Grid Communications, SmartGridComm 2015 (pp. 617-622). [7436369] (2015 IEEE International Conference on Smart Grid Communications, SmartGridComm 2015). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SmartGridComm.2015.7436369