A Review of Testbeds on SCADA Systems with Malware Analysis

Otávio Augusto Maciel Camargo; Julio Cesar Duarte; Anderson Fernandes Pereira dos Santos; Cesar Augusto Borges

doi:10.22456/2175-2745.112813

Authors

Otávio Augusto Maciel Camargo Systems Development Center (CDS), Brasília, DF, Brazil https://orcid.org/0000-0002-5775-5768
Julio Cesar Duarte Military Institute of Engineering (IME), Rio de Janeiro, RJ, Brazil https://orcid.org/0000-0001-6656-1247
Anderson Fernandes Pereira dos Santos Military Institute of Engineering (IME), Rio de Janeiro, RJ, Brazil https://orcid.org/0000-0002-6754-4809
Cesar Augusto Borges Systems Development Center (CDS), Brasília, DF, Brazil

DOI:

https://doi.org/10.22456/2175-2745.112813

Keywords:

Malware, Industrial Control Systems, SCADA, Testbed, Industry

Abstract

Supervisory control and data acquisition (SCADA) systems are among the major types of Industrial Control Systems (ICS) and are responsible for monitoring and controlling essential infrastructures such as power generation, water treatment, and transportation. Very common and with high added-value, these systems have malware as one of their main threats, and due to their characteristics, it is practically impossible to test the security of a system without compromising it, requiring simulated test platforms to verify their cyber resilience. This review will discuss the most recent studies on ICS testbeds with a focus on cybersecurity and malware impact analysis.

Downloads

Download data is not yet available.

References

Kaspersky Lab. Threat Landscape for Industrial Automation Systems.Ics Cert, p. 1–37, 2018.

Dell Secureworks.State of Cybercrime Executive Summary. [S.l.], 2017.

NAZIR, S.; PATEL, S.; PATEL, D. Assessing and augmenting SCADA cyber security: A survey of techniques.Computersand Security, Elsevier Ltd, v. 70, p. 436–454, 2017.

EGELE, M. et al. A survey on automated dynamic malware-analysis techniques and tools.ACM Computing Surveys, v. 44,n. 2, p. 1–42, 2012.

STOUFFER, K. et al.Guide to Industrial Control Systems (ICS) Security. [S.l.], 2015. v. 800-82.

GENGE, B. et al. A cyber-physical experimentation environment for the security analysis of networked industrial controlsystems.Computers and Electrical Engineering, v. 38, n. 5, p. 1146–1161, 2012.

CHERDANTSEVA, Y. et al. A review of cyber security risk assessment methods for SCADA systems.Computers andSecurity, The Authors, v. 56, p. 1–27, 2016.

American National Standard.Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts, andModels. [S.l.], 2007.

YE, Y. et al. A Survey on Malware Detection Using Data Mining Techniques.ACM Computing Surveys, v. 50, n. 3, p.41:1–41:40, 2017.

FRANKLIN, J. et al. An inquiry into the nature and causes of the wealth of internet miscreants. In:ACM Symposium onInformation, Computer and Communications Security. [S.l.: s.n.], 2007. p. 375–388.

QUEIROZ, C.; MAHMOOD, A.; TARI, Z. SCADASim - A framework for building SCADA simulations.IEEETransactions on Smart Grid, v. 2, n. 4, p. 589–597, 2011.

DAVIS, C. M. et al. SCADA cyber security testbed development. In:North American Power Symposium. [S.l.: s.n.], 2006.p. 483–488.

LILJENSTAM, M. et al. RINSE: The Real-Time Immersive Network Simulation Environment for Network SecurityExercises.Principles of Advanced and Distributed Simulation, v. 82, n. 1, p. 43–59, 2005.

MCDONALD, M. J. et al.Cyber effects analysis using VCSE. [S.l.], 2008.

FOVINO, I. N. et al. An experimental investigation of malware attacks on SCADA systems.International Journal ofCritical Infrastructure Protection, Elsevier B.V., v. 2, n. 4, p. 139–145, 2009.

LESZCZYNA, R.; FOVINO, I. N.; MASERA, M. Simulating malware with MAlSim.Journal in Computer Virology, v. 6,n. 1, p. 65–75, 2010.

CHABUKSWAR, R. et al. Simulation of Network Attacks on SCADA Systems. In:Workshop on Secure Control Systems.[S.l.: s.n.], 2010. v. 1, p. 8.

CHERTOV, R.; FAHMY, S.; SHROFF, N. B. Fidelity of network simulation and emulation: A case study of TCP-targeteddenial of service attacks.ACM Transaction on Modeling and Computer Simulation, v. 19, n. 1, p. 1–29, 2008.

CHUNLEI, W.; LAN, F.; YIQI, D. A Simulation Environment for SCADA Security Analysis and Assessment. In:International Conference on Measuring Technology and Mechatronics Automation. [S.l.: s.n.], 2010. v. 1, p. 342–347.

MIRKOVIC, J. et al. The DETER project: Advancing the science of cyber security experimentation and test. In:IEEEInternational Conference on Technologies for Homeland Security. [S.l.: s.n.], 2010. v. 1, p. 1–7.

MORRIS, T.; VAUGHN, R.; DANDASS, Y. S. A testbed for SCADA control system cybersecurity research and pedagogy.In:Cyber Security and Information Intelligence Research Workshop. [S.l.: s.n.], 2011. p. 1.

CIANCAMERLA, E.; MINICHINO, M.; PALMIERI, S. Modeling cyber attacks on a critical infrastructure scenario. In:International Conference on Information, Intelligence, Systems and Applications. [S.l.: s.n.], 2013. p. 124–129.

SIATERLIS, C.; GENGE, B.; HOHENADEL, M. EPIC: A testbed for scientifically rigorous cyber-physical securityexperimentation.IEEE Transactions on Emerging Topics in Computing, v. 1, n. 2, p. 319–330, 2013.

FICCO, M.; CHORA ́S, M.; KOZIK, R. Simulation platform for cyber-security and vulnerability analysis of criticalinfrastructures.Journal of Computational Science, 2017.

HUDA, S. et al. Defending unknown attacks on cyber-physical systems by semi-supervised approach and availableunlabeled data.Information Sciences, Elsevier Inc., v. 379, p. 211–228, 2017.

HUDA, S. et al. A malicious threat detection model for cloud assisted internet of things (CoT) based industrial controlsystem (ICS) networks using deep belief network.Journal of Parallel and Distributed Computing, Elsevier Inc., v. 120, p.23–31, 2018.

AKHTAR, T.; GUPTA, B. B.; YAMAGUCHI, S. Malware propagation effects on SCADA system and smart power grid.In:IEEE International Conference on Consumer Electronics. [S.l.]: IEEE, 2018. p. 1–6.

JAHROMI, A. A. et al. Cyber-Physical Attacks Targeting Communication-Assisted Protection Schemes.IEEETransactions on Power Systems, IEEE, v. 35, n. 1, p. 440–450, 2020.

SOURI, A.; HOSSEINI, R. A state-of-the-art survey of malware detection approaches using data mining techniques.Human-centric Computing and Information Sciences, Springer Berlin Heidelberg, v. 8, n. 1, 2018.

DAVID, O. E.; NETANYAHU, N. S. DeepSign: Deep learning for automatic malware signature generation andclassification. In:IEEE International Joint Conference on Neural Networks. [S.l.: s.n.], 2015. v. 4, p. 1–8.

AJMAL, A. B. et al. Last line of defense: Reliability through inducing cyber threat hunting with deception in scadanetworks. IEEE Access, v. 9, p. 126789–126800, 2021.

ANDRADE, C. A. B. D.; MELLO, C. G. D.; DUARTE, J. C. Malware automatic analysis. In:Brazilian Congress onComputational Intelligence. Rio de Janeiro, Brazil: IEEE Computer Society, 2013. p. 681–686.

FAN, C. I. et al. Malware detection systems based on API log data mining. In:International Computer Software andApplications Conference. [S.l.]: IEEE Computer Society, 2015. v. 3, p. 255–260.

PIRSCOVEANU, R. S. et al. Analysis of malware behavior: Type classification using machine learning. In:InternationalConference on Cyber Situational Awareness, Data Analytics and Assessment. [S.l.]: IEEE, 2015. p. 1–7.

MANGIALARDO, R. J.; DUARTE, J. C. Integrating Static and Dynamic Malware Analysis Using Machine Learning.IEEE Latin America Transactions, v. 13, n. 9, p. 3080–3087, 2015.

AGHAEIKHEIRABADY, M. et al. A New Approach to Malware Detection by Comparative Analysis of Data Structures ina Memory Image. In:International Congress on Technology, Communication and Knowledge. Mashhad: IEEE, 2014. p. 26–27.

DAI, Y. et al. A malware classification method based on memory dump grayscale image.Digital Investigation, ElsevierLtd, v. 27, p. 30–37, 2018.

MOSLI, R. et al. Automated malware detection using artifacts in forensic memory images. In:IEEE Symposium on Technologies for Homeland Security. [S.l.: s.n.], 2016.[39]MOSLI, R. et al. A Behavior-Based Approach for Malware Detection. IFIP Advances in Information and CommunicationTechnology, Springer International Publishing, p. 187–201, 2017.

AL-RIMY, B. A. S. et al. Zero-day aware decision fusion-based model for crypto-ransomware early detection.International Journal of Integrated Engineering, v. 10, n. 6, p. 82–88, 2018. ISSN 2229838X.

MOHAISEN, A.; ALRAWI, O.; MOHAISEN, M. AMAL: High-fidelity, behavior-based automated malware analysis andclassification.Computers and Security, Elsevier Ltd, v. 52, p. 251–266, 2015.

ZAKI, A.; HUMPHREY, B. Unveiling the kernel: Rootkit discovery using selective automated kernel memorydifferencing. In:Virus Bulletin. [S.l.: s.n.], 2014. p. 239–256.