An experimental investigation of malware attacks on SCADA systems

Abstract Modern critical infrastructures are continually exposed to new threats due to the vulnerabilities and architectural weaknesses introduced by the extensive use of information and communications technologies (ICT). Of particular significance are the vulnerabilities in the communication protocols used in supervisory control and data acquisition (SCADA) systems that are commonly employed to control industrial processes. This paper presents the results of our research on the impact of traditional ICT malware on SCADA systems. In addition, it discusses the potential damaging effects of computer malware created for SCADA systems.

[1]  Daniel P. W. Ellis,et al.  Worm anatomy and model , 2003, WORM '03.

[2]  Jelena Mirkovic,et al.  A realistic simulation of internet-scale events , 2006, valuetools '06.

[3]  Igor Nai Fovino,et al.  MAISim: mobile agent malware simulator , 2008, SimuTools.

[4]  David M. Nicol,et al.  Simulating realistic network worm traffic for worm warning system design and testing , 2003, WORM '03.

[5]  A.A. Creery,et al.  Industrial cybersecurity for a power system and SCADA networks - Be secure , 2007, IEEE Industry Applications Magazine.

[6]  Choong Seon Hong,et al.  A Security Mechanism for Automation Control in PLC-based Networks , 2007, 2007 IEEE International Symposium on Power Line Communications and Its Applications.

[7]  David M. Nicol,et al.  A mixed abstraction level simulation model of large-scale Internet worm infestations , 2002, Proceedings. 10th IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunications Systems.

[8]  Sujeet Shenoi,et al.  Attack taxonomies for the Modbus protocols , 2008, Int. J. Crit. Infrastructure Prot..

[9]  Wenke Lee,et al.  Comparative study between analytical models and packet-level worm simulations , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[10]  Igor Nai Fovino,et al.  Security Assessment Of A Turbo-Gas Power Plant , 2008, Critical Infrastructure Protection.

[11]  Jelena Mirkovic,et al.  Distributed worm simulation with a realistic Internet model , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[12]  Donald F. Towsley,et al.  Worm propagation modeling and analysis under dynamic quarantine defense , 2003, WORM '03.

[13]  Lin Wang,et al.  Data Object Based Security for DNP3 Over TCP/IP for Increased Utility Commercial Aspects Security , 2007, 2007 IEEE Power Engineering Society General Meeting.

[14]  Igor Nai Fovino,et al.  Effects of intentional threats to power substation control systems , 2008, Int. J. Crit. Infrastructures.

[15]  David Moore,et al.  Internet quarantine: requirements for containing self-propagating code , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[16]  Bernhard Plattner,et al.  Experiences with worm propagation simulations , 2003, WORM '03.

[17]  Sujeet Shenoi,et al.  Critical infrastructure protection , 2007 .

[18]  Igor Nai Fovino,et al.  Simulating malware with MAlSim , 2010, Journal in Computer Virology.

[19]  Sarah Gordon Feature: Are good virus simulators still a bad idea? , 1996 .

[20]  Felix C. Freiling,et al.  Toward Automated Dynamic Malware Analysis Using CWSandbox , 2007, IEEE Secur. Priv..

[21]  U. Bayer,et al.  TTAnalyze: A Tool for Analyzing Malware , 2006 .

[22]  Srikanth Sundaragopalan,et al.  High-fidelity modeling of computer network worms , 2004, 20th Annual Computer Security Applications Conference.

[23]  Gene Tsudik,et al.  Itinerant Agents for Mobile Computing , 1995, IEEE Communications Surveys & Tutorials.

[24]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[25]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX Annual Technical Conference, FREENIX Track.

[26]  Sujeet Shenoi,et al.  Critical Infrastructure Protection II - Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, George Mason University, Arlington, Virginia, USA, March 17-19, 2008, Revised Papers , 2009, IFIP Advances in Information and Communication Technology.

[27]  Sujeet Shenoi,et al.  Security Strategies for SCADA Networks , 2007, Critical Infrastructure Protection.

[28]  Igor Nai Fovino,et al.  MAISim: mobile agent malware simulator , 2008, Simutools 2008.