Modern Methods for Analyzing Malware Targeting Control Systems

  • Nitul DuttaEmail author
  • Kajal Tanchak
  • Krishna Delvadia
Part of the Studies in Systems, Decision and Control book series (SSDC, volume 255)


Industrial control systems are critical infrastructure of nation. ICSs are sensor-actuator networks that control physical systems. The core components are Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA), distributed control systems (DCS). Traditional ICS had specialized hardware without Internet connection. Nowadays ICS are commodity computers comes with high configuration and internet connection which makes it defenseless for most common attacks. Defensive mechanism are limited because ICSs are not using typical solutions like anti-viruses. They developed a malware-tolerant ICS network architecture that operate in secure manner even if attacker can attack on some of components. They provide ProVerif proofs to show the correctness of the network protocol. They added self-healing mechanism they implemented it on top of FreeRTOS and ARM TrustZone. The architecture automatically repair ordinary and malicious faults is known as self-healing. Governmental organizations recommend a strategy called “defense in depth” which tries to deploy defenses at every layer of the network. But author of paper use new approach. They distribute trust over each component on the network so malware cannot break the security policies. This approach is called malware tolerant.


Industrial control system Distributed control system Programmable logic control SCADA systems Malware analysis Dynamic taint analysis 


  1. 1.
    Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS) security. NIST Spec. Publ. 800(82), 16 (2011)Google Scholar
  2. 2.
    Bennett, S.: A brief history of automatic control. IEEE Control Syst. Mag. 16(3), 17–25 (1996)CrossRefGoogle Scholar
  3. 3.
    Gicsp, E.H., Assante, M., Conway, T.: An abbreviated history of automation & industrial controls systems and cybersecurity (2014)Google Scholar
  4. 4.
    Stouffer, K., Falco, J., Proctor, F.: The NIST Process Control Security Requirements Forum (PCSRF) and the future of industrial control system security. In: TAPPI Paper Summit, Atlanta, GA, 2004Google Scholar
  5. 5.
    Daniels, A., Salter, W.: What is SCADA? In: International Conference on Accelerator and Large Experimental Physics Control Systems, pp. 339–343 (1999)Google Scholar
  6. 6.
    Coates, G.M., et al.: A trust system architecture for SCADA network security. IEEE Trans. Power Del. 25(1), 158–169 (2010)CrossRefGoogle Scholar
  7. 7.
    Gligor, A., Turc, T.: Development of a service-oriented SCADA system. In: Emerging Markets Queries in Finance and Business, vol. 3, pp. 256–261 (2012)Google Scholar
  8. 8.
    Rrushi, J., Bellettini, C., Damiani, E.: Composite Intrusion Detection in Process Control Networks. Università degli Studi di Milano (2009)Google Scholar
  9. 9.
    Tan, K., Lee, T., Soh, C.Y.: Internet-based monitoring of distributed control systems—an undergraduate experiment. IEEE Trans. Educ. 45(2) (2002)Google Scholar
  10. 10. [Online]. Available: Accessed 15 Mar (2019)
  11. 11.
    Berge, J.: Fieldbuses for Process Control: Engineering, Operation, and Maintenance. ISA (2002)Google Scholar
  12. 12.
    DNP Users Group: Distributed Network Protocol Specification (2007)Google Scholar
  13. 13.
    Rockwell Automation. DeviceNet Adaptation of CIP. ODVA Website (2017)Google Scholar
  14. 14.
    Massioni, P., Verhaegen, M.: Distributed control for identical dynamically coupled systems: a decomposition approach. IEEE Trans. Autom. Control 54(1), 124–135 (2009)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Quinton, B.R., Wilton, S.J.E.: Post-silicon debug using programmable logic cores. In: Proceedings of Conference on Field-Programmable Technology (FPT), pp. 241–248 (2005)Google Scholar
  16. 16.
    Irfan, M., Saad, N., Ibrahim, R., Asirvadam, V.S.: Development of an intelligent condition monitoring system for AC induction motors using PLC. In: IEEE Business Engineering and Industrial Applications Colloquium (BEIAC), pp. 789–794, 7–9 Apr 2013Google Scholar
  17. 17.
    Chumachenko, K.: Machine Learning Methods for Malware Detection and Classification. XAMK (2017)Google Scholar
  18. 18.
    Pirscoveanu, R., Hansen, S., Larsen, T., Stevanovic, M., Pedersen, J., Czech, A.: Analysis of malware behavior: type classification using machine learning. In: International Conference on Cyber Situational Awareness Data Analytics and Assessment (CyberSA), London, pp. 1–7 (2015)Google Scholar
  19. 19.
    ICS Malware—NJCCIC. NJCCIC (2019). [Online]. Available: Accessed 19 Mar 2019
  20. 20.
  21. 21.
    Industroyer: ICS were developed decades ago with no security in mind. WeLiveSecurity. [Online]. Available: (2019). Accessed 19 Mar 2019
  22. 22.
    Kim, H.C., Keromytis, A.D., Covington, M., Sahita, R.: Capturing information flow with concatenated dynamic taint analysis. In: Proceedings: International Conference on Availability Reliability and Security, pp. 355–362 (2009)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Computer Engineering DepartmentMEF Group of InstitutionsRajkotIndia
  2. 2.Chhotubhai Gopalbhai Patel Institute of TechnologyBardoliIndia

Personalised recommendations