Abstract
Energy Delivery Systems (EDS) are a network of processes that produce, transfer and distribute energy. EDS are increasingly dependent on networked computing assets, as are many Industrial Control Systems. Consequently, cyber-attacks pose a real and pertinent threat, as evidenced by Stuxnet, Shamoon and Dragonfly. Hence, there is a critical need for novel methods to detect, prevent, and mitigate effects of such attacks. To detect cyber-attacks in EDS, we developed a framework for gathering and analyzing timing data that involves establishing a baseline execution profile and then capturing the effect of perturbations in the state from injecting various malware. The data analysis was based on nonlinear dynamics and graph theory to improve detection of anomalous events in cyber applications. The goal was the extraction of changing dynamics or anomalous activity in the underlying computer system. Takens' theorem in nonlinear dynamics allows reconstruction of topologically invariant, time-delay-embedding states from the computer data in a sufficiently high-dimensional space. The resultant dynamical states were nodes, and the state-to-state transitions were links in a mathematical graph. Alternatively, sequential tabulation of executing instructions provides the nodes with corresponding instruction-to-instruction links. Graph theorems guarantee graphinvariant measures to quantify the dynamical changes in the running applications. Results showed a successful detection of cyber events.
Original language | English |
---|---|
Title of host publication | Proceedings of the 10th Annual Cyber and Information Security Research Conference, CISRC 2015 |
Publisher | Association for Computing Machinery |
ISBN (Electronic) | 9781450333450 |
DOIs | |
State | Published - Apr 7 2015 |
Event | 10th Annual Cyber and Information Security Research Conference, CISRC 2015 - Oak Ridge, United States Duration: Apr 6 2015 → Apr 8 2015 |
Publication series
Name | ACM International Conference Proceeding Series |
---|---|
Volume | 06-08-April-2015 |
Conference
Conference | 10th Annual Cyber and Information Security Research Conference, CISRC 2015 |
---|---|
Country/Territory | United States |
City | Oak Ridge |
Period | 04/6/15 → 04/8/15 |
Funding
This manuscript has been authored by UT-Battelle, LLC under Contract No. DE-AC05-00OR22725 with the U.S. Department of Energy. The United States Government retains and the publisher, by accepting the article for publication, acknowledges that the United States Government retains a non-exclusive, paid-up, irrevocable, world-wide license to publish or reproduce the published form of this manuscript, or allow others to do so, for United States Government purposes. The Department of Energy will provide public access to these results of federally sponsored research in accordance with the DOE Public Access Plan (http://energy.gov/downloads/doe-public-access-plan).
Keywords
- Cyber anomaly detection
- Cyber-attacks
- Energy Delivery Systems
- Graph theory
- Malware
- Phase-space analysis
- Rootkits