Detecting Peer-to-Peer Botnets in SCADA Systems

Yang, Huan; Cheng, Liang; Chuah, Mooi Choo

doi:10.1109/GLOCOMW.2016.7848877

Title: Detecting Peer-to-Peer Botnets in SCADA Systems

Conference · Thu Dec 08 00:00:00 EST 2016

DOI:https://doi.org/10.1109/GLOCOMW.2016.7848877· OSTI ID:1339094

Yang, Huan ^[1]; Cheng, Liang ^[1]; Chuah, Mooi Choo ^[1]

Lehigh Univ., Bethlehem, PA (United States)

Supervisory Control and Data Acquisition (SCADA) systems monitor and control critical infrastructure such as the smart grid. As SCADA systems become increasingly interconnected and adopt more and more cyber-enabled components, the risks of cyber attacks become a major concern. Due to their decentralized organization, peer-to-peer (P2P) botnets are resilient to many existing takedown measures and can be exploited as an effective way to launch cyber attacks on SCADA systems. However, little work has been done to detect P2P botnets in SCADA systems, which carry traffic flows with characteristics significantly different from the Internet. In this paper, we design a P2P-botnet detection method for SCADA systems, leveraging built-in traffic monitoring capabilities of SCADA networking devices. The proposed method consists of two stages. In the first stage, we design a simple feature test to filter out non-P2P hosts, which significantly reduces the data volume for P2P-botnet identification. In the second stage, we jointly consider flow-based and connectivity-based features that effectively set apart bots from benign hosts. We propose to use unsupervised learning for P2P-botnet identification, which not only identifies known P2P botnets but also captures newly emerged ones. Our simulation results show that the proposed system achieves high detection rates with very few false positives. Furthermore, our evaluation shows that the proposed method can detect hosts running P2P SCADA applications that are infected by P2P bots.

OSTI does not have a digital full text copy available. For more information, please see document availability, search WorldCat, or search Google Scholar.

Cite

Export

Save

Research Organization:: Lehigh Univ., Bethlehem, PA (United States)

Sponsoring Organization:: USDOE Office of Electricity (OE)

DOE Contract Number:: OE0000779

OSTI ID:: 1339094

Resource Relation:: Conference: 2016 IEEE Global Communications Conference, Washington, DC (United States)

Country of Publication:: United States

Language:: English

Similar Records

AntBot: Anti-pollution peer-to-peer botnets

Conference · Thu Jan 01 00:00:00 EST 2009 · OSTI ID:1339094

Yan, Guanhua; Eidenbenz, Stephan; Ha, Duc T

RatBot: anti-enumeration peer-to-peer botnets

Conference · Fri Jan 01 00:00:00 EST 2010 · OSTI ID:1339094

Yan, Guanhua; Eidenbenz, Stephan; Chen, Songqing

P2P-based botnets: structural analysis, monitoring, and mitigation

Conference · Tue Jan 01 00:00:00 EST 2008 · OSTI ID:1339094

Yan, Guanhua; Eidenbenz, Stephan; Ha, Duc T; +1 more

Related Subjects

96 KNOWLEDGE MANAGEMENT AND PRESERVATION
97 MATHEMATICS AND COMPUTING
Cybersecurity
Peer-to-Peer Botnets

Title: Detecting Peer-to-Peer Botnets in SCADA Systems

Citation Formats

Similar Records

Related Subjects