skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Detecting Peer-to-Peer Botnets in SCADA Systems

Abstract

Supervisory Control and Data Acquisition (SCADA) systems monitor and control critical infrastructure such as the smart grid. As SCADA systems become increasingly interconnected and adopt more and more cyber-enabled components, the risks of cyber attacks become a major concern. Due to their decentralized organization, peer-to-peer (P2P) botnets are resilient to many existing takedown measures and can be exploited as an effective way to launch cyber attacks on SCADA systems. However, little work has been done to detect P2P botnets in SCADA systems, which carry traffic flows with characteristics significantly different from the Internet. In this paper, we design a P2P-botnet detection method for SCADA systems, leveraging built-in traffic monitoring capabilities of SCADA networking devices. The proposed method consists of two stages. In the first stage, we design a simple feature test to filter out non-P2P hosts, which significantly reduces the data volume for P2P-botnet identification. In the second stage, we jointly consider flow-based and connectivity-based features that effectively set apart bots from benign hosts. We propose to use unsupervised learning for P2P-botnet identification, which not only identifies known P2P botnets but also captures newly emerged ones. Our simulation results show that the proposed system achieves high detection rates with verymore » few false positives. Furthermore, our evaluation shows that the proposed method can detect hosts running P2P SCADA applications that are infected by P2P bots.« less

Authors:
 [1];  [1];  [1]
  1. Lehigh Univ., Bethlehem, PA (United States)
Publication Date:
Research Org.:
Lehigh Univ., Bethlehem, PA (United States)
Sponsoring Org.:
USDOE Office of Electricity Delivery and Energy Reliability (OE)
OSTI Identifier:
1339094
DOE Contract Number:  
OE0000779
Resource Type:
Conference
Resource Relation:
Conference: 2016 IEEE Global Communications Conference, Washington, DC (United States)
Country of Publication:
United States
Language:
English
Subject:
96 KNOWLEDGE MANAGEMENT AND PRESERVATION; 97 MATHEMATICS AND COMPUTING; Cybersecurity; Peer-to-Peer Botnets

Citation Formats

Yang, Huan, Cheng, Liang, and Chuah, Mooi Choo. Detecting Peer-to-Peer Botnets in SCADA Systems. United States: N. p., 2016. Web. doi:10.1109/GLOCOMW.2016.7848877.
Yang, Huan, Cheng, Liang, & Chuah, Mooi Choo. Detecting Peer-to-Peer Botnets in SCADA Systems. United States. doi:10.1109/GLOCOMW.2016.7848877.
Yang, Huan, Cheng, Liang, and Chuah, Mooi Choo. Thu . "Detecting Peer-to-Peer Botnets in SCADA Systems". United States. doi:10.1109/GLOCOMW.2016.7848877.
@article{osti_1339094,
title = {Detecting Peer-to-Peer Botnets in SCADA Systems},
author = {Yang, Huan and Cheng, Liang and Chuah, Mooi Choo},
abstractNote = {Supervisory Control and Data Acquisition (SCADA) systems monitor and control critical infrastructure such as the smart grid. As SCADA systems become increasingly interconnected and adopt more and more cyber-enabled components, the risks of cyber attacks become a major concern. Due to their decentralized organization, peer-to-peer (P2P) botnets are resilient to many existing takedown measures and can be exploited as an effective way to launch cyber attacks on SCADA systems. However, little work has been done to detect P2P botnets in SCADA systems, which carry traffic flows with characteristics significantly different from the Internet. In this paper, we design a P2P-botnet detection method for SCADA systems, leveraging built-in traffic monitoring capabilities of SCADA networking devices. The proposed method consists of two stages. In the first stage, we design a simple feature test to filter out non-P2P hosts, which significantly reduces the data volume for P2P-botnet identification. In the second stage, we jointly consider flow-based and connectivity-based features that effectively set apart bots from benign hosts. We propose to use unsupervised learning for P2P-botnet identification, which not only identifies known P2P botnets but also captures newly emerged ones. Our simulation results show that the proposed system achieves high detection rates with very few false positives. Furthermore, our evaluation shows that the proposed method can detect hosts running P2P SCADA applications that are infected by P2P bots.},
doi = {10.1109/GLOCOMW.2016.7848877},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2016},
month = {12}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: