Detecting industrial control malware using automated PLC code analytics

Saman Zonouz; Julian Rrushi; Stephen McLaughlin

doi:10.1109/MSP.2014.113

Detecting industrial control malware using automated PLC code analytics

Saman Zonouz, Julian Rrushi, Stephen McLaughlin

Electrical & Computer Engineering

Research output: Contribution to journal › Article › peer-review

38 Scopus citations

Abstract

The authors discuss their research on programmable logic controller (PLC) code analytics, which leverages safety engineering to detect and characterize PLC infections that target physical destruction of power plants. Their approach also draws on control theory, namely the field of engineering and mathematics that deals with the behavior of dynamical systems, to reverse-engineer safety-critical code to identify complex and highly dynamic safety properties for use in the hybrid code analytics approach.

Original language	English (US)
Article number	7006408
Pages (from-to)	40-47
Number of pages	8
Journal	IEEE Security and Privacy
Volume	12
Issue number	6
DOIs	https://doi.org/10.1109/MSP.2014.113
State	Published - Nov 1 2014

Keywords

formal models
industrial control malware
model checking
PLC code analytics
process control systems
reverse engineering
safety-critical code
security

ASJC Scopus subject areas

Electrical and Electronic Engineering
Computer Networks and Communications
Law

Access to Document

10.1109/MSP.2014.113

Fingerprint Dive into the research topics of 'Detecting industrial control malware using automated PLC code analytics'. Together they form a unique fingerprint.

Cite this

@article{211497c04c9c444b988b647e7bb1ebba,

title = "Detecting industrial control malware using automated PLC code analytics",

abstract = "The authors discuss their research on programmable logic controller (PLC) code analytics, which leverages safety engineering to detect and characterize PLC infections that target physical destruction of power plants. Their approach also draws on control theory, namely the field of engineering and mathematics that deals with the behavior of dynamical systems, to reverse-engineer safety-critical code to identify complex and highly dynamic safety properties for use in the hybrid code analytics approach.",

keywords = "formal models, industrial control malware, model checking, PLC code analytics, process control systems, reverse engineering, safety-critical code, security",

author = "Saman Zonouz and Julian Rrushi and Stephen McLaughlin",

year = "2014",

month = nov,

day = "1",

doi = "10.1109/MSP.2014.113",

language = "English (US)",

volume = "12",

pages = "40--47",

journal = "IEEE Security and Privacy",

issn = "1540-7993",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "6",

}

TY - JOUR

T1 - Detecting industrial control malware using automated PLC code analytics

AU - Zonouz, Saman

AU - Rrushi, Julian

AU - McLaughlin, Stephen

PY - 2014/11/1

Y1 - 2014/11/1

N2 - The authors discuss their research on programmable logic controller (PLC) code analytics, which leverages safety engineering to detect and characterize PLC infections that target physical destruction of power plants. Their approach also draws on control theory, namely the field of engineering and mathematics that deals with the behavior of dynamical systems, to reverse-engineer safety-critical code to identify complex and highly dynamic safety properties for use in the hybrid code analytics approach.

AB - The authors discuss their research on programmable logic controller (PLC) code analytics, which leverages safety engineering to detect and characterize PLC infections that target physical destruction of power plants. Their approach also draws on control theory, namely the field of engineering and mathematics that deals with the behavior of dynamical systems, to reverse-engineer safety-critical code to identify complex and highly dynamic safety properties for use in the hybrid code analytics approach.

KW - formal models

KW - industrial control malware

KW - model checking

KW - PLC code analytics

KW - process control systems

KW - reverse engineering

KW - safety-critical code

KW - security

UR - http://www.scopus.com/inward/record.url?scp=84921416016&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84921416016&partnerID=8YFLogxK

U2 - 10.1109/MSP.2014.113

DO - 10.1109/MSP.2014.113

M3 - Article

AN - SCOPUS:84921416016

VL - 12

SP - 40

EP - 47

JO - IEEE Security and Privacy

JF - IEEE Security and Privacy

SN - 1540-7993

IS - 6

M1 - 7006408

ER -

Detecting industrial control malware using automated PLC code analytics

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Cite this