Keeping Host Sanity for Security of the SCADA Systems
Cyber attacks targeting the Supervisory Control and Data Acquisition (SCADA) systems are becoming more complex and more intelligent. Currently proposed security measures for the SCADA systems come under three categories: physical/logical network separation, communication message security, and securi...
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2020-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/9046797/ |
id |
doaj-73535647130c4262b7818a44682fef93 |
---|---|
record_format |
Article |
spelling |
doaj-73535647130c4262b7818a44682fef932021-03-30T01:34:53ZengIEEEIEEE Access2169-35362020-01-018629546296810.1109/ACCESS.2020.29831799046797Keeping Host Sanity for Security of the SCADA SystemsJae-Myeong Lee0Sugwon Hong1https://orcid.org/0000-0002-6184-9310Department of Computer Engineering, Myongji University, Yongin, South KoreaDepartment of Computer Engineering, Myongji University, Yongin, South KoreaCyber attacks targeting the Supervisory Control and Data Acquisition (SCADA) systems are becoming more complex and more intelligent. Currently proposed security measures for the SCADA systems come under three categories: physical/logical network separation, communication message security, and security monitoring. However, the recent malwares which were used successfully to disrupt the critical systems show that these security strategies are necessary, but not sufficient to defend these malwares. The malware attacks on the SCADA system exploit weaknesses of host system software environment and take over the control of host processes in the SCADA system. In this paper, we explain how the malware interferes in the important process logics, and invades the SCADA host process by using Dynamic Link Library (DLL) Injection. As a security measure, we propose an algorithm to block DLL Injection efficiently, and show its effectiveness of defending real world malwares using DLL Injection technique by implementing as a library and testing against several DLL Injection scenarios. It is expected that this approach can prevent all the hosts in the SCADA system from being taken over by this kind of malicious attacks, consequently keeping its sanity all the time.https://ieeexplore.ieee.org/document/9046797/SCADA securitymalwareDLL injectioncode injectionhost system security |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Jae-Myeong Lee Sugwon Hong |
spellingShingle |
Jae-Myeong Lee Sugwon Hong Keeping Host Sanity for Security of the SCADA Systems IEEE Access SCADA security malware DLL injection code injection host system security |
author_facet |
Jae-Myeong Lee Sugwon Hong |
author_sort |
Jae-Myeong Lee |
title |
Keeping Host Sanity for Security of the SCADA Systems |
title_short |
Keeping Host Sanity for Security of the SCADA Systems |
title_full |
Keeping Host Sanity for Security of the SCADA Systems |
title_fullStr |
Keeping Host Sanity for Security of the SCADA Systems |
title_full_unstemmed |
Keeping Host Sanity for Security of the SCADA Systems |
title_sort |
keeping host sanity for security of the scada systems |
publisher |
IEEE |
series |
IEEE Access |
issn |
2169-3536 |
publishDate |
2020-01-01 |
description |
Cyber attacks targeting the Supervisory Control and Data Acquisition (SCADA) systems are becoming more complex and more intelligent. Currently proposed security measures for the SCADA systems come under three categories: physical/logical network separation, communication message security, and security monitoring. However, the recent malwares which were used successfully to disrupt the critical systems show that these security strategies are necessary, but not sufficient to defend these malwares. The malware attacks on the SCADA system exploit weaknesses of host system software environment and take over the control of host processes in the SCADA system. In this paper, we explain how the malware interferes in the important process logics, and invades the SCADA host process by using Dynamic Link Library (DLL) Injection. As a security measure, we propose an algorithm to block DLL Injection efficiently, and show its effectiveness of defending real world malwares using DLL Injection technique by implementing as a library and testing against several DLL Injection scenarios. It is expected that this approach can prevent all the hosts in the SCADA system from being taken over by this kind of malicious attacks, consequently keeping its sanity all the time. |
topic |
SCADA security malware DLL injection code injection host system security |
url |
https://ieeexplore.ieee.org/document/9046797/ |
work_keys_str_mv |
AT jaemyeonglee keepinghostsanityforsecurityofthescadasystems AT sugwonhong keepinghostsanityforsecurityofthescadasystems |
_version_ |
1724186795899355136 |