KIRAS Security Research

Call results by calendar year

Call results by funding instruments

Projects of the joint German-Austrian call

Cooperative Research and Innovation Projects >Call 2018 >

MALware cOmmunication in cRitical Infrastructures (MALORI)

Encryption in communications networks is a positive trend, which, however, implies risks whenever malicious software (malware) can misuse encryption to rapidly propagate and coordinate attacks. The project MALORI investigates possibilities of hidden communication in critical infrastructures as well as solutions for their detection and prevention.

The interconnection of critical infrastructures (e.g., of smart grids) through low-latency communication networks is an essential prerequisite for the integration of renewable energies into today's energy networks. However, this interconnection can serve as substrate for malicious software (malware) to propagate within these infrastructures. Malware such as botnets use communication networks and protocols to abuse existing, known or unknown vulnerabilities in systems, infect new nodes and coordinate their distributed activities. Novel malware conceal their existence or bypass monitoring and detection procedures by means of encryption and hidden communication. The modularity of current malware allows targeted loading of damage routines, with known effects ranging from data exfiltration to intended physical damage to devices.  

The MALORI project investigates methods for detecting secret malware communication in critical infrastructures. Based on selected application cases like, e.g., the electrical vehicle charging infrastructure, MALORI assess the capability of encryption algorithms and protocols to support or hinder hidden communications. The increasing use of encryption safeguards security, privacy and confidentiality of legitimate communication but also entails the danger of hidden communication channels. MALORI combines the results of network-based and host-based machine learning methods in a holistic approach in order to better detect anomalies including active manipulation (Adversarial Machine Learning) in potentially encrypted communication. The project also investigates methods of network steganography (covert channels, subliminal channels), which allow attackers to hide malware communication, as well as ethical and legal frameworks for the use of the newly developed methods. Selected theoretical findings of MALORI will be implemented as part of feasiblity studies and evaluated in realistic laboratory environments.  

The targeted result of MALORI is an increased robustness of anomaly detection in critical infrastructure communications.  

Project Lead
Dr. Joachim Fabini, TU Wien, Institute of Telecommunications 

Project partner
Austrian Institute of Technology 
IKARUS Security Software GmbH
Illwerke VKW AG
Wiener Netze GmbH
Universität Wien, Institut für Europarecht, Internationales Recht und Rechtsvergleichung
Bundesministerium für Inneres 

Dr. Joachim Fabini
Senior Scientist
Institute of Telecommunications
Technische Universität Wien
Gußhausstraße 25/E389 | 1040 Wien | Austria
Tel: +43 1 58801 38813 |