The interconnection of critical infrastructures (e.g., of smart grids) through low-latency communication networks is an essential prerequisite for the integration of renewable energies into today's energy networks. However, this interconnection can serve as substrate for malicious software (malware) to propagate within these infrastructures. Malware such as botnets use communication networks and protocols to abuse existing, known or unknown vulnerabilities in systems, infect new nodes and coordinate their distributed activities. Novel malware conceal their existence or bypass monitoring and detection procedures by means of encryption and hidden communication. The modularity of current malware allows targeted loading of damage routines, with known effects ranging from data exfiltration to intended physical damage to devices.
The MALORI project investigates methods for detecting secret malware communication in critical infrastructures. Based on selected application cases like, e.g., the electrical vehicle charging infrastructure, MALORI assess the capability of encryption algorithms and protocols to support or hinder hidden communications. The increasing use of encryption safeguards security, privacy and confidentiality of legitimate communication but also entails the danger of hidden communication channels. MALORI combines the results of network-based and host-based machine learning methods in a holistic approach in order to better detect anomalies including active manipulation (Adversarial Machine Learning) in potentially encrypted communication. The project also investigates methods of network steganography (covert channels, subliminal channels), which allow attackers to hide malware communication, as well as ethical and legal frameworks for the use of the newly developed methods. Selected theoretical findings of MALORI will be implemented as part of feasiblity studies and evaluated in realistic laboratory environments.
The targeted result of MALORI is an increased robustness of anomaly detection in critical infrastructure communications.
Dr. Joachim Fabini, TU Wien, Institute of Telecommunications
Austrian Institute of Technology
IKARUS Security Software GmbH
Illwerke VKW AG
Wiener Netze GmbH
Universität Wien, Institut für Europarecht, Internationales Recht und Rechtsvergleichung
Bundesministerium für Inneres
Dr. Joachim Fabini
Institute of Telecommunications
Technische Universität Wien
Gußhausstraße 25/E389 | 1040 Wien | Austria
Tel: +43 1 58801 38813
firstname.lastname@example.org | https://nt.tuwien.ac.at/