Malware Communication in Critical Infrastructures

Duration: 2020 – 2022
Call/Grant: National research project funded by the FFG in course of the KIRAS security research programme
Role: Contributor

Abstract: The project MALORI investigates new techniques for hidden malware communication in critical infrastructures such as encryption and network steganography (covert and subliminal channels) and explores suitable methods to detect and contain hidden malware communication. In terms of detection methods, MALORI sets particular emphasis on the investigation of opportunities and challenges of machine learning based algorithms. As part of a structured in-depth analysis of malware, including theoretical models for hidden communication according to the state of art, existing and potential future attack possibilities for specific critical infrastructures are defined as use cases. Based on those scenarios new detection and containment methods are developed. Recommendations are formulated to assess and minimize new threats by protocols. A holistic detection approach aims at combining data from various sources for a more comprehensive evaluation and consideration of context to improve classification and detection performance. The developed methods will be also evaluated with regard to their robustness against active manipulation, extending the research in the field of adversarial machine learning.