Title :
Prevention of malware propagation in AMI
Author :
Younghee Park ; Nicol, David M. ; Huaiyu Zhu ; Cheol Won Lee
Author_Institution :
Inf. Trust Inst., Univ. of Illinois at Urbana-Champaign, Urbana, IL, USA
Abstract :
Malware can disrupt the operation of services in advanced metering infrastructure (AMI), which is at risk due to connectivity with the global Internet. In motion, malware may hide within the data payloads of legitimate AMI control traffic, implying the need for deep packet inspection. Some of the inspections one may make look for consistency with respect to data available only at the application layer, requiring one to position the analysis high in the protocol stack. Towards this end we propose a policy engine that examines both ingress and egress traffic to the AMI application layer. Policy engine rules may refer to the structure and behavior of the AMI protocol, and may also perform multi-stage analysis of data payloads looking for evidence that executable code is carried, rather than data. Our experimental results demonstrate that the policy engine is able to accurately distinguish between legitimate traffic and malware bearing traffic.
Keywords :
metering; power meters; power system security; protocols; AMI application layer; AMI control traffic; AMI protocol; advanced metering infrastructure; data payloads; deep packet inspection; malware propagation; multistage analysis; policy engine; Encryption; Engines; Entropy; Malware; Payloads; Protocols;
Conference_Titel :
Smart Grid Communications (SmartGridComm), 2013 IEEE International Conference on
Conference_Location :
Vancouver, BC
DOI :
10.1109/SmartGridComm.2013.6688003
