【24h】

Prevention of malware propagation in AMI

机译:防止AMI中的恶意软件传播

获取原文

摘要

Malware can disrupt the operation of services in advanced metering infrastructure (AMI), which is at risk due to connectivity with the global Internet. In motion, malware may hide within the data payloads of legitimate AMI control traffic, implying the need for deep packet inspection. Some of the inspections one may make look for consistency with respect to data available only at the application layer, requiring one to position the analysis high in the protocol stack. Towards this end we propose a policy engine that examines both ingress and egress traffic to the AMI application layer. Policy engine rules may refer to the structure and behavior of the AMI protocol, and may also perform multi-stage analysis of data payloads looking for evidence that executable code is carried, rather than data. Our experimental results demonstrate that the policy engine is able to accurately distinguish between legitimate traffic and malware bearing traffic.
机译:恶意软件可能会破坏高级计量基础架构(AMI)中的服务操作,由于与全球Internet的连接,这种操作面临风险。在运动中,恶意软件可能隐藏在合法AMI控制流量的数据有效载荷之内,这意味着需要进行深度数据包检查。一些检查可能会寻求与仅在应用程序层可用的数据相关的一致性,从而要求将分析放在协议栈中较高的位置。为此,我们提出了一个策略引擎,该引擎检查到AMI应用程序层的入站和出站流量。策略引擎规则可以引用AMI协议的结构和行为,并且还可以对数据有效负载执行多阶段分析,以寻找承载可执行代码而非数据的证据。我们的实验结果表明,该策略引擎能够准确区分合法流量和承载恶意软件的流量。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号