Smart grids utilize communication technologies that make them vulnerable to cyber attacks. The power grid is a critical infrastructure that constitutes a tempting target for sophisticated and well-equipped attackers. In this paper we simulate three malware types capable of attacking smart grid networks in the ns3 simulation environment. First, an aggressive malware type, named the pandemic malware, follows a topological-scan strategy to find and infect all devices on the network in the shortest time possible, via a brute force approach. Next, the more intelligent endemic malware sacrifices speed for stealthiness and operates with a less conspicuous hit-list and permutation-scan strategy. Finally, a highly stealthy malware type called the contagion malware does not scan the network or initiate any connections but rather appends on legitimate communication flows. We define several metrics to express the infection speed, scanning efficiency, stealthiness, and complexity of malware and use those metrics to compare the three malware types. Our simulations provide details on the scanning and propagation behavior of different malware classes. Furthermore, this work allows the assessment of the detectability of different malware types.
en
dc.description.sponsorship
Austrian Research Funding Association (FFG)
-
dc.language
English
-
dc.language.iso
en
-
dc.publisher
Springer-Verlag France
-
dc.relation.ispartof
Journal of Computer Virology and Hacking Techniques
-
dc.rights.uri
http://creativecommons.org/licenses/by/4.0/
-
dc.subject
Malware attacks
en
dc.subject
Smart grids
en
dc.subject
Communication networks
en
dc.subject
Anomaly detection
en
dc.subject
Network security
en
dc.title
Malware propagation in smart grid networks: metrics, simulation and comparison of three malware types
en
dc.type
Article
en
dc.type
Artikel
de
dc.rights.license
Creative Commons Namensnennung 4.0 International
de
dc.rights.license
Creative Commons Attribution 4.0 International
en
dc.description.startpage
109
-
dc.description.endpage
125
-
dc.rights.holder
The Author(s) 2018
-
dc.type.category
Original Research Article
-
tuw.container.volume
15
-
tuw.container.issue
2
-
tuw.journal.peerreviewed
true
-
tuw.peerreviewed
true
-
tuw.version
vor
-
dcterms.isPartOf.title
Journal of Computer Virology and Hacking Techniques
-
tuw.publication.orgunit
E389 - Telecommunications
-
tuw.publisher.doi
10.1007/s11416-018-0325-y
-
dc.identifier.eissn
2263-8733
-
dc.identifier.libraryid
AC15501173
-
dc.identifier.urn
urn:nbn:at:at-ubtuw:3-6545
-
tuw.author.orcid
0000-0002-5391-467X
-
tuw.author.orcid
0000-0002-8285-1591
-
dc.rights.identifier
CC BY 4.0
de
dc.rights.identifier
CC BY 4.0
en
wb.sci
true
-
item.openaccessfulltext
Open Access
-
item.cerifentitytype
Publications
-
item.cerifentitytype
Publications
-
item.openairecristype
http://purl.org/coar/resource_type/c_18cf
-
item.openairecristype
http://purl.org/coar/resource_type/c_18cf
-
item.fulltext
with Fulltext
-
item.grantfulltext
open
-
item.languageiso639-1
en
-
item.openairetype
Article
-
item.openairetype
Artikel
-
crisitem.author.dept
E389 - Telecommunications
-
crisitem.author.dept
E389-01 - Forschungsbereich Networks
-
crisitem.author.dept
E389-01 - Forschungsbereich Networks
-
crisitem.author.orcid
0000-0002-5391-467X
-
crisitem.author.orcid
0000-0002-8285-1591
-
crisitem.author.parentorg
E350 - Fakultät für Elektrotechnik und Informationstechnik
