ADSC Courses and General Events Calendar

Back to Listing

"Prevention of Malware Propagation in AMI"

Event Type
Advanced Digital Sciences Center
Charles Babbage room, on the 17th floor of the Connexis SOUTH Tower
Mar 28, 2014   4:00 pm  
David Nicol - Franklin W. Woeltge Professor of Electrical and Computer Engineering and Director of the Information Trust Institute at the University of Illinois at Urbana-Champaign


This presentation considers the problem of detecting and preventing the use of AMI specific protocols such as c12.22 and DLMS/COSEM to propagate malware through an AMI system, under the disguise of a trusted protocol.   Our solution is to strategically place a policy engine between the AMI application that uses the protocol and the network stack, where deep packet inspection can be performed. Policy rules can look for logical coherence of the protocol messages with context and history, but more Interestingly, can do statistical analysis of message contents and detect when the data payload is unlikely to be AMI data. We present the detection techniques and present studies which suggest that false positive and false negative error rates are entirely tolerable.

link for robots only