This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for SecurityWeek’s 2018 ICS Cyber Security Conference! (View the full conference website here)  (You can Register for ICS Cyber Security Conference Here
Thursday, October 25 • 11:45am - 12:30pm
Tamper-Proof Rootkit Detection for ICS Through Power Consumption Analysis

Sign up or log in to save this to your schedule and see who's attending!

Rootkits are dangerous pieces of malware that exert a persistent, stealthy influence on a system by subverting its kernel functions and objects. It does this by first achieving, and then maintaining, administrative or root privileges on an infected system, effectively giving an attacker complete control over that system. Rootkits can further use their privilege to disable or tamper with logic-based malware detection solutions, making them ineffective for dealing with these threats. A rootkit detection solution that provides accurate, real-time, tamper-proof alerts is needed.
Our system, called Heartbeat, provides just such a capability. By measuring and analyzing the power consumption behavior of a device both before and after infection, Heartbeat is able to provide timely, accurate indicators of rootkit installation. Furthermore, because the power data is collected directly from the power rails, it is completely immune to on-system rootkit tampering.
Our system improves upon past work in this area by collecting data only during the regular, periodic invocation of a system function or set of functions. This method is attractive because it is efficient, versatile, and scalable, and because system functions are tempting targets for alteration by sophisticated malware. Analysis of this data is technique-agnostic, so this presentation will describe analysis techniques that have worked for our experiments, and outline directions for future investigation.

avatar for Joel Dawson

Joel Dawson

Research Associate, Oak Ridge National Laboratory
Joel Dawson received the B.A. degree magna cum laude in Communication from Messiah College in 2008, and the M.S. degree in Computer and Information Sciences from the University of South Alabama in 2017.  Prior to graduation, he interned at ICS-CERT at Idaho National Laboratory in... Read More →
avatar for Dr. Stacy Prowell

Dr. Stacy Prowell

Chief Cyber Security Research Scientist, Oak Ridge National Laboratory
Dr. Stacy Prowell serves as the Chief Cyber Security Research Scientist and is the Program Manager for the lab's Cybersecurity for Energy Delivery Systems program. Dr. Prowell's research focuses on exploiting physical sensors and properties to detect and prevent intrusion, and on... Read More →

Thursday October 25, 2018 11:45am - 12:30pm
Grand Ballroom