short-paper

Stealthy Rootkit Attacks on Cyber-Physical Microgrids: Poster

Authors:

Suman Rath,

Ioannis Zografopoulos,

Charalambos KonstantinouAuthors Info & Claims

e-Energy '21: Proceedings of the Twelfth ACM International Conference on Future Energy Systems

Pages 294 - 295

https://doi.org/10.1145/3447555.3466576

Published: 22 June 2021 Publication History

Get Access

Abstract

Cyber-physical microgrids hold the key to a carbon-neutral power sector since they enable renewable and distributed energy resource integration, can alleviate overloaded distribution systems, and provide economic energy by generating and consuming power locally. The utilization of cyber-physical assets such as controllers, IoT sensors and actuators, and communication devices can enhance the stability and improve the control of microgrids. However, such assets, if maliciously operated, can become attack entry points and jeopardize the grid operation. Blind and uncoordinated cyber-attacks can be identified by existing security measures overcoming potential operational disruptions. However, rootkit attacks can stay hidden within cyber-physical systems and leverage system information to mask their presence. Rootkit detection is a strenuous process and requires advanced security methods due to their sophisticated operation. A careful analysis of possible rootkit target locations and their exploitation techniques is necessary to design effective threat detection and mitigation mechanisms. This paper discusses the cyber kill chain of a rootkit which can simultaneously deploy itself at multiple locations in a microgrid in a coordinated and stealthy way in order to maximize the impact on power system operations. The rootkit leverages system measurements to hide its presence and its attack impact from the detection mechanisms.

References

[1]

Prashanth Krishnamurthy, Hossein Salehghaffari, Shiva Duraisamy, Ramesh Karri, and Farshad Khorrami. 2019. Stealthy Rootkits in Smart Grid Controllers. In 2019 IEEE 37th International Conference on Computer Design (ICCD). 20--28.

Google Scholar

[2]

Abraham Peedikayil Kuruvila, Ioannis Zografopoulos, Kanad Basu, and Charalambos Konstantinou. 2021. Hardware-assisted detection of firmware attacks in inverter-based cyberphysical microgrids. International Journal of Electrical Power & Energy Systems 132 (2021), 107150.

Crossref

Google Scholar

[3]

Juan Ospina, Xiaorui Liu, Charalambos Konstantinou, and Yury Dvorkin. 2021. On the Feasibility of Load-Changing Attacks in Power Systems During the COVID-19 Pandemic. IEEE Access 9 (2021), 2545--2563.

Crossref

Google Scholar

[4]

Suman Rath, Diptak Pal, Parth Sarthi Sharma, and Bijaya Ketan Panigrahi. 2020. A cyber-secure distributed control architecture for autonomous AC microgrid. IEEE Systems Journal (Early Access) (2020).

Google Scholar

[5]

Ioannis Zografopoulos, Juan Ospina, Xiaorui Liu, and Charalambos Konstantinou. 2021. Cyber-Physical Energy Systems Security: Threat Modeling, Risk Assessment, Resources, Metrics, and Case Studies. IEEE Access 9 (2021), 29775--29818.

Crossref

Google Scholar

Cited By

View all

Lee KLee JYim K(2023)Classification and Analysis of Malicious Code Detection Techniques Based on the APT AttackApplied Sciences10.3390/app1305289413:5(2894)Online publication date: 23-Feb-2023
https://doi.org/10.3390/app13052894
Zografopoulos IHatziargyriou NKonstantinou C(2023)Distributed Energy Resources Cybersecurity Outlook: Vulnerabilities, Attacks, Impacts, and MitigationsIEEE Systems Journal10.1109/JSYST.2023.330575717:4(6695-6709)Online publication date: Dec-2023
https://doi.org/10.1109/JSYST.2023.3305757
Rath SIntriago ASengupta SKonstantinou C(2023)Lost at Sea: Assessment and Evaluation of Rootkit Attacks on Shipboard Microgrids2023 IEEE Electric Ship Technologies Symposium (ESTS)10.1109/ESTS56571.2023.10220539(534-541)Online publication date: 1-Aug-2023
https://doi.org/10.1109/ESTS56571.2023.10220539
Show More Cited By

Index Terms

Stealthy Rootkit Attacks on Cyber-Physical Microgrids: Poster
1. Hardware
  1. Power and energy
    1. Energy distribution
      1. Smart grid
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation

Recommendations

Position Paper: Consider Hardware-enhanced Defenses for Rootkit Attacks
HASP '20: Proceedings of the 9th International Workshop on Hardware and Architectural Support for Security and Privacy

Rootkits are malware that attempt to compromise the system’s functionalities while hiding their existence. Various rootkits have been proposed as well as different software defenses, but only very few hardware defenses. We position hardware-enhanced ...
Detecting stealthy malware with inter-structure and imported signatures
ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security

Recent years have witnessed an increasing threat from kernel rootkits. A common feature of such attack is hiding malicious objects to conceal their presence, including processes, sockets, and kernel modules. Scanning memory with object signatures to ...
A New Windows Driver-Hidden Rootkit Based on Direct Kernel Object Manipulation
ICA3PP '09: Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing

In 2005, Sony-BMG used a rootkit to conceal the digital right management software, which is aptly installed in consumers' computers to prevent unauthorized copying. As a result, it lets the installed rootkit computers provide malware with excellent ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

e-Energy '21: Proceedings of the Twelfth ACM International Conference on Future Energy Systems

June 2021

528 pages

ISBN:9781450383332

DOI:10.1145/3447555

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 June 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Conference

e-Energy '21

e-Energy '21: The Twelfth ACM International Conference on Future Energy Systems

June 28 - July 2, 2021

Virtual Event, Italy

Acceptance Rates

Overall Acceptance Rate 160 of 446 submissions, 36%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
175
Total Downloads

Downloads (Last 12 months)22
Downloads (Last 6 weeks)2

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lee KLee JYim K(2023)Classification and Analysis of Malicious Code Detection Techniques Based on the APT AttackApplied Sciences10.3390/app1305289413:5(2894)Online publication date: 23-Feb-2023
https://doi.org/10.3390/app13052894
Zografopoulos IHatziargyriou NKonstantinou C(2023)Distributed Energy Resources Cybersecurity Outlook: Vulnerabilities, Attacks, Impacts, and MitigationsIEEE Systems Journal10.1109/JSYST.2023.330575717:4(6695-6709)Online publication date: Dec-2023
https://doi.org/10.1109/JSYST.2023.3305757
Rath SIntriago ASengupta SKonstantinou C(2023)Lost at Sea: Assessment and Evaluation of Rootkit Attacks on Shipboard Microgrids2023 IEEE Electric Ship Technologies Symposium (ESTS)10.1109/ESTS56571.2023.10220539(534-541)Online publication date: 1-Aug-2023
https://doi.org/10.1109/ESTS56571.2023.10220539
Rath SZografopoulos IVergara PNikolaidis VKonstantinou C(2022)Behind Closed Doors: Process-Level Rootkit Attacks in Cyber-Physical Microgrid Systems2022 IEEE Power & Energy Society General Meeting (PESGM)10.1109/PESGM48719.2022.9916907(1-5)Online publication date: 17-Jul-2022
https://doi.org/10.1109/PESGM48719.2022.9916907

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Position Paper: Consider Hardware-enhanced Defenses for Rootkit Attacks

Detecting stealthy malware with inter-structure and imported signatures

A New Windows Driver-Hidden Rootkit Based on Direct Kernel Object Manipulation