Jump to content
Symbolfoto: Das AIT ist Österreichs größte außeruniversitäre Forschungseinrichtung

MALORI

MALware cOmmunication in cRitical Infrastructures

The project MALORI investigates new techniques for hidden malware communication in critical infrastructures such as encryption and network steganography (covert and subliminal channels) and explores suitable methods to detect and contain hidden malware communication. In terms of detection methods, MALORI sets particular emphasis on the investigation of opportunities and challenges of machine learning based algorithms. As part of a structured in-depth analysis of malware, including theoretical models for hidden communication according to the state of art, existing and potential future attack possibilities for specific critical infrastructures are defined as use cases. Based on those scenarios new detection and containment methods are developed. Recommendations are formulated to assess and minimize new threats by protocols. A holistic detection approach aims at combining data from various sources for a more comprehensive evaluation and consideration of context to improve classification and detection performance. The developed methods will be also evaluated with regard to their robustness against active manipulation, extending the research in the field of adversarial machine learning.
The most relevant scenarios will be implemented in a security IoT lab environment based on real components, protocols and data to evaluate the developed attack and detection methods in a realistic environment. The project results are targeted towards communication in critical infrastructures, but may be applied and adjusted also to other network domains, like other Internet of Things scenarios or classical enterprise IT networks.
The project aims at reducing the possibilities of hidden communication by a thoughtfully guided selection of protocols and cryptographic methods and at providing methods to detect suspicious communication patterns and to contain hidden malware communication.

 

  • Partner: TU Wien, Institute of Telecommunications (Koordinator), Austrian Institute of Technology, IKARUS Security Software GmbH, Vorarlberger Kraftwerke AG, Wiener Netze GmbH, Universität Wien, Institut für Europarecht, Internationales Recht und Rechtsvergleichung, Abteilung für Völkerrecht und Internationale Beziehungen, Arbeitsgruppe Rechtsinformatik, Bundesministerium für Inneres, Austrian Energy CERT (via LoI)
  • Project duration: 01/2020 – 06/2022
  • Funding: KIRAS Sicherheitsforschung - Herbstausschreibung 2017/18