<div class="csl-bib-body">
<div class="csl-entry">Eder-Neuhauser, P. (2018). <i>Malware communication and containment in critical infrastructure networks</i> [Dissertation, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2018.43913</div>
</div>
-
dc.identifier.uri
https://doi.org/10.34726/hss.2018.43913
-
dc.identifier.uri
http://hdl.handle.net/20.500.12708/6106
-
dc.description.abstract
Critical infrastructures utilize information technology for control functions, which creates additional entry points in vulnerable hard- and software, providing distribution paths for cyber-attacks. In this dissertation we address the issue of cyber-attacks against critical infrastructures in five parts. First, we provide an evaluation of four network architectures suitable for critical infrastructures. Their security by design and their applicability toward real world scenarios are also considered. We summarize the benefits and drawbacks with a focus on the implementation of self-organizing structures within decentralized and centralized network topologies, regarding security. Then, we investigate malware communication in critical infrastructures, proposing a comprehensive generic model for cyber-attack life-cycles and addressing the specific characteristics of the environment. We include the building blocks for many major known malware types as well as different propagation methods, access vectors, scanning techniques, command and control structures, attack methods, triggers, and cleanup mechanisms. Toward this end, we evaluate a variety of malware types as basis for our attack model and introduce three novel superclasses that are particularly suited for attacking critical infrastructures. These synthetic models provide a basis for the detection of malware communication and extrapolates from existing malware technologies in order to predict future developments. Based on these malware models, we conduct discrete-event simulations in the ns3 environment, which are based on our network topologies that use real infrastructure data from our industrial partner. Our investigations show that aggressive malware, although quickly spreading, leaves footprints for defensive mechanisms to effectively counteract them. However, stealthy malware that is less visible and therefore harder to detect, spreads slower but requires more scrutiny on the defenders’ side. We also develop metrics that evaluate the security by design of each network topology and the malware movement inside critical infrastructure networks. We design those metrics to represent malware spreading and consider the importance of critical nodes inside each topology. This allows us to evaluate how different malware types behave from our simulation results and conclude how to defend against them. Finally, we introduce a list of defensive measures, categorized by functionality and attack type.We correlate these categories to the attack stages that occur during a cyber-attack and map them to our generic cyber-attack life-cycle model.
en
dc.language
English
-
dc.language.iso
en
-
dc.rights.uri
http://rightsstatements.org/vocab/InC/1.0/
-
dc.subject
Netzwerksicherheit
de
dc.subject
Smart Grid Kommunkation
de
dc.subject
Malware
de
dc.subject
Network Security
en
dc.subject
Smart Grid Communication
en
dc.subject
Malware
en
dc.title
Malware communication and containment in critical infrastructure networks
en
dc.type
Thesis
en
dc.type
Hochschulschrift
de
dc.rights.license
In Copyright
en
dc.rights.license
Urheberrechtsschutz
de
dc.identifier.doi
10.34726/hss.2018.43913
-
dc.contributor.affiliation
TU Wien, Österreich
-
dc.rights.holder
Peter Eder-Neuhauser
-
dc.publisher.place
Wien
-
tuw.version
vor
-
tuw.thesisinformation
Technische Universität Wien
-
tuw.publication.orgunit
E389 - Institute of Telecommunications
-
dc.type.qualificationlevel
Doctoral
-
dc.identifier.libraryid
AC15028544
-
dc.description.numberOfPages
219
-
dc.identifier.urn
urn:nbn:at:at-ubtuw:1-108959
-
dc.thesistype
Dissertation
de
dc.thesistype
Dissertation
en
dc.rights.identifier
In Copyright
en
dc.rights.identifier
Urheberrechtsschutz
de
tuw.advisor.staffStatus
staff
-
tuw.advisor.orcid
0000-0002-5391-467X
-
item.openaccessfulltext
Open Access
-
item.grantfulltext
open
-
item.cerifentitytype
Publications
-
item.mimetype
application/pdf
-
item.openairecristype
http://purl.org/coar/resource_type/c_db06
-
item.languageiso639-1
en
-
item.openairetype
doctoral thesis
-
item.fulltext
with Fulltext
-
crisitem.author.dept
E389 - Telecommunications
-
crisitem.author.parentorg
E350 - Fakultät für Elektrotechnik und Informationstechnik