Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
selection of havex

Selection of Havex ICS Malware Plugin Julian Rrushi Western - PowerPoint PPT Presentation

Feb 06, 2023 •259 likes •491 views

Quantitative Evaluation of the Target Selection of Havex ICS Malware Plugin Julian Rrushi Western Washington University Department of Computer Science Bellingham, WA julian.rrushi@wwu.edu 1 Outline Research problem investigated

  1. Quantitative Evaluation of the Target Selection of Havex ICS Malware Plugin Julian Rrushi Western Washington University Department of Computer Science Bellingham, WA julian.rrushi@wwu.edu 1

  2. Outline • Research problem investigated • Target selection features measured • Decoy OPC tag deployment • Trials • Target selection measures • Quantitative analysis • Conclusions • Questions 2

  3. Target Selection Features Measured • Ability to discover true servers over the network from the compromised machine • Ability to ignore or discard nonexistent or absent servers on the network • Ability to determine whether or not a network server hosts COM objects and interfaces • Ability to find true OPC server • …and dismiss COM objects that are not OPC 3

  4. Other Important Feature • Ability to differentiate between valid and invalid OPC tags • Honeytoken OPC tags • OPC tags that are no longer mapped to a location in the memory of a controller • Not implemented due to safety reasons • Requires an IED configured to monitor and control the passage of electrical power from one circuit to another • OPC tags updated based on the IED scans • Those would be the target tags 4

  5. Decoy OPC Tag Display 5

  6. Deceptive Emulation 6

  7. Trials • Signal trials • Consist of true targets, i.e., server machines, COM objects, OPC server objects • Targets exposed to Havex • Empirically observed whether Havex recognizes those targets as valid • Noise trials • Consist of fake or nonexistent targets • Fake targets exposed to Havex as well • Empirically observed whether Havex pursues those targets 7

  8. Factors of Interest • Response bias • A general tendency to deem a target to be valid or invalid, i.e., signal or noise, respectively • Sensitivity • The degree of overlap between the valid-target and invalid-target probability distributions • Involves the internal reasons that cause Havex to pursue a target • Both factors are affected by the hit rate and the false-alarm rate 8

  9. Measures of Sensitivity (I) • d ’ measures the distance between the mean values of those probability distributions in standard deviation units • d ’ close to 0 indicates inability to distinguish between valid and invalid targets 9

  10. Measures of Sensitivity (II) • A’ is a measure that ranges between 0.5 and 1.0 • 0.5 indicates inability to distinguish between valid and invalid targets • 1.0 indicates full ability to distinguish valid targets from invalid targets 10

  11. Measures of Response Bias • β measure • When β<1, there is bias towards accepting a target as being valid • When β>1, there is bias towards discarding a target as invalid 11

  12. Server Trials • Windows machine infected by Havex • Signal trials • The machine had access to real servers over the network • Havex recognized most existing servers as valid targets • Noise trials • No real servers, only server displays • Havex pursued most of the phantom servers as valid targets 12

  13. Measurements • d ’=0.179, and thus close to 0 • A’=0.576, and thus close to 0.5 • β=0.791 and thus <1 • Havex has the tendency to recognize as a valid server any software component that can respond to network queries 13

  14. Probability Distributions 14

  15. COM Object Trials • A real server was reachable by Havex over the network • Signal trials • The server hosted true COM objects and interfaces • Havex recognized most of the existing COM objects as valid targets • Noise trials • The server generated a fake response when queried for COM objects and interfaces • No true COM objects and interfaces • Havex accepted most of those nonexistent objects as valid targets 15

  16. Measurements • d’= 0.196, and thus relatively close to 0 • A’= 0.589, and thus close to 0.5 • β= 0.723 and thus <1 • Havex is biased towards accepting as a valid target any server that claims to host COM objects and interfaces 16

  17. Probability Distributions 17

  18. OPC Server Object Trials • A real server with support for COM was reachable by Havex over the network • Signal trials • The server hosted true OPC server objects • Havex recognized most of the existing OPC server objects as valid targets • Noise trials • The server returned lists of OPC server objects that did not exist • No true OPC server objects were involved • Havex accepted most of those nonexistent OPC server objects as valid targets 18

  19. Measurements • d’= 0.1864, and thus relatively close to 0 • A’= 0.775, and thus still relatively close to 0.5 • β= 0.018 and thus <1 • Havex is biased towards accepting any claim of OPC server object as valid 19

  20. Probability Distributions 20

  21. All questions and feedback are welcome! 21

Recommend

ERP Selection KIRTANE &amp; PANDIT Suhas Deshpande Why ERP Selection is important ?

ERP Selection KIRTANE &amp; PANDIT Suhas Deshpande Why ERP Selection is important ?

ERP Selection What are the Key Elements ? Agenda Why ERP Selection is important ? Why ERP Selection is important ? Selection Criteria- General Selection Criteria- General Selection Criteria- General Selection Criteria-

322 views • 18 slides
SECONDHAND SELECTION Sales Price - 275,000.00 EU SECONDHAND SELECTION INTERNAL VIEWS SECONDHAND

SECONDHAND SELECTION Sales Price - 275,000.00 EU SECONDHAND SELECTION INTERNAL VIEWS SECONDHAND

MY 2008 SECONDHAND SELECTION Sales Price - 275,000.00 EU SECONDHAND SELECTION INTERNAL VIEWS SECONDHAND SELECTION INTERNAL VIEWS SECONDHAND SELECTION INTERNAL VIEWS SECONDHAND SELECTION INTERNAL VIEWS SECONDHAND SELECTION EXTERNAL VIEWS

335 views • 12 slides
Variable selection bias Bias in Ensemble Bias in Ensemble Methods Methods Variable selection

Variable selection bias Bias in Ensemble Bias in Ensemble Methods Methods Variable selection

Variable Selection Variable Selection Variable selection bias Bias in Ensemble Bias in Ensemble Methods Methods Variable selection Variable selection Variable Selection Bias in Classification bias bias rpart Trees and Ensemble Methods

186 views • 6 slides
Selection 2 Selection Selection given a set of (distinct) elements, finding the element larger

Selection 2 Selection Selection given a set of (distinct) elements, finding the element larger

1 Selection 2 Selection Selection given a set of (distinct) elements, finding the element larger than i 1 other elements Selection with... i=n is finding maximum i=1 is finding minimum i=n/2 is finding median 3 Maximum Selection for

238 views • 20 slides
SELECTION Deterministic Stochastic Proportionate selection: Roulette Wheel Selection

SELECTION Deterministic Stochastic Proportionate selection: Roulette Wheel Selection

SELECTION Deterministic Stochastic Proportionate selection: Roulette Wheel Selection Rank based selection Tournament Selection COMPETITION (mu) denotes the size of the (parent) population (lambda) denotes the

391 views • 19 slides
Demo (Step 1, Selection) Demo (Step 1, Optimization) Demo (Step 2, Selection) Demo (Step 2,

Demo (Step 1, Selection) Demo (Step 1, Optimization) Demo (Step 2, Selection) Demo (Step 2,

Demo (Step 1, Selection) Demo (Step 1, Optimization) Demo (Step 2, Selection) Demo (Step 2, Optimization) Demo (Step 3, Selection) Demo (Step 3, Optimization) Demo (Step 4, Selection) Demo (Step 4, Optimization) Demo (Step 5, Selection)

530 views • 19 slides
Conference Site Selection Stephanie Sabal Program Coordinator: Site Selection sabal@acm.org

Conference Site Selection Stephanie Sabal Program Coordinator: Site Selection sabal@acm.org

Conference Site Selection Stephanie Sabal Program Coordinator: Site Selection sabal@acm.org 212-626-0612 (direct) 212-302-5826 (fax) Conference Site Selection Step 1 Submit your PAF to begin site selection Please allow time for site selection

349 views • 8 slides
Selection Sort Section 10.2 Code for Selection Sort (cont.) Code for an Array Sort Code for an

Selection Sort Section 10.2 Code for Selection Sort (cont.) Code for an Array Sort Code for an

Selection Sort Section 10.2 Code for Selection Sort (cont.) Code for an Array Sort Code for an Array Sort Code for Selection Sort (cont.) Code for Selection Sort (cont.) Code for Selection Sort (cont.) Bubble Sort Section 10.3 Code for

929 views • 37 slides
Selection Rules: Selection Rules Each of the spectroscopies have associated selection

Selection Rules: Selection Rules Each of the spectroscopies have associated selection

Selection Rules: Selection Rules Each of the spectroscopies have associated selection rules. Selection rules originate from the quantum mechanical description of electromagnetic radiation interaction with matter. Use time-dependent

424 views • 13 slides
Component selection 1 (c) 2020 A.J.M. Montagne Component selection + - + - + - 2 (c)

Component selection 1 (c) 2020 A.J.M. Montagne Component selection + - + - + - 2 (c)

Component selection 1 (c) 2020 A.J.M. Montagne Component selection + - + - + - 2 (c) 2020 A.J.M. Montagne Component selection - Noise: + - + - + - 3 (c) 2020 A.J.M. Montagne Component selection - Noise: + - + - + - 4

1.27k views • 82 slides
Class of 2024 1 Course selection worksheet 1 Course selection online directions for

Class of 2024 1 Course selection worksheet 1 Course selection online directions for

Class of 2024 1 Course selection worksheet 1 Course selection online directions for Skyward 1 Summer School catalog and online selection directions; math readiness course; Spanish readiness course 1 Freshmen Course Selection

331 views • 16 slides
2018-2019 COURSE SELECTION Course Selection Guide The 2018-2019 Course Selection Guide is

2018-2019 COURSE SELECTION Course Selection Guide The 2018-2019 Course Selection Guide is

ELCO HIGH SCHOOL 2018-2019 COURSE SELECTION Course Selection Guide The 2018-2019 Course Selection Guide is available for download on the ELCO High School webpage under the For Students tab . The Guide outlines the scheduling process,

1.35k views • 103 slides
#AIR AIR EXPRESS SELECTION AIR SOLUTION 4 YOU AIR EXPRESS SELECTION MOBILE DUST EXTRACTORS

#AIR AIR EXPRESS SELECTION AIR SOLUTION 4 YOU AIR EXPRESS SELECTION MOBILE DUST EXTRACTORS

#AIR AIR EXPRESS SELECTION AIR SOLUTION 4 YOU AIR EXPRESS SELECTION MOBILE DUST EXTRACTORS HOSE FILTER (SLEEVES) COMPONENTS AIR EXPRESS SELECTION MOBILE DUST EXTRACTORS TROLLEY BAG TROLLEY CARTIDGE AIR EXPRESS SELECTION WHY MOBILE?

742 views • 45 slides
Selection, large deviations and metastability Kyoto () Dynamics with selection, large deviations

Selection, large deviations and metastability Kyoto () Dynamics with selection, large deviations

Selection, large deviations and metastability Kyoto () Dynamics with selection, large deviations and metastability 1 / 36 1. Dynamics with selection () Dynamics with selection, large deviations and metastability 2 / 36 A cell performs

389 views • 36 slides
for 2020-2021 Beckendorff Junior High Course Selection Materials Orange course selection

for 2020-2021 Beckendorff Junior High Course Selection Materials Orange course selection

Incoming 7 th Grade Course Selection Information for 2020-2021 Beckendorff Junior High Course Selection Materials Orange course selection packet Course Selection Worksheet KAP Parent Commitment Letter Parent Letter Copy of

705 views • 32 slides
School Selection Process For 2017-2018 The School Selection Process School Selection is open to

School Selection Process For 2017-2018 The School Selection Process School Selection is open to

School Selection Process For 2017-2018 The School Selection Process School Selection is open to students in all grades (K-12), and can be used to apply to School District of Philadelphia Schools ONLY (including different neighborhood, citywide

743 views • 20 slides
NEEDFINDING IN HUMAN CENTERED DESIGN What is need finding? What is need finding? What is need

NEEDFINDING IN HUMAN CENTERED DESIGN What is need finding? What is need finding? What is need

NEEDFINDING IN HUMAN CENTERED DESIGN What is need finding? What is need finding? What is need finding? Needfinding is the process of uncovering User needs Opportunities for improvement Design Insights by learning about their goals

419 views • 14 slides
Self-report data, part 2 Spring 2017 Michelle Mazurek Some content adapted from Bilge Mutlu,

Self-report data, part 2 Spring 2017 Michelle Mazurek Some content adapted from Bilge Mutlu,

Self-report data, part 2 Spring 2017 Michelle Mazurek Some content adapted from Bilge Mutlu, Vibha Sazawal, 1 Todays class Finish self-reporting Interviews and surveys Start fieldwork 2 Biases in self-reporting data Social

570 views • 16 slides
DEFINING KEY WORDS AND TERMS Difference Identity 1 3/23/2016 PROGRAM APPROACHES Cultural

DEFINING KEY WORDS AND TERMS Difference Identity 1 3/23/2016 PROGRAM APPROACHES Cultural

3/23/2016 SESSION OBJECTIVES - PARTICIPANTS WILL: Investigate the spectrum of commonly used terms in anti-bias approaches Identify fundamental gaps in implementing an anti-bias approach and develop program-level visions for improving

431 views • 8 slides
Background Response rates (RR) have been declining over time. Proven methods to increase

Background Response rates (RR) have been declining over time. Proven methods to increase

5/22/2013 How Important are High Response Rates for College Surveys? Kevin Fosnacht Shimon Sarraf Elijah Howe Leah Peck Indiana University Center for Postsecondary Research Background Response rates (RR) have been declining over time.

530 views • 15 slides
Using Best-Worst Using Best-Worst Scaling to measure all Scaling to measure all sorts of things

Using Best-Worst Using Best-Worst Scaling to measure all Scaling to measure all sorts of things

Using Best-Worst Using Best-Worst Scaling to measure all Scaling to measure all sorts of things sorts of things AIMWA Associate Fellows and Fellows Seminar OCTOBER 2010 OCTOBER 2010 1 Rating Scales are commonly used in management

527 views • 29 slides
Requirements Elicitation R. Kuehl/J. Scott Hawker p. 1 R I T Software Engineering Requirements

Requirements Elicitation R. Kuehl/J. Scott Hawker p. 1 R I T Software Engineering Requirements

Requirements Elicitation R. Kuehl/J. Scott Hawker p. 1 R I T Software Engineering Requirements Elicitation - Discovery A conversation between stakeholders, users, and software engineers about requirements A negotiation to achieve

518 views • 18 slides
Matteo Cesari, MD, PhD EUGMS Congress Nice (France) September 22, 2017 Disclosure of

Matteo Cesari, MD, PhD EUGMS Congress Nice (France) September 22, 2017 Disclosure of

Self-reported screening tools for detecting community-dwelling older persons with frailty Matteo Cesari, MD, PhD EUGMS Congress Nice (France) September 22, 2017 Disclosure of speakers interests Presentations at scientific meetings for

773 views • 41 slides
THIRD QUARTER 2020 November 9, 2020 Q3 2020 Highlights Strong performance across Retail &amp;

THIRD QUARTER 2020 November 9, 2020 Q3 2020 Highlights Strong performance across Retail &amp;

THIRD QUARTER 2020 November 9, 2020 Q3 2020 Highlights Strong performance across Retail &amp; Wholesale business Retail brand comparable sales growth of +8.3%, the highest in 9 years Stabilization of Wholesale business with total

238 views • 20 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.