Malware classification for cyber physical system (CPS) based on phylogenetics

Abstract

Nowadays, the sectors most commonly targeted by malwares across the world are manufacturing, oil and gas, and education. Malwares such as BlackEnergy2 and Triton have the ability to cause severe, life-threatening damages to an organization and critical infrastructure systems such as oil and gas. Security researchers and practitioners are looking for efficient solutions to mitigate such malware attacks. Therefore, this paper presents a malware cyber physical system (CPS) classification to detect attacks. This classification is inspired by phylogenetics, borrowed from the biological area in terms of evolutionary relationships among biological organisms. As for the cyber security perspective, it discovers the evolution ancestry of malware genes. This malware classification approach includes malware behavior, mode of attack and connected assets in the network. It can detect numerous forms of malware attacks based on correlation. The research is beneficial for CPS developers, suppliers and contractors, government agencies which regulate and govern utility operations, and the National Cyber Security Center (NCSC) which is responsible for protecting CPS.