Detecting and Classifying Malware in Electrical Power Grids Via Cyberdeception
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Artificial intelligence (AI) has become an essential instrument for enterprises aiming to protect their digital assets within a progressively aggressive cyber landscape. As the dependence on digital technologies increases among companies and individuals, the risks associated with cyberattacks are also advancing in terms of complexity and magnitude. AI and the proliferation of technology has led to a significant concern over security, mostly due to the escalating prevalence of malware on industrial computers. This has resulted in potential physical harm to computer systems and the individuals involved. Malware is a collection of malicious programming code that aims to inflict harm against computer systems, programs, or online apps. These applications lack the ability to differentiate between legitimate system calls and those that are intended to cause harm. Therefore, it is imperative to ensure that computer systems and online applications are constructed in a manner that enables the identification and differentiation of malicious activities from legitimate application activities. The utilization of AI in the realm of cybersecurity is revolutionizing the domain of digital protection. There are various techniques that can be used to identify malicious activity, leveraging innovative concepts such as AI, machine learning, and deep learning. The present study presents a proposal for utilizing AI approaches to identify and mitigate malware activity in computer memory, with the aim of safeguarding against unauthorized access to and manipulation of physical data within the system. This research aims to combine the traditional K-means algorithm with other methods and functionalities to perform data aggregation tasks on a physical dataset. The primary objective is to identify anomalies in the dataset using clustering techniques. These anomalies will serve as triggers for creating a replica of the main process as a decoy thread. The decoy thread will be equipped with decoy sensors and actuators. The analysis will be conducted on the decoy thread rather than the main process, allowing for intrusive observation. The same host environment will be provided to memory-resident malware, enabling it to continue operating within the main operating system process. The analysis process involves utilizing a replicated instance of malware that resides within a deceptive thread.