PI: Mooi Choo Chuah, Lehigh University
Co-PI: Liang Cheng, Lehigh University
Co-PI: Dirk Reiners, University of Arkansas, Little Rock
This project aims to detect botnet in SCADA networks, a type of security attack that propagates malware within SCADA networks once one network node is infected with the malware (e.g., Stuxnet), an in this way harden the SCADA system. Although botnet detection has been studied in regular computer networks, the problem has unique challenges in SCADA networks since SCADA traffic is quite different from regular computer networks, and thus deserves a separate study.
In particular, this project builds machine learning models to distinguish characteristics of botnet and regular SCADA traffic, and uses the model to detect botnet. The proposed technology can be implemented and commercialized as a stand-alone software tool or one new functionality of conventional intrusion detection/prevention systems, without any change to the operation technology infrastructure.