Citation:

Suchismita Chatterjee , 2021. "Advanced Malware Detection in Operational Technology: Signature-Based Vs. Behaviour-Based Approaches", ESP Journal of Engineering & Technology Advancements 1(2): 272-279.

Abstract:

Operational Technology (OT) environments face increasing cybersecurity threats due to their growing connectivity and the critical nature of the systems they control. Effective malware detection is crucial to protect these systems from disruptions, damage, and safety hazards. This article explores two primary approaches to malware detection in OT: signature-based and behavior-based. Signature-based detection relies on identifying known malware by comparing its characteristics to a database of predefined signatures, while behavior-based detection focuses on analyzing the actions and interactions of programs to identify suspicious activities. This article analyzes the strengths and weaknesses of each approach, considering the unique challenges of OT environments, and discusses emerging trends such as machine learning and artificial intelligence. It also provides best practices for implementing malware detection in OT, emphasizing the importance of a comprehensive approach that combines both signature-based and behavior-based methods to ensure robust protection for critical infrastructure.

References:

[1] Chakravarty, Adit Kumar, et al. "A study of signature-based and behaviour-based malware detection approaches." Int. J. Adv. Res. Ideas Innov. Technol 5.3 (2019): 1509-1511.

[2] Galal, Hisham Shehata, Yousef Bassyouni Mahdy, and Mohammed Ali Atiea. "Behavior-based features model for malware detection." Journal of Computer Virology and Hacking Techniques 12 (2016): 59-67.

[3] Aslan, Ömer Aslan, and Refik Samet. "A comprehensive review on malware detection approaches." IEEE access 8 (2020): 6249-6271.

[4] Mujumdar, Ashwini, Gayatri Masiwal, and B. B. Meshram. "Analysis of signature-based and behavior-based anti-malware approaches." International Journal of Advanced Research in Computer Engineering and Technology 2.6 (2013): 2037-2039.

[5] Naval, Smita. Behavior-Based Dynamic Malware Detection Techniques... Diss. MNIT Jaipur, 2014.

[6] Hughes, Kelly. Detecting malware using behavior-based aggregated signature. Diss. Colorado Technical University, 2014.

[7] Skjens, Daniel, et al. "Adaptive Behavioral Signature Profiling (ABSP) for Ransomware Detection: A Novel Machine-Learning Approach."

[8] Energy consumption and economic growth and greenhouse gas emission in Asian Union Countries, Sevilla, Spain.

[9] Bose, Abhijit, et al. "Behavioral detection of malware on mobile handsets." Proceedings of the 6th international conference on Mobile systems, applications, and services. 2008.

[10] Alahmadi, Bushra Abdulrahman. Malware detection in security operation centres. Diss. University of Oxford, 2019.

[11] Sharma, Sanjay, C. Rama Krishna, and Sanjay K. Sahay. "Detection of advanced malware by machine learning techniques." Soft Computing: Theories and Applications: Proceedings of SoCTA 2017. Springer Singapore, 2019.

[12] Khadpe, Mayuri, Pranita Binnar, and Faruk Kazi. "Malware injection in operational technology networks." 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT). IEEE, 2020.

[13] Wazid, Mohammad, et al. "IoMT malware detection approaches: analysis and research challenges." IEEE access 7 (2019): 182459-182476.

[14] Saeed, Imtithal A., Ali Selamat, and Ali MA Abuagoub. "A survey on malware and malware detection systems." International Journal of Computer Applications 67.16 (2013).

[15] Watson, Michael R., et al. "Malware detection in cloud computing infrastructures." IEEE Transactions on Dependable and Secure Computing 13.2 (2015): 192-205.

[16] Piggin, Richard. "Industrial systems: cyber-security's new battlefront [Information Technology Operational Technology]." Engineering & Technology 9.8 (2014): 70-74.

[17] Pan, Ya, et al. "A systematic literature review of android malware detection using static analysis." IEEE Access 8 (2020): 116363-116379.

[18] Or-Meir, Ori, et al. "Dynamic malware analysis in the modern era—A state of the art survey." ACM Computing Surveys (CSUR) 52.5 (2019): 1-48.

Keywords:

Operational Technology (OT), critical infrastructure, cybersecurity, malware, cyber threats, SCADA, PLC, IT/OT convergence, industrial control systems, Stuxnet, Triton, ransomware, advanced malware detection, behavior-based detection, anomaly detection, real-time monitoring.