
Research Article
Real-Time Self-defense Approach Based on Customized Netlink Connection for Industrial Linux-Based Devices
@INPROCEEDINGS{10.1007/978-3-030-67537-0_25, author={Ming Wan and Jiawei Li and Jiangyuan Yao}, title={Real-Time Self-defense Approach Based on Customized Netlink Connection for Industrial Linux-Based Devices}, proceedings={Collaborative Computing: Networking, Applications and Worksharing. 16th EAI International Conference, CollaborateCom 2020, Shanghai, China, October 16--18, 2020, Proceedings, Part I}, proceedings_a={COLLABORATECOM}, year={2021}, month={1}, keywords={Self-defense Customized Netlink Application process Industrial Linux-based devices}, doi={10.1007/978-3-030-67537-0_25} }
- Ming Wan
Jiawei Li
Jiangyuan Yao
Year: 2021
Real-Time Self-defense Approach Based on Customized Netlink Connection for Industrial Linux-Based Devices
COLLABORATECOM
Springer
DOI: 10.1007/978-3-030-67537-0_25
Abstract
With the deep integration of IT (Information Technology) and OT (Operational Technology), various Linux operating systems have been successfully applied in critical industrial devices, such as Linux-based IIoT (Industrial Internet of Things) controllers or gateways, and the vulnerabilities of these systems may become a new breakthrough for the organized and high-intensity attacks. In order to prevent malwares from corrupting or disabling industrial Linux-based devices, this paper proposes a novel real-time self-defense approach, which can be easily developed without redesigning the basic software and hardware platform. By establishing the customized Netlink connection between kernel mode and user mode, this approach can monitor all application processes, and block each new malicious application process, which cannot conform to the trusted white-listing rules. All experimental results show that the proposed approach has a comparative advantage to effectively detect and prevent the malware-related attacks, and provides a self-defense function for industrial Linux-based devices, which meets their availability due to the millisecond resolution.