US 12,111,924 B2
System for detecting malicious programmable logic controller code
Qinchen Gu, Atlanta, GA (US); and Abdul Raheem Beyah, Atlanta, GA (US)
Assigned to Georgia Tech Research Corporation, Atlanta, GA (US)
Appl. No. 17/789,439
Filed by Georgia Tech Research Corporation, Atlanta, GA (US)
PCT Filed Jan. 16, 2021, PCT No. PCT/US2021/013764
§ 371(c)(1), (2) Date Jun. 27, 2022,
PCT Pub. No. WO2021/146649, PCT Pub. Date Jul. 22, 2021.
Claims priority of provisional application 62/962,002, filed on Jan. 16, 2020.
Prior Publication US 2023/0050691 A1, Feb. 16, 2023
Int. Cl. G06F 21/55 (2013.01)
CPC G06F 21/554 (2013.01) [G06F 2221/034 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A system for detecting a malicious programmable logic controller (PLC) code segment in a PLC program corresponding to a specific type of PLC, the system comprising:
(a) a binary parser that parses the code segment into a plurality of functional elements;
(b) a variable and function block mapper that maps the functional elements into a high-level data structure;
(c) a fuzzer that generates a behavioral model of the high-level data structure into an automaton;
(d) a classifier that predicts to which processes the automaton corresponds; and
(e) a detector that detects unsafe states in the automaton and that generates an indication of a detected unsafe state, wherein the automaton includes a directed multigraph that includes a plurality of states in which each state is represented as a node and in which each state transition is represented as an edge, in which the classifier indicates a total number of states in the automaton and average degree of the multigraph, wherein the average degree equals a total number of edges in multigraph divided by a total number of nodes in the multigraph.