ORRIS is an out-of-the-device non-intrusive malware detector for Linux-based PLCs.

Linux Lauterbach TRACE32 Required python libraries

• Concept-Drift contains the code for testing the model against unseen malware samples, representing a real-world scenario.
• Result-Calculation contains the code for calculating the result of our model.
• Spatial-Bias contains the notebook for performing the spatial experimental bias experiment.
• libraries contains a custom Lauterbach Python library.
• single-data-acquisition.py is an example script for data acquisition from BBB through JTAG.tive-kernel-rootkit
• protected-proactive-kernel-rootkit.py is the kernel-level rootkit protection.

If you like the work, please cite our EuroS&P 2021 paper:

@inproceedings{rajput2021remote, title={Remote Non-Intrusive Malware Detection for PLCs based on Chain of Trust Rooted in Hardware}, author={Rajput, Prashant Hari Narayan and Sarkar, Esha and Tychalas, Dimitrios and Maniatakos, Michail}, booktitle={2021 IEEE European Symposium on Security and Privacy (EuroS&P)}, pages={369--384}, year={2021}, organization={IEEE} }

For more information or help with the setup, please contact Prashant Rajput at prashanthrajput@nyu.edu