Communications of the ACM
A recent paper by Iranian researchers describes the deployment of machine learning-based anomaly detection systems in a way that they hope will help quash a Stuxnet attack.
Just over a decade ago, Iran's nuclear program was stopped in its tracks when what is widely regarded as the world's first digital weapon, the joint U.S./Israeli-developed Stuxnet worm, destroyed almost 1,000 uranium enrichment centrifuges at the nuclear fuel plant in Natanz, 150 miles south of Tehran.
What rapidly became clear after Stuxnet 's existence was first revealed by alert malware investigators in Belarus in 2010 was that digital weapons had moved beyond applications in theft, espionage, and denial of service, to generating devastating "kinetic" effects akin to those usually caused by high explosives
What was not so clear, however, was how the victims of such cyberattacks might try to defend against them in the future, beyond some Iranian bluster in 2019 about "firewalls" that, it was claimed, could neutralize such sabotage. Now, however, in a rare Iranian publication on computer security research, some of its engineers have revealed one way in which they might stymie another Stuxnet.
