Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888892
Peter T. Breuer
A signal-level open-source hardware definition for a superscalar processor delivering high-speed ‘encrypted computing’ has been tested. This ‘KPU’ processor provides general purpose Turing-complete computation with encrypted inputs, outputs and intermediate results in registers and memory, and its objective is mathematically provable security for the user against eavesdropping and tampering by the administrator, at near contemporaneous computing speeds. User code runs encrypted while administrator code runs unencrypted. The administrator can programmatically see and modify user data, but it is in encrypted form and the key is not available to the administrator. No barrier other than encryption is intended in this system, simplifying analysis. This paper summarizes the current architecture and performance and outlines the stochastic theory that provides a form of the classic semantic security property.
{"title":"High Speed Encrypted Computing: Stochastic Confusion and Lies in a Secret Computer","authors":"Peter T. Breuer","doi":"10.1109/DSC54232.2022.9888892","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888892","url":null,"abstract":"A signal-level open-source hardware definition for a superscalar processor delivering high-speed ‘encrypted computing’ has been tested. This ‘KPU’ processor provides general purpose Turing-complete computation with encrypted inputs, outputs and intermediate results in registers and memory, and its objective is mathematically provable security for the user against eavesdropping and tampering by the administrator, at near contemporaneous computing speeds. User code runs encrypted while administrator code runs unencrypted. The administrator can programmatically see and modify user data, but it is in encrypted form and the key is not available to the administrator. No barrier other than encryption is intended in this system, simplifying analysis. This paper summarizes the current architecture and performance and outlines the stochastic theory that provides a form of the classic semantic security property.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130136769","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888860
I. Chowdhury, Deepayan Bhowmik
Exponential rise of Internet increases the risk of cyber attack related incidents which are generally caused by wide spread frequency of new malware generation. Different types of malware families have complex, dynamic behaviours and characteristics which can cause a novel and targeted attack in a cyber-system. Existence of large volume of malware types with frequent new additions hinders cyber resilience effort. To address the gap, we propose a new ontology driven framework that captures recent malware behaviours. According to code structure malware can be divided into three categories: basic, polymorphic and metamorphic. Packing or code obfuscation is also a technique adopted by the malware developers to make the code unreadable and avoid detection. Given that ontology techniques are useful to express the domain knowledge meaningfully, this paper aims to develop an ontology for dynamic analysis of malware behaviour and to capture metamorphic and polymorphic malware behaviour. This will be helpful to understand malicious behaviour exhibited by new generation malware samples and changes in their code structure. The proposed framework includes 14 malware families with their sub-families and 3 types of malware code-structure with their individuals. With a focus on malware behaviour the proposed ontology depicts the relations among malware families and malware code-structures with their respective behaviour.
{"title":"Capturing Malware Behaviour with Ontology-based Knowledge Graphs","authors":"I. Chowdhury, Deepayan Bhowmik","doi":"10.1109/DSC54232.2022.9888860","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888860","url":null,"abstract":"Exponential rise of Internet increases the risk of cyber attack related incidents which are generally caused by wide spread frequency of new malware generation. Different types of malware families have complex, dynamic behaviours and characteristics which can cause a novel and targeted attack in a cyber-system. Existence of large volume of malware types with frequent new additions hinders cyber resilience effort. To address the gap, we propose a new ontology driven framework that captures recent malware behaviours. According to code structure malware can be divided into three categories: basic, polymorphic and metamorphic. Packing or code obfuscation is also a technique adopted by the malware developers to make the code unreadable and avoid detection. Given that ontology techniques are useful to express the domain knowledge meaningfully, this paper aims to develop an ontology for dynamic analysis of malware behaviour and to capture metamorphic and polymorphic malware behaviour. This will be helpful to understand malicious behaviour exhibited by new generation malware samples and changes in their code structure. The proposed framework includes 14 malware families with their sub-families and 3 types of malware code-structure with their individuals. With a focus on malware behaviour the proposed ontology depicts the relations among malware families and malware code-structures with their respective behaviour.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"78 1-2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121012488","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888937
A. Scholey, P. B. Zadeh
The National Society for the Prevention of Cruelty to Children (NSPCC) and the Internet Watch Foundation (IWF) report a growing number of child sexual abuse material within the UK, substantiated by the National Crime Agency (NCA). This paper will investigate the increasing burden, and time-consuming task placed upon police forces, by the required regular examination of digital devices, belonging to sentenced peadophiles and individuals, bound by a Sexual Harm Prevention Order (SHPO). By examining some of the motivations behind offenders and their desire to habitually offend, and by using the most common traits amongst them, indicators of suspicious behaviour will emerge. In this paper, a proof-of-concept digital forensic investigation toolkit is proposed to assist Public Protection Officers (PPO) in the analysis of digital devices belonging to these individuals. The proposed Live Suspicious Activity Toolkit (LiSA - T) will enable a time-efficient, up to date assessment of any suspicious activity and behaviour on a Windows 10 computer. By using specific modules that can be turned on and off, updated and have unique preferences assigned to them, LiSA-T will evaluate and then report the findings, assisting the PPO with an informed decision as to involve the Digital Forensic Unit (DFU), to further examine a device in a more in-depth forensic manner. The test results, demonstrated that the proposed LiSA- T techniques, showed low computational cost to successfully detect the targeted evidential artifacts for the defined suspicious activity.
{"title":"A Digital Forensics Live Suspicious Activity Toolkit To Assist Investigators With Sexual Harm Prevention Order Monitoring","authors":"A. Scholey, P. B. Zadeh","doi":"10.1109/DSC54232.2022.9888937","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888937","url":null,"abstract":"The National Society for the Prevention of Cruelty to Children (NSPCC) and the Internet Watch Foundation (IWF) report a growing number of child sexual abuse material within the UK, substantiated by the National Crime Agency (NCA). This paper will investigate the increasing burden, and time-consuming task placed upon police forces, by the required regular examination of digital devices, belonging to sentenced peadophiles and individuals, bound by a Sexual Harm Prevention Order (SHPO). By examining some of the motivations behind offenders and their desire to habitually offend, and by using the most common traits amongst them, indicators of suspicious behaviour will emerge. In this paper, a proof-of-concept digital forensic investigation toolkit is proposed to assist Public Protection Officers (PPO) in the analysis of digital devices belonging to these individuals. The proposed Live Suspicious Activity Toolkit (LiSA - T) will enable a time-efficient, up to date assessment of any suspicious activity and behaviour on a Windows 10 computer. By using specific modules that can be turned on and off, updated and have unique preferences assigned to them, LiSA-T will evaluate and then report the findings, assisting the PPO with an informed decision as to involve the Digital Forensic Unit (DFU), to further examine a device in a more in-depth forensic manner. The test results, demonstrated that the proposed LiSA- T techniques, showed low computational cost to successfully detect the targeted evidential artifacts for the defined suspicious activity.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124568254","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888863
Bowen Zhao, Yingjiu Li, Ximeng Liu, HweeHwa Pang, R. Deng
Person Re-IDentification (Re-ID) is a critical technology to identify a target person from captured person images by surveillance cameras. However, person Re-ID has triggered great concerns of personal image privacy. Although the law (e.g., GDPR) has stipulated person images are personal private data, there is no an efficient solution to tackle the image privacy concern for person Re-ID. To this end, we propose FREED, the first system solution for privacy-preserving person Re-ID, which supports the state-of-the-art person Re-ID operations on encrypted feature vectors of person images. To handle the encryption of feature vectors effectively and enable person Re-ID operations on encrypted feature vectors efficiently, FREED develops a suite of batch secure computing protocols based on a twin-server architecture and the threshold Paillier cryptosystem. We demonstrate our secure computing protocols are more efficient than existing protocols and FREED achieves a precision equal to the state-of-the-art plaintext method.
{"title":"FREED: An Efficient Privacy-Preserving Solution for Person Re-IDentification","authors":"Bowen Zhao, Yingjiu Li, Ximeng Liu, HweeHwa Pang, R. Deng","doi":"10.1109/DSC54232.2022.9888863","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888863","url":null,"abstract":"Person Re-IDentification (Re-ID) is a critical technology to identify a target person from captured person images by surveillance cameras. However, person Re-ID has triggered great concerns of personal image privacy. Although the law (e.g., GDPR) has stipulated person images are personal private data, there is no an efficient solution to tackle the image privacy concern for person Re-ID. To this end, we propose FREED, the first system solution for privacy-preserving person Re-ID, which supports the state-of-the-art person Re-ID operations on encrypted feature vectors of person images. To handle the encryption of feature vectors effectively and enable person Re-ID operations on encrypted feature vectors efficiently, FREED develops a suite of batch secure computing protocols based on a twin-server architecture and the threshold Paillier cryptosystem. We demonstrate our secure computing protocols are more efficient than existing protocols and FREED achieves a precision equal to the state-of-the-art plaintext method.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125484559","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888903
Abel O. Gomez Rivera, Evan M. White, Jaime C. Acosta, Deepak K. Tosh
Military networks consist of heterogeneous devices that provide soldiers with real-time terrain and mission intel-ligence. The development of next-generation Software Defined Networks (SDN)-enabled devices is enabling the modernization of traditional military networks. Commonly, traditional military networks take the trustworthiness of devices for granted. How-ever, the recent modernization of military networks introduces cyber attacks such as data and identity spoofing attacks. Hence, it is crucial to ensure the trustworthiness of network traffic to ensure the mission's outcome. This work proposes a Continuous Behavior-based Authentication (CBA) protocol that integrates network traffic analysis techniques to provide robust and efficient network management flow by separating data and control planes in SDN-enabled military networks. The evaluation of the CBA protocol aimed to measure the efficiency of the proposed protocol in realistic military networks. Furthermore, we analyze the overall network overhead of the CBA protocol and its accuracy to detect rogue network traffic data from field devices.
{"title":"Enabling Device Trustworthiness for SDN-Enabled Internet -of- Battlefield Things","authors":"Abel O. Gomez Rivera, Evan M. White, Jaime C. Acosta, Deepak K. Tosh","doi":"10.1109/DSC54232.2022.9888903","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888903","url":null,"abstract":"Military networks consist of heterogeneous devices that provide soldiers with real-time terrain and mission intel-ligence. The development of next-generation Software Defined Networks (SDN)-enabled devices is enabling the modernization of traditional military networks. Commonly, traditional military networks take the trustworthiness of devices for granted. How-ever, the recent modernization of military networks introduces cyber attacks such as data and identity spoofing attacks. Hence, it is crucial to ensure the trustworthiness of network traffic to ensure the mission's outcome. This work proposes a Continuous Behavior-based Authentication (CBA) protocol that integrates network traffic analysis techniques to provide robust and efficient network management flow by separating data and control planes in SDN-enabled military networks. The evaluation of the CBA protocol aimed to measure the efficiency of the proposed protocol in realistic military networks. Furthermore, we analyze the overall network overhead of the CBA protocol and its accuracy to detect rogue network traffic data from field devices.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124657455","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888822
Shao-Fu Chen, Yu-Sung Wu
The Linux system has become an indispensable component of today's Internet services, network backbones, and IoT devices. The Linux kernel is primarily implemented in the C language for efficiency, creating opportunities for memory bugs and synchronization bugs. We introduce the use of the Rust programming language in kernel development, where the safety features of the Rust language are leveraged to prevent the introduction of memory bugs or synchronization bugs when writing kernel code. We showcase the key steps in developing a Linux kernel module in Rust and discuss how the memory bugs and synchronization bugs are prevented. The evaluation demonstrates that the performance overhead of the Rust kernel modules is on par with the C kernel modules.
{"title":"Linux Kernel Module Development with Rust","authors":"Shao-Fu Chen, Yu-Sung Wu","doi":"10.1109/DSC54232.2022.9888822","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888822","url":null,"abstract":"The Linux system has become an indispensable component of today's Internet services, network backbones, and IoT devices. The Linux kernel is primarily implemented in the C language for efficiency, creating opportunities for memory bugs and synchronization bugs. We introduce the use of the Rust programming language in kernel development, where the safety features of the Rust language are leveraged to prevent the introduction of memory bugs or synchronization bugs when writing kernel code. We showcase the key steps in developing a Linux kernel module in Rust and discuss how the memory bugs and synchronization bugs are prevented. The evaluation demonstrates that the performance overhead of the Rust kernel modules is on par with the C kernel modules.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129033963","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888886
Chun-I Fan, Yen-Lin Lai, Cheng-Han Shie
The increasing sophistication of network attacks and the inability of traditional defensive techniques such as firewalls or weak passwords against them have led researchers to propose network intrusion detection systems. Many network intrusion detection systems using machine learning techniques have been proposed, but the detection performance of some systems can be further improved. In addition, many systems adopted multiple machine learning classifiers to cooperate in generating detection results, but the individual classifiers in the system are often difficult to operate independently, limiting the flexibility of the system. This paper presents a Clustering-Based Network Intrusion Detection System, which applies the concept of clustering to detect network attacks by using the K-Nearest Neighbor algorithm for the initial detection of network attack types, and the Decision Tree algorithm specializes in detecting specific types of attacks. This improves the detection performance of the system and maintains the usability of an individual classifier.
{"title":"Clustering-Based Network Intrusion Detection System","authors":"Chun-I Fan, Yen-Lin Lai, Cheng-Han Shie","doi":"10.1109/DSC54232.2022.9888886","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888886","url":null,"abstract":"The increasing sophistication of network attacks and the inability of traditional defensive techniques such as firewalls or weak passwords against them have led researchers to propose network intrusion detection systems. Many network intrusion detection systems using machine learning techniques have been proposed, but the detection performance of some systems can be further improved. In addition, many systems adopted multiple machine learning classifiers to cooperate in generating detection results, but the individual classifiers in the system are often difficult to operate independently, limiting the flexibility of the system. This paper presents a Clustering-Based Network Intrusion Detection System, which applies the concept of clustering to detect network attacks by using the K-Nearest Neighbor algorithm for the initial detection of network attack types, and the Decision Tree algorithm specializes in detecting specific types of attacks. This improves the detection performance of the system and maintains the usability of an individual classifier.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127128402","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888883
Haiyue Yuan, Shujun Li
The main aim of this paper is to provide useful insights to researchers, practitioners and policy makers about cyber security risks of the so-called “net zero technologies”, technologies that can help achieve the “net zero” greenhouse gas (GHG) emission goal set by many countries and the United Nations. The paper first reviews the general background about the NZ goal and selected sectors with important NZ-related technologies, and then focuses on a broad analysis of cyber security risks of NZ-related technologies and relevant solutions, from both technological and socio-technical aspects. This paper concludes with a list of identified open challenges that require more future research and development and some recommendations to different stakeholders of NZ-related technologies.
{"title":"Cyber Security Risks of Net Zero Technologies","authors":"Haiyue Yuan, Shujun Li","doi":"10.1109/DSC54232.2022.9888883","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888883","url":null,"abstract":"The main aim of this paper is to provide useful insights to researchers, practitioners and policy makers about cyber security risks of the so-called “net zero technologies”, technologies that can help achieve the “net zero” greenhouse gas (GHG) emission goal set by many countries and the United Nations. The paper first reviews the general background about the NZ goal and selected sectors with important NZ-related technologies, and then focuses on a broad analysis of cyber security risks of NZ-related technologies and relevant solutions, from both technological and socio-technical aspects. This paper concludes with a list of identified open challenges that require more future research and development and some recommendations to different stakeholders of NZ-related technologies.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124245975","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-22DOI: 10.1109/DSC54232.2022.9888874
Zijie Huang, Yulei Wu
Anomaly detection techniques in the Industrial Internet of Things (IIoT) are driving traditional industries towards an unprecedented level of efficiency, productivity and performance. They are typically developed based on supervised and unsupervised machine learning models. However, some machine learning models are facing “black box” problems, namely the rationale behind the algorithm is not understandable. Recently, several models on explainable anomaly detection have emerged. The “black box” problems have been studied by using such models. But few works focus on applications in the IIoT field, and there is no related review of explainable anomaly detection techniques. In this survey, we provide an overview of explainable anomaly detection techniques in IIoT. We propose a new taxonomy to classify the state-of-the-art explainable anomaly detection techniques into two categories, namely intrinsic based explainable anomaly detection and explainer based explainable anomaly detection. We further discuss the applications of explainable anomaly detection across various IIoT fields. Finally, we suggest future study options in this rapidly expanding subject.
{"title":"A Survey on Explainable Anomaly Detection for Industrial Internet of Things","authors":"Zijie Huang, Yulei Wu","doi":"10.1109/DSC54232.2022.9888874","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888874","url":null,"abstract":"Anomaly detection techniques in the Industrial Internet of Things (IIoT) are driving traditional industries towards an unprecedented level of efficiency, productivity and performance. They are typically developed based on supervised and unsupervised machine learning models. However, some machine learning models are facing “black box” problems, namely the rationale behind the algorithm is not understandable. Recently, several models on explainable anomaly detection have emerged. The “black box” problems have been studied by using such models. But few works focus on applications in the IIoT field, and there is no related review of explainable anomaly detection techniques. In this survey, we provide an overview of explainable anomaly detection techniques in IIoT. We propose a new taxonomy to classify the state-of-the-art explainable anomaly detection techniques into two categories, namely intrinsic based explainable anomaly detection and explainer based explainable anomaly detection. We further discuss the applications of explainable anomaly detection across various IIoT fields. Finally, we suggest future study options in this rapidly expanding subject.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114688480","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cyber Physical Systems (CPS) security has gained a lot of interest in recent years. Different approaches have been proposed to tackle the security challenges. Intrusion detection has been of most interest so far, involving design-based and data-based approaches. Design-based approaches require domain expertise and are not scalable, on the other hand, data-based approaches suffer from the lack of real-world datasets available for specific critical physical processes. In this work, a data collection effort is made on a realistic Water Distribution (WADI) test-bed. Collected data consists of both the normal operation as well as a range of attack scenarios. Next, machine learning-based system-modeling techniques are considered using the data from WADI. It is shown that the accuracy of system model-based intrusion detectors depends on the model accuracy and for non-linear processes, it is non-trivial to obtain accurate system models. Moreover, an operational invariants-based attack detection technique is proposed using the system design parameters. It is shown that using a simple rule-based anomaly detector performs better than the complex black-box data-based techniques.
{"title":"Curse of System Complexity and Virtue of Operational Invariants: Machine Learning based System Modeling and Attack Detection in CPS","authors":"Muhammad Omer Shahid, Chuadhry Mujeeb Ahmed, Venkata Reddy Palleti, Jianying Zhou","doi":"10.1109/DSC54232.2022.9888940","DOIUrl":"https://doi.org/10.1109/DSC54232.2022.9888940","url":null,"abstract":"Cyber Physical Systems (CPS) security has gained a lot of interest in recent years. Different approaches have been proposed to tackle the security challenges. Intrusion detection has been of most interest so far, involving design-based and data-based approaches. Design-based approaches require domain expertise and are not scalable, on the other hand, data-based approaches suffer from the lack of real-world datasets available for specific critical physical processes. In this work, a data collection effort is made on a realistic Water Distribution (WADI) test-bed. Collected data consists of both the normal operation as well as a range of attack scenarios. Next, machine learning-based system-modeling techniques are considered using the data from WADI. It is shown that the accuracy of system model-based intrusion detectors depends on the model accuracy and for non-linear processes, it is non-trivial to obtain accurate system models. Moreover, an operational invariants-based attack detection technique is proposed using the system design parameters. It is shown that using a simple rule-based anomaly detector performs better than the complex black-box data-based techniques.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126432011","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: