On-board Diagnosis: A First Step from Detection to Prevention of Intrusions on Avionics Applications

Nowadays, air travel is one of the safest transportation means. While safety is historically well integrated into avionics systems, it is becoming increasingly important to take into account the security of such systems for the future. In particular, Host-based Intrusion Detection Systems (HIDS) are commonly used in traditional information systems to improve their security. The adaptation of such systems for deployment inside an aircraft has been studied in another work and has shown to be effective in detecting anomalous behavior in an avionic application. However, the detection itself is not sufficient to provide an on-board reaction, and to prevent such intrusion. This paper proposes to improve such HIDS by introducing a signature-based system capable of providing a first diagnosis after the detection of an anomalous behavior. The proposed diagnosis approach is based on the definition of the signature of an alert, and its comparison with a knowledge database that is regularly updated throughout aircraft lifetime. This approach has been implemented on a real avionic computer and yielded good results in terms of classification accuracy and resources consumption.

[1]  Jinjun Chen,et al.  Host-Based Intrusion Detection System with System Calls , 2018, ACM Comput. Surv..

[2]  Gürsel Serpen,et al.  Host-based misuse intrusion detection using PCA feature extraction and kNN classification algorithms , 2018, Intell. Data Anal..

[3]  Santosh Biswas,et al.  Sequencegram: n-gram modeling of system calls for program based anomaly detection , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[4]  Zhuoqing Morley Mao,et al.  Automated Classification and Analysis of Internet Malware , 2007, RAID.

[5]  Marc Fumey,et al.  Anomaly Based Intrusion Detection for an Avionic Embedded System , 2018 .

[6]  Robert B. Fisher,et al.  Hierarchical classification with reject option for live fish recognition , 2014, Machine Vision and Applications.

[7]  Wei Zhang,et al.  Semantics-Based Online Malware Detection: Towards Efficient Real-Time Protection Against Malware , 2016, IEEE Transactions on Information Forensics and Security.

[8]  Sateesh K. Peddoju,et al.  HIDS: A host based intrusion detection system for cloud computing environment , 2014, International Journal of System Assurance Engineering and Management.

[9]  Ran El-Yaniv,et al.  Selective Classification for Deep Neural Networks , 2017, NIPS.

[10]  Martin E. Hellman,et al.  The Nearest Neighbor Classification Rule with a Reject Option , 1970, IEEE Trans. Syst. Sci. Cybern..

[11]  Aliénor Damien,et al.  Implementation of a Host-Based Intrusion Detection System for Avionic Applications , 2019, 2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC).

[12]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[13]  Fabio Roli,et al.  Support Vector Machines with Embedded Reject Option , 2002, SVM.

[14]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[15]  Christopher Krügel,et al.  Using Decision Trees to Improve Signature-Based Intrusion Detection , 2003, RAID.

[16]  Filip Karlo Dosilovic,et al.  Explainable artificial intelligence: A survey , 2018, 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO).

[17]  Somesh Jha,et al.  Mining specifications of malicious behavior , 2008, ISEC '08.

[18]  Aliénor Damien,et al.  Attack Injection into Avionic Systems through Application Code Mutation , 2019, 2019 IEEE/AIAA 38th Digital Avionics Systems Conference (DASC).

[19]  Gürsel Serpen,et al.  Ensemble classifier for misuse detection using N-gram feature vectors through operating system call traces , 2017, Int. J. Hybrid Intell. Syst..