Hybrid Intrusion Detection Mechanisms for Integrated Electronic Systems

While integrated electronic systems (IESs) are widely used in military and civilian applications, their security issues are barely studied. By analyzing the architecture of the system and the characteristics of bus communication, this paper proposes an intrusion detection method based on the message sequence and behavioral rules of subsystems. According to the bus protocol, messages are divided into periodic and aperiodic messages. For the previous, we adopt sequence analysis and propose an algorithm that extract the sequence intelligently to determine if there are anomalies. For aperiodic messages, we detect the anomalies by modeling the system behaviors as decision trees. Through implementing experiments on our simulation system, we demonstrate that the proposed detection is more accurate than the existing schemes while incurring both lower false negative rate and lower false positive rate.

[1]  Daxin Tian,et al.  An Intrusion Detection System Based on Machine Learning for CAN-Bus , 2017, INISCOM.

[2]  Sanjay Chawla,et al.  Deep Learning for Anomaly Detection: A Survey , 2019, ArXiv.

[3]  Virgil D. Gligor A Note on Denial-of-Service in Operating Systems , 1984, IEEE Transactions on Software Engineering.

[4]  A. Gillen,et al.  Introduction of 3910 high speed data bus , 1992, MILCOM 92 Conference Record.

[5]  Rafal Rohozinski,et al.  Stuxnet and the Future of Cyber War , 2011 .

[6]  Mohsen Guizani,et al.  Security Analysis of a Space-Based Wireless Network , 2019, IEEE Network.

[7]  Tomas Olovsson,et al.  Security aspects of the in-vehicle network in the connected car , 2011, 2011 IEEE Intelligent Vehicles Symposium (IV).

[8]  Khaled M. Rabie,et al.  Detection of advanced persistent threat using machine-learning correlation analysis , 2018, Future Gener. Comput. Syst..

[9]  Raghavendra Chalapathy University of Sydney,et al.  Deep Learning for Anomaly Detection: A Survey , 2019, ArXiv.

[10]  Christof Paar,et al.  Security in Automotive Bus Systems , 2004 .

[11]  Jana Dittmann,et al.  Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures , 2008, Reliab. Eng. Syst. Saf..

[12]  Yuval Elovici,et al.  Protecting Military Avionics Platforms from Attacks on MIL-STD-1553 Communication Bus , 2017, ArXiv.

[13]  Thorsten Holz,et al.  Towards reducing the attack surface of software backdoors , 2013, CCS.

[14]  Huy Kang Kim,et al.  Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network , 2016, 2016 International Conference on Information Networking (ICOIN).

[15]  Wenyuan Xu,et al.  Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study , 2010, USENIX Security Symposium.

[16]  Feifei Li,et al.  DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning , 2017, CCS.

[17]  Je-Won Kang,et al.  Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security , 2016, PloS one.

[18]  Xiaoguang Hu,et al.  Research on digital simulation of satellite integrated electronic system , 2014, 11th IEEE International Conference on Control & Automation (ICCA).

[19]  Paul C. Marth TIMED Integrated Electronics Module (IEM) , 2003 .

[20]  Andy Liaw,et al.  Classification and Regression by randomForest , 2007 .

[21]  Mirco Marchetti,et al.  Anomaly detection of CAN bus messages through analysis of ID sequences , 2017, 2017 IEEE Intelligent Vehicles Symposium (IV).

[22]  Chunhua Su,et al.  Special Issue on Advanced Persistent Threat , 2018, Future Gener. Comput. Syst..

[23]  Lars Erup,et al.  Security in DVB-RCS2 , 2013, Int. J. Satell. Commun. Netw..