TLP-IDS: A Two-layer Intrusion Detection System for Integrated Electronic Systems

With the increasing applications of integrated electronic systems (IESs), especially in security critical application scenarios like satellites and aircraft, new vulnerabilities and attacks have emerged recently. To detect the attacks, we propose TLP-IDS, a real-time intrusion detection system (IDS). TLP-IDS includes two layers of detection modules, one based on time and sequence logic and the other based on historical data. For the modules in the first layer, periodic and aperiodic messages are distinguished based on variations of message intervals, and we learnd from the idea of Markov decision process (MDP) in reinforcement learning (RL) to automatically learn the logical relationship between sequences. In the second layer, an online sequence extreme learning machine (OS-ELM) method is deployed to fit the data and further combined with the Weibull distribution function for prediction and detection. To evaluate our system, we implement several attack scenarios on a test bed, and measure the detection performance. Experimental results show that our system can quickly and effectively detect various attacks.

[1]  Daojing He,et al.  Hybrid Intrusion Detection Mechanisms for Integrated Electronic Systems , 2020, 2020 17th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON).

[2]  U. Rieder,et al.  Markov Decision Processes , 2010 .

[3]  Anand Handa,et al.  Machine learning in cybersecurity: A review , 2019, WIREs Data Mining Knowl. Discov..

[4]  Narasimhan Sundararajan,et al.  On-Line Sequential Extreme Learning Machine , 2005, Computational Intelligence.

[5]  Aderemi A. Atayero,et al.  Towards a more efficient and cost-sensitive extreme learning machine: A state-of-the-art review of recent trend , 2019, Neurocomputing.

[6]  Gauss M. Cordeiro,et al.  On the generalized extended exponential-Weibull distribution: properties and different methods of estimation , 2020, Int. J. Comput. Math..

[7]  Fairoza Naushad,et al.  Testing Methodology for Fibre Channel Protocol in Avionics Applications , 2017, 2017 International Conference on Recent Advances in Electronics and Communication Technology (ICRAECT).

[8]  Yuval Elovici,et al.  On the Security of MIL-STD-1553 Communication Bus , 2018, ISSA/CSITS@ESORICS.

[9]  Troy Troshynski Considerations for testing and simulation of MIL-STD-1760E/HS1760 avionics interfaces , 2015, 2015 IEEE AUTOTESTCON.

[10]  Vijaya Sankara Rao Pasupureddi,et al.  100-Mb/s enhanced data rate MIL-STD-1553B controller in 65-nm CMOS technology , 2016, IEEE Transactions on Aerospace and Electronic Systems.

[11]  Daojing He,et al.  A Lightweight and Intelligent Intrusion Detection System for Integrated Electronic Systems , 2020, IEEE Network.

[12]  E. Valuations A REVIEW ON EVALUATION METRICS FOR DATA CLASSIFICATION EVALUATIONS , 2015 .

[13]  Jason Clark,et al.  Connected Aircraft: Cyber-Safety Risks, Insider Threat, and Management Approaches , 2019, HICSS.

[14]  Thuy D. Nguyen Towards MIL-STD-1553B covert channel analysis , 2015 .

[15]  Asaf Shabtai,et al.  Intrusion Detection System for the MIL-STD-1553 Communication Bus , 2020, IEEE Transactions on Aerospace and Electronic Systems.

[16]  Ian Moir,et al.  Civil Avionics Systems , 2002 .

[17]  Yuval Elovici,et al.  Protecting Military Avionics Platforms from Attacks on MIL-STD-1553 Communication Bus , 2017, ArXiv.

[18]  Sowmya Madhavan,et al.  Test Signal Generation for Detecting Faults on Mil-Std 1553 Bus , 2018 .

[19]  Matteo Sonza Reorda,et al.  In-field Functional Test of CAN Bus Controllers , 2020, 2020 IEEE 38th VLSI Test Symposium (VTS).

[20]  Yuval Elovici,et al.  Datasets of RT spoofing attacks on MIL-STD-1553 communication traffic , 2019, Data in brief.

[21]  Vincent Roberge,et al.  MAIDENS: MIL-STD-1553 Anomaly-Based Intrusion Detection System Using Time-Based Histogram Comparison , 2020, IEEE Transactions on Aerospace and Electronic Systems.