Implementation of a Host-Based Intrusion Detection System for Avionic Applications

Today, aircraft are protected by strong safety properties, qualified operators and process-based security measures. However, considering the recent evolution of in-flight services towards more connectivity, resource sharing and advanced entertainment functionalities, together with the increase of threats targeting embedded systems, the potential malicious modification of an aircraft application must be seriously considered for future systems. In this context, several solutions can be developed to improve aircraft security. In particular, Host-based Intrusion Detection Systems (HIDS) are relevant to deal with targeted threats such as an insider attack. This paper presents the specific constraints of building an HIDS onboard an aircraft, and discusses some relevant solutions that satisfy these constraints. These solutions are evaluated in terms of detection efficiency and resource consumption in order to select the solution that allows the best trade-off between efficiency and performances. The implementation of this solution on an embedded avionic computer is also described.

[1]  Aliénor Damien,et al.  Attack Injection into Avionic Systems through Application Code Mutation , 2019, 2019 IEEE/AIAA 38th Digital Avionics Systems Conference (DASC).

[2]  Tarrah R. Glass-Vanderlan,et al.  A Survey of Intrusion Detection Systems Leveraging Host Data , 2018, ACM Comput. Surv..

[3]  Leandros A. Maglaras,et al.  Combining ensemble methods and social network metrics for improving accuracy of OCSVM on intrusion detection in SCADA systems , 2015, J. Inf. Secur. Appl..

[4]  Brandon L Daley,et al.  USBeSafe: Applying One Class SVM for Effective USB Event Anomaly Detection , 2016 .

[5]  Karthik Pattabiraman,et al.  Flexible Intrusion Detection Systems for Memory-Constrained Embedded Systems , 2015, 2015 11th European Dependable Computing Conference (EDCC).

[6]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[7]  Ken O'Neill,et al.  Protecting flight critical systems against security threats in commercial air transportation , 2016, 2016 IEEE/AIAA 35th Digital Avionics Systems Conference (DASC).

[8]  Hari Om,et al.  A hybrid system for reducing the false alarm rate of anomaly intrusion detection system , 2012, 2012 1st International Conference on Recent Advances in Information Technology (RAIT).

[9]  Michael Paulitsch,et al.  Investigation into a layered approach to architecting security-informed safety cases , 2015, 2015 IEEE/AIAA 34th Digital Avionics Systems Conference (DASC).

[10]  Yves Deswarte,et al.  SEcuring Integrated Modular Avionics Computers , 2013, 2013 IEEE/AIAA 32nd Digital Avionics Systems Conference (DASC).

[11]  Bernhard Schölkopf,et al.  Support Vector Method for Novelty Detection , 1999, NIPS.

[12]  Hans Kleine Büning,et al.  Model-Based Anomaly Detection for Discrete Event Systems , 2014, 2014 IEEE 26th International Conference on Tools with Artificial Intelligence.

[13]  Paul Parkinson,et al.  Safety-Critical Software Development for Integrated Modular Avionics , 2015 .

[14]  Lui Sha,et al.  SecureCore: A multicore-based intrusion detection architecture for real-time embedded systems , 2013, 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS).

[15]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[16]  Jinoh Kim,et al.  A survey of deep learning-based network anomaly detection , 2017, Cluster Computing.

[17]  Lui Sha,et al.  Learning Execution Contexts from System Call Distributions for Intrusion Detection in Embedded Systems , 2015 .

[18]  Jonathan Miller,et al.  Cyber Threats Facing Autonomous and Connected Vehicles: Future Challenges , 2017, IEEE Transactions on Intelligent Transportation Systems.

[19]  Lui Sha,et al.  Memory Heat Map: Anomaly detection in real-time embedded systems using memory behavior , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[20]  Qin Lin,et al.  Anomaly Detection in a Digital Video Broadcasting System Using Timed Automata , 2017, ArXiv.

[21]  Philippe Owezarski,et al.  Generic and autonomous system for airborne networks cyber-threat detection , 2013, 2013 IEEE/AIAA 32nd Digital Avionics Systems Conference (DASC).

[22]  Marc Fumey,et al.  Anomaly Based Intrusion Detection for an Avionic Embedded System , 2018 .

[23]  Vincent Nicomette,et al.  A language-based intrusion detection approach for automotive embedded networks , 2015, Int. J. Embed. Syst..

[24]  P.J. Prisaznuk,et al.  ARINC 653 role in Integrated Modular Avionics (IMA) , 2008, 2008 IEEE/AIAA 27th Digital Avionics Systems Conference.

[25]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..