Investigating Process-Aware Attack Detection on Embedded Systems

Examensarbete för masterexamen

Please use this identifier to cite or link to this item:
Download file(s):
File Description SizeFormat 
CSE 19-25 Hellqvist Overland.pdfCSE Hellqvist, Albin & Overland, Albert7.99 MBAdobe PDFView/Open
Type: Examensarbete för masterexamen
Title: Investigating Process-Aware Attack Detection on Embedded Systems
Abstract: In many industrial settings, there are multiple processes that need to be monitored and controlled. Examples of such processes include controlling the flow of water in a hydroelectric plant or managing the temperature in an industrial water boiler. The systems supervising these processes are called Industrial Control Systems (ICSs). In some cases, ICSs are in control of critical infrastructure which makes them a worthwhile or profitable target for adversaries. Furthermore, ICSs are increasingly becoming targets of cyber attacks due to their increased network connectivity and integration into previously isolated systems. In addition, the advent of Internet of Things (IoT) increases the number of systems that can be targeted by similar cyber attacks. Since ICSs encompass a variety of different applications, each having its specific requirements, current methods of detecting attacks are oftentimes application-specific and not scalable. In response to the increased need for application-agnostic security, attack-detection methods with the capability of only using sensory data for detecting attacks have recently been proposed in the literature. These recently proposed attack-detection methods are to be run in ICS or IoT environments where power consumption is of concern in addition to limited hardware resources. Consequently, the scope and the aim of this thesis is to implement and evaluate one of these recent types of methods on a resource-constrained embedded system. For this task, a state-of-the-art attack-detection method was chosen together with a suitable embedded system on which the method was implemented. Additionally, a test environment consisting of three different sensors was set up in order to have real data for the evaluation of the system. The results show that the chosen attack-detection method is able to detect various types of attacks in real time when running on the resource-constrained embedded system. Furthermore, by tweaking certain parameters, the method could possibly run on less powerful embedded systems or with better resource utilization. Additionally, the results show that the embedded system, together with the attack-detection method, can potentially be used in resource-constrained ICS or IoT environments to detect attacks in real time.
Keywords: Industrial control systems;Internet of Things;computer security;intrusion detection system;anomaly-based attack detection;embedded systems;microcontroller;resource-constrained devices
Issue Date: 2019
Publisher: Chalmers tekniska högskola / Institutionen för data och informationsvetenskap
Collection:Examensarbeten för masterexamen // Master Theses

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.