Investigating Process-Aware Attack Detection on Embedded Systems
Examensarbete för masterexamen
Please use this identifier to cite or link to this item:
|Type: ||Examensarbete för masterexamen|
|Title: ||Investigating Process-Aware Attack Detection on Embedded Systems|
|Authors: ||HELLQVIST, ALBIN|
|Abstract: ||In many industrial settings, there are multiple processes that need to be monitored
and controlled. Examples of such processes include controlling the flow of water in a
hydroelectric plant or managing the temperature in an industrial water boiler. The
systems supervising these processes are called Industrial Control Systems (ICSs).
In some cases, ICSs are in control of critical infrastructure which makes them a
worthwhile or profitable target for adversaries. Furthermore, ICSs are increasingly
becoming targets of cyber attacks due to their increased network connectivity
and integration into previously isolated systems. In addition, the advent of Internet
of Things (IoT) increases the number of systems that can be targeted by
similar cyber attacks. Since ICSs encompass a variety of different applications,
each having its specific requirements, current methods of detecting attacks are oftentimes
application-specific and not scalable. In response to the increased need
for application-agnostic security, attack-detection methods with the capability of
only using sensory data for detecting attacks have recently been proposed in the
These recently proposed attack-detection methods are to be run in ICS or IoT environments
where power consumption is of concern in addition to limited hardware
resources. Consequently, the scope and the aim of this thesis is to implement
and evaluate one of these recent types of methods on a resource-constrained embedded
system. For this task, a state-of-the-art attack-detection method was chosen
together with a suitable embedded system on which the method was implemented.
Additionally, a test environment consisting of three different sensors was set up in
order to have real data for the evaluation of the system.
The results show that the chosen attack-detection method is able to detect various
types of attacks in real time when running on the resource-constrained embedded
system. Furthermore, by tweaking certain parameters, the method could
possibly run on less powerful embedded systems or with better resource utilization.
Additionally, the results show that the embedded system, together with the
attack-detection method, can potentially be used in resource-constrained ICS or
IoT environments to detect attacks in real time.|
|Keywords: ||Industrial control systems;Internet of Things;computer security;intrusion detection system;anomaly-based attack detection;embedded systems;microcontroller;resource-constrained devices|
|Issue Date: ||2019|
|Publisher: ||Chalmers tekniska högskola / Institutionen för data och informationsvetenskap|
|Collection:||Examensarbeten för masterexamen // Master Theses|
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.