Investigating Process-Aware Attack Detection on Embedded Systems

Typ
Examensarbete för masterexamen
Program
Computer systems and networks (MPCSN), MSc
Publicerad
2019
Författare
HELLQVIST, ALBIN
OVERLAND, ALBERT
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
In many industrial settings, there are multiple processes that need to be monitored and controlled. Examples of such processes include controlling the flow of water in a hydroelectric plant or managing the temperature in an industrial water boiler. The systems supervising these processes are called Industrial Control Systems (ICSs). In some cases, ICSs are in control of critical infrastructure which makes them a worthwhile or profitable target for adversaries. Furthermore, ICSs are increasingly becoming targets of cyber attacks due to their increased network connectivity and integration into previously isolated systems. In addition, the advent of Internet of Things (IoT) increases the number of systems that can be targeted by similar cyber attacks. Since ICSs encompass a variety of different applications, each having its specific requirements, current methods of detecting attacks are oftentimes application-specific and not scalable. In response to the increased need for application-agnostic security, attack-detection methods with the capability of only using sensory data for detecting attacks have recently been proposed in the literature. These recently proposed attack-detection methods are to be run in ICS or IoT environments where power consumption is of concern in addition to limited hardware resources. Consequently, the scope and the aim of this thesis is to implement and evaluate one of these recent types of methods on a resource-constrained embedded system. For this task, a state-of-the-art attack-detection method was chosen together with a suitable embedded system on which the method was implemented. Additionally, a test environment consisting of three different sensors was set up in order to have real data for the evaluation of the system. The results show that the chosen attack-detection method is able to detect various types of attacks in real time when running on the resource-constrained embedded system. Furthermore, by tweaking certain parameters, the method could possibly run on less powerful embedded systems or with better resource utilization. Additionally, the results show that the embedded system, together with the attack-detection method, can potentially be used in resource-constrained ICS or IoT environments to detect attacks in real time.
Beskrivning
Ämne/nyckelord
Industrial control systems , Internet of Things , computer security , intrusion detection system , anomaly-based attack detection , embedded systems , microcontroller , resource-constrained devices
Citation
Arkitekt (konstruktör)
Geografisk plats
Byggnad (typ)
Byggår
Modelltyp
Skala
Teknik / material
Index