Investigating Process-Aware Attack Detection on Embedded Systems
Typ
Examensarbete för masterexamen
Program
Computer systems and networks (MPCSN), MSc
Publicerad
2019
Författare
HELLQVIST, ALBIN
OVERLAND, ALBERT
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
In many industrial settings, there are multiple processes that need to be monitored
and controlled. Examples of such processes include controlling the flow of water in a
hydroelectric plant or managing the temperature in an industrial water boiler. The
systems supervising these processes are called Industrial Control Systems (ICSs).
In some cases, ICSs are in control of critical infrastructure which makes them a
worthwhile or profitable target for adversaries. Furthermore, ICSs are increasingly
becoming targets of cyber attacks due to their increased network connectivity
and integration into previously isolated systems. In addition, the advent of Internet
of Things (IoT) increases the number of systems that can be targeted by
similar cyber attacks. Since ICSs encompass a variety of different applications,
each having its specific requirements, current methods of detecting attacks are oftentimes
application-specific and not scalable. In response to the increased need
for application-agnostic security, attack-detection methods with the capability of
only using sensory data for detecting attacks have recently been proposed in the
literature.
These recently proposed attack-detection methods are to be run in ICS or IoT environments
where power consumption is of concern in addition to limited hardware
resources. Consequently, the scope and the aim of this thesis is to implement
and evaluate one of these recent types of methods on a resource-constrained embedded
system. For this task, a state-of-the-art attack-detection method was chosen
together with a suitable embedded system on which the method was implemented.
Additionally, a test environment consisting of three different sensors was set up in
order to have real data for the evaluation of the system.
The results show that the chosen attack-detection method is able to detect various
types of attacks in real time when running on the resource-constrained embedded
system. Furthermore, by tweaking certain parameters, the method could
possibly run on less powerful embedded systems or with better resource utilization.
Additionally, the results show that the embedded system, together with the
attack-detection method, can potentially be used in resource-constrained ICS or
IoT environments to detect attacks in real time.
Beskrivning
Ämne/nyckelord
Industrial control systems , Internet of Things , computer security , intrusion detection system , anomaly-based attack detection , embedded systems , microcontroller , resource-constrained devices