Scalable Intrusion Detection System for Resource-Constrained CPSes
Intrusion detection system (IDS) depends on the monitors (Instrumented locations) collecting online information about the system behavior. The major fraction of IDS performance overhead is caused by security monitors (instrumentation). Full instrumentation to support attack detection without any pruning policy will maximize the chance of attack coverage, but at the cost of performance overhead, memory usage and computational power overhead. Hence, instrumentation process for attack detection purposes in resource-constraint CPSes is a challenging problem. We propose ARTINALI#; a Bayesian-based search and score technique that identifies the critical points at which to instrument a CPS. Given a set of security monitors that observe run-time behavior of the system, a set of specifications that verify the correct behavior of the system, and statistics gathered from fault injection, ARTINALI# discovers a small set of locations and a rich set of specifications that yield full attack coverage with low (memory and time) overhead. We deploy ARTINALI# to construct an IDS for two classes CPSes, and demonstrate that our technique reduces the number of security monitors by 64% on average, leading to 52% and 69% reductions in memory and runtime overhead respectively.
Multi-Dimensional Specification Mining for Complex Autonomous Vehicles
As the continuity of operation is of the utmost significance for autonomous vehicles such as UAVs, it is essential to dynamically monitor the system to learn its common behaviors and formulate specifications for detecting security attacks. However, deriving specifications for such systems using the current techniques is not a simple task as they are dealing with a set of challenges. The first challenge is having continuous physical movements in time and space, which constitute an important part of the behavior of these systems, and the second challenge is having various operational modes. So, my goal was to develop a specification mining technique for such complex CPS platforms. I proposed ARTINALI++, which is an extension to ARTINALI technique. While ARTINALI builds a multi-dimensional model for general CPS platforms, ARTINALI++ enhances the model through discovering invariants that represent the physical motions and distinct operational modes in complex CPS platforms such as autonomous vehicles. My result showed that ARTINALI++, substantially improves the ratio of false positives and false negatives by 14.3 and 19.4 % respectively over ARTINALI in our unmanned aerial vehicle platform.
Dynamic Analysis-based Specification mining for Cyber-Physical Systems (CPSes)
CPSes are being widely deployed in security-critical scenarios such as smart homes and smart medical devices. Unfortunately, the connectedness of these systems and their relative lack of security measures makes them ripe targets for attacks. I analyzed CPS characteristics and constraints to identify its security requirements, and surveyed existing security techniques for computerized systems. I found out that these techniques cannot satisfy CPSes security requirements particularly their real-time constraints. I developed a new security solution (called ARTINALI), which dynamically monitors the CPS to learn its normal behaviors and formulate invariants for detecting security attacks. I implemented ARTINALI using unsupervised ML algorithm (association rules) for building security model for a CPS. I built ARTINALI-based IDS for two classes of CPSes: smart meter and smart artificial pancreas, and evaluated the IDS using known and unknown attacks, in comparison with several existing state-of-the-art dynamic invariant detection techniques. I found that the ARTINALI-based IDS exhibits significantly high accuracy (98%) and reasonable overheads against mounted attacks, comparing to the other techniques.
for more information.
Impact Analysis of User Human Errors on a Realistic System Accuracy
Type-1-Diabetic(T1D) patients are always suffering from wearing continues glucose monitoring (CGM) system. This is especially uncomfortable for children, and during sleep or exercise time. Hence, they need a non-intrusive way for monitoring unsafe blood glucose (BG) rather than using wearable CGM. An ML-based decision support system can predict future BG level, given the feature set of insulin injections, meals, and historical BG levels as they all carry certain effects predicting future BG level. However, design of an optimal interface which is easier to track BG, while having acceptable level of predictability is challenging. On one hand, including all features as data field entries in the app help maximizing the prediction power of classifier; on the other hand, it may affect the usability of app due to time- consuming data insertion and likely user mistakes. Therefore, we examined prediction power of classifier as well as accuracy of user interface for different sets of features in different UI layouts, and proposed the best tradeoff between Human error and machine error to achieve the highest accuracy for entire system. This work is under preparation to be submitted in CHI2020. Click here
for more information.
A Programmable Software Fault Injection Framework
Safety-critical systems need robust software against different sorts of software faults to void failures. However, evaluating the dependability of software system against multiple fault scenarios is challenging, due to the combinatorial explosion and the advent of new fault models. I proposed a fault injection description language (called FIDL), the first domain specific language that provides high-level abstractions for writing fault injectors spanning a wide variety of software faults. I also built a programmable software fault injection framework using FIDL to test the fault-tolerance of software applications. My proposed framework showed a significant decrease (31%) in the overall time required for the test procedure. This research project was a joint project between UBC and Cisco systems, San Jose, USA. Click here
for more information.