TWC: Small: Behavior-Based Zero-Day Intrusion Detection for Real-Time Cyber-Physical Systems

TWC：小型：针对实时网络物理系统的基于行为的零日入侵检测

• 批准号: 1423334
• 负责人: Sibin Mohan
• 金额: $ 50万
• 依托单位: University of Illinois at Urbana-Champaign
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-10-01 至 2018-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1423334&HistoricalAwards=false
• 关键词: TWC; Small; Behavior; Based; Zero

Cyber-Physical Systems (CPS) have distinct cyber and physical components that must work cohesively with each other to ensure correct operation. Examples include automobiles, power plants, avionics systems, and home automation systems. Traditionally such systems were isolated from external accesses and used proprietary components and protocols. Today that is not the case as CPS systems are increasingly networked. A failure to protect these systems from harm in cyber could result in significant physical harm. Many cyber-physical systems have real-time constraints i.e., they must function correctly within predetermined time scales. Systems that have such real-time properties are predictable by design. The execution behavior of such systems (e.g., execution time, memory usage, control flow, system properties, etc.) is analyzed in detail and controlled to a high degree of precision in order to guarantee predictable real-time behavior. This project aims to use this very predictability of real-time CPS to detect intrusions as soon as they occur and take evasive and corrective actions. This will be combined with the development of an architectural framework to (a) detect intrusions and (b) guarantee that the underlying physical system does not come to harm. The development of these analysis techniques and intrusion-detection architectures being proposed here will inherently make such systems more secure and hence, safer. It will bring us one step closer to understanding how to integrate two seemingly diverse yet important fields, CPS and cybersecurity, while gaining a better understanding of both areas.

网络物理系统 (CPS) 具有不同的网络和物理组件，这些组件必须彼此协同工作以确保正确运行。示例包括汽车、发电厂、航空电子系统和家庭自动化系统。传统上，此类系统与外部访问隔离，并使用专有组件和协议。如今，随着 CPS 系统日益联网，情况已不再如此。如果未能保护这些系统免受网络伤害，可能会导致严重的物理伤害。许多网络物理系统都具有实时约束，即它们必须在预定的时间范围内正确运行。具有这种实时特性的系统在设计上是可预测的。对此类系统的执行行为（例如，执行时间、内存使用、控制流、系统属性等）进行详细分析并进行高精度控制，以保证可预测的实时行为。该项目旨在利用实时 CPS 的这种高度可预测性，在入侵发生时立即检测到它们，并采取规避和纠正措施。这将与架构框架的开发相结合，以（a）检测入侵并（b）保证底层物理系统不会受到损害。这里提出的这些分析技术和入侵检测架构的开发本质上将使此类系统更加安全，从而更加安全。它将让我们更进一步了解如何整合 CPS 和网络安全这两个看似不同但重要的领域，同时更好地了解这两个领域。

项目成果

A Covert Queueing Channel in FCFS Schedulers

FCFS调度器中的隐蔽排队通道

• DOI: 10.1109/tifs.2018.2797953
• 发表时间: 2017-07-23
• 期刊: IEEE Transactions on Information Forensics and Security
• 影响因子: 6.8
• 作者: AmirEmad Ghassami;N. Kiyavash
• 通讯作者: N. Kiyavash