首页> 外文期刊>IEEE transactions on dependable and secure computing >Checking is Believing: Event-Aware Program Anomaly Detection in Cyber-Physical Systems
【24h】

Checking is Believing: Event-Aware Program Anomaly Detection in Cyber-Physical Systems

机译:检查是相信:网络物理系统中的事件感知程序异常检测

获取原文
获取原文并翻译 | 示例

摘要

Securing cyber-physical systems (CPS) against malicious attacks is of paramount importance because these attacks may cause irreparable damages to physical systems. Recent studies have revealed that control programs running on CPS devices suffer from both control-oriented attacks (e.g., code-injection or code-reuse attacks) and data-oriented attacks (e.g., non-control data attacks). Unfortunately, existing detection mechanisms are insufficient to detect runtime data-oriented exploits, due to the lack of runtime execution semantics checking. In this work, we propose Orpheus, a new security methodology for defending against data-oriented attacks by enforcing cyber-physical execution semantics. We first present a general method for reasoning cyber-physical execution semantics of a control program (i.e., causal dependencies between the physical context/event and program control flows), including the event identification and dependence analysis. As an instantiation of Orpheus, we then present a new program behavior model, i.e., the event-aware finite-state automaton (eFSA). eFSA takes advantage of the event-driven nature of CPS control programs and incorporates event checking in anomaly detection. It detects data-oriented exploits if a specific physical event is missing along with the corresponding event dependent state transition. We evaluate our prototype's performance by conducting case studies under data-oriented attacks. Results show that eFSA can successfully detect different runtime attacks. Our prototype on Raspberry Pi incurs a low overhead, taking 0.0001s for each state transition integrity checking, and 0.063s similar to 0.211s for the cyber-physical contextual consistency checking.
机译:保护网络物理系统(CPS)免于恶意攻击至关重要,因为这些攻击可能对物理系统造成无法弥补的损害。最近的研究揭示了CPS设备上运行的控制程序遭受面向控制的攻击(例如,代码注入或代码重复使用)和数据导向攻击(例如,非控制数据攻击)。遗憾的是,由于缺乏运行时执行语义检查,现有的检测机制不足以检测运行时数据导向的漏洞。在这项工作中,我们提出了orpheus,通过实施网络物理执行语义来防御数据导向攻击的新安全方法。我们首先介绍一种推理控制程序的网络物理执行语义的一般方法(即,物理上下文/事件和程序控制流程之间的因果依赖性),包括事件识别和依赖性分析。作为Orpheus的实例化,我们将介绍一个新的程序行为模型,即事件感知有限状态自动机(EFSA)。 EFSA利用CPS控制程序的事件驱动性质,并在异常检测中结合了事件检查。如果缺少特定的事件依赖状态转换,它会检测到数据导向的利用。我们通过在面向数据的攻击下进行案例研究来评估我们的原型的表现。结果表明,EFSA可以成功检测不同的运行时攻击。我们的raspberry pi的原型引起了低开销,为每个状态转换完整性检查带来0.0001秒,0.063s类似于网络物理上下文一致性检查的0.211s。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号