CORGIDS: A Correlation-based Generic Intrusion Detection System

Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy Pub Date : 2018-01-15 DOI:10.1145/3264888.3264893

Ekta Aggarwal, Mehdi Karimibiuki, K. Pattabiraman, A. Ivanov

{"title":"CORGIDS: A Correlation-based Generic Intrusion Detection System","authors":"Ekta Aggarwal, Mehdi Karimibiuki, K. Pattabiraman, A. Ivanov","doi":"10.1145/3264888.3264893","DOIUrl":null,"url":null,"abstract":"Cyber-physical systems (CPS) consist of software and physical components which are knitted together and interact with each other continuously. CPS have been targets of security attacks due to their safety-critical nature and relative lack of protection. Specification based intrusion detection systems (IDS) using data, temporal, data temporal and time, and logical correlations have been proposed in the past. But none of the approaches except the ones using logical correlations take into account the main ingredient in the operation of CPS, namely the use of physical properties. On the other hand, IDS that use physical properties either require the developer to define invariants manually, or have designed their IDS for a specific CPS. This paper proposes CORGIDS, a generic IDS capable of detecting security attacks by inferring the logical correlations of the physical properties of a CPS, and checking if they adhere to the predefined framework. We build a CORGIDS-based prototype and demonstrate its use for detecting attacks in the two CPS. We find that CORGIDS achieves a precision of 95.70%, and a recall of 87.90%, with modest memory and performance overheads.","PeriodicalId":247918,"journal":{"name":"Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy","volume":"113 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3264888.3264893","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 17

Abstract

Cyber-physical systems (CPS) consist of software and physical components which are knitted together and interact with each other continuously. CPS have been targets of security attacks due to their safety-critical nature and relative lack of protection. Specification based intrusion detection systems (IDS) using data, temporal, data temporal and time, and logical correlations have been proposed in the past. But none of the approaches except the ones using logical correlations take into account the main ingredient in the operation of CPS, namely the use of physical properties. On the other hand, IDS that use physical properties either require the developer to define invariants manually, or have designed their IDS for a specific CPS. This paper proposes CORGIDS, a generic IDS capable of detecting security attacks by inferring the logical correlations of the physical properties of a CPS, and checking if they adhere to the predefined framework. We build a CORGIDS-based prototype and demonstrate its use for detecting attacks in the two CPS. We find that CORGIDS achieves a precision of 95.70%, and a recall of 87.90%, with modest memory and performance overheads.

查看原文本刊更多论文

corgid:一个基于关联的通用入侵检测系统

信息物理系统(CPS)由软件和物理组件组成，它们编织在一起并不断相互作用。由于其安全关键的性质和相对缺乏保护，CPS一直是安全攻击的目标。过去已经提出了基于规范的入侵检测系统(IDS)，该系统使用数据、时间、数据时间和时间以及逻辑相关性。但是，除了使用逻辑相关性的方法外，其他方法都没有考虑到CPS操作中的主要成分，即物理性质的使用。另一方面，使用物理属性的IDS要么要求开发人员手动定义不变量，要么为特定的CPS设计IDS。本文提出了CORGIDS，一种能够通过推断CPS物理属性的逻辑相关性并检查它们是否遵循预定义框架来检测安全攻击的通用IDS。我们构建了一个基于corgid的原型，并演示了它在两个CPS中检测攻击的用途。我们发现CORGIDS的准确率为95.70%，召回率为87.90%，内存和性能开销适中。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy

自引率

0.00%

发文量