A Model for Auditing Smart Intrusion Detection Systems (IDSs) and Log Analyzers in Cyber Physical Systems (CPSs)

Abstract

Suitable models that auditors can adopt to concurrently audit smart Intrusion Detection Systems (IDSs) and log analyzers in Cyber Physical Systems (CPSs) that are also founded on sound empirical claims are scarce. Recently, post-intrusion studies on the resilience of the above mechanisms and prevalence of intrusions in the above domains have shown that certain intrusions that can reduce the performance of smart IDSs can equally overwhelm log analyzers such that both mechanisms can gradually dwindle and suddenly stop working. Studies have also shown that several components of Cyber Physical Systems have unusual vulnerabilities. These key issues often increase cyber threats on data security and privacy of resources that many users can receive over Internet of a Thing (IoT). Dreadful intrusions on physical and computational components of Cyber Physical Systems can cause systemic reduction in global economy, quality of digital services and continue usage of smart toolkits that should support risk assessments and identification of strategies of intruders. Unfortunately, pragmatic studies on how to reduce the above problems are grossly inadequate. This chapter uses alerts from Snort and C++ programming language to practically explore the above issues and further proposes a feasible model for operators and researchers to lessen the above problems. Evaluation with real and synthetic datasets demonstrates that the capabilities and resilience of smart Intrusion Detection Systems (IDSs) to safeguard Cyber Physical Systems (CPSs) can be improved given a framework to facilitate audit of smart IDSs and log analyzers in Cyberspaces and knowledge of the variability in the lengths and components of alerts warned by Smart Intrusion Detection Systems (IDSs).