Akowuah, Francis, Kong, Fanxin.
2021.
Real-Time Adaptive Sensor Attack Detection in Autonomous Cyber-Physical Systems. 2021 IEEE 27th Real-Time and Embedded Technology and Applications Symposium (RTAS). :237—250.
Cyber-Physical Systems (CPS) tightly couple information technology with physical processes, which rises new vulnerabilities such as physical attacks that are beyond conventional cyber attacks. Attackers may non-invasively compromise sensors and spoof the controller to perform unsafe actions. This issue is even emphasized with the increasing autonomy in CPS. While this fact has motivated many defense mechanisms against sensor attacks, a clear vision on the timing and usability (or the false alarm rate) of attack detection still remains elusive. Existing works tend to pursue an unachievable goal of minimizing the detection delay and false alarm rate at the same time, while there is a clear trade-off between the two metrics. Instead, we argue that attack detection should bias different metrics when a system sits in different states. For example, if the system is close to unsafe states, reducing the detection delay is preferable to lowering the false alarm rate, and vice versa. To achieve this, we make the following contributions. In this paper, we propose a real-time adaptive sensor attack detection framework. The framework can dynamically adapt the detection delay and false alarm rate so as to meet a detection deadline and improve the usability according to different system status. The core component of this framework is an attack detector that identifies anomalies based on a CUSUM algorithm through monitoring the cumulative sum of difference (or residuals) between the nominal (predicted) and observed sensor values. We augment this algorithm with a drift parameter that can govern the detection delay and false alarm. The second component is a behavior predictor that estimates nominal sensor values fed to the core component for calculating the residuals. The predictor uses a deep learning model that is offline extracted from sensor data through leveraging convolutional neural network (CNN) and recurrent neural network (RNN). The model relies on little knowledge of the system (e.g., dynamics), but uncovers and exploits both the local and complex long-term dependencies in multivariate sequential sensor measurements. The third component is a drift adaptor that estimates a detection deadline and then determines the drift parameter fed to the detector component for adjusting the detection delay and false alarms. Finally, we implement the proposed framework and validate it using realistic sensor data of automotive CPS to demonstrate its efficiency and efficacy.
ERÇİN, Mehmet Serhan, YOLAÇAN, Esra Nergis.
2021.
A system for redicting SQLi and XSS Attacks. 2021 International Conference on Information Security and Cryptology (ISCTURKEY). :155—160.
In this study, it is aimed to reduce False-Alarm levels and increase the correct detection rate in order to reduce this uncertainty. Within the scope of the study, 13157 SQLi and XSS type malicious and 10000 normal HTTP Requests were used. All HTTP requests were received from the same web server, and it was observed that normal requests and malicious requests were close to each other. In this study, a novel approach is presented via both digitization and expressing the data with words in the data preprocessing stages. LSTM, MLP, CNN, GNB, SVM, KNN, DT, RF algorithms were used for classification and the results were evaluated with accuracy, precision, recall and F1-score metrics. As a contribution of this study, we can clearly express the following inferences. Each payload even if it seems different which has the same impact maybe that we can clearly view after the preprocessing phase. After preprocessing we are calculating euclidean distances which brings and gives us the relativity between expressions. When we put this relativity as an entry data to machine learning and/or deep learning models, perhaps we can understand the benign request or the attack vector difference.