Attack-detection architectural framework based on anomalous patterns of system performance and resource utilization - Part II

Date published

2021-06-11

Free to read from

Supervisor/s

Journal Title

Journal ISSN

Volume Title

Publisher

IEEE

Department

Type

Article

ISSN

2169-3536

Format

Citation

Aloseel A, Al-Rubaye S, Zolotas A, Shaw C. (2021) Attack-detection architectural framework based on anomalous patterns of system performance and resource utilization - Part II, IEEE Access, Volume 9, pp. 87611-87629

Abstract

This paper presents a unique security approach for detecting cyber-attacks against embedded systems (ESs). The proposed approach has been shaped within an architectural framework called anomalous resource consumption detection (ARCD). The approach’s detection mechanism detects cyber-attacks by distinguishing anomalous performance and resource consumption patterns from a pre-determinable reference model. The defense mechanism of this approach acts as an additional layer of protection for ESs. This technique’s effectiveness was previously evaluated statistically, and in this paper, we tested this approach’s efficiency computationally by using the support-vector machine algorithm. The datasets were generated and collected based on a testbed model, where it was run repeatedly under different operation conditions (normal cases (Rs) versus attacked cases). The executed attack scenarios are 1) denial-of-service (DoS); 2) brute force (BF); and 3) remote code execution (RCE), and man-in-the-middle (MITM). A septenary tuple model, which consists of seven determinants that are analyzed based on seven statistical criteria, is the core of the detection mechanism. The prediction accuracy in terms of classifying anomalous patterns compared to normal patterns based on the confusion matrix revealed promising results, proving this approach’s effectiveness, where the final results confirmed very high prediction accuracies in terms of distinguishing anomalous patterns from the typical patterns. Integrating the ARCD concept into an operating system’s functionality could help software developers augment the existing security countermeasures of ESs. Adopting the ARCD approach will pave the way for software engineers to build more secure operating systems in line with the embedded system’s capabilities, without depleting its resources.

Description

Software Description

Software Language

Github

Keywords

Anomalous detection, cybersecurity, embedded systems, machine learning, support vector machine algorithm, anomalous resource consumption detection framework

DOI

Rights

Attribution-NonCommercial-NoDerivatives 4.0 International

Relationships

Relationships

Supplements

Funder/s