Cybersecurity of embedded systems a novel approach for detecting cyberattacks based on anomalous patterns of resource utilisation
| dc.contributor.advisor | Al-Rubaye, Saba | |
| dc.contributor.advisor | Zolotas, Argyrios | |
| dc.contributor.author | Aloseel, Abdulmohsan | |
| dc.date.accessioned | 2024-09-03T16:35:38Z | |
| dc.date.available | 2024-09-03T16:35:38Z | |
| dc.date.freetoread | 2024-09-03 | |
| dc.date.issued | 2022-01 | |
| dc.description | Zolotas, Argyrios - Associate Supervisor | |
| dc.description.abstract | An embedded system (ES) is a processing unit that has been embedded into a larger cyber-physical system (CPS) to steer its functions. The ES has played an essential role in modern life, where it has been used widely in sensing, controlling and computing for countless applications in different domains, such as the internet of things (IoT), smart cities, healthcare, transportation, communication, military, transportation, gas distribution, avionics and national infrastructures. Due to its widespread application in different domains and its evolution in conjunction with many key technologies, it is crucial that these systems are secured against cyberattacks as the ES has the same generic security goals – confidentiality, integrity and availability – as conventional computer systems. Although the ES is exposed to the numerous and unpredicted security threats that are experienced by conventional computer systems, it is significantly limited in its ability to manage the advanced security solutions that are implemented on conventional computer systems. The limitations in resources of the ES, due to its identity or characteristics, impose tight constraints on both its communication and computing capacity, thereby hindering the implementation of advanced security solutions. Thus, the cybersecurity of an ES is limited by constraints on its resources rather than by the absence of advanced security solutions. There is an urgent need, therefore, to develop security solutions that are compatible with the capabilities of the ES. This study tried to bridge the gap by addressing both theoretical and empirical aspects of ES cybersecurity. The study can be divided into three main blocks. The first block identifies the key factors, involved parties or entities, and creates the cybersecurity landscape for embedded systems (CSES), while considering the conflict between the requirements for cybersecurity and the computing capabilities of an ESs. Additionally, twelve factors influencing CSES have been extracted and identified based on the direction of the research. These factors have been used to shape a multiple layers feedback framework of embedded system cybersecurity (MuLFESC), with nine layers of protection. It has been developed in line with an expanded model of risk assessment metrics, which will enable cybersecurity practitioners to evaluate the security countermeasures of their systems and assist in the development of more comprehensive solutions for CSES. A novel security approach, called anomalous resource consumption detection (ARCD), was developed in the second block of this study. This involved the design of a testbed to provide a realistic hardware-software environment to analyse an example application of an ES. A Smart PiCar was run repeatedly under different operational conditions – typical conditions and under attack. The data of seven designated parameters based on seven statistical criteria was analysed to measure the range, pattern of performance and resource utilisation. The results from this statistical analysis demonstrated the potential for defining a standard pattern for the resource utilisation and performance of the embedded system due to a significant similarity with the values of the parameters at normal states. In contrast, the results from the attacked cases showed a definite and detectable impact on the consumption and performance of the resources of the ES, which presented anomalous patterns. The ARCD method can be implemented as an additional layer of protection to detect cyber-attacks in an ES, where a septenary tuple model, consisting of seven parameters, is the core of the detection mechanism. In the final block, the ARCD approach has been placed within an architectural framework, which may pave the way for software engineers to build secure operating systems in line with the capabilities of the ES. The architectural framework was developed after the efficiency of the approach was computationally validated by machine learning. This involved the design of a classifier and predictor model to find the predictive accuracy percentage in terms of separating patterns of anomalous performance and resource utilisation from the typical pattern. Based on the confusion matrix, the prediction accuracy for classifying anomalous patterns compared with default patterns revealed promising results, thus proving the effectiveness of the ARCD approach. The results confirmed very high prediction accuracies as regards distinguishing anomalous patterns from the typical patterns. | |
| dc.description.coursename | PhD in Aerospace | |
| dc.identifier.uri | https://dspace.lib.cranfield.ac.uk/handle/1826/22881 | |
| dc.language.iso | en | |
| dc.publisher | Cranfield University | |
| dc.publisher.department | SATM | |
| dc.rights | © Cranfield University, 2022. All rights reserved. No part of this publication may be reproduced without the written permission of the copyright holder. | |
| dc.subject | Anomalous detection | |
| dc.subject | Anomalous Resource Consumption Detection | |
| dc.subject | ARCD approach | |
| dc.subject | Brute-force attack | |
| dc.subject | Cybersecurity of embedded system | |
| dc.subject | Denial-of- service attack | |
| dc.subject | Embedded system | |
| dc.subject | Machine learning | |
| dc.subject | Risk assessment | |
| dc.subject | Security framework | |
| dc.title | Cybersecurity of embedded systems a novel approach for detecting cyberattacks based on anomalous patterns of resource utilisation | |
| dc.type | Thesis | |
| dc.type.qualificationlevel | Doctoral | |
| dc.type.qualificationname | PhD |