A Survey of Specification-based Intrusion Detection Techniques for Cyber-Physical Systems

Nweke, Livinus Obiora

doi:10.14569/ijacsa.2021.0120506

Cited by 8 publications

(10 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Section: Intrusion Detectionmentioning

confidence: 99%

“…The proliferation of different attack types in the network [5,10] and the growing increase in the exchange of data between devices pose the requirement to secure IoT networks and devices. Currently, there are different techniques to detect such attacks [7,8,[12][13][14], and Figure 2 presents the techniques involved in deploying and detecting intrusions or attacks in IDS. Anomaly-based IDS (AIDS) are designed to identify malicious activities by establishing a baseline of normal device or network behaviour and signalling any deviations as potential intrusions.…”

Section: Intrusion Detectionmentioning

confidence: 99%

“…Moreover, Umer et al [13] analyzed ML methods for intrusion detection across a 10-dimensional framework, evaluating their effectiveness in certain scenarios, pinpointing challenges, and suggesting areas for future research and enhancement. Concurrently, Nweke [14] thoroughly reviewed SPIDS techniques for Cyber-Physical Systems (CPS), classifying them by different characteristics, and provided insights into ongoing challenges and directions for future research, particularly in specification extraction and validation. Likewise, Zarpelão et al [15] examined IoT-based IDSs to discern trends, challenges, and future research opportunities, emphasizing strategies for IDS deployment, detection methodologies, security threats, and validation processes.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Insights into Modern Intrusion Detection Strategies for Internet of Things Ecosystems

Isong,

Kgote,

Abu-Mahfouz

2024

Electronics

View full text Add to dashboard Cite

The swift explosion of Internet of Things (IoT) devices has brought about a new era of interconnectivity and ease of use while simultaneously presenting significant security concerns. Intrusion Detection Systems (IDS) play a critical role in the protection of IoT ecosystems against a wide range of cyber threats. Despite research advancements, challenges persist in improving IDS detection accuracy, reducing false positives (FPs), and identifying new types of attacks. This paper presents a comprehensive analysis of recent developments in IoT, shedding light on detection methodologies, threat types, performance metrics, datasets, challenges, and future directions. We systematically analyze the existing literature from 2016 to 2023, focusing on both machine learning (ML) and non-ML IDS strategies involving signature, anomaly, specification, and hybrid models to counteract IoT-specific threats. The findings include the deployment models from edge to cloud computing and evaluating IDS performance based on measures such as accuracy, FP rates, and computational costs, utilizing various IoT benchmark datasets. The study also explores methods to enhance IDS accuracy and efficiency, including feature engineering, optimization, and cutting-edge solutions such as cryptographic and blockchain technologies. Equally, it identifies key challenges such as the resource-constrained nature of IoT devices, scalability, and privacy issues and proposes future research directions to enhance IoT-based IDS and overall ecosystem security.

show abstract

Section: Intrusion Detectionmentioning

confidence: 99%

Section: Intrusion Detectionmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Insights into Modern Intrusion Detection Strategies for Internet of Things Ecosystems

Isong,

Kgote,

Abu-Mahfouz

2024

Electronics

View full text Add to dashboard Cite

show abstract

“…It can base its operation on different modalities, the most common of them are: (i) anomaly-based, according to which it classifies the network activities based on a rules/heuristic-based strategy, then by analyzing their behavior instead querying a database of known patterns [25]; (ii) signature-based, where the new network activity pattern is compared to the known patterns stored in a database, and it is classified based on the basis of this comparison process [26]; (iii) specification-based, according to which the system inspects the involved protocols to detect anomalous sequences that may refer to an attack in progress [27]; (iv) hybrid-based, which does not represent a pure modality but a combination of the previous ones [28].…”

Section: Background and Related Workmentioning

confidence: 99%

Leveraging the Training Data Partitioning to Improve Events Characterization in Intrusion Detection Systems

Saia,

Carta,

Fenu

et al. 2023

JAIT

View full text Add to dashboard Cite

The ever-increasing use of services based on computer networks, even in crucial areas unthinkable until a few years ago, has made the security of these networks a crucial element for anyone, also in consideration of the increasingly sophisticated techniques and strategies available to attackers. In this context, Intrusion Detection Systems (IDSs) play a primary role since they are responsible for analyzing and classifying each network activity as legitimate or illegitimate, allowing us to take the necessary countermeasures at the appropriate time. However, these systems are not infallible due to several reasons, the most important of which are the constant evolution of the attacks (e.g., zero-day attacks) and the problem that many of the attacks have behavior similar to those of legitimate activities, and therefore they are very hard to identify. This work relies on the hypothesis that the subdivision of the training data used for the IDS classification model definition into a certain number of partitions, in terms of events and features, can improve the characterization of the network events, improving the system performance. The non-overlapping data partitions train independent classification models, classifying the event according to a majority-voting rule. A series of experiments conducted on a benchmark real-world dataset support the initial hypothesis, showing a performance improvement with respect to a canonical training approach.

show abstract

“…When sufficient information about a system's behaviors is not available, a specification source is developed by simulation. This source is then used to identify intrusions by monitoring the deviation of system behaviors from simulated attack-free specifications [128].…”

Section: ) Traditional Idssmentioning

confidence: 99%

Cyber-Security of Industrial Internet of Things in Electric Power Systems

2022

View full text Add to dashboard Cite

Electric Power Systems (EPSs) are among the most critical infrastructures of any society, since they significantly impact other infrastructures. Recently, there has been a trend toward implementing modern technologies, such as Industrial Internet of Things (IIoT), in EPSs to enhance their real-time monitoring, control, situational awareness, and intelligence. This movement, however, has exposed EPSs to various cyber intrusions that originate from the IIoT ecosystem. Statistics show that 38% of reported attacks have been against power and water infrastructure, and so far at least 91% of power utilities have experienced a cyber-attack. The cyber-security problem is even more severe for IIoT applications in EPSs due to the vulnerabilities and resource limitations of such applications. Thus, based on the above statistics, it is necessary to investigate the vulnerabilities of IIoT-based applications in EPSs, identify probable attacks and their consequences, and develop intrusion prevention and detection approaches to secure IIoT systems. On this basis, this paper first elaborates on the applications of IIoT-based systems in EPSs, and evaluates their security challenges. Afterwards, it comprehensively reviews various cyber-attacks against IIoT-assisted EPSs, with a particular focus on attack entry points and adversarial methods. Finally, efforts to prevent cyber-intrusions against IIoT systems in EPSs are explained, and different attack detection techniques are discussed.INDEX TERMS Cyber-attacks, cyber-security, electric power systems, industrial internet of things, intrusion detection systems. I. TRANSFORMATION OF IOT TO IIOT

show abstract

A Survey of Specification-based Intrusion Detection Techniques for Cyber-Physical Systems

Cited by 8 publications

References 32 publications

Insights into Modern Intrusion Detection Strategies for Internet of Things Ecosystems

Insights into Modern Intrusion Detection Strategies for Internet of Things Ecosystems

Leveraging the Training Data Partitioning to Improve Events Characterization in Intrusion Detection Systems

Cyber-Security of Industrial Internet of Things in Electric Power Systems

Contact Info

Product

Resources

About