Time-based intrusion detection in cyber-physical systems

Zimmer, Christopher; Bhat, Balasubramanya; Mueller, Frank; Mohan, Sibin

doi:10.1145/1795194.1795210

Cited by 92 publications

(45 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Carcano, et al [6] propose a specification based IDS that extends [15]; it distinguishes faults from attacks, describes a language to express a CPS specification, and establishes a critical state distance metric. Zimmer, et al [29] study a specification based IDS that instruments a target application, and uses a scheduler to confirm timing analysis results. Our work is also specification based.…”

Section: Introductionmentioning

confidence: 99%

Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems

2013

View full text Add to dashboard Cite

Abstract-In this paper we analyze the effect of intrusion detection and response on the reliability of a cyber physical system (CPS) comprised of sensors, actuators, control units, and physical objects for controlling and protecting a physical infrastructure. We develop a probability model based on stochastic Petri nets to describe the behavior of the CPS in the presence of both malicious nodes exhibiting a range of attacker behaviors, and an intrusion detection and response system (IDRS) for detecting and responding to malicious events at runtime. Our results indicate that adjusting detection and response strength in response to attacker strength and behavior detected can significantly improve the reliability of the CPS. We report numerical data for a CPS subject to persistent, random and insidious attacks with physical interpretations given.

show abstract

Section: Introductionmentioning

confidence: 99%

Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems

2013

View full text Add to dashboard Cite

show abstract

“…Host-Based Audit. Many IDSs Mitchell and Chen 2011, 2013d, 2013cLauf et al 2010;He and Blum 2011;Zhang et al 2011bZhang et al , 2011aAsfaw et al 2010;Carcano et al 2011;Zimmer et al 2010;Mitchell and Chen 2012b, 2012a, 2013b, 2013a that use host-based auditing analyze logs maintained by a node or other audit data, such as file system details, to determine if it is compromised. One major advantage of using host-based auditing is distributed control; this is attractive for high-volume configurations like smart grids.…”

Section: Audit Materialsmentioning

confidence: 99%

“…This paper addresses three of the unique aspects of CPS. Zimmer et al [2010] propose a behavior-specification-based approach to intrusion detection for smart utility (power) applications called T-Rex. T-Rex uses host-based auditing.…”

Section: Behavior Specification/hostmentioning

confidence: 99%

A survey of intrusion detection techniques for cyber-physical systems

2014

View full text Add to dashboard Cite

Pervasive healthcare systems, smart grids, and unmanned aircraft systems are examples of Cyber-Physical Systems (CPSs) that have become highly integrated in the modern world. As this integration deepens, the importance of securing these systems increases. In order to identify gaps and propose research directions in CPS intrusion detection research, we survey the literature of this area. Our approach is to classify modern CPS Intrusion Detection System (IDS) techniques based on two design dimensions: detection technique and audit material. We summarize advantages and drawbacks of each dimension's options. We also summarize the most and least studied CPS IDS techniques in the literature and provide insight on the effectiveness of IDS techniques as they apply to CPSs. Finally, we identify gaps in CPS IDS research and suggest future research areas.

show abstract

“…Christopher Zimmer, et al, in [71] present three mechanisms for time-based intrusion detection to detect the execution of unauthorized instructions in real-time CPS environments and develop techniques to detect intrusions in a self-checking manner by application and through the operating system scheduler.…”

confidence: 99%