From system specification to anomaly detection (and back)

D. Fauri, D.R. Dos Santos, Elisa Costante, J.J. den Hartog, S. Etalle, S. Tonetta

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

8 Citaten (Scopus)
3 Downloads (Pure)

Samenvatting

Industrial control systems have stringent safety and security demands. High safety assurance can be obtained by specifying the system with possible faults and monitoring it to ensure these faults are properly addressed. Addressing security requires considering unpredictable attacker behavior. Anomaly detection, with its data driven approach, can detect simple unusual behavior and system-based attacks like the propagation of malware; on the other hand, anomaly detection is less suitable to detect more complex process-based attacks and it provides little actionability in presence of an alert. The alternative to anomaly detection is to use specification-based intrusion detection, which is more suitable to detect process-based attacks, but is typically expensive to set up and less scalable. We propose to combine a lightweight formal system specification with anomaly detection, providing data-driven monitoring. The combination is based on mapping elements of the specification to elements of the network traffic. This allows extracting locations to monitor and relevant context information from the formal specification, thus semantically enriching the raised alerts and making them actionable. On the other hand, it also allows under-specification of data-based properties in the formal model; some predicates can be left uninterpreted and the monitoring can be used to learn a model for them. We demonstrate our methodology on a smart manufacturing use case
Originele taal-2Engels
TitelCPS'17 : Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, 3 November 2017, Dallas, Texas
Plaats van productieNew York
UitgeverijAssociation for Computing Machinery, Inc
Pagina's13-24
Aantal pagina's12
ISBN van elektronische versie978-1-4503-5394-6
ISBN van geprinte versie978-1-4503-5394-6
DOI's
StatusGepubliceerd - 3 nov 2017
EvenementCPS '17, 2017 Workshop on Cyber-Physical Systems Security and Privacy
- Dallas, Texas
Duur: 3 nov 20173 nov 2017

Congres

CongresCPS '17, 2017 Workshop on Cyber-Physical Systems Security and Privacy
Verkorte titelCPS'17
StadDallas, Texas
Periode3/11/173/11/17

    Vingerafdruk

Citeer dit

Fauri, D., Dos Santos, D. R., Costante, E., den Hartog, J. J., Etalle, S., & Tonetta, S. (2017). From system specification to anomaly detection (and back). In CPS'17 : Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, 3 November 2017, Dallas, Texas (blz. 13-24). New York: Association for Computing Machinery, Inc. https://doi.org/10.1145/3140241.3140250