Diane Gan

Performance Evaluation of Cyber-Physical Intrusion Detection on a Robotic Vehicle

Intrusion detection systems designed for conventional computer systems and networks are not necessarily suitable for mobile cyber-physical systems, such as robots, drones and automobiles. They tend to be geared towards attacks of different nature and do not take into account mobility, energy consumption and other physical aspects that are vital to a mobile cyber-physical system. We have developed a decision tree-based method for detecting cyber attacks on a small-scale robotic vehicle using both cyber and physical features that can be measured by its on-board systems and processes. We evaluate it experimentally against a variety of scenarios involving denial of service, command injection and two types of malware attacks. We observe that the addition of physical features noticeably improves the detection accuracy for two of the four attack types and reduces the detection latency for all four.

A Review of Cyber Threats and Defence Approaches in Emergency Management

Emergency planners, first responders and relief workers increasingly rely on computational and communication systems that support all aspects of emergency management, from mitigation and preparedness to response and recovery. Failure of these systems, whether accidental or because of malicious action, can have severe implications for emergency management. Accidental failures have been extensively documented in the past and significant effort has been put into the development and introduction of more resilient technologies. At the same time researchers have been raising concerns about the potential of cyber attacks to cause physical disasters or to maximise the impact of one by intentionally impeding the work of the emergency services. Here, we provide a review of current research on the cyber threats to communication, sensing, information management and vehicular technologies used in emergency management. We emphasise on open issues for research, which are the cyber threats that have the potential to affect emergency management severely and for which solutions have not yet been proposed in the literature.

Physical indicators of cyber attacks against a rescue robot

Responding to an emergency situation is a challenging and time critical procedure. The primary goal is to save lives and this is directly related to the speed and efficiency at which help is provided to the victims. Rescue robots are able to benefit an emergency response procedure by searching for survivors, providing access to inaccessible areas and establishing an on-site communication network. This paper investigates how a cyber attack on a rescue robot can adversely affect its operation and impair an emergency response operation. The focus is on identifying physical indicators of an ongoing cyber attack, which can help to design more efficient detection and defense mechanisms. A number of experiments have been conducted on an Arduino based robot, under different cyber attack scenarios. The results show that the cyber attacks effects have physical features that can be used in order to improve the robots robustness against this type of threat.

Decision tree-based detection of denial of service and command injection attacks on robotic vehicles

Mobile cyber-physical systems, such as automobiles, drones and robotic vehicles, are gradually becoming attractive targets for cyber attacks. This is a challenge because intrusion detection systems built for conventional computer systems tend to be unsuitable. They can be too demanding for resource-restricted cyber-physical systems or too inaccurate due to the lack of real-world data on actual attack behaviours. Here, we focus on the security of a small remote-controlled robotic vehicle. Having observed that certain types of cyber attacks against it exhibit physical impact, we have developed an intrusion detection system that takes into account not only cyber input features, such as network traffic and disk data, but also physical input features, such as speed, physical jittering and power consumption. As the system is resource-restricted, we have opted for a decision tree-based approach for generating simple detection rules, which we evaluate against denial of service and command injection attacks. We observe that the addition of physical input features can markedly reduce the false positive rate and increase the overall accuracy of the detection.

Cyber Security Countermeasures to Combat Cyber Terrorism

In this chapter we first consider what constitutes cyber terrorism, to distinguish such events from other forms of cybercrime, and to establish a rationale for that distinction. We discuss some of the characteristics of cyber terrorist events in comparison with cybercriminal events, and the changes that have occurred, socially and technologically, that make such events both more likely and more damaging. We then go on to consider three key aspects of cyber terrorist attacks, cyber attacks on physical systems, malware specifically developed for such attacks, and insider threats to enable or support such attacks. Next, we look at the countermeasures that can be adopted by organizations and individuals to address such threats, highlighting the significant human component of such systems through the need for standards-based policies and protocols, good security hygiene, and the training of system users at all levels. We also consider some issues of physical systems upgrade, and some software measures that can be used to identify and isolate cyber threats. Finally, we consider the future in terms of the likely further growth of cyber terrorist events, and the threat they pose to critical infrastructure and the systems on which, socially and technologically, we increasingly rely.

A taxonomy of cyber attack and defence mechanisms for emergency management networks

Emergency management is increasingly dependent on networks for information gathering, coordination and physical system control, and consequently is increasingly vulnerable to network failures. A cyber attack could cause such network failures intentionally, so as to impede the work of first responders and maximise the impact of a physical emergency. We propose a taxonomy of existing and potential research that is relevant in this setting, covering attack types that have already occurred or are likely to occur, and defence mechanisms that are already in use or would be applicable.

Cloud-Based Cyber-Physical Intrusion Detection for Vehicles Using Deep Learning

Detection of cyber attacks against vehicles is of growing interest. As vehicles typically afford limited processing resources, proposed solutions are rule-based or lightweight machine learning techniques. We argue that this limitation can be lifted with computational offloading commonly used for resource-constrained mobile devices. The increased processing resources available in this manner allow access to more advanced techniques. Using as case study a small four-wheel robotic land vehicle, we demonstrate the practicality and benefits of offloading the continuous task of intrusion detection that is based on deep learning. This approach achieves high accuracy much more consistently than with standard machine learning techniques and is not limited to a single type of attack or the in-vehicle CAN bus as previous work. As input, it uses data captured in real-time that relate to both cyber and physical processes, which it feeds as time series data to a neural network architecture. We use both a deep multilayer perceptron and recurrent neural network architecture, with the latter benefitting from a long-short term memory hidden layer, which proves very useful for learning the temporal context of different attacks. We employ denial of service, command injection and malware as examples of cyber attacks that are meaningful for a robotic vehicle. The practicality of computation offloading depends on the resources afforded onboard and remotely, and the reliability of the communication means between them. Using detection latency as the criterion, we have developed a mathematical model to determine when computation offloading is beneficial given parameters related to the operation of the network and the processing demands of the deep learning model. The more reliable the network and the greater the processing demands, the greater the reduction in detection latency achieved through offloading.

An eye for deception: A case study in utilizing the human-as-a-security-sensor paradigm to detect zero-day semantic social engineering attacks

In a number of information security scenarios, human beings can be better than technical security measures at detecting threats. This is particularly the case when a threat is based on deception of the user rather than exploitation of a specific technical flaw, as is the case of spear-phishing, application spoofing, multimedia masquerading and other semantic social engineering attacks. Here, we put the concept of the human-as-a-security-sensor to the test with a first case study on a small number of participants subjected to different attacks in a controlled laboratory environment and provided with a mechanism to report these attacks if they spot them. A key challenge is to estimate the reliability of each report, which we address with a machine learning approach. For comparison, we evaluate the ability of known technical security countermeasures in detecting the same threats. This initial proof of concept study shows that the concept is viable.

Technology Perspective: Is Green IT a Threat to IT Security?

Industries are pushed by the regulations to reduce the CO2 footprint of their production lines. According to the latest statistics 3% of the CO2 footprint is generated by the IT industry. Currently a high percentage of the information being accessed by the users is produced and managed centrally. With the growth of data generation by users, e.g. social networking and YouTube websites, the storing and managing of the data will demand more energy on the networks.

Behaviour-Based Anomaly Detection of Cyber-Physical Attacks on a Robotic Vehicle

Security is one of the key challenges in cyberphysical systems, because by their nature, any cyber attack against them can have physical repercussions. This is a critical issue for autonomous vehicles; if compromised in terms of their communications or computation they can cause considerable physical damage due to their mobility. Our aim here is to facilitate the automatic detection of cyber attacks on a robotic vehicle. For this purpose, we have developed a detection mechanism, which monitors real-time data from a large number of sources onboard the vehicle, including its sensors, networks and processing. Following a learning phase, where the vehicle is trained in a non-attack state on what values are considered normal, it is then subjected to a series of different cyber-physical and physical-cyber attacks. We approach the problem as a binary classification problem of whether the robot is able to self-detect when and whether it is under attack. Our experimental results show that the approach is promising for most attacks that the vehicle is subjected to. We further improve its performance by using weights that accentuate the anomalies that are less common thus improving overall performance of the detection mechanism for unknown attacks.