ARTINALI#: An Efficient Intrusion Detection Technique for Resource-Constrained Cyber-Physical Systems

Abstract

Cyber-Physical Systems (CPSes) are integrated into security-critical infrastructures such as medical devices, autonomous vehicles and smart grids. Unfortunately, the pervasiveness and network accessibility of these systems and their relative lack of security measures make them attractive targets for attacks. This makes building Intrusion Detection System (IDS) for CPSes a necessity. However, detecting intrusions requires collecting information about a system’s internal workings; this can be expensive both in runtime and memory consumption. According to prior research, fine-grain monitoring of a CPS maximizes the chance of intrusion detection but incurs overhead that can exceed the resource constraints of these systems. The objective of this study is to propose a solution for adapting IDSes for deployment on resource-limited CPSes without losing detection accuracy.We propose ARTINALI#; a Bayesian-based search and score technique that identifies the critical points at which to instrument a CPS. Given a set of security monitors that observe run-time behavior of the system, a set of specifications that verify the correct behavior of the system, and statistics gathered from fault injection, ARTINALI# discovers a small set of locations and a rich set of specifications that yield full attack coverage with low (memory and time) overhead. We deploy ARTINALI# to construct an IDS for two CPSes: a smart meter and a smart artificial pancreas. We demonstrate that our technique reduces the number of security monitors by 64% on average, leading to 52% and 69% reductions in memory and runtime overhead respectively, while still detecting over 98% of emulated attacks, on average. ARTINALI# enables the IDSes to be applicable to a wide range of CPS systems with different resource capacities. In addition, it accelerates the attack detection process which is significantly essential for safety-critical systems.