Attack-Detection Architectural Framework Based on Anomalous Patterns of System Performance and Resource Utilization—Part II

Abstract

This paper presents a unique security approach for detecting cyber-attacks against embedded systems (ESs). The proposed approach has been shaped within an architectural framework called anomalous resource consumption detection (ARCD). The approach’s detection mechanism detects cyber-attacks by distinguishing anomalous performance and resource consumption patterns from a pre-determinable reference model. The defense mechanism of this approach acts as an additional layer of protection for ESs. This technique’s effectiveness was previously evaluated statistically, and in this paper, we tested this approach’s efficiency computationally by using the support-vector machine algorithm. The datasets were generated and collected based on a testbed model, where it was run repeatedly under different operation conditions (normal cases (Rs) versus attacked cases). The executed attack scenarios are 1) denial-of-service (DoS); 2) brute force (BF); and 3) remote code execution (RCE), and man-in-the-middle (MITM). A septenary tuple model, which consists of seven determinants that are analyzed based on seven statistical criteria, is the core of the detection mechanism. The prediction accuracy in terms of classifying anomalous patterns compared to normal patterns based on the confusion matrix revealed promising results, proving this approach’s effectiveness, where the final results confirmed very high prediction accuracies in terms of distinguishing anomalous patterns from the typical patterns. Integrating the ARCD concept into an operating system’s functionality could help software developers augment the existing security countermeasures of ESs. Adopting the ARCD approach will pave the way for software engineers to build more secure operating systems in line with the embedded system’s capabilities, without depleting its resources.