Distributed Resilient Control of Operator-Vehicle Networks under Cyber Attacks

2016 ◽  
pp. 263-294
Keyword(s):  
Cyber Attacks ◽  
Resilient Control ◽  
Vehicle Networks

Conducting Forensic Investigations of Cyber Attacks on Automobile In-Vehicle Networks

2010 ◽  
pp. 647-660 ◽  
Author(s):  
Dennis K. Nilsson ◽  
Ulf E. Larson
Keyword(s):  
Data Collection ◽  
Cyber Attacks ◽  
Entry Point ◽  
Forensic Investigation ◽  
Digital Forensic ◽  
Event Reconstruction ◽  
Vehicle Networks ◽  
Digital Investigation ◽  
Investigation Process ◽  
Vehicle Network

The introduction of a wireless gateway as an entry point to the automobile in-vehicle network reduces the effort of performing diagnostics and firmware updates considerably. Unfortunately, the same gateway also allows cyber attacks to target the unprotected network which currently lacks proper means for detecting and investigating security-related events. In this article, we discuss how to perform a digital forensic investigation of an in-vehicle network. An analysis of the current features of the network is performed, and an attacker model is developed. Based on the attacker model and a set of generally accepted forensic investigation principles, we derive a list of requirements for detection, data collection, and event reconstruction. We then use the Integrated Digital Investigation Process proposed by Carrier and Spafford (2004) as a template to illustrate how our derived requirements affect an investigation. For each phase of the process, we show the benefits of meeting the requirements and the implications of not complying with them.

scholarly journals LATTE: L STM Self- Att ention based Anomaly Detection in E mbedded Automotive Platforms

2021 ◽  
Vol 20 (5s) ◽  
pp. 1-23
Author(s):  
Vipin Kumar Kukkala ◽  
Sooryaa Vignesh Thiruloga ◽  
Sudeep Pasricha
Keyword(s):  
Anomaly Detection ◽  
Short Term Memory ◽  
Detailed Comparison ◽  
Cyber Attacks ◽  
Area Network ◽  
Automotive Applications ◽  
Distributed Embedded Systems ◽  
Detection Scheme ◽  
Design Time ◽  
Vehicle Networks

Modern vehicles can be thought of as complex distributed embedded systems that run a variety of automotive applications with real-time constraints. Recent advances in the automotive industry towards greater autonomy are driving vehicles to be increasingly connected with various external systems (e.g., roadside beacons, other vehicles), which makes emerging vehicles highly vulnerable to cyber-attacks. Additionally, the increased complexity of automotive applications and the in-vehicle networks results in poor attack visibility, which makes detecting such attacks particularly challenging in automotive systems. In this work, we present a novel anomaly detection framework called LATTE to detect cyber-attacks in Controller Area Network (CAN) based networks within automotive platforms. Our proposed LATTE framework uses a stacked Long Short Term Memory (LSTM) predictor network with novel attention mechanisms to learn the normal operating behavior at design time. Subsequently, a novel detection scheme (also trained at design time) is used to detect various cyber-attacks (as anomalies) at runtime. We evaluate our proposed LATTE framework under different automotive attack scenarios and present a detailed comparison with the best-known prior works in this area, to demonstrate the potential of our approach.

Conducting Forensic Investigations of Cyber Attacks on Automobile In-Vehicle Networks

2011 ◽  
pp. 115-128
Author(s):  
Dennis K. Nilsson ◽  
Ulf E. Larson
Keyword(s):  
Data Collection ◽  
Cyber Attacks ◽  
Entry Point ◽  
Forensic Investigation ◽  
Digital Forensic ◽  
Event Reconstruction ◽  
Vehicle Networks ◽  
Digital Investigation ◽  
Investigation Process ◽  
Vehicle Network

The introduction of a wireless gateway as an entry point to the automobile in-vehicle network reduces the effort of performing diagnostics and firmware updates considerably. Unfortunately, the same gateway also allows cyber attacks to target the unprotected network which currently lacks proper means for detecting and investigating security-related events. In this article, we discuss how to perform a digital forensic investigation of an in-vehicle network. An analysis of the current features of the network is performed, and an attacker model is developed. Based on the attacker model and a set of generally accepted forensic investigation principles, we derive a list of requirements for detection, data collection, and event reconstruction. We then use the Integrated Digital Investigation Process proposed by Carrier and Spafford (2004) as a template to illustrate how our derived requirements affect an investigation. For each phase of the process, we show the benefits of meeting the requirements and the implications of not complying with them.

Resilient control of switched systems in conditions of input delay and cyber attacks

2019 ◽  
Vol 41 (14) ◽  
pp. 4001-4012
Author(s):  
Maryam Fattahi ◽  
Ahmad Afshar
Keyword(s):  
Switched Systems ◽  
Control Strategies ◽  
Functional Method ◽  
Cyber Attacks ◽  
Input Delay ◽  
Control Block ◽  
Resilient Control ◽  
Uniformly Ultimately Bounded ◽  
The Subject ◽  
Security Bound

The subject of this article is to propose novel resilient control strategies for switched systems in conditions of input delay and cyber-attacks. At first it is assumed that the attacker can access the sensor of the system and consequently injects unknown false data to the sensor. Next, it is assumed that attacker can access the control block channel and consequently injects unknown nonlinear false data to the controller and also simultaneously can access the actuator, resulting in the loss of effectiveness of the actuator. In such conditions, novel resilient control strategies are proposed to keep the performance of the attacked system up to a reasonable security bound. To achieve resilience in such conditions, Lyapunov–Krasovskii functional method is applied to show the uniformly ultimately bounded behavior of the system. Finally, for an evaluating approach, two illustrative examples will be solved.

Intrusion Detection and Resilient Control for SCADA Systems

2013 ◽  
pp. 352-383 ◽  
Author(s):  
Bonnie Zhu ◽  
Shankar Sastry
Keyword(s):  
Intrusion Detection ◽  
Cyber Security ◽  
Recursive Algorithm ◽  
State Space Model ◽  
Stopping Time ◽  
Cyber Attacks ◽  
Ratio Test ◽  
Resilient Control ◽  
Detection Techniques ◽  
Scada Systems

Designed without cyber security in mind, most existing Supervisory Control And Data Acquisition (SCADA) systems make it a big challenge to modify the conventional Information Technology (IT) intrusion detection techniques, both to counter the threat of cyber attacks due to their standardization and connectivity to the Internet, and to achieve resilient control without fully retrofitting. The author presents a taxonomy and a set of metrics of SCAD-specific intrusion detection techniques by heightening their possible use in addition to explaining the nuance associated with such task and enumerating Intrusion Detection Systems (IDS) that have been proposed to undertake this endeavor. She identifies the deficits and voids in current research and offers recommendations on which strategies are most likely to succeed, in part through presenting a prototype of her efforts towards this goal. Specifically, she introduces an early anomaly detection and resilient estimation scheme consisting of a robust online recursive algorithm, which is based on the Kalman Filter in a state space model setting. This online window limited Robust Generalized Likelihood Ratio Test (RGLRT) that the author proposes identifies and detects outliers among real-time multidimensional measurements of dynamical systems without any a priori knowledge of the occurrence time or distribution of the outliers. It attains a low detection delay and an optimal stopping time that yields low rates in false alarm and miss detection while maintaining the optimal online estimation performance under normal conditions. The author proposes a set of qualitative and quantitative metric to measure its optimality in the context of cyber-physical systems.

Sign in / Sign up

Export Citation Format

Share Document