Attack-Detection Architectural Framework Based on Anomalous Patterns of System Performance and Resource Utilization—Part II

Attack-Detection Architectural Framework Based on Anomalous Patterns of System Performance and Resource Utilization—Part II

This paper presents a unique security approach for detecting cyber-attacks against embedded systems (ESs). The proposed approach has been shaped within an architectural framework called anomalous resource consumption detection (ARCD). The approach’s detection mechanism detects cyber-attac...

Full description

Bibliographic Details
Main Authors: Abdulmohsan Aloseel, Saba Al-Rubaye, Argyrios Zolotas, Carl Shaw
Format: Article
Language:English
Published: IEEE 2021-01-01
Series:IEEE Access
Subjects:
Anomalous detection
cybersecurity
embedded systems
machine learning
support vector machine algorithm
anomalous resource consumption detection framework
Online Access:https://ieeexplore.ieee.org/document/9452153/
id doaj-d706c1d74ff149be9ffc8d8fe6b80ffe
record_format Article
spelling doaj-d706c1d74ff149be9ffc8d8fe6b80ffe2021-07-26T23:00:26ZengIEEEIEEE Access2169-35362021-01-019876118762910.1109/ACCESS.2021.30884119452153Attack-Detection Architectural Framework Based on Anomalous Patterns of System Performance and Resource Utilization—Part IIAbdulmohsan Aloseel0https://orcid.org/0000-0002-2182-4135Saba Al-Rubaye1https://orcid.org/0000-0003-3293-904XArgyrios Zolotas2https://orcid.org/0000-0002-2829-1298Carl Shaw3https://orcid.org/0000-0002-0517-3379School of Aerospace, Transport and Manufacturing (SATM), Cranfield University, Bedford, U.K.School of Aerospace, Transport and Manufacturing (SATM), Cranfield University, Bedford, U.K.School of Aerospace, Transport and Manufacturing (SATM), Cranfield University, Bedford, U.K.Cerberus Security Laboratories Ltd., Bristol, U.K.This paper presents a unique security approach for detecting cyber-attacks against embedded systems (ESs). The proposed approach has been shaped within an architectural framework called anomalous resource consumption detection (ARCD). The approach’s detection mechanism detects cyber-attacks by distinguishing anomalous performance and resource consumption patterns from a pre-determinable reference model. The defense mechanism of this approach acts as an additional layer of protection for ESs. This technique’s effectiveness was previously evaluated statistically, and in this paper, we tested this approach’s efficiency computationally by using the support-vector machine algorithm. The datasets were generated and collected based on a testbed model, where it was run repeatedly under different operation conditions (normal cases (Rs) versus attacked cases). The executed attack scenarios are 1) denial-of-service (DoS); 2) brute force (BF); and 3) remote code execution (RCE), and man-in-the-middle (MITM). A septenary tuple model, which consists of seven determinants that are analyzed based on seven statistical criteria, is the core of the detection mechanism. The prediction accuracy in terms of classifying anomalous patterns compared to normal patterns based on the confusion matrix revealed promising results, proving this approach’s effectiveness, where the final results confirmed very high prediction accuracies in terms of distinguishing anomalous patterns from the typical patterns. Integrating the ARCD concept into an operating system’s functionality could help software developers augment the existing security countermeasures of ESs. Adopting the ARCD approach will pave the way for software engineers to build more secure operating systems in line with the embedded system’s capabilities, without depleting its resources.https://ieeexplore.ieee.org/document/9452153/Anomalous detectioncybersecurityembedded systemsmachine learningsupport vector machine algorithmanomalous resource consumption detection framework
collection DOAJ
language English
format Article
sources DOAJ
author Abdulmohsan Aloseel
Saba Al-Rubaye
Argyrios Zolotas
Carl Shaw
spellingShingle Abdulmohsan Aloseel
Saba Al-Rubaye
Argyrios Zolotas
Carl Shaw
Attack-Detection Architectural Framework Based on Anomalous Patterns of System Performance and Resource Utilization—Part II
IEEE Access
Anomalous detection
cybersecurity
embedded systems
machine learning
support vector machine algorithm
anomalous resource consumption detection framework
author_facet Abdulmohsan Aloseel
Saba Al-Rubaye
Argyrios Zolotas
Carl Shaw
author_sort Abdulmohsan Aloseel
title Attack-Detection Architectural Framework Based on Anomalous Patterns of System Performance and Resource Utilization—Part II
title_short Attack-Detection Architectural Framework Based on Anomalous Patterns of System Performance and Resource Utilization—Part II
title_full Attack-Detection Architectural Framework Based on Anomalous Patterns of System Performance and Resource Utilization—Part II
title_fullStr Attack-Detection Architectural Framework Based on Anomalous Patterns of System Performance and Resource Utilization—Part II
title_full_unstemmed Attack-Detection Architectural Framework Based on Anomalous Patterns of System Performance and Resource Utilization—Part II
title_sort attack-detection architectural framework based on anomalous patterns of system performance and resource utilization—part ii
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2021-01-01
description This paper presents a unique security approach for detecting cyber-attacks against embedded systems (ESs). The proposed approach has been shaped within an architectural framework called anomalous resource consumption detection (ARCD). The approach’s detection mechanism detects cyber-attacks by distinguishing anomalous performance and resource consumption patterns from a pre-determinable reference model. The defense mechanism of this approach acts as an additional layer of protection for ESs. This technique’s effectiveness was previously evaluated statistically, and in this paper, we tested this approach’s efficiency computationally by using the support-vector machine algorithm. The datasets were generated and collected based on a testbed model, where it was run repeatedly under different operation conditions (normal cases (Rs) versus attacked cases). The executed attack scenarios are 1) denial-of-service (DoS); 2) brute force (BF); and 3) remote code execution (RCE), and man-in-the-middle (MITM). A septenary tuple model, which consists of seven determinants that are analyzed based on seven statistical criteria, is the core of the detection mechanism. The prediction accuracy in terms of classifying anomalous patterns compared to normal patterns based on the confusion matrix revealed promising results, proving this approach’s effectiveness, where the final results confirmed very high prediction accuracies in terms of distinguishing anomalous patterns from the typical patterns. Integrating the ARCD concept into an operating system’s functionality could help software developers augment the existing security countermeasures of ESs. Adopting the ARCD approach will pave the way for software engineers to build more secure operating systems in line with the embedded system’s capabilities, without depleting its resources.
topic Anomalous detection
cybersecurity
embedded systems
machine learning
support vector machine algorithm
anomalous resource consumption detection framework
url https://ieeexplore.ieee.org/document/9452153/
work_keys_str_mv AT abdulmohsanaloseel attackdetectionarchitecturalframeworkbasedonanomalouspatternsofsystemperformanceandresourceutilizationx2014partii
AT sabaalrubaye attackdetectionarchitecturalframeworkbasedonanomalouspatternsofsystemperformanceandresourceutilizationx2014partii
AT argyrioszolotas attackdetectionarchitecturalframeworkbasedonanomalouspatternsofsystemperformanceandresourceutilizationx2014partii
AT carlshaw attackdetectionarchitecturalframeworkbasedonanomalouspatternsofsystemperformanceandresourceutilizationx2014partii
_version_ 1721280578133688320

Similar Items