The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

AI/Control for Intrusion Detection in Constrained Embedded Systems

Research Areas: Artificial Intelligence and Machine Learning

Principal Investigator: Shaoshuai Mou

Embedded systems (ES) are key elements of real-world applications, which can be leveraged by cyber attackers to tamper the whole system. Enhancing the security of ES is of increasing interest especially when attackers are equipped with recent advances in artificial intelligence (AI) . Detection of intrusion is particularly challenging when it comes to constrained ES, such as the Engine Control Unit (ECU) in an aircraft, which works in harsh environments with high temperature and a lot of noise, and has limited processors against cyber-attacks. Although it is rare for constrained ES to be under attack thanks to its closed operational environment, cybersecurity of constrained ES is usually of extremely high value due to their safety critical applications such as ECU. As the first layer of all cyber-defense techniques, Intrusion Detection (ID) could detect cyber-attacks in an early stage, alert the ES to take early actions to mitigate the cyber-attacks and prevent further damages. Since signature-based approaches require a predefined model of attacks for intrusion detection and are not effective in detecting new attacks, research efforts have recently given to anomaly-based ID, in which intrusion is detected by comparing the observed behaviors according to the known normal behaviors. Anomaly-based ID has become a more promising tool with the advance of AI and machine learning (ML). Such AI-based IDs are able to process large volumes of data, do not require an exact knowledge of the system model, and improve performance with experience. Meanwhile, these techniques are also far from ideal, especially suffering from heavy computational load and high positive alarm rate. We also note that classical theories in control are well-developed and have played a key role in maintaining system’s performance under noise and uncertainty, and detecting systems’ faults online. Recognition of this has motivated us in this proposal to integrate recent advances in AI and ML with well-developed techniques in control and optimizations to develop innovative solutions to intrusion detection for constrained embedded systems.

Personnel

Other PIs: Ding Zhao

Students: Paulo Heredia Taashi Kapoor

Keywords: embedded systems, intrusion detection