Title
CORGIDS: A Correlation-based Generic Intrusion Detection System.
Abstract
Cyber-physical systems (CPS) consist of software and physical components which are knitted together and interact with each other continuously. CPS have been targets of security attacks due to their safety-critical nature and relative lack of protection. Specification based intrusion detection systems (IDS) using data, temporal, data temporal and time, and logical correlations have been proposed in the past. But none of the approaches except the ones using logical correlations take into account the main ingredient in the operation of CPS, namely the use of physical properties. On the other hand, IDS that use physical properties either require the developer to define invariants manually, or have designed their IDS for a specific CPS. This paper proposes CORGIDS, a generic IDS capable of detecting security attacks by inferring the logical correlations of the physical properties of a CPS, and checking if they adhere to the predefined framework. We build a CORGIDS-based prototype and demonstrate its use for detecting attacks in the two CPS. We find that CORGIDS achieves a precision of 95.70%, and a recall of 87.90%, with modest memory and performance overheads.
Year
DOI
Venue
2018
10.1145/3264888.3264893
CPS-SPC@CCS
Keywords
Field
DocType
Intrusion Detection Systems, Internet-of-Things, Cyber-physical Systems, Security, Generic Intrusion Detection Model
Data mining,Computer science,Internet of Things,Correlation,Cyber-physical system,Software,Recall,Intrusion detection system
Conference
ISBN
Citations 
PageRank 
978-1-4503-5992-4
1
0.34
References 
Authors
19
4
Name
Order
Citations
PageRank
Ekta Aggarwal110.68
Mehdi Karimibiuki241.73
Karthik Pattabiraman34610.05
André Ivanov419316.71