1,721,020 research outputs found
Evaluating the Robustness of Automotive Intrusion Detection Systems Against Evasion Attacks
Full text linkEvaluating the Impact of Privacy-Preserving Federated Learning on CAN Intrusion Detection
Full text linkModel Predictive Control with adaptive resilience for Denial-of-Service Attacks mitigation on a Regulated Dam
No full textIn recent years, SCADA (Supervisory Control and Data Acquisition) systems have increasingly become the target of cyber attacks. SCADAs are no longer isolated, as web-based applications expose strategic infrastructures to the outside world connection. In a cyber-warfare context, we propose a Model Predictive Control (MPC) architecture with adaptive resilience, capable of guaranteeing control performance in normal operating conditions and driving towards resilience against DoS (controller-actuator) attacks when needed. Since the attackers' goal is typically to maximize the system damage, we assume they solve an adversarial optimal control problem. An adaptive resilience factor is then designed as a function of the intensity function of a Hawkes process, a point process model estimating the occurrence of random events in time, trained on a moving window to estimate the return time of the next attack. We demonstrate the resulting MPC strategy's effectiveness in 2 attack scenarios on a real system with actual data, the regulated Olginate dam of Lake Como
GOLIATH: A Decentralized Framework for Data Collection in Intelligent Transportation Systems
Full text linkIntelligent Transportation Systems (ITSs) technology has advanced during the past years, and it is now used for several applications that require vehicles to exchange real-time data, such as in traffic information management. Traditionally, road traffic information has been collected using on-site sensors. However, crowd-sourcing traffic information from onboard sensors or smartphones has become a viable alternative. State-of-the-art solutions currently follow a centralized model where only the service provider has complete access to the collected traffic data and represent a single point of failure and trust. In this paper, we propose GOLIATH, a blockchain-based decentralized framework that runs on the In-Vehicle Infotainment (IVI) system to collect real-time information exchanged between the network's participants. Our approach mitigates the limitations of existing crowd-sourcing centralized solutions by guaranteeing trusted information collection and exchange, fully exploiting the intrinsic distributed nature of vehicles. We demonstrate its feasibility in the context of vehicle positioning and traffic information management. Each vehicle participating in the decentralized network shares its position and neighbors' ones in the form of a transaction recorded on the ledger, which uses a novel consensus mechanism to validate it. We design the consensus mechanism resilient against a realistic set of adversaries that aim to tamper or disable the communication. We evaluate the proposed framework in a simulated (but realistic) environment, which considers different threats and allows showing its robustness and safety properties
CopyCAN: An Error-Handling Protocol based Intrusion Detection System for Controller Area Network
Full text linkIn the last years, the automotive industry has incorporated more and more electronic components in vehicles, leading to complex on-board networks of Electronic Control Units (ECUs) that com- municate with each other to control all vehicle functions, making it safer and easier to drive. This communication often relies on Controller Area Network (CAN), a bus communication protocol that defines a standard for real-time reliable and efficient trans- mission. However, CAN does not provide any security measure against cyber attacks. In particular, it lacks message authentication, leading to the possibility of transmitting spoofed CAN messages for malicious purposes. Nowadays, Intrusion Detection Systems (IDSs) detect such attacks by identifying inconsistencies in the stream of information allegedly transmitted by a single ECU, hence assuming the existence of a second malicious node generating these messages. However, attackers can bypass this defense technique by discon- necting from the network the ECU of which they want to spoof the messages, therefore removing the authentic source of information. To contrast this attack, we present CopyCAN, an Intrusion De- tection System (IDS) that detects whether a node has been discon- nected by monitoring the traffic and deriving the error counters of ECUs on CAN. Through this process, it flags subsequent spoofed messages as attacks and reacts accordingly even if there is no incon- sistency in the stream of information. Our system, differently from many previous works, does not require any modification to the protocol or to already installed ECUs. Instead, it only requires the installation of a monitoring unit to the existing network, making it easily deployable in current systems and compliant with required CAN standards
CANnolo: An Anomaly Detection System based on LSTM Autoencoders for Controller Area Network
Full text linkAutomotive security has gained significant traction in the last decade thanks to the development of new connectivity features that have brought the vehicle from an isolated environment to an externally facing domain. Researchers have shown that modern vehicles are vulnerable to multiple types of attacks leveraging remote, direct and indirect physical access, which allow attackers to gain control and affect safety-critical systems. Conversely, Intrusion Detection Systems (IDSs) have been proposed by both industry and academia to identify attacks and anomalous behaviours. In this paper, we propose CANnolo, an IDS based on Long Short-Term Memory (LSTM)-autoencoders to identify anomalies in Controller Area Networks (CANs). During a training phase, CANnolo automatically analyzes the CAN streams and builds a model of the legitimate data sequences. Then, it detects anomalies by computing the difference between the reconstructed and the respective real sequences. We experimentally evaluated CANnolo on a set of simulated attacks applied over a real-world dataset. We show that our approach outperforms the state-of-the-art model by improving the detection rate and precision
TimberStrike: Dataset Reconstruction Attack Revealing Privacy Leakage in Federated Tree-Based Systems
Full text linkFederated Learning has emerged as a privacy-oriented alternative to centralized Machine Learning, enabling collaborative model training without direct data sharing. While extensively studied for neural networks, the security and privacy implications of tree-based models remain underexplored. This work introduces TimberStrike, an optimization-based dataset reconstruction attack targeting horizontally federated tree-based models. Our attack, carried out by a single client, exploits the discrete nature of decision trees by using split values and decision paths to infer sensitive training data from other clients. We evaluate TimberStrike on State-of-the-Art federated gradient boosting implementations across multiple frameworks, including Flower, NVFlare, and FedTree, demonstrating their vulnerability to privacy breaches. On a publicly available stroke prediction dataset, TimberStrike consistently reconstructs between 73.05% and 95.63% of the target dataset across all implementations. We further analyze Differential Privacy, showing that while it partially mitigates the attack, it also significantly degrades model performance. Our findings highlight the need for privacy-preserving mechanisms specifically designed for tree-based Federated Learning systems, and we provide preliminary insights into their design
Janus: A Trusted Execution Environment Approach for Attack Detection in Industrial Robot Controllers
Full text linkIn the last few decades, technological progress has led to a spike in the adoption of robots by the manufacturing industry. With the new “Industry 4.0” paradigm, companies strive to automate their production processes by interconnecting and integrating different industrial systems. The resulting increase in complexity contributes to a larger attack surface and paves the way for novel attacks. In the context of cyber-physical systems, consequences include economic and physical damage, as well as harm to human workers. In this article, we present Janus, a novel monitoring mechanism for industrial robot controllers that exploits the trusted execution environment (TEE) to guarantee the integrity of the attack detection algorithm even in case the controller's software is compromised, while not requiring external hardware for its detection process. In particular, we use the state observers strategy for detecting low-level controller (LLC) attacks. We assess our approach by testing it against various attacks, identifying those that are simpler to detect and pinpointing the more elusive ones, which are mostly detected nonetheless. Finally, we demonstrate that our approach does not add significant computation overheads
CANflict: Exploiting Peripheral Conflicts for Data-Link Layer Attacks on Automotive Networks
Full text linkCurrent research in the automotive domain has proven the limitations of the
CAN protocol from a security standpoint. Application-layer attacks, which
involve the creation of malicious packets, are deemed feasible from remote but
can be easily detected by modern IDS. On the other hand, more recent link-layer
attacks are stealthier and possibly more disruptive but require physical access
to the bus. In this paper, we present CANflict, a software-only approach that
allows reliable manipulation of the CAN bus at the data link layer from an
unmodified microcontroller, overcoming the limitations of state-of-the-art
works. We demonstrate that it is possible to deploy stealthy CAN link-layer
attacks from a remotely compromised ECU, targeting another ECU on the same CAN
network. To do this, we exploit the presence of pin conflicts between
microcontroller peripherals to craft polyglot frames, which allows an attacker
to control the CAN traffic at the bit level and bypass the protocol's rules. We
experimentally demonstrate the effectiveness of our approach on high-, mid-,
and low-end microcontrollers, and we provide the ground for future research by
releasing an extensible tool that can be used to implement our approach on
different platforms and to build CAN countermeasures at the data link layer.Comment: To appear in CCS'2
- …
