CAML: Machine Learning-based Predictable, System-Level Anomaly Detection

Song1, J., Fry2, G., Wu2, C., and Parmer1, G.

1st Workshop on Security and Dependability of Critical Embedded Real-Time Systems, in conjunction with IEEE Real-Time Systems Symposium, Porto, Portugal  (November 2016).

Security challenges are increasing in distributed cyber-physical systems (CPSs), which integrate computation and physical processes. System security is complicated by both the temporal and safety constraints of CPSs. In this paper, we investigate the potential for using system-level anomaly detection in a component-based RTOS to detect system compromises and aberrant behavior. We investigate a machine learning-based anomaly detection framework, CAML, which monitors for and
identifies cyberattacks in system-level services within bounded time. We leverage past work in system fault recovery to predictably recover the system to an uncompromised state. We also evaluate the effectiveness of CAML in an avionics simulator-based CPS environment with injected cyberattacks. Our results and analysis indicate that CAML has promise to effectively enhance CPS robustness by securing the underlying RTOS against system-level cyberattacks with only small performance degradation.

1 The George Washington University
Charles River Analytics Inc.

For More Information

To learn more or request a copy of a paper (if available), contact Gerald Fry.

(Please include your name, address, organization, and the paper reference. Requests without this information will not be honored.)