Detecting Attacks Against Robotic Vehicles:

Slides:

Advertisements

Similar presentations

Artemis: Practical Runtime Monitoring of Applications for Execution Anomalies Long Fei and Samuel P. Midkiff School of Electrical and Computer Engineering.

Advertisements

A Survey of Runtime Verification Jonathan Amir 2004.

HARDWARE SOFTWARE PARTITIONING AND CO-DESIGN PRINCIPLES MADHUMITA RAMESH BABU SUDHI PROCH 1/37.

 (x) f(x,u) u x f(x,  (x) x. Example: Using feed-forward, what should be canceled?

Sensor-Based Abnormal Human-Activity Detection Authors: Jie Yin, Qiang Yang, and Jeffrey Junfeng Pan Presenter: Raghu Rangan.

A Fast and Compact Method for Unveiling Significant Patterns in High-Speed Networks Tian Bu 1, Jin Cao 1, Aiyou Chen 1, Patrick P. C. Lee 2 Bell Labs,

ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.

Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.

Paper Title Your Name CMSC 838 Presentation. CMSC 838T – Presentation Motivation u Problem paper is trying to solve  Characteristics of problem  … u.

Dynamically Discovering Likely Program Invariants to Support Program Evolution Michael Ernst, Jake Cockrell, William Griswold, David Notkin Presented by.

System Design Research Laboratory Model-based Testing and Monitoring for Hybrid Embedded Systems Li Tan Jesung Kim Oleg Sokolsky Insup Lee University of.

Testing and Monitoring at Penn An Integrated Framework for Validating Model-based Embedded Software Li Tan University of Pennsylvania September, 2003.

Code Generation from CHARON Rajeev Alur, Yerang Hur, Franjo Ivancic, Jesung Kim, Insup Lee, and Oleg Sokolsky University of Pennsylvania.

FAULT PROGNOSIS USING DYNAMIC WAVELET NEURAL NETWORKS P. Wang G. Vachtsevanos Georgia Institute of Technology Atlanta, GA 30332

IRP Presentation Spring 2009 Andrew Erdman Chris Sande Taoran Li.

Impact Analysis of Database Schema Changes Andy Maule, Wolfgang Emmerich and David S. Rosenblum London Software Systems Dept. of Computer Science, University.

Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.

Toward a Statistical Framework for Source Anonymity in Sensor Networks.

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.

Security Evaluation of Pattern Classifiers under Attack.

Upgrade to Real Time Linux Target: A MATLAB-Based Graphical Control Environment Thesis Defense by Hai Xu CLEMSON U N I V E R S I T Y Department of Electrical.

1  (x) f(x,u) u x f(x,  (x) x Example: Using feed-forward, what should be canceled?

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Advanced SW/HW Optimization Techniques for Application Specific MCSoC m Yumiko Kimezawa Supervised by Prof. Ben Abderazek Graduate School of Computer.

Towards the Design of Heterogeneous Real-Time Multicore System m Yumiko Kimezawa February 1, 20131MT2012.

Experimental Results ■ Observations:  Overall detection accuracy increases as the length of observation window increases.  An observation window of 100.

MICHALIS POLYCHRONAKIS(COLUMBIA UNIVERSITY,USA), KOSTAS G. ANAGNOSTAKIS(NIOMETRICS, SINGAPORE), EVANGELOS P. MARKATOS(FORTH-ICS, GREECE) ACSAC,2010 Comprehensive.

1 Diversifying Sensors to Improve Network Resilience Wenliang (Kevin) Du Electrical Engineering & Computer Science Syracuse University.

High-integrity Sensor Networks Mani Srivastava UCLA.

Review of Parnas’ Criteria for Decomposing Systems into Modules Zheng Wang, Yuan Zhang Michigan State University 04/19/2002.

HARD: Hardware-Assisted lockset- based Race Detection P.Zhou, R.Teodorescu, Y.Zhou. HPCA’07 Shimin Chen LBA Reading Group Presentation.

Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Welcome.

Simulation and Experimental Verification of Model Based Opto-Electronic Automation Drexel University Department of Electrical and Computer Engineering.

Application Communities Phase 2 (AC2) Project Overview Nov. 20, 2008 Greg Sullivan BAE Systems Advanced Information Technologies (AIT)

1 Xen and the Art of Binary Modification Lies, Damn Lies, and Page Frame Addresses Greg Cooksey and Nate Rosenblum, March 2007.

MIT/Determina Application Communities, page 1 Approved for Public Release, Distribution Unlimited - Case 9649 Collaborative learning for security and repair.

Euro-Par, HASTE: An Adaptive Middleware for Supporting Time-Critical Event Handling in Distributed Environments ICAC 2008 Conference June 2 nd,

Best detection scheme achieves 100% hit detection with

Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Conclusion.

Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Authors: Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookholt Cyber Defense.

Constraint Framework, page 1 Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Constraints approach.

A statistical anomaly-based algorithm for on-line fault detection in complex software critical systems A. Bovenzi – F. Brancati Università degli Studi.

Optimistic Hybrid Analysis

My Smartphone knows what you print exploring smartphone-based side-channel attacks against 3d Printers Chen Song, feng lin, zongjie ba, kui ren, chi zhou,

CSCE 548 Secure Software Development Risk-Based Security Testing

Cyber Physiology Analysis Framework Concept

TriggerScope: Towards Detecting Logic Bombs in Android Applications

Under Guidance- Internal Guide- Ms. Shruti T.V

B.Sc. Thesis by Çağrı Gürleyük

Recent developments on micro-triangulation

Supervised Learning Based Model for Predicting Variability-Induced Timing Errors Xun Jiao, Abbas Rahimi, Balakrishnan Narayanaswamy, Hamed Fatemi, Jose.

ATTRACT TWD Symposium, Barcelona, Spain, 1st July 2016

Green Software Engineering Prof

Formally Specified Monitoring of Temporal Properties

DEFECT PREDICTION : USING MACHINE LEARNING

Adaptable safety and security in v2x systems

Presented by Prashant Duhoon

Designing Software for Ease of Extension and Contraction

Emerging Cyber Tech for Evolving Cyber Threats Chris Hankin

Factors that Influence the Geometric Detection Pattern of Vehicle-based Licence Plate Recognition Systems Martin Rademeyer Thinus Booysen, Arno Barnard.

Jihyun Park, Changsun Park, Byoungju Choi, Gihun Chang

Soft Error Detection for Iterative Applications Using Offline Training

An Adaptive Middleware for Supporting Time-Critical Event Response

Yiyu Shi*, Jinjun Xiong+, Howard Chen+ and Lei He*

RHMD: Evasion-Resilient Hardware Malware Detectors

Post-Silicon Calibration for Large-Volume Products

Dynamic Program Analysis

Karabük University International Robot Tournaments (KBUIRO) 2018

Rohan Yadav and Charles Yuan (rohany) (chenhuiy)

Presentation transcript:

Detecting Attacks Against Robotic Vehicles: A Control Invariant Approach Hongjun Choi, Wen-Chuan Lee, Yousra Aafer, Fan Fei, Zhan Tu, Xiangyu Zhang, Dongyan Xu, Xinyan Deng Purdue University CCS 2018

Motivation Utilizing the control invariant to detect physical attacks against RV.

Motivation example

Control Invariant Approach

Framework Overview

Adversary model 1. Attackers corrupt or inject signals through external means. 2. Attackers have no access to the control program 3. Traditional cyber attacks are not the focus of this paper

Control Invariant Extraction

System Identification Two key observations: All vehicles of similar type/organization share the same dynamics template. The basic PID controller can approximate complex control algorithms reasonably well for external attack detection Determining quadrotor dynamics Linear acceleration along x, y, z Angular acceleration along xB, yB, zB

System Identification Instantiating PID controller Completing system identification

Monitoring Parameters Selection Monitor window size Dynamic time-warping: find the largest w in all the primitive operation Threshold Maximum observed model-induced errors within the window

Control Program Reverse Engineering and Instrumentation Control loop identification: Callgrind tool

Control Program Reverse Engineering and Instrumentation Identifying memory location for critical state variables ARM binary rewriting

Runtime Control Invariant Monitoring

Evaluation Subject vehicles Vehicle simulation

Evaluation Attacks Sensor spoofing attacks Compromising inertial sensors and GPS sensors Control signal spoofing attacks Targeting the motor pulse width modulation signals Parameter corruption attacks Adding attacking code to the control program that modifies control parameters

Evaluation Experiments and results - efficiency

Evaluation Experiments and results - effectiveness The extracted control invariants can properly predict normal vehicle behaviors and do not raise false alarms during normal operation.

Evaluation Experiments and results - effectiveness The false negative rate of attack detection (0%) The time of attack detection (0.2s)

Evaluation Experiments and results - effectiveness Control invariants are vehicle specific

Evaluation Experiments and results – effectiveness The the effectiveness of monitoring parameter setting techniques

Evaluation Experiments and results - effectiveness Error changes under various environmental conditions

Evaluation Case studies

Discussion Mimicry attacks More adaptive detection Attack response

Contribution By modeling the physical/control properties and normal dynamics of a subject vehicle, the control invariants directly expose any violation caused by physical, external attacks; With monitoring window and threshold, our framework achieves high detection accuracy by filtering out false positive invariant violations. Our framework enables software-based detection of physical attacks without hardware modification or addition.

Conclusion The authors presented a new comprehensive framework Control Invariant for detecting external physical attacks against RVs, based on the definition, derivation, and monitoring of control invariants for the vehicles.

Thanks!