Anomaly detection is a problem prevalent in multiple disciplines of Engineering. Anomalies are contextual and application-speific by nature. In our research we look at applying anomaly detection techniques to the following areas:
Cyber-Physical Systems (CPSs) have distinct cyber and physical components that must work cohesively with each other to ensure correct operation. Examples include automobiles, power plants, avionics systems, home automation systems, etc. Traditionally such systems were isolated from external accesses and used proprietary components and protocols. Hence, they were considered to be invulnerable to cyber attacks. The recent Stuxnet worm and other similar attacks have shown that even such systems are not immune to compromise. A failure to protect these systems from harm could result in significant harm to humans, the environment or even critical infrastructure.
On the other hand, many cyber-physical systems have real-time constraints i.e., they must function correctly within predetermined time scales. Systems that have such real-time properties are predictable by design. Designers work really hard to ensure that the execution behavior of such systems (e.g., execution time, memory usage, control flow, system properties, etc.) are analyzed and controlled to a high level of detail so as to guarantee predictable behavior.
This project aims to use this very predictability of real-time CPS to detect intrusions as soon as they occur and take evasive actions. This will be then combined with the development of an architectural framework to:
The development of analysis techniques and intrusion-detection architectures will inherently make such systems more secure and hence, safer. It will bring us one step closer to understanding how to integrate two seemingly diverse yet important fields, CPS and security, while gaining a better understanding of both areas.
The ideas that will be developed as part of this project have the potential for significant impact on a diverse set of domains. Apart from the research community, government agencies and industry could also gain significantly from results produced as part of this research. It will make many critical aspects of modern day life such as aircraft, vehicles, critical infrastructures (power grid, water treatment plants, etc.) much safer.
Collaborators Sanmi Koyejo, UIUC
SecureCore provides a platform where an anomaly detector run and monitor the real-time system in real-time. It also allows the detector to obtain any signal for anomaly detection. Therefore, the focus of this project is to create a novel anomaly detection model that considers all useful signals in the system. The model aims to capture anomalies which may seem normal when looking at each signal individually but seem anomalous when considering all signals.
Detecting anomlaies in Sensors in Cyber-Physical Systems(CPS) is a deterrent to sensor spoofing attacks which are a common attack vector in CPS systems. The goal of this project is to come up with schemes to detect anomalies in sensor values by using techniques from Control Theory and Machine Learning to model behavior in a UAV. Developing this model would require coming up with hardware and software methods to annonate sensor values in a UAV building up to device a model of trust for the platform.
We would be aiming to scale up this issue to a distributed setting using multiple UAVs, all connected via a common interface such as a Wireless Mesh network.