Early Cyberattack Warning and Response System for MIL-STD-1553 Platforms using Unsupervised Anomaly Detection

使用无监督异常检测的 MIL-STD-1553 平台的早期网络攻击警告和响应系统

• 批准号: 560451-2020
• 负责人: TRAORE, ISSA
• 金额: $ 6.99万
• 依托单位: University of Victoria
• 依托单位国家: 加拿大
• 项目类别: Alliance Grants
• 财政年份: 2020
• 资助国家: 加拿大
• 起止时间: 2020-01-01 至 2021-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=707120
• 关键词: Early; Cyberattack; Warning; Response; System

MIL-STD-1553 is a military standard communication protocol that has been around for over four decades and is central to the operation of a wide range of defense platforms. At its inception, the standard was conceived with a focus only on reliability and fault tolerance, with no attention paid to security concerns. However, it has been shown in the last few years that modern defense platforms are increasingly the target of cyber attacks from both state and non-state actors. In such context, MIL-STD-1553 data buses represent prime conduits for compromising defense platforms that rely on them for communications. The purpose of the proposed project is to explore a range of cyberattack against MIL-STD-1553 data buses, execute corresponding attack scenarios in a testbed to generate a dataset, and leverage the dataset to develop a scheme to detect such attacks using unsupervised machine learning models. The proposed detection scheme will be tailored for the MIL-STD-1553 protocol and target a broader range of attacks aimed at this platform. The system will combine two different sensors that work in tandem to detect intrusive events. The first sensor will build a separate messaging profile for each of the components interacting via the bus, and track their behavior in order to identify masquerade attacks. The second sensor will build a baseline of the messaging activity occurring over the bus, and use statistical change point detection to identify a range of anomalous activities. The project will be conducted in partnership with Streamscan, a Canadian cybersecurity company.

MIL-STD-1553是一种军用标准通信协议，已经存在了40多年，是各种防御平台操作的核心。该标准在成立之初只关注可靠性和容错性，而不关注安全问题。然而，在过去几年中，现代防御平台越来越多地成为国家和非国家行为者网络攻击的目标。在这种情况下，MIL-STD-1553数据总线是危及依赖其进行通信的防御平台的主要管道。拟议项目的目的是探索针对MIL-STD-1553数据总线的一系列网络攻击，在测试平台中执行相应的攻击场景以生成数据集，并利用数据集开发一种使用无监督机器学习模型检测此类攻击的方案。拟议的检测方案将针对MIL-STD-1553协议量身定制，并针对该平台的更广泛的攻击。 该系统将结合联合收割机两个不同的传感器，协同工作，以检测入侵事件。第一个传感器将为通过总线交互的每个组件构建单独的消息传递配置文件，并跟踪它们的行为以识别伪装攻击。 第二个传感器将建立总线上发生的消息传递活动的基线，并使用统计变化点检测来识别一系列异常活动。 该项目将与加拿大网络安全公司Streamscan合作开展。