A Novel Approach for Detecting Cyberattacks in Embedded Systems Based on Anomalous Patterns of Resource Utilization-Part I

This paper presents a novel security approach called Anomalous Resource Consumption Detection (ARCD), which acts as an additional layer of protection to detect cyberattacks in embedded systems (ESs). The ARCD approach is based on the differentiation between the predefined standard resource consumpti...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE access 2021, Vol.9, p.103204-103229
Hauptverfasser:	Aloseel, Abdulmohsan, Al-Rubaye, Saba, Zolotas, Argyrios, He, Hongmei, Shaw, Carl
Format:	Artikel
Sprache:	eng
Schlagworte:	Anomalous resource consumption brute-force attack Computer crime Consumption cyberattacks Denial of service attacks denial-of-service attack Embedded systems Memory management Monitoring Operating systems Parameters password attack Pattern analysis remote code execution Resource utilization Security testbed Voltage measurement
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	103229
container_issue
container_start_page	103204
container_title	IEEE access
container_volume	9
creator	Aloseel, Abdulmohsan Al-Rubaye, Saba Zolotas, Argyrios He, Hongmei Shaw, Carl
description	This paper presents a novel security approach called Anomalous Resource Consumption Detection (ARCD), which acts as an additional layer of protection to detect cyberattacks in embedded systems (ESs). The ARCD approach is based on the differentiation between the predefined standard resource consumption pattern and the anomalous consumption pattern of system resource utilization. The effectiveness of the proposed approach is tested in a rigorous manner by simulating four types of cyberattacks: a denial-of-service attack, a brute-force attack, a remote code execution attack, and a man-in-the-middle attack, which are executed on a Smart PiCar (used as the testbed). A septenary tuple model consisting of seven parameters, representing the embedded system's architecture, has been created as the core of the detection mechanism. The approach's efficiency and effectiveness has been validated in terms of range and pattern by analyzing the collected data statistically in terms of mean, median, mode, standard deviation, range, minimum, and maximum values. The results demonstrated the potential for defining a standard pattern of resource utilization and performance of the embedded system due to a significant similarity of the parameters' values at normal states. In contrast, the attacked cases showed a definite, observable, and detectable impact on resource consumption and performance of the embedded system, causing an anomalous pattern. Thus, by merging these two findings, the ARCD approach has been developed. ARCD facilitates building secure operating systems in line with the ES's capabilities. Furthermore, the ARCD approach can work along with existing countermeasures to augment the security of the operating system layer.
doi_str_mv	10.1109/ACCESS.2021.3088395
format	Article
fullrecord	<record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_9452174</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9452174</ieee_id><doaj_id>oai_doaj_org_article_4ead9fbd87ef4b798f81cb4fd4c5e419</doaj_id><sourcerecordid>2555726957</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-d0b6523903b204a9f8eb75ea83eb16f1929a645328a3d648f84e4e3f69fbdc663</originalsourceid><addsrcrecordid>eNpNUU1v1DAUjBBIVG1_QS-WOGfxd-xjCAusVJWKpWfLcZ5Llmy82N5K21-Pl1QVvtjvaWbe-E1V3RC8IgTrj23XrbfbFcWUrBhWimnxprqgROqaCSbf_vd-X12ntMPlqNISzUX13KK78AQTag-HGKz7hXyI6DNkcHmcH1F36iHanK37ndA4o_W-h2GAAW1PKcM-oU82lSrMqJ3D3k7hmNB9wUOcEwoe_YAUjtEBesjjND7bPIa5vrcxo81V9c7bKcH1y31ZPXxZ_-y-1bffv2669rZ2HKtcD7iXgjKNWU8xt9or6BsBVjHoifREU20lF4wqywbJlVccODAvte8HJyW7rDaL7hDszhziuLfxZIIdzb9GiI-m-BndBIaDHc401YDnfaOLGHE99wN3AjjRRevDolWW9ecIKZtd-d5c7BsqhGjoeasFxRaUiyGlCP51KsHmnJlZMjPnzMxLZoV1s7BGAHhlaC4oaTj7C3Pmk4M</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2555726957</pqid></control><display><type>article</type><title>A Novel Approach for Detecting Cyberattacks in Embedded Systems Based on Anomalous Patterns of Resource Utilization-Part I</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>EZB-FREE-00999 freely available EZB journals</source><creator>Aloseel, Abdulmohsan ; Al-Rubaye, Saba ; Zolotas, Argyrios ; He, Hongmei ; Shaw, Carl</creator><creatorcontrib>Aloseel, Abdulmohsan ; Al-Rubaye, Saba ; Zolotas, Argyrios ; He, Hongmei ; Shaw, Carl</creatorcontrib><description>This paper presents a novel security approach called Anomalous Resource Consumption Detection (ARCD), which acts as an additional layer of protection to detect cyberattacks in embedded systems (ESs). The ARCD approach is based on the differentiation between the predefined standard resource consumption pattern and the anomalous consumption pattern of system resource utilization. The effectiveness of the proposed approach is tested in a rigorous manner by simulating four types of cyberattacks: a denial-of-service attack, a brute-force attack, a remote code execution attack, and a man-in-the-middle attack, which are executed on a Smart PiCar (used as the testbed). A septenary tuple model consisting of seven parameters, representing the embedded system's architecture, has been created as the core of the detection mechanism. The approach's efficiency and effectiveness has been validated in terms of range and pattern by analyzing the collected data statistically in terms of mean, median, mode, standard deviation, range, minimum, and maximum values. The results demonstrated the potential for defining a standard pattern of resource utilization and performance of the embedded system due to a significant similarity of the parameters' values at normal states. In contrast, the attacked cases showed a definite, observable, and detectable impact on resource consumption and performance of the embedded system, causing an anomalous pattern. Thus, by merging these two findings, the ARCD approach has been developed. ARCD facilitates building secure operating systems in line with the ES's capabilities. Furthermore, the ARCD approach can work along with existing countermeasures to augment the security of the operating system layer.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2021.3088395</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Anomalous resource consumption ; brute-force attack ; Computer crime ; Consumption ; cyberattacks ; Denial of service attacks ; denial-of-service attack ; Embedded systems ; Memory management ; Monitoring ; Operating systems ; Parameters ; password attack ; Pattern analysis ; remote code execution ; Resource utilization ; Security ; testbed ; Voltage measurement</subject><ispartof>IEEE access, 2021, Vol.9, p.103204-103229</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2021</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-d0b6523903b204a9f8eb75ea83eb16f1929a645328a3d648f84e4e3f69fbdc663</citedby><cites>FETCH-LOGICAL-c408t-d0b6523903b204a9f8eb75ea83eb16f1929a645328a3d648f84e4e3f69fbdc663</cites><orcidid>0000-0003-3293-904X ; 0000-0002-2829-1298 ; 0000-0002-0517-3379 ; 0000-0002-2182-4135</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9452174$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,864,2100,4021,27631,27921,27922,27923,54931</link.rule.ids></links><search><creatorcontrib>Aloseel, Abdulmohsan</creatorcontrib><creatorcontrib>Al-Rubaye, Saba</creatorcontrib><creatorcontrib>Zolotas, Argyrios</creatorcontrib><creatorcontrib>He, Hongmei</creatorcontrib><creatorcontrib>Shaw, Carl</creatorcontrib><title>A Novel Approach for Detecting Cyberattacks in Embedded Systems Based on Anomalous Patterns of Resource Utilization-Part I</title><title>IEEE access</title><addtitle>Access</addtitle><description>This paper presents a novel security approach called Anomalous Resource Consumption Detection (ARCD), which acts as an additional layer of protection to detect cyberattacks in embedded systems (ESs). The ARCD approach is based on the differentiation between the predefined standard resource consumption pattern and the anomalous consumption pattern of system resource utilization. The effectiveness of the proposed approach is tested in a rigorous manner by simulating four types of cyberattacks: a denial-of-service attack, a brute-force attack, a remote code execution attack, and a man-in-the-middle attack, which are executed on a Smart PiCar (used as the testbed). A septenary tuple model consisting of seven parameters, representing the embedded system's architecture, has been created as the core of the detection mechanism. The approach's efficiency and effectiveness has been validated in terms of range and pattern by analyzing the collected data statistically in terms of mean, median, mode, standard deviation, range, minimum, and maximum values. The results demonstrated the potential for defining a standard pattern of resource utilization and performance of the embedded system due to a significant similarity of the parameters' values at normal states. In contrast, the attacked cases showed a definite, observable, and detectable impact on resource consumption and performance of the embedded system, causing an anomalous pattern. Thus, by merging these two findings, the ARCD approach has been developed. ARCD facilitates building secure operating systems in line with the ES's capabilities. Furthermore, the ARCD approach can work along with existing countermeasures to augment the security of the operating system layer.</description><subject>Anomalous resource consumption</subject><subject>brute-force attack</subject><subject>Computer crime</subject><subject>Consumption</subject><subject>cyberattacks</subject><subject>Denial of service attacks</subject><subject>denial-of-service attack</subject><subject>Embedded systems</subject><subject>Memory management</subject><subject>Monitoring</subject><subject>Operating systems</subject><subject>Parameters</subject><subject>password attack</subject><subject>Pattern analysis</subject><subject>remote code execution</subject><subject>Resource utilization</subject><subject>Security</subject><subject>testbed</subject><subject>Voltage measurement</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNUU1v1DAUjBBIVG1_QS-WOGfxd-xjCAusVJWKpWfLcZ5Llmy82N5K21-Pl1QVvtjvaWbe-E1V3RC8IgTrj23XrbfbFcWUrBhWimnxprqgROqaCSbf_vd-X12ntMPlqNISzUX13KK78AQTag-HGKz7hXyI6DNkcHmcH1F36iHanK37ndA4o_W-h2GAAW1PKcM-oU82lSrMqJ3D3k7hmNB9wUOcEwoe_YAUjtEBesjjND7bPIa5vrcxo81V9c7bKcH1y31ZPXxZ_-y-1bffv2669rZ2HKtcD7iXgjKNWU8xt9or6BsBVjHoifREU20lF4wqywbJlVccODAvte8HJyW7rDaL7hDszhziuLfxZIIdzb9GiI-m-BndBIaDHc401YDnfaOLGHE99wN3AjjRRevDolWW9ecIKZtd-d5c7BsqhGjoeasFxRaUiyGlCP51KsHmnJlZMjPnzMxLZoV1s7BGAHhlaC4oaTj7C3Pmk4M</recordid><startdate>2021</startdate><enddate>2021</enddate><creator>Aloseel, Abdulmohsan</creator><creator>Al-Rubaye, Saba</creator><creator>Zolotas, Argyrios</creator><creator>He, Hongmei</creator><creator>Shaw, Carl</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0003-3293-904X</orcidid><orcidid>https://orcid.org/0000-0002-2829-1298</orcidid><orcidid>https://orcid.org/0000-0002-0517-3379</orcidid><orcidid>https://orcid.org/0000-0002-2182-4135</orcidid></search><sort><creationdate>2021</creationdate><title>A Novel Approach for Detecting Cyberattacks in Embedded Systems Based on Anomalous Patterns of Resource Utilization-Part I</title><author>Aloseel, Abdulmohsan ; Al-Rubaye, Saba ; Zolotas, Argyrios ; He, Hongmei ; Shaw, Carl</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-d0b6523903b204a9f8eb75ea83eb16f1929a645328a3d648f84e4e3f69fbdc663</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Anomalous resource consumption</topic><topic>brute-force attack</topic><topic>Computer crime</topic><topic>Consumption</topic><topic>cyberattacks</topic><topic>Denial of service attacks</topic><topic>denial-of-service attack</topic><topic>Embedded systems</topic><topic>Memory management</topic><topic>Monitoring</topic><topic>Operating systems</topic><topic>Parameters</topic><topic>password attack</topic><topic>Pattern analysis</topic><topic>remote code execution</topic><topic>Resource utilization</topic><topic>Security</topic><topic>testbed</topic><topic>Voltage measurement</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Aloseel, Abdulmohsan</creatorcontrib><creatorcontrib>Al-Rubaye, Saba</creatorcontrib><creatorcontrib>Zolotas, Argyrios</creatorcontrib><creatorcontrib>He, Hongmei</creatorcontrib><creatorcontrib>Shaw, Carl</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Aloseel, Abdulmohsan</au><au>Al-Rubaye, Saba</au><au>Zolotas, Argyrios</au><au>He, Hongmei</au><au>Shaw, Carl</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Novel Approach for Detecting Cyberattacks in Embedded Systems Based on Anomalous Patterns of Resource Utilization-Part I</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2021</date><risdate>2021</risdate><volume>9</volume><spage>103204</spage><epage>103229</epage><pages>103204-103229</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>This paper presents a novel security approach called Anomalous Resource Consumption Detection (ARCD), which acts as an additional layer of protection to detect cyberattacks in embedded systems (ESs). The ARCD approach is based on the differentiation between the predefined standard resource consumption pattern and the anomalous consumption pattern of system resource utilization. The effectiveness of the proposed approach is tested in a rigorous manner by simulating four types of cyberattacks: a denial-of-service attack, a brute-force attack, a remote code execution attack, and a man-in-the-middle attack, which are executed on a Smart PiCar (used as the testbed). A septenary tuple model consisting of seven parameters, representing the embedded system's architecture, has been created as the core of the detection mechanism. The approach's efficiency and effectiveness has been validated in terms of range and pattern by analyzing the collected data statistically in terms of mean, median, mode, standard deviation, range, minimum, and maximum values. The results demonstrated the potential for defining a standard pattern of resource utilization and performance of the embedded system due to a significant similarity of the parameters' values at normal states. In contrast, the attacked cases showed a definite, observable, and detectable impact on resource consumption and performance of the embedded system, causing an anomalous pattern. Thus, by merging these two findings, the ARCD approach has been developed. ARCD facilitates building secure operating systems in line with the ES's capabilities. Furthermore, the ARCD approach can work along with existing countermeasures to augment the security of the operating system layer.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2021.3088395</doi><tpages>26</tpages><orcidid>https://orcid.org/0000-0003-3293-904X</orcidid><orcidid>https://orcid.org/0000-0002-2829-1298</orcidid><orcidid>https://orcid.org/0000-0002-0517-3379</orcidid><orcidid>https://orcid.org/0000-0002-2182-4135</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2169-3536
ispartof	IEEE access, 2021, Vol.9, p.103204-103229
issn	2169-3536 2169-3536
language	eng
recordid	cdi_ieee_primary_9452174
source	IEEE Open Access Journals; DOAJ Directory of Open Access Journals; EZB-FREE-00999 freely available EZB journals
subjects	Anomalous resource consumption brute-force attack Computer crime Consumption cyberattacks Denial of service attacks denial-of-service attack Embedded systems Memory management Monitoring Operating systems Parameters password attack Pattern analysis remote code execution Resource utilization Security testbed Voltage measurement
title	A Novel Approach for Detecting Cyberattacks in Embedded Systems Based on Anomalous Patterns of Resource Utilization-Part I
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-13T13%3A37%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Novel%20Approach%20for%20Detecting%20Cyberattacks%20in%20Embedded%20Systems%20Based%20on%20Anomalous%20Patterns%20of%20Resource%20Utilization-Part%20I&rft.jtitle=IEEE%20access&rft.au=Aloseel,%20Abdulmohsan&rft.date=2021&rft.volume=9&rft.spage=103204&rft.epage=103229&rft.pages=103204-103229&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2021.3088395&rft_dat=%3Cproquest_ieee_%3E2555726957%3C/proquest_ieee_%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2555726957&rft_id=info:pmid/&rft_ieee_id=9452174&rft_doaj_id=oai_doaj_org_article_4ead9fbd87ef4b798f81cb4fd4c5e419&rfr_iscdi=true