A Framework for Detecting Anomalous Behaviors in Smart Cyber-physical Systems

This dissertation makes significant contributions to automatic, scalable, and data-driven approaches for securing smart cyber-physical systems (CPS). Smart CPS are increasingly embedded in our everyday life. Security incidents involving them are often high-profile because of their ability to control critical infrastructure. Stuxnet and the Ukrainian power-grid attack are some notorious attacks reported against CPS which impacted governmental programs to ordinary users. In addition to the deliberate attacks, device malfunction and human error can also result in incidents with grave consequences. Hence the detection and mitigation of abnormal behaviors resulting from security incidents is imperative for the trustworthiness and broader acceptance of smart cyber-physical systems. In this dissertation, we study the behavior of smart cyber-physical systems and develop techniques to abstract the typical behaviors in such systems using the data generated from their components and detect various abnormalities. Our initial research developed a knowledge-graph based approach that uses semantic technologies to infer complex contexts for detecting a wide range of anomalies. We also propose an automatic behavioral abstraction technique, ABATe, which automatically learns their typical behavior by finding the latent "context'" space using available operational data. The learned latent space is then used to discern anomalies. We evaluate our technique using two real-world datasets to demonstrate the multi-domain adaptability and efficacy of our approach. As a part of this dissertation, we also generated an automotive dataset to support future research in the related fields.


context, cyber-physical systems, cybersecurity, detecting anomalies

PhdThesis

University of Maryland, Baltimore County

Downloads: 426 downloads

UMBC ebiquity