Treffer: Towards Attack Detection in Multimodal Cyber-Physical Systems with Sticky HDP-HMM based Time Series Analysis.

Automatic detection of the precise occurrence and duration of an attack reflected in time-series logs generated by cyber-physical systems is a challenging problem. This problem is exacerbated when performing this analysis using logs with limited system information. In a realistic scenario, multiple and differing attack methods may be employed in rapid succession. Modern or legacy systems operate in multiple modes and contain multiple devices recording a variety of continuous and categorical data streams. This work presents a non-parametric Bayesian framework that addresses these challenges using the sticky Hierarchical Dirichlet Process Hidden Markov Model (sHDP-HMM). Additionally, we explore metrics for measuring the accuracy of the detected events, their timings and durations, and compare the computational efficiency of different inference implementations of the model. The efficacy of attack detection is demonstrated in two settings: an avionics testbed and a consumer robot. [ABSTRACT FROM AUTHOR]

Copyright of Digital Threats: Research & Practice is the property of Association for Computing Machinery and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)