会议名称:2019年IEEE计算机与通信领域的信任,安全和隐私/大数据安全会议(TrustCom/BigDataSE2019)
报告时间:2019年9月4日(星期三)下午16:00——17:00
报告地点:铁道校区第二综合实验楼513会议室
报告人:邓坤元
报告题目:Power-Grid Controller Anomaly Detection withEnhanced Temporal Deep Learning
摘要:Controllers of security-critical cyber-physical systems, like the power grid, are a very important class of computersystems. Attacks against the control code of a power-grid system,especially zero-day attacks, can be catastrophic. Earlier detectionof the anomalies can prevent further damage. However, detectingzero-day attacks is extremely challenging because they have noknown code and have unknown behavior. Furthermore, if data collected from the controller is transferred to a server throughnetworks for analysis and detection of anomalous behavior, thiscreates a very large attack surface and also delays detection.In order to address this problem, we propose ReconstructionError Distribution (RED) of Hardware Performance Counters(HPCs), and a data-driven defense system based on it. Specifically, we first train a temporal deep learning model, using onlynormal HPC readings from legitimate processes that run dailyin these power-grid systems, to model the normal behavior of thepower-grid controller. Then, we run this model using real-timedata from commonly available HPCs. We use the proposed REDto enhance the temporal deep learning detection of anomalousbehavior, by estimating distribution deviations from the normalbehavior with an effective statistical test. Experimental results ona real power-grid controller show that we can detect anomalousbehavior with high accuracy (>99.9%), nearly zero false positivesand short (<360ms) latency