Information Assurance and Security

Abstract:This paper presents an anomaly detection technique to detect intrusions into computer and network systems. In this technique, a Markov chain model is used to represent a temporal profile of normal behavior in a computer and network system. The Markov chain model of the norm profile is learned from historic data of the system’s normal behavior. The observed behavior of the system is analyzed to infer the probability that the Markov chain model of the norm profile supports the observed behavior. A low probability of support indicates an anomalous behavior that may result from intrusive activities. The technique was implemented and tested on the audit data of a Sun Solaris system. The testing results showed that the technique clearly distinguished intrusive activities from normal activities in the testing data.

Abstract:The complexity and connectivity of modern vehicles has constantly increased over the past years. Within the scope of this development the security risk for the in-vehicle network and its components has risen massively. Apart from threats for comfort and confidentiality, these attacks can also affect safety critical systems of the vehicle and therefore endanger the driver and other road users. In this paper the introduction of anomaly detection systems to the automotive in-vehicle network is discussed. Based on properties of typical vehicular networks, like the Controller Area Network (CAN), a set of anomaly detection sensors is introduced which allow the recognition of attacks during the operation of the vehicle without causing false positives. Moreover, important design and application criteria for a vehicular attack detection system are explained and discussed.