1
|
Kose NA, Jinad R, Rasheed A, Shashidhar N, Baza M, Alshahrani H. Detection of Malicious Threats Exploiting Clock-Gating Hardware Using Machine Learning. Sensors (Basel) 2024; 24:983. [PMID: 38339700 PMCID: PMC10856995 DOI: 10.3390/s24030983] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Track Full Text] [Subscribe] [Scholar Register] [Received: 12/04/2023] [Revised: 01/19/2024] [Accepted: 01/29/2024] [Indexed: 02/12/2024]
Abstract
Embedded system technologies are increasingly being incorporated into manufacturing, smart grid, industrial control systems, and transportation systems. However, the vast majority of today's embedded platforms lack the support of built-in security features which makes such systems highly vulnerable to a wide range of cyber-attacks. Specifically, they are vulnerable to malware injection code that targets the power distribution system of an ARM Cortex-M-based microcontroller chipset (ARM, Cambridge, UK). Through hardware exploitation of the clock-gating distribution system, an attacker is capable of disabling/activating various subsystems on the chip, compromising the reliability of the system during normal operation. This paper proposes the development of an Intrusion Detection System (IDS) capable of detecting clock-gating malware deployed on ARM Cortex-M-based embedded systems. To enhance the robustness and effectiveness of our approach, we fully implemented, tested, and compared six IDSs, each employing different methodologies. These include IDSs based on K-Nearest Classifier, Random Forest, Logistic Regression, Decision Tree, Naive Bayes, and Stochastic Gradient Descent. Each of these IDSs was designed to identify and categorize various variants of clock-gating malware deployed on the system. We have analyzed the performance of these IDSs in terms of detection accuracy against various types of clock-gating malware injection code. Power consumption data collected from the chipset during normal operation and malware code injection attacks were used for models' training and validation. Our simulation results showed that the proposed IDSs, particularly those based on K-Nearest Classifier and Logistic Regression, were capable of achieving high detection rates, with some reaching a detection rate of 0.99. These results underscore the effectiveness of our IDSs in protecting ARM Cortex-M-based embedded systems against clock-gating malware.
Collapse
Affiliation(s)
- Nuri Alperen Kose
- Department of Computer Science, Sam Houston State University, Huntsville, TX 77340, USA; (N.A.K.); (R.J.); (A.R.); (N.S.)
| | - Razaq Jinad
- Department of Computer Science, Sam Houston State University, Huntsville, TX 77340, USA; (N.A.K.); (R.J.); (A.R.); (N.S.)
| | - Amar Rasheed
- Department of Computer Science, Sam Houston State University, Huntsville, TX 77340, USA; (N.A.K.); (R.J.); (A.R.); (N.S.)
| | - Narasimha Shashidhar
- Department of Computer Science, Sam Houston State University, Huntsville, TX 77340, USA; (N.A.K.); (R.J.); (A.R.); (N.S.)
| | - Mohamed Baza
- Department of Computer Science, College of Charleston, Charleston, SC 29424, USA
| | - Hani Alshahrani
- Department of Computer Science, College of Computer Science and Information Systems, Najran University, Najran 61441, Saudi Arabia;
| |
Collapse
|
2
|
Abdelfattah S, Baza M, Mahmoud M, Fouda MM, Abualsaud K, Yaacoub E, Alsabaan M, Guizani M. Lightweight Multi-Class Support Vector Machine-Based Medical Diagnosis System with Privacy Preservation. Sensors (Basel) 2023; 23:9033. [PMID: 38005421 PMCID: PMC10674529 DOI: 10.3390/s23229033] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 09/20/2023] [Revised: 10/15/2023] [Accepted: 10/20/2023] [Indexed: 11/26/2023]
Abstract
Machine learning, powered by cloud servers, has found application in medical diagnosis, enhancing the capabilities of smart healthcare services. Research literature demonstrates that the support vector machine (SVM) consistently demonstrates remarkable accuracy in medical diagnosis. Nonetheless, safeguarding patients' health data privacy and preserving the intellectual property of diagnosis models is of paramount importance. This concern arises from the common practice of outsourcing these models to third-party cloud servers that may not be entirely trustworthy. Few studies in the literature have delved into addressing these issues within SVM-based diagnosis systems. These studies, however, typically demand substantial communication and computational resources and may fail to conceal classification results and protect model intellectual property. This paper aims to tackle these limitations within a multi-class SVM medical diagnosis system. To achieve this, we have introduced modifications to an inner product encryption cryptosystem and incorporated it into our medical diagnosis framework. Notably, our cryptosystem proves to be more efficient than the Paillier and multi-party computation cryptography methods employed in previous research. Although we focus on a medical application in this paper, our approach can also be used for other applications that need the evaluation of machine learning models in a privacy-preserving way such as electricity theft detection in the smart grid, electric vehicle charging coordination, and vehicular social networks. To assess the performance and security of our approach, we conducted comprehensive analyses and experiments. Our findings demonstrate that our proposed method successfully fulfills our security and privacy objectives while maintaining high classification accuracy and minimizing communication and computational overhead.
Collapse
Affiliation(s)
- Sherif Abdelfattah
- Department of Computer Science and Information Systems, Bradley University, Peoria, IL 61625, USA;
| | - Mohamed Baza
- Department of Computer Science, College of Charleston, Charleston, SC 29424, USA;
| | - Mohamed Mahmoud
- Department of Electrical and Computer Engineering, Tennessee Technological University, Cookeville, TN 38505, USA;
| | - Mostafa M. Fouda
- Department of Electrical and Computer Engineering, College of Science and Engineering, Idaho State University, Pocatello, ID 83209, USA;
- Center for Advanced Energy Studies (CAES), Idaho Falls, ID 83401, USA
| | - Khalid Abualsaud
- Department of Computer Science and Engineering, Qatar University, Doha 2713, Qatar;
| | - Elias Yaacoub
- Department of Computer Science and Engineering, Qatar University, Doha 2713, Qatar;
| | - Maazen Alsabaan
- Department of Computer Engineering, College of Computer and Information Sciences, King Saud University, Riyadh 11451, Saudi Arabia;
| | - Mohsen Guizani
- Machine Learning Department, Mohamed bin Zayed University of Artificial Intelligence, Abu Dhabi P.O. Box 131818, United Arab Emirates;
| |
Collapse
|
3
|
Oladimeji D, Rasheed A, Varol C, Baza M, Alshahrani H, Baz A. CANAttack: Assessing Vulnerabilities within Controller Area Network. Sensors (Basel) 2023; 23:8223. [PMID: 37837053 PMCID: PMC10575265 DOI: 10.3390/s23198223] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 09/09/2023] [Revised: 09/23/2023] [Accepted: 09/30/2023] [Indexed: 10/15/2023]
Abstract
Current vehicles include electronic features that provide ease and convenience to drivers. These electronic features or nodes rely on in-vehicle communication protocols to ensure functionality. One of the most-widely adopted in-vehicle protocols on the market today is the Controller Area Network, popularly referred to as the CAN bus. The CAN bus is utilized in various modern, sophisticated vehicles. However, as the sophistication levels of vehicles continue to increase, we now see a high rise in attacks against them. These attacks range from simple to more-complex variants, which could have detrimental effects when carried out successfully. Therefore, there is a need to carry out an assessment of the security vulnerabilities that could be exploited within the CAN bus. In this research, we conducted a security vulnerability analysis on the CAN bus protocol by proposing an attack scenario on a CAN bus simulation that exploits the arbitration feature extensively. This feature determines which message is sent via the bus in the event that two or more nodes attempt to send a message at the same time. It achieves this by prioritizing messages with lower identifiers. Our analysis revealed that an attacker can spoof a message ID to gain high priority, continuously injecting messages with the spoofed ID. As a result, this prevents the transmission of legitimate messages, impacting the vehicle's operations. We identified significant risks in the CAN protocol, including spoofing, injection, and Denial of Service. Furthermore, we examined the latency of the CAN-enabled system under attack, finding that the compromised node (the attacker's device) consistently achieved the lowest latency due to message arbitration. This demonstrates the potential for an attacker to take control of the bus, injecting messages without contention, thereby disrupting the normal operations of the vehicle, which could potentially compromise safety.
Collapse
Affiliation(s)
- Damilola Oladimeji
- Department of Computer Science, Sam Houston State University, Huntsville, TX 77340, USA; (D.O.); (A.R.); (C.V.)
| | - Amar Rasheed
- Department of Computer Science, Sam Houston State University, Huntsville, TX 77340, USA; (D.O.); (A.R.); (C.V.)
| | - Cihan Varol
- Department of Computer Science, Sam Houston State University, Huntsville, TX 77340, USA; (D.O.); (A.R.); (C.V.)
| | - Mohamed Baza
- Department of Computer Science, College of Charleston, Charleston, SC 29424, USA
| | - Hani Alshahrani
- Department of Computer Science, College of Computer Science and Information Systems, Najran University, Najran 61441, Saudi Arabia;
| | - Abdullah Baz
- Department of Computer Engineering, College of Computer and Information Systems, Umm Al-Qura University, Makkah 21955, Saudi Arabia;
| |
Collapse
|
4
|
Selvarajan S, Srivastava G, Khadidos AO, Khadidos AO, Baza M, Alshehri A, Lin JCW. An artificial intelligence lightweight blockchain security model for security and privacy in IIoT systems. J Cloud Comput (Heidelb) 2023; 12:38. [PMID: 36937654 PMCID: PMC10017665 DOI: 10.1186/s13677-023-00412-y] [Citation(s) in RCA: 8] [Impact Index Per Article: 8.0] [Reference Citation Analysis] [What about the content of this article? (0)] [Affiliation(s)] [Abstract] [Key Words] [Grants] [Figures] [Subscribe] [Scholar Register] [Received: 12/06/2022] [Accepted: 02/25/2023] [Indexed: 03/21/2023]
Abstract
The Industrial Internet of Things (IIoT) promises to deliver innovative business models across multiple domains by providing ubiquitous connectivity, intelligent data, predictive analytics, and decision-making systems for improved market performance. However, traditional IIoT architectures are highly susceptible to many security vulnerabilities and network intrusions, which bring challenges such as lack of privacy, integrity, trust, and centralization. This research aims to implement an Artificial Intelligence-based Lightweight Blockchain Security Model (AILBSM) to ensure privacy and security of IIoT systems. This novel model is meant to address issues that can occur with security and privacy when dealing with Cloud-based IIoT systems that handle data in the Cloud or on the Edge of Networks (on-device). The novel contribution of this paper is that it combines the advantages of both lightweight blockchain and Convivial Optimized Sprinter Neural Network (COSNN) based AI mechanisms with simplified and improved security operations. Here, the significant impact of attacks is reduced by transforming features into encoded data using an Authentic Intrinsic Analysis (AIA) model. Extensive experiments are conducted to validate this system using various attack datasets. In addition, the results of privacy protection and AI mechanisms are evaluated separately and compared using various indicators. By using the proposed AILBSM framework, the execution time is minimized to 0.6 seconds, the overall classification accuracy is improved to 99.8%, and detection performance is increased to 99.7%. Due to the inclusion of auto-encoder based transformation and blockchain authentication, the anomaly detection performance of the proposed model is highly improved, when compared to other techniques.
Collapse
Affiliation(s)
| | - Gautam Srivastava
- grid.253269.90000 0001 0679 3572Department of Math and Computer Science, Brandon University, R7A 6A9 Brandon, Canada
- grid.254145.30000 0001 0083 6092Research Centre for Interneural Computing, China Medical University, 40402 Taichung, Taiwan
- grid.411323.60000 0001 2324 5973Dept. of Computer Science and Math, Lebanese American University, 1102 Beirut, Lebanon
| | - Alaa O. Khadidos
- grid.412125.10000 0001 0619 1117Department of Information Systems, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah, Saudi Arabia
| | - Adil O. Khadidos
- grid.412125.10000 0001 0619 1117Department of Information Technology, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah, Saudi Arabia
| | - Mohamed Baza
- grid.254424.10000 0004 1936 7769Department of Computer Science, College of Charleston, Charleston, USA
| | - Ali Alshehri
- grid.440760.10000 0004 0419 5685Department of Computer Science, University of Tabuk, Tabuk, Saudi Arabia
| | - Jerry Chun-Wei Lin
- grid.477239.c0000 0004 1754 9964Department of Computer Science, Electrical Engineering and Mathematical Sciences, Western Norway University of Applied Sciences, Bergen, Norway
| |
Collapse
|