Tiny Twins for detecting cyber-attacks at runtime using concise Rebeca time transition system

• This paper presents a method for detecting cyber-attacks in cyber-physical systems using a monitor. The method employs an abstract model called Tiny Twin, which is built at design time and is used at runtime to detect inconsistencies. Tiny Twin is a state transition system that represents the observable behavior of the system from the monitor point of view. We model the behavior of the system in the Rebeca modeling language and use Afra model checker to generate the state space. The Tiny Twin is built automatically, by abstracting the state space while keeping the observable actions and preserving the trace equivalence. For doing that we had to solve the complexities in the state space introduced by time-shifts, nondeterministic assignments and abstraction of internal actions. We formally define the state space as Concise Rebeca Timed Transition System (CRTTS), and then map CRTTS to an LTS. The LTS is then fed to a tool to abstract away the non-observable actions.

Ämnesord

TEKNIK OCH TEKNOLOGIER  -- Elektroteknik och elektronik -- Datorsystem (hsv//swe)

ENGINEERING AND TECHNOLOGY  -- Electrical Engineering, Electronic Engineering, Information Engineering -- Computer Systems (hsv//eng)

Nyckelord

Cyber-security

Intrusion detection systems

Model abstraction

Model checking

Runtime monitoring

Abstracting

Computer crime

Crime

Cyber attacks

Cyber Physical System

Embedded systems

Intrusion detection

Modeling languages

Network security

Cyber security

Cyber-attacks

Models checking

Runtimes

State-space

Time transition

Timed transition systems

Publikations- och innehållstyp

ref (ämneskategori)

art (ämneskategori)