-
RTPS Attack Dataset Description
Authors:
Dong Young Kim,
Dongsung Kim,
Yuchan Song,
Gang Min Kim,
Min Geun Song,
Jeong Do Yoo,
Huy Kang Kim
Abstract:
This paper explains all about our RTPS datasets. We collect malicious/benign packet data by injecting attack data in an Unmanned Ground Vehicle (UGV) in the normal state. We assembled the testbed, consisting of UGV, Controller, PC, and Router. We collect this dataset in the UGV part of our testbed.
We conducted two types of attack "Command Injection" and "Command Injection with ARP Spoofing" on…
▽ More
This paper explains all about our RTPS datasets. We collect malicious/benign packet data by injecting attack data in an Unmanned Ground Vehicle (UGV) in the normal state. We assembled the testbed, consisting of UGV, Controller, PC, and Router. We collect this dataset in the UGV part of our testbed.
We conducted two types of attack "Command Injection" and "Command Injection with ARP Spoofing" on our testbed. The data collection time is 180, 300, 600, and 1200. The scenario has 30 each on collection time, 240 total. We expect this dataset to contribute to the development of defense technologies like anomaly detection to address security threat issues in ROS2 networks and Fast-DDS implements.
△ Less
Submitted 2 April, 2024; v1 submitted 24 November, 2023;
originally announced November 2023.
-
AI-based Attack Graph Generation
Authors:
Sangbeom Park,
Jaesung Lee,
Jeong Do Yoo,
Min Geun Song,
Hyosun Lee,
Jaewoong Choi,
Chaeyeon Sagong,
Huy Kang Kim
Abstract:
With the advancement of IoT technology, many electronic devices are interconnected through networks, communicating with each other and performing specific roles. However, as numerous devices join networks, the threat of cyberattacks also escalates. Preventing and detecting cyber threats are crucial, and one method of preventing such threats involves using attack graphs. Attack graphs are widely us…
▽ More
With the advancement of IoT technology, many electronic devices are interconnected through networks, communicating with each other and performing specific roles. However, as numerous devices join networks, the threat of cyberattacks also escalates. Preventing and detecting cyber threats are crucial, and one method of preventing such threats involves using attack graphs. Attack graphs are widely used to assess security threats within networks. However, a drawback emerges as the network scales, as generating attack graphs becomes time-consuming. To overcome this limitation, artificial intelligence models can be employed. By utilizing AI models, attack graphs can be created within a short period, approximating optimal outcomes. AI models designed for attack graph generation consist of encoders and decoders, trained using reinforcement learning algorithms. After training the AI models, we confirmed the model's learning effectiveness by observing changes in loss and reward values. Additionally, we compared attack graphs generated by the AI model with those created through conventional methods.
△ Less
Submitted 27 November, 2023; v1 submitted 24 November, 2023;
originally announced November 2023.
-
C-ITS Environment Modeling and Attack Modeling
Authors:
Jaewoong Choi,
Min Geun Song,
Hyosun Lee,
Chaeyeon Sagong,
Sangbeom Park,
Jaesung Lee,
Jeong Do Yoo,
Huy Kang Kim
Abstract:
As technology advances, cities are evolving into smart cities, with the ability to process large amounts of data and the increasing complexity and diversification of various elements within urban areas. Among the core systems of a smart city is the Cooperative-Intelligent Transport Systems (C-ITS). C-ITS is a system where vehicles provide real-time information to drivers about surrounding traffic…
▽ More
As technology advances, cities are evolving into smart cities, with the ability to process large amounts of data and the increasing complexity and diversification of various elements within urban areas. Among the core systems of a smart city is the Cooperative-Intelligent Transport Systems (C-ITS). C-ITS is a system where vehicles provide real-time information to drivers about surrounding traffic conditions, sudden stops, falling objects, and other accident risks through roadside base stations. It consists of road infrastructure, C-ITS centers, and vehicle terminals. However, as smart cities integrate many elements through networks and electronic control, they are susceptible to cybersecurity issues. In the case of cybersecurity problems in C-ITS, there is a significant risk of safety issues arising. This technical document aims to model the C-ITS environment and the services it provides, with the purpose of identifying the attack surface where security incidents could occur in a smart city environment. Subsequently, based on the identified attack surface, the document aims to construct attack scenarios and their respective stages. The document provides a description of the concept of C-ITS, followed by the description of the C-ITS environment model, service model, and attack scenario model defined by us.
△ Less
Submitted 27 November, 2023; v1 submitted 24 November, 2023;
originally announced November 2023.
-
Defining C-ITS Environment and Attack Scenarios
Authors:
Yongsik Kim,
Jae Woong Choi,
Hyo Sun Lee,
Jeong Do Yoo,
Haerin Kim,
Junho Jang,
Kibeom Park,
Huy Kang Kim
Abstract:
As technology advances, it is possible to process a lot of data, and as various elements in the city become diverse and complex, cities are becoming smart cities. One of the core systems of smart cities is Cooperative-Intelligent Transport Systems (C-ITS). C-ITS is a system that provides drivers with real-time accident risk information such as surrounding traffic conditions, sudden stops, and fall…
▽ More
As technology advances, it is possible to process a lot of data, and as various elements in the city become diverse and complex, cities are becoming smart cities. One of the core systems of smart cities is Cooperative-Intelligent Transport Systems (C-ITS). C-ITS is a system that provides drivers with real-time accident risk information such as surrounding traffic conditions, sudden stops, and falling objects while a vehicle is driving, and consists of road infrastructure, C-ITS center, and vehicle terminals. Meanwhile, smart cities can have cybersecurity problems because many elements of the city are networked and electronically controlled. If cybersecurity problems occur in C-ITS, there is a high risk of safety problems. The purpose of this technical document is to describe C-ITS environment modeling and C-ITS attack scenarios for C-ITS security. After describing the concept of C-ITS and MITRE ATT&CK, we describe the C-ITS environment model and the attack scenario model that we define.
△ Less
Submitted 21 December, 2022;
originally announced December 2022.
-
UAVCAN Dataset Description
Authors:
Dongsung Kim,
Yuchan Song,
Soonhyeon Kwon,
Haerin Kim,
Jeong Do Yoo,
Huy Kang Kim
Abstract:
We collected attack data from unmanned vehicles using the UAVCAN protocol, and public and described technical documents. A testbed was built with a drone using PX4, and a total of three attacks, Flooding, Fuzzy, and Replay, were performed. The attack was carried out in a total of 10 scenarios. We expect that the attack data will help develop technologies such as anomaly detection to solve the secu…
▽ More
We collected attack data from unmanned vehicles using the UAVCAN protocol, and public and described technical documents. A testbed was built with a drone using PX4, and a total of three attacks, Flooding, Fuzzy, and Replay, were performed. The attack was carried out in a total of 10 scenarios. We expect that the attack data will help develop technologies such as anomaly detection to solve the security threat problem of drones.
△ Less
Submitted 8 April, 2024; v1 submitted 19 December, 2022;
originally announced December 2022.
-
Liuer Mihou: A Practical Framework for Generating and Evaluating Grey-box Adversarial Attacks against NIDS
Authors:
Ke He,
Dan Dongseong Kim,
**g Sun,
Jeong Do Yoo,
Young Hun Lee,
Huy Kang Kim
Abstract:
Due to its high expressiveness and speed, Deep Learning (DL) has become an increasingly popular choice as the detection algorithm for Network-based Intrusion Detection Systems (NIDSes). Unfortunately, DL algorithms are vulnerable to adversarial examples that inject imperceptible modifications to the input and cause the DL algorithm to misclassify the input. Existing adversarial attacks in the NIDS…
▽ More
Due to its high expressiveness and speed, Deep Learning (DL) has become an increasingly popular choice as the detection algorithm for Network-based Intrusion Detection Systems (NIDSes). Unfortunately, DL algorithms are vulnerable to adversarial examples that inject imperceptible modifications to the input and cause the DL algorithm to misclassify the input. Existing adversarial attacks in the NIDS domain often manipulate the traffic features directly, which hold no practical significance because traffic features cannot be replayed in a real network. It remains a research challenge to generate practical and evasive adversarial attacks.
This paper presents the Liuer Mihou attack that generates practical and replayable adversarial network packets that can bypass anomaly-based NIDS deployed in the Internet of Things (IoT) networks. The core idea behind Liuer Mihou is to exploit adversarial transferability and generate adversarial packets on a surrogate NIDS constrained by predefined mutation operations to ensure practicality. We objectively analyse the evasiveness of Liuer Mihou against four ML-based algorithms (LOF, OCSVM, RRCF, and SOM) and the state-of-the-art NIDS, Kitsune. From the results of our experiment, we gain valuable insights into necessary conditions on the adversarial transferability of anomaly detection algorithms. Going beyond a theoretical setting, we replay the adversarial attack in a real IoT testbed to examine the practicality of Liuer Mihou. Furthermore, we demonstrate that existing feature-level adversarial defence cannot defend against Liuer Mihou and constructively criticise the limitations of feature-level adversarial defences.
△ Less
Submitted 12 April, 2022;
originally announced April 2022.