-
A Secure and Trustworthy Network Architecture for Federated Learning Healthcare Applications
Authors:
Antonio Boiano,
Marco Di Gennaro,
Luca Barbieri,
Michele Carminati,
Monica Nicoli,
Alessandro Redondi,
Stefano Savazzi,
Albert Sund Aillet,
Diogo Reis Santos,
Luigi Serio
Abstract:
Federated Learning (FL) has emerged as a promising approach for privacy-preserving machine learning, particularly in sensitive domains such as healthcare. In this context, the TRUSTroke project aims to leverage FL to assist clinicians in ischemic stroke prediction. This paper provides an overview of the TRUSTroke FL network infrastructure. The proposed architecture adopts a client-server model wit…
▽ More
Federated Learning (FL) has emerged as a promising approach for privacy-preserving machine learning, particularly in sensitive domains such as healthcare. In this context, the TRUSTroke project aims to leverage FL to assist clinicians in ischemic stroke prediction. This paper provides an overview of the TRUSTroke FL network infrastructure. The proposed architecture adopts a client-server model with a central Parameter Server (PS). We introduce a Docker-based design for the client nodes, offering a flexible solution for implementing FL processes in clinical settings. The impact of different communication protocols (HTTP or MQTT) on FL network operation is analyzed, with MQTT selected for its suitability in FL scenarios. A control plane to support the main operations required by FL processes is also proposed. The paper concludes with an analysis of security aspects of the FL architecture, addressing potential threats and proposing mitigation strategies to increase the trustworthiness level.
△ Less
Submitted 17 April, 2024;
originally announced April 2024.
-
CANflict: Exploiting Peripheral Conflicts for Data-Link Layer Attacks on Automotive Networks
Authors:
Alvise de Faveri Tron,
Stefano Longari,
Michele Carminati,
Mario Polino,
Stefano Zanero
Abstract:
Current research in the automotive domain has proven the limitations of the CAN protocol from a security standpoint. Application-layer attacks, which involve the creation of malicious packets, are deemed feasible from remote but can be easily detected by modern IDS. On the other hand, more recent link-layer attacks are stealthier and possibly more disruptive but require physical access to the bus.…
▽ More
Current research in the automotive domain has proven the limitations of the CAN protocol from a security standpoint. Application-layer attacks, which involve the creation of malicious packets, are deemed feasible from remote but can be easily detected by modern IDS. On the other hand, more recent link-layer attacks are stealthier and possibly more disruptive but require physical access to the bus. In this paper, we present CANflict, a software-only approach that allows reliable manipulation of the CAN bus at the data link layer from an unmodified microcontroller, overcoming the limitations of state-of-the-art works. We demonstrate that it is possible to deploy stealthy CAN link-layer attacks from a remotely compromised ECU, targeting another ECU on the same CAN network. To do this, we exploit the presence of pin conflicts between microcontroller peripherals to craft polyglot frames, which allows an attacker to control the CAN traffic at the bit level and bypass the protocol's rules. We experimentally demonstrate the effectiveness of our approach on high-, mid-, and low-end microcontrollers, and we provide the ground for future research by releasing an extensible tool that can be used to implement our approach on different platforms and to build CAN countermeasures at the data link layer.
△ Less
Submitted 20 September, 2022;
originally announced September 2022.
-
CANdito: Improving Payload-based Detection of Attacks on Controller Area Networks
Authors:
Stefano Longari,
Alessandro Nichelini,
Carlo Alberto Pozzoli,
Michele Carminati,
Stefano Zanero
Abstract:
Over the years, the increasingly complex and interconnected vehicles raised the need for effective and efficient Intrusion Detection Systems against on-board networks. In light of the stringent domain requirements and the heterogeneity of information transmitted on Controller Area Network, multiple approaches have been proposed, which work at different abstraction levels and granularities. Among t…
▽ More
Over the years, the increasingly complex and interconnected vehicles raised the need for effective and efficient Intrusion Detection Systems against on-board networks. In light of the stringent domain requirements and the heterogeneity of information transmitted on Controller Area Network, multiple approaches have been proposed, which work at different abstraction levels and granularities. Among these, RNN-based solutions received the attention of the research community for their performances and promising results. In this paper, we improve CANnolo, an RNN-based state-of-the-art IDS for CAN, by proposing CANdito, an unsupervised IDS that exploits Long Short-Term Memory autoencoders to detect anomalies through a signal reconstruction process. We evaluate CANdito by measuring its effectiveness against a comprehensive set of synthetic attacks injected in a real-world CAN dataset. We demonstrate the improvement of CANdito with respect to CANnolo on a real-world dataset injected with a comprehensive set of attacks, both in terms of detection and temporal performances.
△ Less
Submitted 13 August, 2022;
originally announced August 2022.
-
AIRSENSE-TO-ACT: A Concept Paper for COVID-19 Countermeasures based on Artificial Intelligence algorithms and multi-sources Data Processing
Authors:
A. Sebastianelli,
F. Mauro,
G. Di Cosmo,
F. Passarini,
M. Carminati,
S. L. Ullo
Abstract:
Aim of this paper is the description of a new tool to support institutions in the implementation of targeted countermeasures, based on quantitative and multi-scale elements, for the fight and prevention of emergencies, such as the current COVID-19 pandemic. The tool is a centralized system (web application), single multi-user platform, which relies on Artificial Intelligence (AI) algorithms for th…
▽ More
Aim of this paper is the description of a new tool to support institutions in the implementation of targeted countermeasures, based on quantitative and multi-scale elements, for the fight and prevention of emergencies, such as the current COVID-19 pandemic. The tool is a centralized system (web application), single multi-user platform, which relies on Artificial Intelligence (AI) algorithms for the processing of heterogeneous data, and which can produce an output level of risk. The model includes a specific neural network which will be first trained to learn the correlation between selected inputs, related to the case of interest: environmental variables (chemical-physical, such as meteorological), human activity (such as traffic and crowding), level of pollution (in particular the concentration of particulate matter), and epidemiological variables related to the evolution of the contagion. The tool realized in the first phase of the project will serve later both as a decision support system (DSS) with predictive capacity, when fed by the actual measured data, and as a simulation bench performing the tuning of certain input values, to identify which of them lead to a decrease in the degree of risk. In this way, the authors aim to design different scenarios to compare different restrictive strategies and the actual expected benefits, to adopt measures sized to the actual need, and adapted to the specific areas of analysis, useful to safeguard human health, but also the economic and social impact of the choices.
△ Less
Submitted 7 November, 2020;
originally announced November 2020.
-
Constrained Concealment Attacks against Reconstruction-based Anomaly Detectors in Industrial Control Systems
Authors:
Alessandro Erba,
Riccardo Taormina,
Stefano Galelli,
Marcello Pogliani,
Michele Carminati,
Stefano Zanero,
Nils Ole Tippenhauer
Abstract:
Recently, reconstruction-based anomaly detection was proposed as an effective technique to detect attacks in dynamic industrial control networks. Unlike classical network anomaly detectors that observe the network traffic, reconstruction-based detectors operate on the measured sensor data, leveraging physical process models learned a priori.
In this work, we investigate different approaches to e…
▽ More
Recently, reconstruction-based anomaly detection was proposed as an effective technique to detect attacks in dynamic industrial control networks. Unlike classical network anomaly detectors that observe the network traffic, reconstruction-based detectors operate on the measured sensor data, leveraging physical process models learned a priori.
In this work, we investigate different approaches to evade prior-work reconstruction-based anomaly detectors by manipulating sensor data so that the attack is concealed. We find that replay attacks (commonly assumed to be very strong) show bad performance (i.e., increasing the number of alarms) if the attacker is constrained to manipulate less than 95% of all features in the system, as hidden correlations between the features are not replicated well. To address this, we propose two novel attacks that manipulate a subset of the sensor readings, leveraging learned physical constraints of the system. Our attacks feature two different attacker models: A white box attacker, which uses an optimization approach with a detection oracle, and a black box attacker, which uses an autoencoder to translate anomalous data into normal data. We evaluate our implementation on two different datasets from the water distribution domain, showing that the detector's Recall drops from 0.68 to 0.12 by manipulating 4 sensors out of 82 in WADI dataset. In addition, we show that our black box attacks are transferable to different detectors: They work against autoencoder-, LSTM-, and CNN-based detectors. Finally, we implement and demonstrate our attacks on a real industrial testbed to demonstrate their feasibility in real-time.
△ Less
Submitted 12 October, 2020; v1 submitted 17 July, 2019;
originally announced July 2019.