Research On Intrusion Detection And Adversarial Attack For Integrated Electronic System

The integrated electronic system is an integrated system that uses computer network technology based on a standard bus to connect a variety of electronic devices(subsystems)together,so as to realize the information sharing and comprehensive utilization of each sub-system.It is currently mainly used in the aviation and military fields,and is an important part of various aircraft,ships and other application systems.The integrated electronic system was originally designed with high efficiency and usability as the main goals,and the security was not considered well,so it faced a huge risk of attack.At present,there are not many researches aiming at the security of integrated electronic systems at home and abroad.Therefore,this paper analyzes the vulnerability of integrated electronic systems,establishes a bus-based attack model for its applied bus protocol,and designs and implements an intrusion detection scheme suitable for integrated electronic systems.However,intrusion detection systems face the threat of adversarial attacks,and therefore this paper designs generative frameworks which based on the adversarial capabilities of different adversaries for generating adversarial attack samples to verify the effectiveness of adversarial attacks.At the same time,the generative frameworks are used to evaluate the robustness of the proposed detection scheme.The specific content is as follows:1.Based on the integrated electronic system architecture,a vulnerability analysis was carried out.Aiming at the bus protocol used in the integrated electronic system,a bus-based attack model is established,possible attack scenarios are analyzed,and a semi-physical simulation platform for aerospace integrated electronic system with attack sources is built on the basis of the attack model.The effectiveness of the attack was verified on the simulation platform,and a graphical user interface was developed for control and display.2.Aiming at the above-mentioned bus-based attack model,this paper proposes a two-layer detection method(TLP-IDS)for integrated electronic systems.First,the bus message is distinguished between periodic and aperiodic,and the aperiodic message is further divided into high and low priority.Then according to the nature of the message,a detection module based on time and logic is designed.The experimental results show that the detection rate of the detection module based on time and logic for the four attack scenarios reaches more than 98%,and it performs well in terms of time performance.However,it does not involve data content detection and cannot detect data spoofing attacks,and therefore this paper further proposes a data prediction detection module as a second layer of security barrier to make up for the omission of data attack detection.3.Because the intrusion detection system is facing the threat of adversary's carefully designed adversarial samples(adversarial attacks),this paper proposes a generative framework to generating adversarial examples for verification in the case of typical adversary capabilities.The generative framework is based on the generative adversarial network,according to different adversary capabilities,different two-normal distances are introduced into the generator objective function to optimize the generative framework model.In order to verify the performance of the framework,machine learning and deep learning methods that commonly used today are implemented as a black box intrusion detection system,and an experimental comparison is conducted.The results show that the two generation frame-works have good ability to generate adversarial samples,and the robustness of TLP-IDS under adversarial attacks is not much different from the robustness of multi-layer deep learning neural networks.