Systematic Evaluation of Intrusion Detection Systems
Background and Problem Statement
Intrusion Detection is a concept to increase the security of a system during its operation. In short, an additional component, the Intrusion Detection System (IDS), is added to the system for monitoring the operation at runtime and to raise an alarm once it notices suspicious or anomalous behavior. IDSes are often considered as the last line of defense against potential attackers and even aim for mitigation of previously unknown attacks.
The challenge of detecting intrusions is as old as the engineering of software systems. Since the early 1970ies, myriads of different algorithms, features, and combinations of approaches have been proposed. Consequently in our view, there is only minimal benefit today in creating new approaches. Instead, the question, which of all available IDSes is the best choice for a given use case, the so called Intrusion Detection Evaluation Problem, has become essential.
In this project, we aim to propose a holistic methodology that, parallel to the development processes of the system, elicits the most suitable candidate IDS based on the current knowledge about the system and potential threats by attackers. Our methodology comprehends three phases focusing on (1) qualitative features during requirements engineering, (2) optimal configuration of the IDS during implementation, and (3) focused validation during the integration of the system as a whole.
As an exemplary use-case, we focus on hardening the Controller Area Network, a security weak-spot of today's vehicles. Classical cryptography or an architecture incorporating isolation or sandboxes cannot be added in hindsight to this legacy technology without violating the strong requirements for low costs and high safety. Therefore, Intrusion Detection is the biggest hope for avoiding a major redesign of the network inside future cars while leaving vehicles already on the street vulnerable. For our research, this is the ideal playground to identify trade-offs in strict attack mitigation while still enabling autonomous driving maneuvers, and investigate the interrelationship between safety and security.