Building Defensive Self-Knowledge Using Embedded Machine Learning in Avionics Julien DEPAILLAT1 , Philippe BAUMARD2 and Pierre PARADINAS3 1 Conservatoire National des Arts et Métiers (CNAM), CEDRIC-ESDR3C & AKHEROS, Ph Student 2 Conservatoire National des Arts et Métiers (CNAM), ESDR3C 3 Conservatoire National des Arts et Métiers (CNAM), CEDRIC Abstract With the increasing demand for smart and connected devices (IoT) and embedded systems have become an integral part of our daily lives. However, this also brings new challenges in terms of security, as these systems often deal with sensitive data and / or perform critical operations. Machine learning techniques have emerged as a promising solution for enhancing the security of embedded systems. By leveraging large amounts of data, machine learning algorithms can identify patterns and anomalies that may indicate a security breach and trigger appropriate responses in real-time. In this article we will provide an overview of the use of machine learning in securing embedded systems highlighting its benefits, potential challenges while discussing some of the recent research in this area. Keywords Embedded Systems, Machine Learning, HIDS 1. Introduction The security of Internet of Things (IoTs) and embedded systems is a major concern in today’s world. With the proliferation of connected devices, these systems are prime targets for cyber- criminals looking to exploit their vulnerabilities to gain access to sensitive data or to conduct broader attacks against critical infrastructure. In recent years, there have been numerous cyber-attacks on industrial and energy systems, further demonstrating the security challenges facing IoTs and embedded systems. Among the most famous are Stuxnet, which targeted Iranian industrial systems and slowed down their nuclear program [1], BlackEnergy and Industroyer targeting the Ukrainian electrical network [2, 3], TRITON discovered in a petrochemical complex in Saudi Arabia targeting the Triconex Schneider Electric responsible for the security of the installations [4] or Mirai infecting thousands of IoTs in order to provoke Distributed Denial of Service (DDoS) attacks [5]. Vulnerabilities can be found at different layers, including the hardware, network and software layers. Hardware layer vulnerabilities are difficult to patch and can be exploited by attackers who have physical access to the device [6]. C&ESAR’23: Computer & Electronics Security Application Rendezvous, Nov. 21-22, 2023, Rennes, France $ julien.depaillat@protonmail.com (J. DEPAILLAT); philippe.baumard@lecnam.net (P. BAUMARD); pierre.paradinas@cnam.fr (P. PARADINAS) © 2023 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings http://ceur-ws.org ISSN 1613-0073 CEUR Workshop Proceedings (CEUR-WS.org) Proceedings of the 30th C&ESAR (2023) 55 CEUR ceur-ws.org Workshop ISSN 1613-0073 Proceedings Building Defensive Self-Knowledge Using Embedded Machine Learning in Avio... Attacks on the network layer include attacks on the communication radio, which can lead to man-in-the-middle attacks or eavesdropping [7]. The software layer contains the operating system, drivers, and applications that use the previous layers to create value, and is also not free of attacks. For example, the infamous Mirai botnet attack targeted devices with known default passwords and resulted in massive DDoS attacks [5]. Various countermeasures have been proposed to provide attack prevention [8], including password protection, data encryption, and restricted access control. However, the effectiveness of these countermeasures has been limited, as many IoT devices still contain vulnerabilities that can potentially be exploited via software updates [6]. Extensive research has been conducted on ways to protect against these attacks. Protec- tion methods can be grouped into two categories: prevention and tolerance methods [6]. Prevention methods aim to eliminate program vulnerabilities and prevent certain types of attacks, while tolerance methods detect attacks and offer system recovery to stop the attack in progress. Previous research has examined various protection methods such as StackGuard [9] and software/hardware-based Control Flow Integrity (CFI) [10], which have limitations that make them controllable [6]. Some text proposes a methodology to implement a performance- based classification system that adopts a remote attestation mechanism to protect IoT devices [11]. Other proposed protection methods include code obfuscation [12], memory encryption [13], monitoring timers [14] or secure boot [15]. The use of Physically Unclonable Functions (PUFs) for authentication is not consistent with the testing approach because it requires hardware modifications [16]. In this article we will first present the context and then focus on Intrusion Detection System (IDS) based on machine learning techniques and their performance on embedded applications. Finally, we will present the experiment we are conducting to develop a Host-based Intrusion Detection System (HIDS) based on behavioral incongruity to detect attacks targeting a Flight Management System (FMS) application. 2. Context The use of embedded systems in various domains, such as transportation, health, and industry, has been increasing, which leads to the need for secure and resilient systems. In avionics, safety is a top priority. On-board systems must be reliable and robust to ensure proper operation of the aircraft and to guarantee the safety of passengers and crew. Due to their physical isolation, strict protocols and proprietary software, these systems have long been considered unassailable. As mentioned in the introduction, the multiplication of attacks and propagation vectors have called into question this consideration. Indeed, the director of the European Union Aviation Safety Agency (EASA), Patrick Ky announced in 2015 that « Believing that air transport is safe from this kind of threat is tantamount to veiling the face » [17]. Indeed, taking into account the strategic stakes represented by aviation, military and civilian, we understand that this sector can be a prime target for attackers. Their motivations can be many and varied: intention to harm, theft of information, profit, promotion of political objectives ("hacktivist" motivations), etc. Therefore, it is important to guard against external attacks, carried out on “classic” information systems and networks, but also internal attacks which may come from malicious intentional acts, affecting 56 Proceedings of the 30th C&ESAR (2023) J. Depaillat, P. Paradinas and P. Baumard in particular the production, update and deployment chains or unintended uses of embedded systems. One approach to achieving this goal is intrusion detection, which involves detecting and preventing malicious and malevolent behavior. More and more studies are emerging on the possibilities of integrating IDS in order to protect them [18, 19, 20]. 2.1. What are Intrusion Detection System IDS are increasingly popular computer security tools [18, 19, 20] to protect embedded systems against potential threats. An IDS is a software or hardware device that monitors the activities of a computer system or network to detect attempts at intrusion, exploitation or security breach. They mainly consist of a data collection module and a detection module. There are two types based on their placement and the data they collect: Network-based Intrusion Detection System (NIDS) and HIDS. The NIDS collection modules are placed at strategic locations on the network, for example on a router in a subnet, a Demilitarized Zone (DMZ) or on a firewall ensuring the connection between the internal network and the Internet network. This type of IDS collects data such as source and destination IP addresses, ports used, communication protocols and packet information (content, size, frequency). The HIDS collection modules are placed directly on the terminals to be monitored, such as servers, workstations or in our case embedded systems. They analyze application data, files, log data, system data, etc. Each of them is also differentiated according to their method of detection. There are again two categories: signature-based IDS and anomaly-based IDS. The former uses a detection method based on the comparison of collected data with a pre- established signature base that represents known malicious behavior and is used to detect attacks in real time. The latter, based on anomalies, are increasingly used in embedded systems. They seek to define a set of models that will characterize the observed system. Once this characterization has been established, anomaly detection is done via a comparison of the current behavior with respect to the latter. If too much deviation is calculated, this means that an intrusion attempt or a security violation is in progress. This method has a major advantage over the signature-based method. Indeed, a new attack or a variant will have an unknown, different signature, and will therefore not be detected by the IDS based on signatures. On the other hand, these attacks will cause a change in the functioning of the system and its application and create a deviation from the normal behavior, therefore generating an alert for those based on anomalies. Embedded defensive learning therefore consists of training artificial intelligence algorithms to detect and react to anomalies and potential attacks on embedded systems. This type of learning uses machine learning techniques to create patterns of normal system behavior and then uses them to detect potential anomalies. Proceedings of the 30th C&ESAR (2023) 57 Building Defensive Self-Knowledge Using Embedded Machine Learning in Avio... 2.2. Using Machine Learning to Build Defense Knowledge of Embedded Systems To enhance intrusion detection capabilities, the theory of incongruity can be used in machine- to-machine interactions, including in embedded systems. The theory involves constructing a learning module that calculates self-congruity and self-incongruity values for each machine, node, or component to detect their own behavior inconsistencies, incongruities, or dissonances. This can be used for forensic analysis and to search for dormant threats such as Advanced Persistent Threats (APTs). The patent application proposed by Baumard [21] advocates for an autonomous system for incongruous behavior detection in machine-to-machine interactions without using a previously built normative rule of behavior. However, Bourdon et al. [16] suggests that using statistical analysis or machine learning in combination with other detection methods can enhance detection capabilities, while addressing scalability and standardization issues. Bourdon et al. [16] also discusses the implementation and improvement of a platform for intrusion detection in connected objects based on hardware counters analysis, thus highlighting the need for compatibility with the characteristics of the objects studied. Overall, the theory of incongruity can be valuable for enhancing intrusion detection capabilities in embedded systems, but further research on its effectiveness in comparison to other detection methods is needed [16, 21, 22, 23]. A performance-and machine-learning-based classification system has also been proposed as a runtime attack detection method based on program behavior, hardware performance counters, and machine learning [6]. An experimental approach to detecting behavioral anomalies using hardware performance counters was also explored, and was conducted on platforms with representative IoT devices in a real-world industrial environment [16]. 3. Developing an embedded Host-based Intrusion Detection System Before building an embedded HIDS it is important to highlight the constraints related to this domain in order to be sure not to interfere with its proper functioning. We define here the five main criteria for choosing an anomaly detection technique suitable for avionics: • Real-Time: the HIDS must not disturb the normal execution cycle of the application. The technique used must be able to process all the data recorded during one execution cycle of the monitored application. The machine learning algorithm must be optimized to ensure that the processing of data and the production of results are carried out in less than 5% of the total cycle time [18]. • Memory footprint: memory resources are generally chosen according to the application and the desired goal. The margin in terms of available memory is therefore often small. It may be necessary to use compression methods in order to store the models, process the data and generate the results. It is also advisable to choose a machine learning algorithm that is not memory intensive. • Detection capacity: the HIDS must detect anomalies with a low or zero rate of false alerts (false positives) for the highest possible rate of true alerts (true positives). Furthermore, 58 Proceedings of the 30th C&ESAR (2023) J. Depaillat, P. Paradinas and P. Baumard the results generated must be understandable and easily interpretable in order to be exploitable by an operator in flight. • Offline: the HIDS must be able to operate without a connection to an external network in order to ensure the best possible protection during operations in areas without internet access. This increases security since no changes can be made remotely. • Intellectual property: the HIDS must be able to create behavioral models of the system without functional knowledge of the application. No changes to existing code should also be necessary. An embedded HIDS must therefore respect constraints of time, storage space, limited com- munication capacity in addition to a minimal modification of the existing one. Indeed, it will in all cases be necessary to add a component or to integrate the HIDS directly into the system environment in order to be able to learn behaviors and detect anomalies. 3.1. The collection module In order to be able to create its model set and start monitoring the system, the HIDS must be fed with data. As stated previously, it is necessary to respect performance criteria and not modify the existing one. The collection module must therefore be an extremely fast part in terms of execution time. In order not to clutter up the memory space, the collected data must be processed as quickly as possible in order to be destroyed and leave space for the following data. In any case, it will be necessary to allocate a fixed memory space dedicated to this storage. If the allocated space is full and new data arrives, it is necessary to define the behavior to adopt. As a general rule, we preferred to ignore the new data and wait for a new execution cycle of the application to continue the analysis in the most consistent way possible. Embedded applications, especially in the avionics field, are generally deterministic, which means that it always produces the same results for the same input in a known period of time, facilitating this process. To agree to the point of non-modification, it is necessary to collect events not provided by the application and generalizable to all on-board systems. There are several categories: • Hardware Performance Counters (HPCs) • OS errors • System / API calls • Communications / IO • Memory Each of these categories provides different information about system activity. Some may be easier to implement than others, notably HPCs and OS errors which can be used for other activities such as Health Monitoring and do not require so no change to the system. The studies by Boyer [6] and Bourdon [16] are based on the use of HPCs to detect anomalies. They put forward certain precautions: pay attention to changes of context which can disturb the reading of the counters, the difference between processors which do not all have the same counters or even the operating system used, two executions in a different environment will not give rise to the same evolutions. In addition, the number of simultaneous readings of HPCs is limited Proceedings of the 30th C&ESAR (2023) 59 Building Defensive Self-Knowledge Using Embedded Machine Learning in Avio... depending on the processor, so you must first choose the most relevant counters for each application. OS errors include ARINC 653 error codes (in avionics), missed deadlines, numeric errors, or illegal requests [24]. The information provided by this data alone is insufficient to effectively detect intrusions. The system calls provide very interesting information to characterize the behavior of an application. In the case of a deterministic one, we expect to find the same sequences of calls at similar frequencies. According to Kadar [25] it is an efficient way to detect intrusions; detection accuracy is generally above 90%, despite a high false positive rate, which can easily reach 15% in recent research. These rates depend of course on the learning algorithm used as well as the settings chosen and can therefore be improved by using the right combinations. Furthermore, it is possible to recover the arguments used or the values of the memory pointers on each call in order to enrich the learning. In a similar principle, observing API calls provides valuable information about its execution. These calls have the advantage of offering better portability from one system to another regardless of its architecture, in particular in the avionics which are based on the ARINC 653 [18] standard. communication data can also be useful for detecting anomalies, such as unauthorized connec- tion attempts or malformed data packets. Embedded systems often communicate via specific protocols, such as the CAN [26] protocol used in the automotive industry, and monitoring these protocols can help detect attacks specific to them. Communication biases represent privileged access for an attacker. By monitoring the IO data, we can obtain a characterization of the interactions between the various components of the system, which can help detect compatibility or configuration problems [27]. It can also improve system performance by identifying bot- tlenecks or inefficiencies in input/output and communication processes. Generally, embedded systems are connected to several sensors that provide various measurements of elements such as temperature, pressure, acceleration, speed, etc. By correlating this type of data to system calls, the coverage and robustness of learning are considerably increased. Finally, a last category can be considered: memory. It contains all the data being processed in the system, including program instructions being executed and temporary data. By monitoring memory, it can detect anomalies such as incorrect memory accesses, buffer overflows, attempts to inject malicious code, or memory leaks [28]. It can detect suspicious or malicious behavior, such as attempts to install malicious software, to take control of the system or to alter the data handled by the application degrading its integrity [29]. However, it is more complex to implement and requires very special attention so as not to disturb the proper functioning of the system. 3.2. The learning / detection module This module represents the heart of the HIDS. It will be in charge of learning the models characterizing the application, which will then allow anomalies to be detected. As with the collection module, it should be as optimized as possible in order to respect the technical constraints associated with the system that hosts it. The choice of technique and learning algorithm is very important. There are 3 techniques: supervised, unsupervised and semi- supervised learning. Supervised learning [30] is a machine learning technique where a statistical model is trained 60 Proceedings of the 30th C&ESAR (2023) J. Depaillat, P. Paradinas and P. Baumard from a set of labeled data. In this type of learning, the model must predict an output based on known inputs and outputs. These known outputs, or labels, are provided in the training dataset. The learning process consists of adjusting the parameters of the model to minimize the deviation between the predicted outputs and the known labels. Once the model has been trained on a dataset, it can be used to make predictions on new data. Supervised learning is commonly used in applications such as image classification, email spam detection, speech recognition, or real estate value prediction. Commonly used algorithms for supervised learning include decision trees, neural networks, Support Vector Machine (SVM), and random forests. Unsupervised learning [31] focuses on creating patterns and structures from unlabeled or previously annotated data. It can be used for data classification, image segmentation, anomaly detection, dimensionality reduction, product recommendation, clustering analysis and other data analysis tasks. Commonly used algorithms for unsupervised learning include k-means, self- encoding neural networks, convolutional neural networks, Boltzmann machines [32], Hopfield neural networks [33], and Principal component analysis (PCA). Finally, semi-supervised learning [34] is a combination of the elements of supervised and unsupervised learning. In this type of learning, the model is trained on a dataset containing both labeled and unlabeled data. In the embedded context, it is assumed that the execution environment is healthy, which constitutes the labeled data to guide learning. It is also possible to integrate known attack datasets into the learning to improve its robustness. However, it is impossible to ensure that all cases of attacks will be tested. Semi-supervised learning is particularly useful when labeled data is expensive or difficult to obtain. This makes it a good choice for the embedded domain since learning does not necessarily need an attack to establish normal behavior. Commonly used algorithms include labeling propagation methods, mixture models, neural networks, and semi-supervised SVMs. These algorithms can be adapted to work with different types of data, such as text, image, and sequence data. Once the technique has been selected, it is necessary to choose the machine learning algorithm adapted to the on-board criteria. Sayadi [35], whose study is mainly based on the use of HPCs, offers a performance comparison of different machine learning algorithms on the detection of Rootkit, Backdoor and Trojan (table 1) as well as their hardware cost (table 2). The presented algorithms belong to 5 different families: • Probabilistic graphs : BayesNet • Neural networks : MLP • Rule systems : OneR, JRip • Decision Trees : J48, REPTree • Machine Support Vectors : SMO Bayesian Networks (BayesNets) belong to the class of probabilistic graphical models, which are a category of machine learning that use graphs to represent probabilistic relationships between variables. In a BayesNet, the nodes represent the variables (here the HPCs) and the arcs the probabilistic dependencies between the variables. They are based on Bayes’ theorem [36] and use conditional probability methods to evaluate probabilities and predictions. Multi-Layer Perceptron (MLP) are a type of forward propagation (or feedforward) neural network composed of multiple layers of neurons, where each neuron in one layer is connected Proceedings of the 30th C&ESAR (2023) 61 Building Defensive Self-Knowledge Using Embedded Machine Learning in Avio... Table 1 ML algorithm comparison of malware accuracy detection Algorithm Rootkit Backdoor Trojan Average BayesNet 88.1% 91.6% 99.0% 92.9% MLP 94.0% 92.4% 89.8% 92.1% OneR 81.5% 92.0% 99.0% 90.9% JRip 84.8% 92.0% 66.3% 81.0% J48 85.4% 92.0% 65.7% 81.0% REPTree 82.8% 92.0% 66.3% 80.4% SMO 91.4% 89.5% 98.8% 93.2% to all neurons in the next layer [37]. MLP are particularly suitable for nonlinear classification and prediction tasks. OneR [38] is a type of simple and interpretable algorithm that uses a single rule to predict the class of a new example. It works by choosing the input variable that provides the best prediction for each class and then uses that variable to create a decision rule. This rule is then used to predict the class of new examples. They are widely used for their simplicity and interpretability but can be less accurate than other more complex algorithms. In the JRip algorithm [39] the training data is divided into an increasing set and a pruning set. First, an initial set of rules is trained on the growing set, using a heuristic method. This over-sized rule-set is then repeatedly simplified by applying a set of pruning operators. At each simplification step, the pruning operator chosen is the one that produces the greatest error reduction on the pruning set. The simplification step ends when applying a pruning operator would increase the error on the pruning set. J48 is a decision tree-based algorithm [39] that uses a divide and conquer approach to generate a decision tree from input data. The decision tree is a tree structure in which each internal node represents an input variable, each branch represents a value of this variable and each leaf represents an output class. Like other decision tree-based algorithms, REPTrees generate a decision tree from the input data, using a divide and conquer approach [40]. The particularity of REPTrees is that they use a regression technique to decide on the optimal division of the nodes of the tree. REPTrees are often used for their simplicity and speed, but can suffer from over-fitting and have lower performance than other more complex algorithms for high-dimensional classification problems. SVM are algorithms that learn to classify data by finding the decision boundary that maximizes the margin between the two classes. The Sequential Minimal Optimization (SMO) is a specific optimization method to solve the margin optimization problem of SVM in an efficient way [41]. SVM and SMO are appreciated for their ability to generalize previously unseen data and for their robustness against noise. Based on table 1, we can see that the MLP performs better for the detection of Rootkits and Backdoors, whileBayesNet, OneR and SMO dominate for Trojans. The JRip, J48 and REPTree algorithms are far behind in this category. On average, we find that algorithms based on long and complex learning give the most relevant results. However, according to the table 2 they are also the most demanding in terms of execution time and memory used. Although very accurate, 62 Proceedings of the 30th C&ESAR (2023) J. Depaillat, P. Paradinas and P. Baumard Table 2 ML algorithm comparison of hardware overhead Algorithm Latency Memory (block) BayesNet 60ns 7645 MLP 1020ns 25667 OneR 10ns 292 JRip 20ns 156 J48 30ns 584 REPTree 30ns 377 SMO 220ns 2246 MLP has the highest latency and highest memory usage, so it doesn’t seem to be suitable for critical embedded system. SMO has the best detection results. However, it also has the second most significant impact in terms of execution time. BayesNet seems like a good compromise. They have a very good detection score, an acceptable execution time and a moderate memory impact. It is important to note that no particular optimization has been made to the implementation of these algorithms. It is therefore possible to make improvements on the execution time and the memory cost. Moreover, depending on the characteristics of the platform and its end goal, it is also possible to choose to optimize one to the detriment of the other. Once the algorithm is defined, all that remains is to adapt it to the platform. Learning is the most costly part in terms of resources. If this is too important, it is possible to collect the selected data and perform the learning on a conventional computer. It will then suffice to transfer the models to the platform so that the detection module can use them as a normal basis. 4. The experimentation 4.1. Context To develop our HIDS, we have set up a collaboration with a leading European company that develops Real-Time Operating System (RTOS) used in the avionics field. In order to get as close as possible to reality, we will monitor a FMS application, provided by another leading European company that provides systems and applications in this field. A FMS is an on-board computer used for automatic navigation and guidance, presentation of information, management of aircraft systems, efficient management of fuel and reduction of operating costs [42]. This FMS already works on our partner’s RTOS and will therefore be embedded on a T2080 board. It is largely used in the avionics world for this type of application. It has a 4-core processor clocked at 1.8GHz sharing a 2MB L2 cache memory. The Operating System (OS) allows us to define the priority of each application, their order and duration of execution as well as the core(s) used. The FMS application requires 2 cores, so we will use 1 core to perform data collection, machine learning and detection and 1 core to execute our attacks. To validate our experiment we will use 3 criteria: Proceedings of the 30th C&ESAR (2023) 63 Building Defensive Self-Knowledge Using Embedded Machine Learning in Avio... • The operations of the application must not be disturbed by system modifications, data collection and the HIDS. • The monitored application must not be modified in any way to adapt to changes made to the OS or to the HIDS. • A maximum attack detection rate for a false positive rate of 0%. 4.2. Objectives and implementation In order to carry out this experiment, it is necessary to define the objectives to be achieved as well as the various actions to be undertaken. The main objective of this experiment is to determine if a HIDS based on a machine learning algorithm is viable for detecting intrusions on an embedded system. The second objective is to know the cost of it in terms of performance in order to establish the minimum resources required for its proper functioning. The third will be to determine which actions, human and automatic, could be taken in the event of detection of an attack. Finally, we will seek to assess the degree of portability of this algorithm to other embedded systems / applications. To set up this experiment it will be necessary to carry out the following tasks: • Modify the OS in order to be able to collect the data necessary for model learning and attack detection (syscall, HPCs, timestamp, context, etc.). • Choose the machine learning algorithm to use. • Develop the HIDS using this algorithm so that it is compatible with the embedded OS. • Optimize the HIDS so that it is embeddable, the least greedy and the fastest possible. • Create normal usage scenarios of the application covering its functionalities as much as possible. • Run these scenarios in order to create the models characterizing the proper functioning of the application. • Create attack scenarios to disrupt the proper functioning of the application and system. • Run these scenarios to assess the detection capabilities of the HIDS. 4.3. The attacks to detect In agreement with the teams of our collaborators, we have drawn up a list of attacks that will be put in place to assess the detection capabilities of the HIDS: • Pre-loaded attacks: code added in the binary application before uploading to the plat- form. Corruption of the on-board application set (modification of certain functionalities: trajectory calculation, GPS position, etc.). • Spoofing attacks on sensors [43] feeding the FMS: here, we will seek to know if it is possible to determine that an attack is in progress on one or more external systems on which it the monitored one depends. Indeed, if inconsistent data between them is provided to the FMS, this can lead to unusual actions of the application symbolized by aberrant values in terms of syscall and values of the monitored HPCs. • Injection attacks: random code, control-flow hijacking [44]. 64 Proceedings of the 30th C&ESAR (2023) J. Depaillat, P. Paradinas and P. Baumard • Passive attacks: side-channel attack on the micro-architecture. Variant of Spectre [45] (memory leak of the application, particularly "cache timing"). • Active attacks: fault injection attacks on the micro-architecture. Rowhammer [46] and variant like Blacksmith [47]. Based on errors in the Dynamic Random Access Memory (DRAM), memory cells can change values influenced by the activity of neighboring cells, an attacker can illegitimately modify a memory space without having access to it. The following attacks will not be taken into account: • Passive physical attacks, without interaction with the system: laser attack [48], hidden channel attacks [49] on electromagnetic emissions, etc. • Attack compromising the security of the OS: if the OS is compromised it is a safe bet that the HIDS which depends on it will be compromised too. • Attacks compromising the system boot-chain: if the boot sequence is compromised, this means that the OS is compromised and so is the HIDS. For all attacks we will consider that the opponent has succeeded, by some means, in making the desired changes to the platform / application without being detected. We will not seek to de- termine which intrusion vector was used using the HIDS even if, according to the modifications made, the details provided during the analysis and detection would allow it. 4.4. Current progress Currently, the modifications of the OS in order to gather the syscalls, HPCs (6 different), timestamp have been made. Furthermore, we have already been able to assess the impact of this collection in terms of execution time on the application. These results are shown in figure 1. On this graph, we distinguish the time required on the ordinate to collect the number of elements indicated on the abscissa. There is an additional cost in execution time varying from 82ns to 113ns knowing that 99.8% remains below 100ns and 0.2% above. The HIDS is based on the incongruity work carried out by Baumard [21] and mentioned in part 2.2. This HIDS uses a learning algorithm based on dynamic Bayesian networks presented by Hourbracq [50]. These are classic Bayesian networks, as presented in part 3.2, but whose nodes {𝑋𝑖 (𝑡), 𝑖 = 1 . . . 𝑛}, representing discrete random variables, are indexed by the discrete time 𝑡. Therefore they are Bayesian networks evolving during the execution of the application and not frozen once established. This has several advantages over the BayesNet, namely: • A lower number of models to explain the different aspects of the application. • The generated models are more robust. • Infrequent behaviors with values that can be considered outliers stand out much more. The HIDS is written in C respecting the POSIX standard allowing it a fairly easy portability. However for the needs of this experiment and in order to be compliant with the specifics of the OS and the avionics certifications, the code had to be adjusted. In addition to this adjustment, large optimizations have been made to address the resource restrictions of embedded systems. It occupies 150kB and uses 22MB of RAM. These 22MB constitute the maximum size that will be necessary for the detection phase. Note that it may vary if we decide to expand the number of Proceedings of the 30th C&ESAR (2023) 65 Building Defensive Self-Knowledge Using Embedded Machine Learning in Avio... Figure 1: Time overhead to collect desired data for a 30-minute flight. training samples. Here it is the required memory to load the behavioral models learned on the 20 flights resulting from the different learning scenarios that we have established. The flights have a duration ranging from 30 minutes to 1 hour and 30 minutes. We also plan to test on long-haul flights. The needed learning time is less than the duration of each flight, even if the lower the number of models, the longer the learning will be. Indeed, reinforcing an existing model takes longer than creating a new one. 4.5. Next steps The next steps will be to compare the models obtained with unaltered flights not used during the learning phase in order to ensure that no alert is generated and that the models can explain the flights. Subsequently, it will be necessary to set up the scenarios for the attacks set out in 4.3 in order to evaluate the detection capacity of the HIDS. in order to accurately determine when the attack occurs it will be necessary to add information not used by the HIDS to calculate the false positive rate and make the necessary adjustments so that it is 0%. Finally, depending on the obtained results, we can assess the possible actions to be taken in the event of an attack. However, it should be borne in mind that in this area automatic actions will be limited and should not conflict with flight safety rules. 4.6. Current conclusions of the experimentation With the progress currently made, we have succeeded in developing a HIDS allowing the creation of models characterizing an embedded avionics application. The additional cost necessary for the operation of the HIDS was deemed minimal by our supplier, recognized in this field, and no modification to the application was made, thus validating the first 2 criteria. Although it is a specific platform, the results obtained are encouraging as to the possibility of porting it to other embedded systems. 66 Proceedings of the 30th C&ESAR (2023) J. Depaillat, P. Paradinas and P. Baumard All that remains now is the step of constructing the attacks to evaluate the detection capacity of the HIDS and to conclude our study. If it is validated, we will be able to consider deploying the HIDS on a larger number of similar devices since the generated models can be transposed from one system to another as long as they share the same technical characteristics. 5. Conclusion In summary, the literature highlights the security challenges of IoTs and embedded systems and the need for effective ways to protect against attacks. Various protection methods exist and implementation steps of a HIDS using machine learning has been proposed. The use of this technology can greatly help to detect various and unknown attack without the need of external database nor human intervention. It can greatly improve embedded systems cyber-security. However, more research is needed to ensure that protection for IoTs and embedded systems is effective, efficient, and adaptable to changing security threats. References [1] R. Langner, Stuxnet: Dissecting a cyberwarfare weapon, IEEE Security & Privacy 9 (2011) 49–51. [2] A. Cherepanov, BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry, 2016. URL: https://www.welivesecurity.com/2016/01/03/ blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/. [3] A. Cherepanov, R. Lipovsky, Industroyer: Biggest threat to industrial control systems since Stuxnet, ESET 12 (2017). [4] A. D. Pinto, Y. Dragoni, A. Carcano, TRITON: The first ICS cyber attack on safety instru- ment systems, Black Hat USA (2018) 1–26. [5] M. Antonakakis, Understanding the Mirai Botnet, USENIX security symposium (2017) 1093–1110. URL: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/ presentation/antonakakis. [6] Y. Boyer, Étude et conception de méthodes de protection face aux attaques par corruption de mémoire pour systèmes embarqués dans le contexte de l’Internet des Objets, Université Montpellier (2020). [7] B. Bhushan, G. Sahoo, A. K. Rai, Man-in-the-middle attack in wireless and compu- ter networking — a review, 3rd International Conference on Advances in Computing, Com- munication Automation (ICACCA) 5 (2017) 1–6. [8] A. Makkar, N. Kumar, A. Ghoneim, S. Hossain, S. Garg, M. Alrashoud, An Efficient Spam Detection Technique for IoT Devices using Machine Learning, IEEE Transactions on Industrial Informatics 17 (2020). [9] C. Cowan, C. Pu, D. Maier, H. Hintony, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks, USENIX Security Symposium (1998). [10] M. Abadi, M. Budiu, Úlfar Erlingsson, J. Ligatti, Control-flow integrity, ACM Conference on Computer and Communications Security (2005). Proceedings of the 30th C&ESAR (2023) 67 Building Defensive Self-Knowledge Using Embedded Machine Learning in Avio... [11] R. V. Steiner, E. Lupu, Attestation in wireless sensor networks : A survey, ACM Computing Surveys (CSUR) 49 (2016) 1–31. [12] A. J. Suresh, S. Sankaran, Power Profiling and Analysis of Code Obfuscation for Embedded Devices, in: 2020 IEEE 17th India Council International Conference (INDICON), 2020, pp. 1–6. doi:10.1109/INDICON49873.2020.9342447. [13] M. Henson, S. Taylor, Memory Encryption: A Survey of Existing Techniques, ACM Comput. Surv. 46 (2014). URL: https://doi.org/10.1145/2566673. doi:10.1145/2566673. [14] S. Lu, M. Seo, R. Lysecky, Timing-based anomaly detection in embedded systems, in: The 20th Asia and South Pacific Design Automation Conference, 2015, pp. 809–814. doi:10. 1109/ASPDAC.2015.7059110. [15] R. Rashmi, A. Karthikeyan, Secure boot of Embedded Applications - A Review, in: 2018 Second International Conference on Electronics, Communication and Aerospace Technology (ICECA), 2018, pp. 291–298. doi:10.1109/ICECA.2018.8474730. [16] M. Bourdon, Détection d’intrusion basée sur l’analyse de compteurs matériels pour des objets connectés, INSA de Toulouse (2021). [17] B. Trévidic, L’Agence européenne de sécurité aérienne alerte contre le risque de cyber-attaque, Les Echos (2015). URL: https://www.lesechos.fr/2015/10/ lagence-europeenne-de-securite-aerienne-alerte-contre-le-risque-de-cyber-attaque-277334. [18] A. Damien, Sécurité par analyse comportementale de fonctions embarquées sur plateformes avioniques modulaires intégrées, Theses, INSA de Toulouse, 2020. URL: https://hal.laas.fr/ tel-02953842. [19] M.-K. Yoon, S. Mohan, J. Choi, J.-E. Kim, L. Sha, SecureCore: A multicore-based intrusion detection architecture for real-time embedded systems, in: 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS), 2013, pp. 21–32. doi:10. 1109/RTAS.2013.6531076. [20] I. Studnia, Y. Laarouchi, M. Kaaniche, V. Nicomette, E. Alata, A language-based intrusion detection approach for automotive embedded networks, International Journal of Embedded Systems 10 (2018) 1. doi:10.1504/IJES.2018.10010488. [21] P. Baumard, Autonomous detection of incongruous behaviors, European Patent Applica- tion 2 922 268 A1 (2015). [22] S. E. Smaha, Haystack : An intrusion detection system, Fourth Aerospace Computer Security Applications Conference 44 (1988). [23] Z. Chiba, N. Abghour, K. Moussaid, M. Rida, Intelligent approach to build a Deep Neu- ral Network based IDS for cloud environment using combination of machine learning algorithms, Computers & Security 86 (2021) 291–317. [24] P. Parkinson, L. Kinnan, Safety-critical software development for integrated modular avionics, Embedded System Engineering 11 (2003) 40–41. [25] M. Kadar, S. Tverdyshev, G. Fohler, System Calls Instrumentation for Intrusion Detection in Embedded Mixed-Criticality Systems, in: M. Asplund, M. Paulitsch (Eds.), 4th Interna- tional Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS 2019), volume 73 of OpenAccess Series in Informatics (OASIcs), Schloss Dagstuhl– Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 2019, pp. 2:1–2:13. URL: http: //drops.dagstuhl.de/opus/volltexte/2019/10893. doi:10.4230/OASIcs.CERTS.2019.2. [26] K. Ismail, A. Muharam, M. Pratama, Design of CAN Bus for Research Applications Purpose 68 Proceedings of the 30th C&ESAR (2023) J. Depaillat, P. Paradinas and P. Baumard Hybrid Electric Vehicle Using ARM Microcontroller, Energy Procedia 68 (2015) 288–296. URL: https://www.sciencedirect.com/science/article/pii/S1876610215005640. doi:https: //doi.org/10.1016/j.egypro.2015.03.258, 2nd International Conference on Sus- tainable Energy Engineering and Application (ICSEEA) 2014 Sustainable Energy for Green Mobility. [27] S. Jena, A. Gupta, Embedded Sensors for Health Monitoring of an Aircraft, Springer Singapore, Singapore, 2019, pp. 77–91. URL: https://doi.org/10.1007/978-981-13-3290-6_5. doi:10.1007/978-981-13-3290-6_5. [28] P. Weisberg, Y. Wiseman, Efficient memory control for avionics and embedded systems, International Journal of Embedded Systems 5 (2013) 225–238. [29] M.-K. Yoon, S. Mohan, J. Choi, L. Sha, Memory Heat Map: Anomaly Detection in Real-Time Embedded Systems Using Memory Behavior, in: Proceedings of the 52nd Annual Design Automation Conference, DAC ’15, Association for Computing Machinery, New York, NY, USA, 2015, pp. 1–6. URL: https://doi.org/10.1145/2744769.2744869. doi:10.1145/2744769. 2744869. [30] T. Jiang, J. L. Gradus, A. J. Rosellini, Supervised Machine Learning: A Brief Primer, Behavior Therapy 51 (2020) 675–687. URL: https://www.sciencedirect.com/science/article/ pii/S0005789420300678. doi:https://doi.org/10.1016/j.beth.2020.05.002. [31] R. Gentleman, V. J. Carey, Unsupervised Machine Learning, Springer New York, New York, NY, 2008, pp. 137–157. URL: https://doi.org/10.1007/978-0-387-77240-0_10. doi:10.1007/ 978-0-387-77240-0_10. [32] N. Zhang, S. Ding, J. Zhang, Y. Xue, An overview on Restricted Boltzmann Machines, Neu- rocomputing 275 (2018) 1186–1199. URL: https://www.sciencedirect.com/science/article/ pii/S0925231217315849. doi:https://doi.org/10.1016/j.neucom.2017.09.065. [33] G. Joya, M. Atencia, F. Sandoval, Hopfield neural networks for optimization: study of the different dynamics, Neurocomputing 43 (2002) 219–237. URL: https:// www.sciencedirect.com/science/article/pii/S092523120100337X. doi:https://doi.org/ 10.1016/S0925-2312(01)00337-X, selected engineering applications of neural net- works. [34] Z.-H. Zhou, Semi-Supervised Learning, Springer Singapore, Singapore, 2021, pp. 315–341. URL: https://doi.org/10.1007/978-981-15-1967-3_13. doi:10.1007/ 978-981-15-1967-3_13. [35] H. Sayadi, H. M. Makrani, O. Randive, S. Manoj, S. Rafatirad, H. Homayoun, Customized Machine Learning-Based Hardware-Assisted Malware Detection in Embedded Devices, in: 2018 17th IEEE International Conference On Trust, Security And Privacy In Com- puting And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018, pp. 1685–1688. doi:10.1109/TrustCom/ BigDataSE.2018.00251. [36] J. Joyce, Bayes’ Theorem, in: E. N. Zalta (Ed.), The Stanford Encyclopedia of Philosophy, Fall 2021 ed., Metaphysics Research Lab, Stanford University, 2021, pp. 1–5. [37] M. Gardner, S. Dorling, Artificial neural networks (the multilayer perceptron)—a review of applications in the atmospheric sciences, Atmospheric Environment 32 (1998) 2627–2636. URL: https://www.sciencedirect.com/science/article/pii/S1352231097004470. doi:https: //doi.org/10.1016/S1352-2310(97)00447-0. Proceedings of the 30th C&ESAR (2023) 69 Building Defensive Self-Knowledge Using Embedded Machine Learning in Avio... [38] Z. Muda, W. Yassin, M. N. Sulaiman, N. I. Udzir, Intrusion detection based on k-means clustering and OneR classification, in: 2011 7th International Conference on Information Assurance and Security (IAS), 2011, pp. 192–197. doi:10.1109/ISIAS.2011.6122818. [39] A. Rajput, R. P. Aharwal, M. Dubey, S. Saxena, M. Raghuvanshi, J48 and JRIP rules for e-governance data, International Journal of Computer Science and Security (IJCSS) 5 (2011) 201. [40] S. Kalmegh, Analysis of weka data mining algorithm reptree, simple cart and randomtree for classification of indian news, International Journal of Innovative Science, Engineering & Technology 2 (2015) 438–446. [41] S. Shevade, S. Keerthi, C. Bhattacharyya, K. Murthy, Improvements to the SMO algorithm for SVM regression, IEEE Transactions on Neural Networks 11 (2000) 1188–1193. doi:10. 1109/72.870050. [42] R. P. G. Collinson, Autopilots and flight management systems, Springer Netherlands, Dordrecht, 1996, pp. 366–405. URL: https://doi.org/10.1007/978-94-011-0007-6_8. doi:10. 1007/978-94-011-0007-6_8. [43] D. Davidson, H. Wu, R. Jellinek, V. Singh, T. Ristenpart, Controlling UAVs with Sensor Input Spoofing Attacks, in: 10th USENIX Workshop on Offensive Technologies (WOOT 16), USENIX Association, Austin, TX, 2016, pp. 1–10. URL: https://www.usenix.org/conference/ woot16/workshop-program/presentation/davidson. [44] N. Carlini, A. Barresi, M. Payer, D. Wagner, T. R. Gross, Control-Flow Bending: On the Effectiveness of Control-Flow Integrity, in: 24th USENIX Security Symposium (USENIX Security 15), USENIX Association, Washington, D.C., 2015, pp. 161–176. URL: https://www. usenix.org/conference/usenixsecurity15/technical-sessions/presentation/carlini. [45] P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, Y. Yarom, Spectre Attacks: Exploiting Speculative Execution, in: 2019 IEEE Symposium on Security and Privacy (SP), 2019, pp. 1–19. doi:10.1109/SP. 2019.00002. [46] O. Mutlu, J. S. Kim, RowHammer: A Retrospective, 2019. arXiv:1904.09724. [47] P. Jattke, V. Van Der Veen, P. Frigo, S. Gunter, K. Razavi, BLACKSMITH: Scalable Rowham- mering in the Frequency Domain, in: 2022 IEEE Symposium on Security and Privacy (SP), 2022, pp. 716–734. doi:10.1109/SP46214.2022.9833772. [48] J.-M. Dutertre, S. De Castro, A. Sarafianos, N. Boher, B. Rouzeyre, M. Lisart, J. Damiens, P. Candelier, M.-L. Flottes, G. Di Natale, Laser attacks on integrated circuits: From CMOS to FD-SOI, in: 2014 9th IEEE International Conference on Design & Technology of Integrated Systems in Nanoscale Era (DTIS), 2014, pp. 1–6. doi:10.1109/DTIS.2014.6850664. [49] T. Neubert, C. Vielhauer, Kill Chain Attack Modelling for Hidden Channel Attack Scenarios in Industrial Control Systems, IFAC-PapersOnLine 53 (2020) 11074–11080. URL: https: //www.sciencedirect.com/science/article/pii/S2405896320305231. doi:https://doi.org/ 10.1016/j.ifacol.2020.12.246, 21st IFAC World Congress. [50] M. Hourbracq, P.-H. Wuillemin, C. Gonzales, P. Baumard, Apprentissage et sélection de réseaux bayésiens dynamiques pour les processus online non stationnaires, Revue des Sciences et Technologies de l’Information - Série RIA : Revue d’Intelligence Artificielle 32 (2018) pp. 75–109. URL: https://cnam.hal.science/hal-03228681. 70 Proceedings of the 30th C&ESAR (2023)