Smart IDS and IPS for Cyber-Physical Systems

Smart IDS and IPS for Cyber-Physical Systems

Sara A. Mahboub, Elmustafa Sayed Ali Ahmed, Rashid A. Saeed
Copyright: © 2021 |Pages: 28
DOI: 10.4018/978-1-7998-5101-1.ch006
(Individual Chapters)
No Current Special Offers


One of the most important requirements is security and accessibility efforts which are represented as a critical issue that should be considered in many applications for the purpose of system confidentiality and safety. To ensure the security of current and emerging CPSs by taking into consideration the unique challenges present in this environment, development of current security mechanisms should be further studied and deployed in a manner that make it becomes more compatible with CPS environment, introduce a safer environment and maintain the quality of service at the same time. Systems known as intrusion detection systems (IDS) and intrusion prevention systems (IPS) are the most common security mechanisms used in networking and communication applications. These systems are based on artificial intelligence (AI) where computer-based algorithms are used to analyze, diagnose, and recognize that threats pattern according to an expected suspicious pattern.
Chapter Preview


Cyber-physical system (CPS) enables control and monitoring of the physical systems in many smart communications and networking applications. These applications are requiring improvement in CPS because it exceeds the simple embedded systems in operation concerning capability, adaptability, scalability, and security issues. Information security is a critical mission in cyber systems; it includes the detection of different types of threats and attacks, also, to prevent them from infecting the system (Huang et al, 2009). IDS and IPS provides a secure means to the current and emerging CPSs. Smart intrusion detection and prevention systems involve developed AI and ML techniques to enhance detection techniques which depended on patterns comparison. AI-based security solutions introduce day zero attack detection, which made it more suitable for CPS applications in the industry 4.0 revolution. Vulnerability analysis provides a routine for penetration testing or examining the strength of the configured security procedures. The threat modeling helps for security experts to find system weakness that can introduce a threat and develop the opposite solution to prevent it (Nazarenko & Safdar, 2019). Both of these techniques as essential and basics of security procedures that are used in legacy and modern security solutions considered in CPSs in addition to other developed security mechanisms.

Key Terms in this Chapter

NIST Standard: Represents the National Institute of Standards and Technology. It is known as a physical sciences laboratory and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness.

False Data Injection Detection: It’s a mechanism to detects the False data injection attacks. These kinds of attacks aim to compromise the readings of multiple smart sensors and phasor measurement units in smart applications to mislead the operation and control centers.

CyBOK Project: Stands for Cyber Security Body of Knowledge project is a collaborative initiative mobilized in 2017 with an aspiration to codify the foundational and generally recognized knowledge on Cyber Security. The project, funded by the National Cyber Security Program, is led by the University of Bristol's.

K-Means Clustering: Is a method of vector quantization, originally from signal processing, that aims to partition n observations into k clusters in which each observation belongs to the cluster with the nearest mean serving as a prototype of the cluster.

C2 Architecture: Architectural software style developed by the Institute for Software Research at the University of California. It focuses on the construction of a flexible and extensible software system using a component and message-based architecture.

Control-Flow Integrity (CFI): Is a term given to computer security techniques that prevent a wide variety of malware attacks from redirecting the flow of execution of a program.

Autoregression Behavioral: It’s a model that predicts future behavior based on past behavior. It's used for forecasting when there is some correlation between values in a time series and the values that precede and succeed them.

Trusted Safety Verifier (TSV): The term defines how to enable demonstrative test cases to system operators. It’s a minimal TCB for the verification of safety-critical code executed on programmable controllers.

Manufacturer Usage Description: Is an embedded software standard defined by the IETF that allows IoT Device makers to advertise device specifications, including the intended communication patterns for their device when it connects to the network.

Secure System Simplex Architecture (S3A): Is a term given to the integrated security framework that prevents damage from malicious intrusions in safety-critical systems as well as aids in rapid detection through side-channel monitoring.

Complete Chapter List

Search this Book: