CAML: Machine Learning-based Predictable, System-Level Anomaly Detection

Security challenges are increasing in distributed cyber-physical systems (CPSs), which integrate computation and physical processes. System security is complicated by both the temporal and safety constraints of CPSs. In this paper, we investigate the potential for using system-level anomaly detection in a component-based RTOS to detect system compromises and aberrant behavior. We investigate a machine learning-based anomaly detection framework, CAML, which monitors for and identifies cyber attacks in system-level services within bounded time. We leverage past work in system fault recovery to predictably recover the system to an uncompromised state. We also evaluate the effectiveness of CAML in an avionics simulatorbased CPS environment with injected cyber attacks. Our results and analysis indicate that CAML has promise to effectively enhance CPS robustness by securing the underlying RTOS against system-level cyber attacks with only small performance degradation.