Anomaly based Intrusion Detection for an Avionic Embedded System

Abstract

International audienceThis paper firstly describes the challenges raised by the introduction of Intrusion Detection Systems (IDS) in avionic systems. In particular, we discuss some specific characteristics of such systems and the advantages and limitations of signature-based and anomaly-based techniques in an avionics context. Based on this analysis, a framework is proposed to integrate a Host-based Intrusion Detection System (HIDS) in the general Integrated Modular Avionics (IMA) development process, which fits avionic systems constraints. The proposed HIDS architecture is composed of three modules: anomaly detection, attack confirmation, and alert sending. To demonstrate the efficiency of this HIDS, an attack injection module has also been developed. The overall approach is implemented on an IMA platform running a cockpit display function, to be representative of embedded avionic systems