Murray
Dunne,
Master’s
candidate
David
R.
Cheriton
School
of
Computer
Science
Distributed, life-critical systems that bridge the gap between software and hardware are becoming an integral part of our everyday lives. From autonomous cars to smart electrical grids, such cyber-physical systems will soon be omnipresent. With this comes a corresponding increase in our vulnerability to cyber-attacks. Monitoring such systems to detect malicious actions is of critical importance.
One method of monitoring cyber-physical systems is anomaly detection: the process of detecting when the target system is deviating from expected normal behavior. Anomaly detection is a vibrant research area with many different viable approaches. There is no best anomaly detection method for the diversity and volume of data from cyber-physical systems. Instead, we focus on aggregating the result of multiple anomaly detection methods into a final anomalous or non-anomalous verdict.
In this thesis, we present Palisade, a distributed data collection, anomaly detection, and aggregation framework for cyber-physical systems. We discuss various methods of anomaly detection and aggregation and include a case study of anomaly aggregation on a cyber-physical treadmill driving demonstrator. We conclude with a discussion of lessons learned from the construction of Palisade, and recommendations for future research.