Data Distribution Service (DDS) is an innovative approach towards communication in ICS/IoT infrastructure and robotics. Being based on the cross-platform and cross-language API to be applicable in any computerised device, it offers the benefits of modern programming languages and the opportunities to develop more complex and advanced systems. However, the DDS complexity equally increases its vulnerability, while the existing security measures are limited to plug-ins and static rules, with the rest of the security provided by third-party applications and operating system. Specifically, traditional intrusion detection systems (IDS) do not detect any anomalies in the publish/subscribe method. With the exponentially growing global communication exchange, securing DDS is of the utmost importance to futureproofing industrial, public, and even personal devices and systems. This report presents an experimental work on the simulation of several specific attacks against DDS, and the application of Deep Learning for their detection. The findings show that even though Deep Learning allows to detect all simulated attacks using only metadata analysis, their detection level varies, with some of the advanced attacks being harder to detect. The limitations imposed by the attempts to preserve privacy significantly decrease the detection rate. The report also reviews the drawbacks and limitations of the Deep Learning approach and proposes a set of selected solutions and configurations, that can further improve the DDS security.
翻译:数据分发处(DDS)是ICS/IOT基础设施和机器人通信的一种创新办法,它基于跨平台和跨语言的API,适用于任何计算机化装置,它带来现代程序语言的好处,以及开发更复杂和先进的系统的机会,然而,DDS的复杂性同样增加了其脆弱性,而现有的安全措施仅限于插座和静态规则,而第三方应用程序和操作系统提供的其他安全规则。具体地说,传统的入侵探测系统(IDS)没有发现出版/订本方法中的任何异常现象。随着全球通信交流的急剧增长,确保DDS对今后对工业、公众、甚至个人装置和系统进行防护至关重要。本报告介绍了模拟对DDSS的几起具体袭击的实验性工作,以及运用深度学习来探测这些袭击。研究结果表明,即使深研习只允许利用元数据分析来探测所有模拟攻击,但其探测水平也各不相同,有些先进的攻击更难探测。由于试图保护隐私,因此限制今后对工业、公共、甚至个人装置和系统进行防护。该报告还回顾了对DDS系统所选的改进了安全办法。