Researchers develop method for enhancing resilience against replay attacks in computer systems
- Published: Monday, 12 April 2021 07:33
Today’s complex, multi-tier systems, depend on layered communications to accomplish their tasks - yet every point of contact becomes a potential target for replay attacks. These are difficult to identify because the malicious actor uses information already in the system. By stealing an account number or a permission string stolen from one transmission and using it on another agent - or even the agent who originally received the transmission - the actor can gain access or incite a specific action.
A team of researchers from the University of Calabria in Italy has developed the first predictive control scheme that can help distributed networks with multiple agents not only identify replay attacks but also protect against them. Their approach was published in IEEE/CAA Journal of Automatica Sinica (Volume 8, Issue 3).
"Modern systems have an increasingly complex structure due to the large number of interacting agents aligned to accomplish specific tasks in a distributed fashion," said paper author Giuseppe Franzè, associate professor of control engineering in the Department of Informatics, Modeling, Electronics and System Engineering, University of Calabria. "The key result of the paper is that the described predictive control strategies, properly adapted to multi-agent configurations, can address difficult scenarios such as replay attacks."
Franzè and his team applied a ‘receding horizon’ model, that allows the researchers to predict what a system will look like in the future. By understanding what the system should look like, the model can identify when something unexpected occurs, like the resending of information.
Importantly, according to Franzè this strategy also offers protection by allowing the system to encapsulate in the moment before a replay attack, preserving communications until the attack can be successfully blocked.
"This low-demand model predictive control scheme is an efficient way to address unknown scenarios where external malicious agents affect normal system operations," Franzè said.