Cyber Resilience for the Internet of Things: Implementations with Resilience Engines and Attack Classifications

Recently, the number of publicized attacks on IoT devices has noticeably grown. This is in part due to the increasing deployment of embedded systems into various domains, including critical infrastructure, which makes them a valuable asset and a compromise can cause significant damages. In this case, it is often required to send an engineer to manually recover the devices, as the attack leaves them out of reach of standard remote management solutions. To avoid this costly process, the concept of cyber resilience has gained traction in recent years in both academia and industry. Its core idea is to enable compromised devices to recover themselves to a trusted state without human intervention. Initial guidelines and architectures to realize cyber resilience have been published by standardization entities like NIST and TCG, and in multiple academic papers. While the initial works focused on guaranteed recovery, recent proposals included attack detection to speed up the recovery process. In this work, we build on top of these ideas and present an extended resilience architecture. We present new implementations of resilience engines with a focus on secure and reliable data acquisition for attack detection and classification. Our attack classification engine enables tailored, more efficient recovery responses.