A Machine Learning-Based Intrusion Detection System for Securing Remote Desktop Connections to Electronic Flight Bag Servers

Ron Bitton, Asaf Shabtai

Research output: Contribution to journalArticlepeer-review

29 Scopus citations

Abstract

Remote desktop protocols (RDP) are commonly used for connecting and interacting with computers remotely. In this case, a server component runs on the remote computer and shares its desktop (i.e., screen) with the client component which runs on an end user device. In recent years, a number of vulnerabilities have been identified in two widely used remote desktop implementations, Microsoft Remote Desktop and RealVNC. These vulnerabilities may expose the remote server to a new attack vector. This concern is increased when it comes to a cyber-physical system (CPS) in which a client device with a low trust level connects to the critical system via the remote desktop server. In order to mitigate this risk, in this paper we propose a network based intrusion detection system (NIDS) specifically designed for securing the remote desktop connections. The propose method utilizes an innovative anomaly detection technique based on machine learning for detecting malicious TCP packets, which can carry exploits aimed at the RDP server. An empirical evaluation conducted on an avionic system setup consisting of a commercial tablet (Samsung Galaxy Tab) connected through a Virtual Network Computing (VNC) remote desktop implementation to a real electronic flight bag (EFB) server shows that the proposed method can detect malicious packets carrying real exploits (reported in recent years) with a true positive rate of 0.863 and a false positive rate of 0.0001.

Original languageEnglish
Article number8703153
Pages (from-to)1164-1181
Number of pages18
JournalIEEE Transactions on Dependable and Secure Computing
Volume18
Issue number3
DOIs
StatePublished - 1 May 2021

Keywords

  • Anomaly detection
  • Electronic flight bag
  • Network-based intrusion detection system (NIDS)
  • Remote desktop
  • machine learning

ASJC Scopus subject areas

  • General Computer Science
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'A Machine Learning-Based Intrusion Detection System for Securing Remote Desktop Connections to Electronic Flight Bag Servers'. Together they form a unique fingerprint.

Cite this