Abstract
Remote desktop protocols (RDP) are commonly used for connecting and interacting with computers remotely. In this case, a server component runs on the remote computer and shares its desktop (i.e., screen) with the client component which runs on an end user device. In recent years, a number of vulnerabilities have been identified in two widely used remote desktop implementations, Microsoft Remote Desktop and RealVNC. These vulnerabilities may expose the remote server to a new attack vector. This concern is increased when it comes to a cyber-physical system (CPS) in which a client device with a low trust level connects to the critical system via the remote desktop server. In order to mitigate this risk, in this paper we propose a network based intrusion detection system (NIDS) specifically designed for securing the remote desktop connections. The propose method utilizes an innovative anomaly detection technique based on machine learning for detecting malicious TCP packets, which can carry exploits aimed at the RDP server. An empirical evaluation conducted on an avionic system setup consisting of a commercial tablet (Samsung Galaxy Tab) connected through a Virtual Network Computing (VNC) remote desktop implementation to a real electronic flight bag (EFB) server shows that the proposed method can detect malicious packets carrying real exploits (reported in recent years) with a true positive rate of 0.863 and a false positive rate of 0.0001.
Original language | English |
---|---|
Article number | 8703153 |
Pages (from-to) | 1164-1181 |
Number of pages | 18 |
Journal | IEEE Transactions on Dependable and Secure Computing |
Volume | 18 |
Issue number | 3 |
DOIs | |
State | Published - 1 May 2021 |
Keywords
- Anomaly detection
- Electronic flight bag
- Network-based intrusion detection system (NIDS)
- Remote desktop
- machine learning
ASJC Scopus subject areas
- General Computer Science
- Electrical and Electronic Engineering