A machine learning-based intrusion detection system for securing remote desktop connections to electronic flight bag servers

Ron Bitton, Asaf Shabtai

IEEE Transactions on Dependable and Secure Computing 18 (3), 1164-1181, 2019

Remote desktop protocols (RDP) are commonly used for connecting and interacting with computers remotely. In this case, a server component runs on the remote computer and shares its desktop (i.e., screen) with the client component which runs on an end user device. In recent years, a number of vulnerabilities have been identified in two widely used remote desktop implementations, Microsoft Remote Desktop and RealVNC. These vulnerabilities may expose the remote server to a new attack vector. This concern is increased when it comes to a cyber-physical system (CPS) in which a client device with a low trust level connects to the critical system via the remote desktop server. In order to mitigate this risk, in this paper we propose a network based intrusion detection system (NIDS) specifically designed for securing the remote desktop connections. The propose method utilizes an innovative anomaly detection …