Resource Exhaustion Due to Handling Invalid Inputs

Detection of resource exhaustion on spacecraft systems due to attacks involving invalid inputs. This indicator focuses on identifying high memory and CPU utilization caused by the processing of numerous invalid inputs, which may lead to critical errors, safe mode transitions, or reboots of flight software (FSW) and applications. Such activity can be indicative of a deliberate attempt to exhaust spacecraft resources, resulting in a denial of service (DoS) condition or other operational impacts. Monitoring for these conditions is essential to maintaining spacecraft stability and ensuring mission success.

STIX Pattern

[x-opencti-system-log:memory_usage > 'threshold' AND x-opencti-system-log:cpu_usage > 'threshold' AND x-opencti-error-log:error_type = 'invalid_input_handling' AND x-opencti-system-log:event_count > 'threshold']

SPARTA TTPs

ID Name Description
EX-0013 Flooding Threat actors use jamming and flooding attacks to disrupt communications by injecting unexpected noise or messages into a transmission channel. There are several types of attacks that are consistent with this method of exploitation, and they can produce various outcomes. Although, the most prominent of the impacts are denial of service or data corruption. Several elements of the space vehicle may be targeted by jamming and flooding attacks, and depending on the time of the attack, it can have devastating results to the availability of the system.
EX-0013.02 Erroneous Data Threat actors inject noise into the target channel so that legitimate messages cannot be correctly processed due to data integrity impacts. Additionally, while this technique does not utilize valid commands, the target SV still must consume computing resources to process and discard the signal.