Effect of Intrusion Detection on Reliability

Effect of Intrusion Detection on Reliability of Mission-Oriented Mobile Group Systems in Mobile Ad Hoc Networks Jin-Hee Cho, Member, IEEE, Ing-Ray Chen, Member, IEEE, and Phu-GuiFeng IEEE TRANSACTIONS ON RELIABILITY, VOL. 59, NO. 1, MARCH 2010 Reporter: Clarence Bingsheng Wang Clarence Bingsheng Wang – CS5214– M & E of CSs

Outline Introduction & Background System Model Performance Model Parameterization Numerical Results & Analysis Applicability & Conclusion Reference Q & A Clarence Bingsheng Wang – CS5214– M & E of CSs

Introduction Analyzing the effect of intrusion detection system (IDS) techniques on the reliability of a mission-oriented group communication in mobile ad hoc networks. Knowing design conditions for employing intrusion detection system (IDS) techniques that can enhance the reliability, and thus prolong the lifetime of GCS. Clarence Bingsheng Wang – CS5214– M & E of CSs

Introduction Identify the optimal rate at which IDS should be executed to maximize the system lifetime. Consider the effect of security threats, and Intrusion Detection Systems (IDSs)techniques on system lifetime of a mission-oriented Group Communication System (GCS) in Mobile Ad Hoc Networks (MANETs). Clarence Bingsheng Wang – CS5214– M & E of CSs

Background • Mobile ad hoc networks (MANETs) • Move Independently: Rapid Change in Topology • Forward Traffic Clarence Bingsheng Wang – CS5214– M & E of CSs

Background • Group Communication Systems. • Group: “Directly Communicate” • Group Partition • Group Merge • Security Protocol in MANETs • Characteristics • Actions Against Malicious Attacks • Prevention: “Security holes” • Detection: Mission-Oriented GCSs • Recovery Clarence Bingsheng Wang – CS5214– M & E of CSs

Background security-induced failure time Prolong • MMTSF: Mean time to security failure • Reflect the expected system lifetime • Optimal setting for IDS techniques • Maximize the security-induced failure time Clarence Bingsheng Wang – CS5214– M & E of CSs

System Model • Connectivity-Oriented Mobile Group • Defined based on “Connectivity” • Single Hop: All members are connected • Multi Hops: Separation between groups Clarence Bingsheng Wang – CS5214– M & E of CSs

System Model • Mission-Oriented GCSs • Mission execution is an application-level goal built on top of connectivity-oriented group communications Clarence Bingsheng Wang – CS5214– M & E of CSs

System Model • Secure Group Communications: Broadcast • Group Key • Encrypt the message for Confidentiality • Rekey: Group member Join/Leave/Eviction, Group Partition/Merge • Contributory key agreement protocol: GDH Clarence Bingsheng Wang – CS5214– M & E of CSs

Group Member’s Authenticity • Public/Private key pair • Challenge/Response mechanism • Assumption: The public keys of all group members preloaded into every node. No certificate authority (CA) in the MANET during mission period • A node’s public key servers as the identifier of the node Clarence Bingsheng Wang – CS5214– M & E of CSs

System Model-IDSs • Host-based IDS • Each node performs local detection to determine if a neighboring node has been compromised. • Effectiveness is measured by: false negative probability ( ) and false positive probability ( ) • Host-based IDS is preinstalled in each host. Clarence Bingsheng Wang – CS5214– M & E of CSs

System Model-IDSs • Voting-based IDS • Each node is preinstalled with host-based IDS. • Periodically, a target node would be evaluated by vote-participants dynamically selected. • If the majority of nodes decided to vote against the target node, then the target node would be evicted from the system • Shortages: (a) evicting good nodes by always voting “no” to good nodes, and (b) keeping bad nodes in the system by always voting “yes” to bad nodes. Clarence Bingsheng Wang – CS5214– M & E of CSs

System Model-IDSs • (a) The per-node false negative, and positive probabilities ( 𝑃1, and 𝑃2) • (b) The number of vote-participants, 𝑚 • (c) The estimate of the current number of compromised nodes which may collude with the objective to disrupt the service of the system. • Intrusion tolerance • Tolerate collusion of compromised nodes in MANETs as it takes a majority of bad nodes among nodes to work against the system • Characterize voting-based IDS by two parameters: false negative probability ( ), and false positive probability ( ). They are calculated based on: Clarence Bingsheng Wang – CS5214– M & E of CSs

System Model-IDSs Coordinator • Intrusion tolerance • For the selection of participants, each node periodically exchanges its routing information, location, and identifier with its neighboring nodes • Candidates: all neighbor nodes of a target node • A coordinator is selected randomly so that the adversaries will not have specific targets Clarence Bingsheng Wang – CS5214– M & E of CSs

System Model-IDSs • Intrusion tolerance • Coordinator Selection: a hashing function that takes in the identifierof a node concatenated with the current locationof the node as the hash key. The node with the smallest returned hash value would then become the coordinator • The coordinator then selects nodes randomly (including itself), and broadcasts this list of selected vote-participants to all group members Clarence Bingsheng Wang – CS5214– M & E of CSs

System Model-IDSs • Intrusion tolerance • Any node not following the protocol raises a flag as a potentially compromised node, and may get itself evicted when it is being evaluated as a target node. • The vote-participants are known to other nodes, and based on votes received, they can determine whether or not a target node is to be evicted. Clarence Bingsheng Wang – CS5214– M & E of CSs

System Model • Failure Definition • Definition 1: The failure of any group leads to GCSs’ failure. (SF1) • Definition 2: The failures of all groups lead to GCSs’ failure. (SF2) • Condition 1: a compromised but undetected group member requests and subsequently obtains data using the group key. (C1) • Condition 2: more than 1/3 of group member nodes are compromised, but undetected by IDS (Byzantine Failure model) (C2) Clarence Bingsheng Wang – CS5214– M & E of CSs

System Model • Network Connectivity, System Failure • Group nodes are connected within a single hop, forming a single group in the system without experiencing group merge or partition events • Only a single group in the system, SF1 and SF2 (i.e., the two system failure definitions) are the same. • Group nodes are connected through multi-hops so that there are multiple groups in the system due to group partition/mergeevents because of node mobility or node failure. Clarence Bingsheng Wang – CS5214– M & E of CSs

System Model • Reliability Metric: MTTSF • Indicates the lifetime of the GCSs before it fails. • A GCS fails when one mobile group fails, or when all mobile groups fail in the mission-oriented GCS, as defined by SF1 or SF2. • A mobile group fails when either C1 or C2 is true. • A lower MTTSFImplies a faster loss of system integrity, or availability. • The goal is to maximize MTTSF. Clarence Bingsheng Wang – CS5214– M & E of CSs

Performance Model Use places to deposit tokens. Use transitions to model events. Tracks the behavior of a single mobile group Tracks the number of mobile groups existing in the GCSs during the system lifetime A transition is eligible to fire when the firing conditions associated with the event are met, including (a) its input places each must contain at least one token, and (b) the associated enabling guard function, if it exists, must return true Clarence Bingsheng Wang – CS5214– M & E of CSs

Performance Model SPN Clarence Bingsheng Wang – CS5214– M & E of CSs

Performance Model Clarence Bingsheng Wang – CS5214– M & E of CSs

Performance Model • Node compromised rate • Rate(T_CP) = • Intrusion detection rate • Rate(T_IDS) = • The rate of a compromised, undetected node is detected by IDS • Rate(T_IDS) = • The rate of A node being falsely identified by IDS • Rate(T_FA) = Clarence Bingsheng Wang – CS5214– M & E of CSs

Performance Model • Expected query rate by a member • Rate(query) = • Due to C1, the rate of a security data failure when data is leaked out to compromised but undetected member • Rate(T_DRQ) = Clarence Bingsheng Wang – CS5214– M & E of CSs

Performance Model • Mobile group’s security failure: C1 or C2is satisfied. • C1: • The number of security failure group is bigger than 0 • C2: • The number of compromised nodes is bigger than of total number of nodes.( Byzantine Failure model ) Clarence Bingsheng Wang – CS5214– M & E of CSs

Performance Model • Group Merge, and Partition • Obtain group merge/partition rate through observing the number of group merge and partition events under a multi-hop MANET. • Sojourn time at state is when groups are present in the system • The number of group merge events is during • The number of group partition events is during • Merging rate: • Partition rate: Clarence Bingsheng Wang – CS5214– M & E of CSs

Performance Model • Calculation of MTTF • MTTA: mean time to absorption • Assigning proper rewards to the states of the system • Absorbing states: C1 or C2 • Under SF1: • Reward of 1 to all states except absorbing states • Under SF2 • Based on the concept of 1-out-of-n system • , where is the number of groups Clarence Bingsheng Wang – CS5214– M & E of CSs

Performance Model • Calculation of MTTF where denotes the set of all states except the absorbing states, is the instantaneous probability at state . Clarence Bingsheng Wang – CS5214– M & E of CSs

Parameterization • Assign model parameters proper values reflecting the operational and environmental conditions of the system. • Transition rate of rekeying • Depends on the number of group members • Generating a key is linear with the number of nodes executing the key agreement protocol, GDH Clarence Bingsheng Wang – CS5214– M & E of CSs

Parameterization • Transition rate of rekeying • Let be the time used to generate a new group key with numbers • Rate(T_RK) = , where • where is the length of an intermediate value in applying GDH.3 (bits) • , the number of current member nodes • is the wireless bandwidth Clarence Bingsheng Wang – CS5214– M & E of CSs

Parameterization Node compromised rate where is the compromising rate, obtained from design knowledge, or by linear approximation from observing the number of compromised nodes over a time period based on past experiences, and is the degree of compromised nodes, Clarence Bingsheng Wang – CS5214– M & E of CSs

Parameterization • Intrusion detection rate • Its intensity adjusted linear to the cumulative number of compromised nodes that have been detected by IDS. where is a design parameter to be adjusted to maximize MTTSF, and is the degree of nodes that have detected by IDS, where Number of trusted member nodes in the system initially Clarence Bingsheng Wang – CS5214– M & E of CSs

Parameterization Collusion Incorrect factor Clarence Bingsheng Wang – CS5214– M & E of CSs

Parameterization Clarence Bingsheng Wang – CS5214– M & E of CSs

The effect of on MTTSF under varying in Single hop MANETs False Alarm Good nodes-> Bad nodes Clarence Bingsheng Wang – CS5214– M & E of CSs

The effect of on MTTSF under varying in multi-hop MANETs SF1 Node Density SF2 Clarence Bingsheng Wang – CS5214– M & E of CSs

The effect of on MTTSF under varying in Single hop MANETs Data Leak Good nodes-> Bad nodes Clarence Bingsheng Wang – CS5214– M & E of CSs

The effect of on MTTSF under varying in Single hop MANETs Compromised Rate Clarence Bingsheng Wang – CS5214– M & E of CSs

Applicability & Conclusion • Attacker Behavior • System Failure definitions • Operational Conditions mathematic model • Optimal Intrusion Detection interval T_IDS Clarence Bingsheng Wang – CS5214– M & E of CSs

Applicability & Conclusion • m • Node Density • m • Node Density Optimal intrusion detection interval T_IDS for maximizing the MTTSF decreases Results Clarence Bingsheng Wang – CS5214– M & E of CSs

Reference Jin-HeeCho, Ing-Ray Chen, Phu-GuiFeng, “Effect of Intrusion Detection on Reliability of Mission-Oriented Mobile Group Systems in Mobile Ad Hoc Networks,” IEEE TRANSACTIONS ON RELIABILITY, pp. 231 – 241, VOL. 59, NO. 1, MARCH 2010. Jin-Hee Cho, “Design and Analysis of QoS-Aware Key Management and Intrusion Detection Protocols for Secure Mobile Group Communications in Wireless Networks,” PhD. Dissertation, Nov. 12, 2008. http://en.wikipedia.org/wiki/Challenge-response_authentication http://en.wikipedia.org/wiki/Public-key_cryptography Clarence Bingsheng Wang – CS5214– M & E of CSs

Clarence Bingsheng Wang – CS5214– M & E of CSs

Effect of Intrusion Detection on Reliability

Effect of Intrusion Detection on Reliability

Presentation Transcript

Intrusion Detection

Intrusion Detection

Intrusion Detection

Effect Of Intrusion Detection on Reliability of Mission-Oriented Mobile Group Systems in Mobile Ad Hoc Networks

Intrusion Detection

Intrusion Detection

Intrusion Detection

Intrusion Detection

Intrusion Detection

Intrusion Detection

Intrusion Detection

Intrusion Detection

Intrusion Detection

Intrusion Detection

Intrusion Detection

Intrusion Detection

Intrusion Detection

Intrusion Detection

Intrusion Detection