1 / 38

Effect Of Intrusion Detection on Reliability of Mission-Oriented Mobile Group Systems in Mobile Ad Hoc Networks

Effect Of Intrusion Detection on Reliability of Mission-Oriented Mobile Group Systems in Mobile Ad Hoc Networks. Author: J.H. Cho, I.R. Chen and P.G. Feng IEEE Transactions on Reliability, Vol. 59, No. 1, 2010, pp. 231-241. [P1] (4/6 - Presented by R. Mitchell, C. Jian, and A.H. Saoud) .

kalila
Download Presentation

Effect Of Intrusion Detection on Reliability of Mission-Oriented Mobile Group Systems in Mobile Ad Hoc Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Effect Of Intrusion Detection on Reliability of Mission-Oriented Mobile Group Systems in Mobile Ad Hoc Networks Author: J.H. Cho, I.R. Chen and P.G. Feng IEEE Transactions on Reliability, Vol. 59, No. 1, 2010, pp. 231-241. [P1] (4/6 - Presented by R. Mitchell, C. Jian, and A.H. Saoud) 

  2. Outline • Introduction (A.H. Saoud) • System Model (A.H. Saoud) • Performance Model (R. Mitchell) • Parameterization (R. Mitchell) • Numerical Results, and Analysis (C. Jian) • Applicability & Conclusion (C. Jian)

  3. Introduction • Analyzing the effect of intrusion detection system (IDS) techniques on the reliability of a mission-oriented group communication in mobile ad hoc networks. • Knowing design conditions for employing intrusion detection system (IDS) techniques that can enhance the reliability, and thus prolong the lifetime of GCS. • Limitations. • Techniques (prevention, detection, recovery).

  4. Introduction • Applying model-based quantitative analysis to security analysis. • MTTSF is a measure to reflect the expected system lifetime, representing a measure against loss of service availability, or system integrity. • Identify the optimal rate at which IDS should be executed to maximize the system lifetime.

  5. Introduction • Consider the effect of security threats, and counter IDS techniques on system lifetime of a mission-oriented GCS in MANETs. • Mathematical models to identify the optimal intrusion detection rate at which MTTSF is maximized through analyzing the tradeoff between positive and negative effects of IDS. • Show that the analysis methodology developed is generally applicable to varying network conditions.

  6. System Model • The notion of a mobile group is defined based on “connectivity.” • The GCS, and its constituent mobile groups are “mission-oriented” • Mission execution is an application-level goal built on top of connectivity-oriented group communications. • leave rate,  rejoin rate, Mobility rate  /( + ) probability node is in any group  /( + ) probability node is not in any group

  7. System Model - Confidentiality • Shared symmetric (group) key for secure group communications, to encrypt the message sent by a member to others in the group for confidentiality. • Rekeying upon group member join/leave/eviction, or group partition/merge events to preserve secrecy. • Group Diffie-Hellman (GDH), a contributory key agreement protocol, used for group key rekeying for decentralized control, and to eliminate a single point of failure. • Identify optimal intrusion detection intervals to maximize MTTSF, leading to improved service availability.

  8. System Model - Authentication • Each member has a private key, and public key, available for authentication. • The public keys of all group members preloaded into every node. • No certificate authority (CA), or key revocation. A node’s public key therefore serves as the identifier of the node

  9. System Model - IDS • Host-based IDS, each node performs local detection to determine if a neighboring node has been compromised. • The effectiveness of IDS techniques applied: the false negative probability (P1), and false positive probability (P2). • Voting-based IDS: • m nodes each preinstalled with host-based IDS • -ve (a) evicting good nodes by always voting “no” to good nodes (b) keeping bad nodes in the system by al- ways voting “yes” to bad nodes.

  10. System Model –IDS Tolerance • False negative probability, and false positive probability. Calculated based on • (a) the per-node false negative, and positive probabilities of host-based IDS in each node; (b) the number of vote-participants selected to vote for or against a target node. (c) an estimate of the current number of compromised nodes • For the selection of participants, each node periodically exchanges its routing information, location, and identifier with its neighboring nodes.

  11. System Model – Tolerance 2 • With respect to a target node, all neighbor nodes that are within a number of hops from the target node are candidates as vote-participants. • A coordinator is selected randomly by introducing a hashing function that takes in the identifier of a node concatenated with the current location of the node as the hash key. • The node with the smallest returned hash value would then become the coordinator

  12. System Model – Tolerance 3 • Coordinator selects m nodes randomly and broadcasts the list of m nodes. • Any node not following the protocol raises a flag as a potentially compromised node, and may get itself evicted when it is being evaluated as a target node. • The vote-participants are known to other nodes, and based on votes received, they can determine whether or not a target node is to be evicted.

  13. System Model – Failure Def • System Failure Definition 1 (SF1), which is when the GCS fails when any mobile group fails; • System Failure Definition 2 (SF2), which is when the GCS fails when all mobile groups fail. • Evaluation of the effect of the two system failure definitions on the MTTSF of the system.

  14. System Module – Failure Con. • Condition 1 (C1): undetected member requests and obtains data using the group key. (leading to the loss of system integrity • Condition 2 (C2):more than 1/3 of group member nodes are compromised, but undetected by IDS. This failure condition follows the Byzantine Failure model (loss of availability of system service).

  15. System Model - Connectivity • Single hop, single group, not experiencing group merge or partition events. • SF1 and SF2 are the same. • Multi-hops so that there are multiple groups in the system due to group partition/merge.

  16. System Module – Reliability • MTTSF: indicates the lifetime of the GCS before it fails. • A GCS fails when one mobile group fails, or when all mobile groups fail in the mission-oriented GCS, as defined by SF1 or SF2. • a mobile group fails when either C1 or C2 is true. • A lower MTTSF implies a faster loss of system integrity, or availability.

  17. Outline • Introduction (A.H. Saoud) • System Model (A.H. Saoud) • Performance Model (R. Mitchell) • Parameterization (R. Mitchell) • Numerical Results, and Analysis (C. Jian) • Applicability & Conclusion (C. Jian)

  18. Performance Model • SPN • Places • Transitions • Review

  19. Places • groups NG • uncompromised members Tm • undetected compromised nodes UCm • evicted nodes DCm • well detected compromised • false detected uncompromised • security failure GF • absorbing

  20. Transitions • group partition TPAR • group merge TMER • member compromise TCP • false detection TFA • confidentiality violation (C1) TDRQ • rate = λq · mark(UCm) · p1 • well detection TIDS • rekey TRK

  21. Review • Why is TDRQ rate scaled by p1? • Where is the Byzantine failure (C2) transition into GF? • TBYZ from UCm with multiplicity mark(Tm) / 2 • Derive SF2 reward model

  22. Parameterization • TRK rate • TCP rate • IDS interval δ • Pfp and Pfn

  23. TRK rate • For one group: • bGDH / datalink rate • For multiple groups: • 3bGDH(N-1) / datalink rate

  24. TCP rate • adversary becomes more aggressive when they have the upper hand • λc · (mark(Tm) + mark(UCm) / mark(Tm))

  25. IDS interval δ • IDS becomes more aggressive as it detects more compromised nodes • (TIDS)-1 · (Ninit / (mark(Tm) + mark(Ucm))

  26. Outline • Introduction (A.H. Saoud) • System Model (A.H. Saoud) • Performance Model (R. Mitchell) • Parameterization (R. Mitchell) • Numerical Results, and Analysis (C. Jian) • Applicability & Conclusion (C. Jian)

  27. Parameterization & Metric

  28. Tids on MTTSF under m (1) • Optimal TIDS • increasing MTTSF as TIDS increases, negative effects of IDS are mostly due to false positives • decreasing MTTSF as TIDS increases, more compromised nodes will remain in the system

  29. Tids on MTTSF under m (2) • large m reduce the possibility of collusion by compromised nodes, thus get high MTTSF, • small m , the false alarm probability is relative large, resulting in a small MTTSF

  30. Tids on MTTSF under m (3) • MTTSF in single-hop is comparatively higher than that in multi-hop due to the difference of node density (adverse effect) • MTTSF under SF2 > MTTSF under SF1

  31. Sensitivity of MTTSF on q(1) • q is low, a high MTTSF, q is high, a low MTTSF • depends on the frequency of data-leak attack • q increases, optimal TIDS becomes smaller • the adverse effect of false positives dominates when TIDS is sufficiently small

  32. Sensitivity of MTTSF on q(2) • Optimal TIDS in single-hop < Optimal TIDS in multi-hop, because single-hop need to perform IDS more frequently to prevent potentially more compromised nodes • MTTSF under SF2 > MTTSF under SF1

  33. Sensitivity of MTTSF on c (1) • IDS is more effective when c is sufficiently low

  34. Sensitivity of MTTSF on c (2) • single-hop MANETs have higher MTTSF because more members exist in single-hop MANETs • the optimal TIDS is smaller in single-hop MANETs under identical conditions because the system tends to execute IDS more frequently

  35. Conclusion • a mathematic model • input: operational conditions, system failure definitions, attacker behaviors • output: the optimal rate to execute intrusion detection to enhance the system reliability of GCS • results • TIDS , as m, node density  or group size , q  c 

  36. Questions?

More Related