1 / 36

On Survivability of Mobile Cyber Physical Systems with Intrusion Detection

On Survivability of Mobile Cyber Physical Systems with Intrusion Detection. Author s: Robert Mitchell, Ing -Ray Chen. Presented by: Ting Hua. Outline. Introduction System Model / Reference Configuration Theoretical Analysis Numerical Data Simulation Conclusion. Introduction.

zalika
Download Presentation

On Survivability of Mobile Cyber Physical Systems with Intrusion Detection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On Survivability of Mobile Cyber Physical Systems with Intrusion Detection Authors: Robert Mitchell, Ing-Ray Chen Presented by: Ting Hua

  2. Outline • Introduction • System Model / Reference Configuration • Theoretical Analysis • Numerical Data • Simulation • Conclusion

  3. Introduction • Problem • address the survivability issue of a mobile cyber physical system(MCPS) • Key issue • best balance between energy conservation and intrusion tolerance • Highlight of the scheme • dynamic voting-based intrusion detection

  4. Outline • Introduction • System Model / Reference Configuration • Theoretical Analysis • Numerical Data • Simulation • Conclusion

  5. Node Model Computing Communicating Energy Sensing

  6. System Model • Ranging • transmit a CDMA waveform to neighbors • receive the waveform from neighbors • transform received waveform into distance • Sensing • sensing data • analyzing sensed data • Intrusion detection • choose m intrusion detectors • vote

  7. Attack Model • Node capture • Bad data injection • Attack from inside • False vote Attack

  8. System Fails • Security Failure:Byzantine fault model • One-third or more of the nodes are compromised, then the system fails. • Energy Exhaustion • Our goal: maximizing the lifetime until energy exhaustion Attack

  9. Per-node Security Fault • Per-node false negative • a single intrusion detector misidentifies a bad node as a good node. • Per-node false positive • a single intrusion detector misidentifies a good node as a bad node

  10. System-wide Security Fault • System-wide false negative • a pool of intrusion detectors reaches an incorrect majority decision that a bad node is good. • System-wide false positive • a pool of intrusion detectors reaches an incorrect majority decision that a good node is bad.

  11. Combined intrusion detection • Per-host intrusion detection • event sequence matching: determines a sequence of location of a neighbor node • Systemintrusion detection • Select m voters • coordinator is selected randomly among neighbors • The coordinator then selects m voters randomly (including itself) • Voting • Majority • Dynamical: m, detection interval, depending on the percentage of bad nodes

  12. Outline • Introduction • System Model / ReferenceConfiguration • Theoretical Analysis • Numerical Data • Simulation • Conclusion

  13. SPN model for MCPS • Nodes: places to hold tokens. • Ng: the number of good nodes. • Nb: the number of bad nodes undetected. • Ne: the number of nodes evicted. • Energy: a binary variable. • 1 : energy availability. • 0 : indicating energy exhaustion.

  14. SPN model for MCPS Voting-based intrusion detection • Events: transitions. • TCP: good nodes being compromised. • TFP: a good node being falsely identified as compromised. • TIDS: a bad node being detected as compromised correctly. • TENERGY: energy exhaustion.

  15. Underlying semi-Markov model of the SPN mode Initial state 128 sensor-carried mobile nodes

  16. Underlying semi-Markov model of the SPN mode TCP -Good nodes may become compromised because of insider attacks -per-node compromising rate λ aggregate rate

  17. Underlying semi-Markov model of the SPN mode TIDS -a bad node is detected as compromised

  18. Underlying semi-Markov model of the SPN mode TFP -a good node is detected as compromised

  19. Underlying semi-Markov model of the SPN mode TENERGY -system energy is exhausted after N × TIDS intervals -energy exhaustion event can possibly occur in any state, when energy is still available

  20. False Alarm Probability Choose a minority of good nodes from the set o f all good nodes Choose a majority of bad nodes from the set o f all bad nodes selecting a majority of bad nodes choose a minority of bad nodes from the set of all bad nodes K of good nodes make false negative decision selecting a majority of good nodes

  21. False Alarm Probability Choose a minority of good nodes from the set o f all good nodes Choose a majority of bad nodes from the set o f all bad nodes selecting a majority of bad nodes choose a minority of bad nodes from the set of all bad nodes K of good nodes make false negative decision selecting a majority of good nodes

  22. Underlying semi-Markov model of the SPN mode dynamically adjust the transition rates to TIDS and TFP Dynamic voting-based intrusion detection in response to changing environments

  23. Survivability Assessment • Mean time to failure(MTTF) • Failure • Energy is exhausted: energy=0 • Big bad node population: • How to Calculate? • the accumulated “ reward” o f the underlying semi-Markov reward model • Reward

  24. Outline • Introduction • System Model / ReferenceConfiguration • Theoretical Analysis • Numerical Data • Simulation • Conclusion

  25. Numerical Data • Objective • Optimal values of TIDS and m to maximize MTTF • Maximum number N of intrusion detection cycles before energy exhaustion

  26. System Model • Ranging • transmit a CDMA waveform to neighbors • receive the waveform from neighbors • transform received waveform into distance • Sensing • sensing data(navigation and multipath mitigation data) • analyzing sensed data • Intrusion detection • choose m intrusion detectors • vote

  27. Numerical Data repeated for α times for determining a sequence o f locations neighbors Energy spent for ranging, sensing, and intrusion detection in a TIDS interval per node Node population in MCPS Energy spent in choosing m intrusion detectors to evaluate a target node Energy spent inm intrusion detectors to vote

  28. Results-Theoretical • TIDS • Too small • performs ranging, sensing and intrusion detection too frequently • quickly exhausts energy • Increases • save more energy and lifetime increases • Too large • intrusion detection less frequently, fails to catch bad nodes often enough • Byzantine failure: 1 /3 or more bad nodes out of the total population

  29. Results-Theoretical • M: number of intrusion detectors • General trend • m decreases, optimal TIDS value • Less intrusion detection, higher invocation frequency to prevent security failures • M=5 • too many • energy exhaustion failure • too few • security failure

  30. Results-Theoretical • Compromising rate λ increases • MTTF decreases • higher λ will cause more compromised nodes • Optimal TIDS decreases • more compromised nodes, intrusion detection more frequently to maximize MTTF

  31. Results-Theoretical • MTTF- • Low • lower m benefits MTTF • High • higher m benefits MTTF

  32. Outline • Introduction • System Model / Reference Configuration • Theoretical Analysis • NumericalData • Simulation • Conclusion

  33. Results-Simulation • Simulation Tool • SMPL • Schedules events • node capture • intrusion detection audits • energy exhaustion • A simulation run ends: • security failure • exhausts energy • all nodes have been evicted • MTTF • grand mean out of a large number of MTTF • batch means analysis to satisfy 95% confidence level and 10% accuracy requirements • grand mean falls within 10% of the true mean with 95% confidence

  34. Results-Simulation • Matches well • One peak with similar peak value • a left/positive skew • pronounced right tail Simulation Results Analytical results

  35. Outline • Introduction • System Model / Reference Configuration • Theoretical Analysis • NumericalData • Simulation • Conclusion

  36. Conclusion • System failure definition • energy exhaustion • security failure • Optimal design settings for voting-based intrusion detection • Input: • per-node false alarm probabilities • pre-node compromise rates λ • Output • Best number of detectors (m ) • Best intrusion detection interval (TIDS)

More Related