Upload
zalika
View
24
Download
0
Embed Size (px)
DESCRIPTION
On Survivability of Mobile Cyber Physical Systems with Intrusion Detection. Author s: Robert Mitchell, Ing -Ray Chen. Presented by: Ting Hua. Outline. Introduction System Model / Reference Configuration Theoretical Analysis Numerical Data Simulation Conclusion. Introduction. - PowerPoint PPT Presentation
Citation preview
On Survivability of Mobile Cyber Physical Systemswith Intrusion Detection
1
Presented by: Ting Hua
Authors: Robert Mitchell, Ing-Ray Chen
Outline
2
• Introduction• System Model / Reference Configuration• Theoretical Analysis• Numerical Data• Simulation• Conclusion
Introduction
3
• Problem– address the survivability issue of a mobile cyber
physical system(MCPS)• Key issue
– best balance between energy conservation and intrusion tolerance
• Highlight of the scheme– dynamic voting-based intrusion detection
Outline
4
• Introduction• System Model / Reference Configuration• Theoretical Analysis• Numerical Data• Simulation• Conclusion
Node Model
5
Computing
Sensing Energy
Communicating
System Model
6
• Ranging– transmit a CDMA waveform to neighbors– receive the waveform from neighbors– transform received waveform into distance
• Sensing– sensing data– analyzing sensed data
• Intrusion detection– choose m intrusion detectors– vote
• Node capture
• Bad data injection– Attack from inside– False vote
Attack Model
7
Attack
• Security Failure: Byzantine fault model– One-third or more of the nodes are compromised, then the
system fails.• Energy Exhaustion• Our goal: maximizing the lifetime until energy exhaustion
System Fails
8
Attack
Per-node Security Fault
• Per-node false negative– a single intrusion detector misidentifies a bad
node as a good node.
• Per-node false positive – a single intrusion detector misidentifies a good
node as a bad node
9
System-wide Security Fault
• System-wide false negative – a pool of intrusion detectors reaches an incorrect
majority decision that a bad node is good.
• System-wide false positive– a pool of intrusion detectors reaches an incorrect
majority decision that a good node is bad.
10
Combined intrusion detection• Per-host intrusion detection
– event sequence matching: determines a sequence of location of a neighbor node
• System intrusion detection – Select m voters
• coordinator is selected randomly among neighbors• The coordinator then selects m voters randomly (including itself)
– Voting• Majority• Dynamical: m, detection interval, depending on the percentage of bad nodes
𝑝 𝑓𝑛𝑝 𝑓 𝑝
𝑃 𝑓 𝑛𝑃 𝑓 𝑝
Outline
12
• Introduction• System Model / Reference Configuration• Theoretical Analysis• Numerical Data• Simulation• Conclusion
SPN model for MCPS
• Nodes: places to hold tokens.• Ng: the number of good nodes.• Nb: the number of bad nodes undetected. • Ne: the number of nodes evicted.• Energy: a binary variable.
• 1 : energy availability. • 0 : indicating energy exhaustion.
SPN model for MCPS
• Events: transitions.• TCP: good nodes being compromised.• TFP: a good node being falsely identified as compromised.• TIDS: a bad node being detected as compromised correctly.• TENERGY: energy exhaustion.
Voting-based intrusion detection
Underlying semi-Markov model of the SPN mode
Initial state128 sensor-carried mobile nodes
Underlying semi-Markov model of the SPN mode
TCP-Good nodes may become compromised because of insider attacks -per-node compromising rate λ
aggregate rate
Underlying semi-Markov model of the SPN mode
TIDS-a bad node is detected as compromised
(𝑁 𝑔 ,𝑁𝑏−1 ,𝑁𝑒+1 ,𝑒𝑛𝑒𝑟𝑔𝑦 )
Underlying semi-Markov model of the SPN mode
TFP-a good node is detected as compromised
(𝑁 𝑔−1 ,𝑁 𝑏 ,𝑁𝑒+1 ,𝑒𝑛𝑒𝑟𝑔𝑦 )
Underlying semi-Markov model of the SPN mode
TENERGY-system energy is exhausted after N × TIDS intervals-energy exhaustion event can possibly occur in any state, when energy is still available
(𝑁 𝑔−1 ,𝑁 𝑏 ,𝑁𝑒+1 ,𝑒𝑛𝑒𝑟𝑔𝑦 )
False Alarm Probability
selecting a majority of bad nodes
selecting a majority of good nodes
K of good nodes make false negative decision
choose a minority of bad nodes from the setof all bad nodes
Choose a majority of bad nodes from the set o f all bad nodes
Choose a minority of good nodes from the set o f all good nodes
False Alarm Probability
selecting a majority of bad nodes
selecting a majority of good nodes
K of good nodes make false negative decision
choose a minority of bad nodes from the setof all bad nodes
Choose a majority of bad nodes from the set o f all bad nodes
Choose a minority of good nodes from the set o f all good nodes
Underlying semi-Markov model of the SPN mode
dynamically adjust the transition ratesto TIDS and TFP
Dynamic voting-based intrusion detection in response to changing environments
Survivability Assessment
• Mean time to failure(MTTF)– Failure
• Energy is exhausted: energy=0• Big bad node population:
– How to Calculate?• the accumulated “ reward” o f the underlying semi-
Markov reward model
• Reward
Outline
24
• Introduction• System Model / Reference Configuration• Theoretical Analysis• Numerical Data• Simulation• Conclusion
• Objective– Optimal values of TIDS and m to maximize MTTF
• Maximum number N of intrusion detection cycles before energy exhaustion
Numerical Data
System Model
26
• Ranging– transmit a CDMA waveform to neighbors– receive the waveform from neighbors– transform received waveform into distance
• Sensing– sensing data(navigation and multipath mitigation data)– analyzing sensed data
• Intrusion detection– choose m intrusion detectors– vote
Numerical Data
Energy spent for ranging, sensing, and intrusion detection in a TIDS interval per node
Node population in MCPS
neighborsrepeated for α times for determining a sequence o f locations
Energy spent in choosing m intrusion detectors to evaluate a target node
Energy spent in m intrusion detectors to vote
• TIDS
– Too small• performs ranging, sensing and
intrusion detection too frequently
• quickly exhausts energy– Increases
• save more energy and lifetime increases
– Too large• intrusion detection less
frequently, fails to catch bad nodes often enough
• Byzantine failure: 1 /3 or more bad nodes out of the total population
Results-Theoretical
• M: number of intrusion detectors – General trend
• m decreases, optimal TIDS value
• Less intrusion detection, higher invocation frequency to prevent security failures
– M=5• too many
– energy exhaustion failure• too few
– security failure
Results-Theoretical
• Compromising rate λ increases– MTTF decreases
• higher λ will cause more compromised nodes
– Optimal TIDS decreases• more compromised
nodes, intrusion detection more frequently to maximize MTTF
Results-Theoretical
• MTTF- – Low
• lower m benefits MTTF– High
• higher m benefits MTTF
Results-Theoretical
Outline
32
• Introduction• System Model / Reference Configuration• Theoretical Analysis• Numerical Data• Simulation• Conclusion
• Simulation Tool– SMPL
• Schedules events– node capture– intrusion detection audits– energy exhaustion
• A simulation run ends:– security failure– exhausts energy– all nodes have been evicted
• MTTF– grand mean out of a large number of MTTF– batch means analysis to satisfy 95% confidence level and 10% accuracy
requirements – grand mean falls within 10% of the true mean with 95% confidence
Results-Simulation
Results-Simulation
Simulation Results Analytical results
• Matches well– One peak with similar peak value– a left/positive skew– pronounced right tail
Outline
35
• Introduction• System Model / Reference Configuration• Theoretical Analysis• Numerical Data• Simulation• Conclusion
• System failure definition– energy exhaustion– security failure
• Optimal design settings for voting-based intrusion detection– Input:
• per-node false alarm probabilities • pre-node compromise rates λ
– Output• Best number of detectors (m )• Best intrusion detection interval (TIDS)
Conclusion