on survivability of mobile cyber physical systems with intrusion detection
DESCRIPTION
On Survivability of Mobile Cyber Physical Systems with Intrusion Detection. Author s: Robert Mitchell, Ing -Ray Chen. Presented by: Ting Hua. Outline. Introduction System Model / Reference Configuration Theoretical Analysis Numerical Data Simulation Conclusion. Introduction. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/1.jpg)
On Survivability of Mobile Cyber Physical Systemswith Intrusion Detection
1
Presented by: Ting Hua
Authors: Robert Mitchell, Ing-Ray Chen
![Page 2: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/2.jpg)
Outline
2
• Introduction• System Model / Reference Configuration• Theoretical Analysis• Numerical Data• Simulation• Conclusion
![Page 3: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/3.jpg)
Introduction
3
• Problem– address the survivability issue of a mobile cyber
physical system(MCPS)• Key issue
– best balance between energy conservation and intrusion tolerance
• Highlight of the scheme– dynamic voting-based intrusion detection
![Page 4: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/4.jpg)
Outline
4
• Introduction• System Model / Reference Configuration• Theoretical Analysis• Numerical Data• Simulation• Conclusion
![Page 5: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/5.jpg)
Node Model
5
Computing
Sensing Energy
Communicating
![Page 6: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/6.jpg)
System Model
6
• Ranging– transmit a CDMA waveform to neighbors– receive the waveform from neighbors– transform received waveform into distance
• Sensing– sensing data– analyzing sensed data
• Intrusion detection– choose m intrusion detectors– vote
![Page 7: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/7.jpg)
• Node capture
• Bad data injection– Attack from inside– False vote
Attack Model
7
Attack
![Page 8: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/8.jpg)
• Security Failure: Byzantine fault model– One-third or more of the nodes are compromised, then the
system fails.• Energy Exhaustion• Our goal: maximizing the lifetime until energy exhaustion
System Fails
8
Attack
![Page 9: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/9.jpg)
Per-node Security Fault
• Per-node false negative– a single intrusion detector misidentifies a bad
node as a good node.
• Per-node false positive – a single intrusion detector misidentifies a good
node as a bad node
9
![Page 10: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/10.jpg)
System-wide Security Fault
• System-wide false negative – a pool of intrusion detectors reaches an incorrect
majority decision that a bad node is good.
• System-wide false positive– a pool of intrusion detectors reaches an incorrect
majority decision that a good node is bad.
10
![Page 11: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/11.jpg)
Combined intrusion detection• Per-host intrusion detection
– event sequence matching: determines a sequence of location of a neighbor node
• System intrusion detection – Select m voters
• coordinator is selected randomly among neighbors• The coordinator then selects m voters randomly (including itself)
– Voting• Majority• Dynamical: m, detection interval, depending on the percentage of bad nodes
𝑝 𝑓𝑛𝑝 𝑓 𝑝
𝑃 𝑓 𝑛𝑃 𝑓 𝑝
![Page 12: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/12.jpg)
Outline
12
• Introduction• System Model / Reference Configuration• Theoretical Analysis• Numerical Data• Simulation• Conclusion
![Page 13: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/13.jpg)
SPN model for MCPS
• Nodes: places to hold tokens.• Ng: the number of good nodes.• Nb: the number of bad nodes undetected. • Ne: the number of nodes evicted.• Energy: a binary variable.
• 1 : energy availability. • 0 : indicating energy exhaustion.
![Page 14: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/14.jpg)
SPN model for MCPS
• Events: transitions.• TCP: good nodes being compromised.• TFP: a good node being falsely identified as compromised.• TIDS: a bad node being detected as compromised correctly.• TENERGY: energy exhaustion.
Voting-based intrusion detection
![Page 15: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/15.jpg)
Underlying semi-Markov model of the SPN mode
Initial state128 sensor-carried mobile nodes
![Page 16: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/16.jpg)
Underlying semi-Markov model of the SPN mode
TCP-Good nodes may become compromised because of insider attacks -per-node compromising rate λ
aggregate rate
![Page 17: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/17.jpg)
Underlying semi-Markov model of the SPN mode
TIDS-a bad node is detected as compromised
(𝑁 𝑔 ,𝑁𝑏−1 ,𝑁𝑒+1 ,𝑒𝑛𝑒𝑟𝑔𝑦 )
![Page 18: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/18.jpg)
Underlying semi-Markov model of the SPN mode
TFP-a good node is detected as compromised
(𝑁 𝑔−1 ,𝑁 𝑏 ,𝑁𝑒+1 ,𝑒𝑛𝑒𝑟𝑔𝑦 )
![Page 19: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/19.jpg)
Underlying semi-Markov model of the SPN mode
TENERGY-system energy is exhausted after N × TIDS intervals-energy exhaustion event can possibly occur in any state, when energy is still available
(𝑁 𝑔−1 ,𝑁 𝑏 ,𝑁𝑒+1 ,𝑒𝑛𝑒𝑟𝑔𝑦 )
![Page 20: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/20.jpg)
False Alarm Probability
selecting a majority of bad nodes
selecting a majority of good nodes
K of good nodes make false negative decision
choose a minority of bad nodes from the setof all bad nodes
Choose a majority of bad nodes from the set o f all bad nodes
Choose a minority of good nodes from the set o f all good nodes
![Page 21: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/21.jpg)
False Alarm Probability
selecting a majority of bad nodes
selecting a majority of good nodes
K of good nodes make false negative decision
choose a minority of bad nodes from the setof all bad nodes
Choose a majority of bad nodes from the set o f all bad nodes
Choose a minority of good nodes from the set o f all good nodes
![Page 22: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/22.jpg)
Underlying semi-Markov model of the SPN mode
dynamically adjust the transition ratesto TIDS and TFP
Dynamic voting-based intrusion detection in response to changing environments
![Page 23: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/23.jpg)
Survivability Assessment
• Mean time to failure(MTTF)– Failure
• Energy is exhausted: energy=0• Big bad node population:
– How to Calculate?• the accumulated “ reward” o f the underlying semi-
Markov reward model
• Reward
![Page 24: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/24.jpg)
Outline
24
• Introduction• System Model / Reference Configuration• Theoretical Analysis• Numerical Data• Simulation• Conclusion
![Page 25: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/25.jpg)
• Objective– Optimal values of TIDS and m to maximize MTTF
• Maximum number N of intrusion detection cycles before energy exhaustion
Numerical Data
![Page 26: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/26.jpg)
System Model
26
• Ranging– transmit a CDMA waveform to neighbors– receive the waveform from neighbors– transform received waveform into distance
• Sensing– sensing data(navigation and multipath mitigation data)– analyzing sensed data
• Intrusion detection– choose m intrusion detectors– vote
![Page 27: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/27.jpg)
Numerical Data
Energy spent for ranging, sensing, and intrusion detection in a TIDS interval per node
Node population in MCPS
neighborsrepeated for α times for determining a sequence o f locations
Energy spent in choosing m intrusion detectors to evaluate a target node
Energy spent in m intrusion detectors to vote
![Page 28: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/28.jpg)
• TIDS
– Too small• performs ranging, sensing and
intrusion detection too frequently
• quickly exhausts energy– Increases
• save more energy and lifetime increases
– Too large• intrusion detection less
frequently, fails to catch bad nodes often enough
• Byzantine failure: 1 /3 or more bad nodes out of the total population
Results-Theoretical
![Page 29: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/29.jpg)
• M: number of intrusion detectors – General trend
• m decreases, optimal TIDS value
• Less intrusion detection, higher invocation frequency to prevent security failures
– M=5• too many
– energy exhaustion failure• too few
– security failure
Results-Theoretical
![Page 30: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/30.jpg)
• Compromising rate λ increases– MTTF decreases
• higher λ will cause more compromised nodes
– Optimal TIDS decreases• more compromised
nodes, intrusion detection more frequently to maximize MTTF
Results-Theoretical
![Page 31: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/31.jpg)
• MTTF- – Low
• lower m benefits MTTF– High
• higher m benefits MTTF
Results-Theoretical
![Page 32: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/32.jpg)
Outline
32
• Introduction• System Model / Reference Configuration• Theoretical Analysis• Numerical Data• Simulation• Conclusion
![Page 33: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/33.jpg)
• Simulation Tool– SMPL
• Schedules events– node capture– intrusion detection audits– energy exhaustion
• A simulation run ends:– security failure– exhausts energy– all nodes have been evicted
• MTTF– grand mean out of a large number of MTTF– batch means analysis to satisfy 95% confidence level and 10% accuracy
requirements – grand mean falls within 10% of the true mean with 95% confidence
Results-Simulation
![Page 34: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/34.jpg)
Results-Simulation
Simulation Results Analytical results
• Matches well– One peak with similar peak value– a left/positive skew– pronounced right tail
![Page 35: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/35.jpg)
Outline
35
• Introduction• System Model / Reference Configuration• Theoretical Analysis• Numerical Data• Simulation• Conclusion
![Page 36: On Survivability of Mobile Cyber Physical Systems with Intrusion Detection](https://reader035.vdocument.in/reader035/viewer/2022070421/56816371550346895dd44f6c/html5/thumbnails/36.jpg)
• System failure definition– energy exhaustion– security failure
• Optimal design settings for voting-based intrusion detection– Input:
• per-node false alarm probabilities • pre-node compromise rates λ
– Output• Best number of detectors (m )• Best intrusion detection interval (TIDS)
Conclusion