smart attacks on the integrity of the internet of things avoiding detection by employing game theory
TRANSCRIPT
Smart Attacks on the integrityof the Internet of Things
Avoiding detection by employing Game Theory
George Margelis Robert J. Piechocki, Theo Tryfonas, Paul Thomas
IEEE GLOBECOM - 7 December 2016
Presentation Outline
β’ Problem Statementβ’ Model
β’ Assumptions and Definitionsβ’ Game Theory aspects
β’ Numerical Simulation resultsβ’ Conclusions
The Internet of Things
Smart Metering
Home Automation
Smart Agriculture
Transportation
Infrastructure Monitoring
Smart Metering
e-Health
Industrial
Enterprise
ΞΆ
V2x
The
Internet Of Things
The Internet of Things
β’ The IoT will connect different domains into one homogenous network
β’ Different domains βdifferent requirements
β’ However all domains share one requirement:
RobustSecurity
Inherent Uncertainty
Cheap Nodes β Cheap Sensors β Limited Precision
Limited precision β Measurement Uncertainty
βWeirdβ behaviour: Is a node malicious? Or simply malfunctioning?
Are a group of nodes whose values deviate from the mean compromised?
Or simply they are the first to sense a change in the measured values?
Detecting Malicious NodesTraditional approach:
Outlier detection and intrusion detection schemes.
However, modern penetration techniques are smarter: Infecting but remaining in stealth, without changing node behaviour.
Also when the majority of the nodes have been infected, the outliers are the healthy ones.
Attackers are exploiting the characteristics of the IoT with smarter penetration strategies.
Defining a Smart Attacker
β’ Can compromise healthy nodes
β’ Avoids changing node behaviour radically
β’ Exploits the inherent uncertainty in the measurements
Defining a Smart Attacker
Assumptions regarding the Attacker:
β’ The attacker can see the final extracted value.
β’ Every attack that the attacker attempts is successful, leading to a compromised node.
β’ The attacker attempts to change the reported value to something else, which we name βAttackerβs Targetβ.
β’ The attacker controls the number of compromised nodes(A) and how much the value of the compromised nodes differs compared to the measured value (lj ).
Defining a Smart Attacker
Assumptions regarding the network:
β’ Similar to Low Throughtput Networks like LoRA or Sigfox.
β’ Nodes communicate a measured value (either in a scheduled or opportunistic manner).
β’ The mean of the distribution of the values of the network is the extracted value.
Distance metrics
Kullback β Leibler Divergence π·πΎπΏ(π| π =
π
π π ππππ(π)
π(π)
Euclidean Distance π· π, π =
π=1
π
(π π β π π 2
Hellingerβs Distance π· π, π = βππ π π π(π)
Applying Game Theory
A game in itβs normal form is a tuple πΊ = π, π΄, π’ , where:
β’ π = {1,2,β¦ , ππ}a set of n rational players. By rational in this context we mean that the player chooses the strategy that maximizes his payoff.
β’ π΄ = π΄1 Γβ―Γ π΄2, where π΄π the finite set of actions available to player π
β’ π’ = π’1, β¦ , π’π where π’π: π΄ β β, a real-valued payoff function for player π
Applying Game Theory
Utility Function
ReportedValue
AttackerβsTarget
CompromisedNodes Cost of
Attack
Hellingerβs DistanceFrom model distribution
Hellingerβs DistanceDetection Threshold
Reward
π΄π = π β₯ π΄π β π ππ· β π΄ β πΆππ΄ β π·(π,π) > πβπππ βπππ β 2 β (π ππ·)
Applying Game Theory
Utility Function
π΄π = π β₯ π΄π β π ππ· β π΄ β πΆππ΄ β π·(π,π) > πβπππ βπππ β 2 β (π ππ·)
π=1NβAπ₯π + π=1
A (π₯π+ππ)
π=1N π₯π
π β₯ π΄π = 1, ππ πππππ’ππππ‘π¦ βππππ
0, ππ‘βπππ€ππ π
π·(π,π) > πβπππ βπππ = 1, ππ πππππ’ππππ‘π¦ βππππ
0, ππ‘βπππ€ππ π
Scenarios and resultsScenario 1: Cost of attack remains constant as number of attacks is increasedScenario 2: Cost of attack rises as number of attacks is increasedScenario 3: Cost of attack reduces as number of attacks is increased
Scenarios and results
Pay-out for the attacker for the first scenario when the
attacker aims to shift the mean of the distribution 1% higher
Scenarios and results
Pay-out for the attacker for the second scenario when the
attacker aims to shift the mean of the distribution 5% higher
Scenarios and results
Pay-out for the attacker for the third scenario when the
attacker aims to shift the mean of the distribution 1% higher
Scenarios and results
Percentage of Nodes needed to be compromised vs.
Threshold for the attacker to win the first scenario.
Scenarios and results
Percentage of Nodes needed to be compromised vs.
Threshold for the discounted game.
False positive Rate
πΉπππ π πππ ππ‘ππ£π π ππ‘π =πΉπππ π πππ ππ‘ππ£ππ
πππ’π πππππ‘ππ£ππ +πΉπππ π πππ ππ‘ππ£ππ
Conclusions
β’ The uncertainty inherent in the measurements can be exploited by smart attackers.
β’ Outlier detection based IDS might not be enough in light of smart-deployment strategies of malware.
β’ Distribution comparison can provide insights for potential penetrations with low complexity costs.
β’ However the attackers can still compromise the integrity of the network if they set modest targets.