This document summarizes a research paper that models the reliability of a cyber-physical system (CPS) with intrusion detection and response systems. It describes the reference CPS model, which includes mobile sensor nodes and a control unit. It also outlines the security failure models, attack models including persistent, random and insidious attackers, and the host-level and system-level intrusion detection techniques used. These include behavior rule specification and vector similarity specification for host detection, and majority voting for system detection. Parameters for the detection accuracy are defined. The goal is to maximize CPS lifetime by setting detection and response strengths to balance energy usage and intrusion tolerance.
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
ย
This paper deals with the inevitable consequence of the convenience and efficiency we benefit from the open, networked control system operation of safety-critical applications: vulnerability to such system from cyber-attacks. Even with numerous metrics and methods for intrusion detection and mitigation strategy, a complete detection and deterrence of internal code flaws and outside cyber-attacks has not been found and would not be found anytime soon. Considering the ever incompleteness of detection and prevention and the impact and consequence of mal-functions of the safety-critical operations caused by cyber incidents, this paper proposes a new computer control system architecture which assures resiliency even under compromised situations. The proposed architecture is centered on diversification of hardware systems and unidirectional communication from the proposed system in alerting suspicious activities to upper layers. This paper details the architectural structure of the proposed cyber defensive computer control system architecture for power substation applications and its validation in lab experimentation and on a cybersecurity testbed.
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...Eswar Publications
ย
Wireless Sensor Network (WSNs) are deployed at aggressive environments which are vulnerable to various security attacks such as Wormholes, Denial of Attacks and Sybil Attacks. There are various intrusion detection techniques that are used to identify attacks in a network with high accuracy level. This paper has focused on Denial of Service attack, since it is the most common attack that affects the environment severely. Therefore a new hybrid technique combining Hidden Markov Model with Ant Colony Optimization (HMM+ACO) has been
proposed that gives improved performance than the other techniques.
In recent years, wireless sensor network (WSN) is used in several application areas resembling observance, tracking, and dominant in IoTs. for several applications of WSN, security is a crucial demand. However, security solutions in WSN disagree from ancient networks because of resource limitation and process constraints. This paper analyzes security solutions: TinySec, IEEE 802.15.4, SPINS, MiniSEC, LSec, LLSP, LISA, and LISP in WSN. This paper additionally presents characteristics, security needs, attacks, cryptography algorithms, and operation modes. This paper is taken into account to be helpful for security designers in WSNs.
JPJ1439 On False Data-Injection Attacks against Power System State Estimation...chennaijp
ย
We are good IEEE java projects development center in Chennai and Pondicherry. We guided advanced java technologies projects of cloud computing, data mining, Secure Computing, Networking, Parallel & Distributed Systems, Mobile Computing and Service Computing (Web Service).
For More Details:
http://jpinfotech.org/final-year-ieee-projects/2014-ieee-projects/java-projects/
In this research work an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) will be implemented to detect and prevent critical networks infrastructure from cyber-attacks. To strengthen network security and improve the network's active defense intrusion detection capabilities, this project will consist of intrusion detection system using honey token based encrypted pointers and intrusion prevention system which based on the mixed interactive honeypot. The Intrusion Detection System (IDS) is based on the novel approach of Honey Token based Encrypted Pointers. This honey token inside the frame will serve as a trap for the attacker. All nodes operating within the working domain of critical infrastructure network are divided into four different pools. This division is based per their computational power and level of vulnerability. These pools are provided with different levels of security measures within the network. IDS use different number of Honey Tokens (HT) per frame for every different pool e.g. Pool-A contains 4 HT/frame, Pool-B contains 3 HT/frame, Pool-C contains 2 HT/frame and Pool-D contain 1 HT/frame. Moreover, every pool uses different types of encryption schemes (AES-128,192,256). Our critical infrastructure network of 64 nodes is under the umbrella of unified security provided by this single Network Intrusion Detection System (NIDS). After the design phase of IDS, we analyze the performance of IDS in terms of True Positives (TP) and False Negatives (FN). Finally, we test these IDS through Network Penetration Testing (NPT) phase. The detection rate depends on the number of honey tokens per frame. Our proposed IDS are a scalable solution and it can be implemented for any number of nodes in critical infrastructure network. However, in case of Intrusion Prevention System (IPS) we use Virtual honeypot technology which is the best active prevention technology among all honeypot technologies. By using the original operating system and virtual technology, the honeypot lures attackers in a pre-arranged manner, analyzes and audits various attacking behavior, tracks the attack source, obtains evidence, and finds effective solutions.
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
ย
This paper deals with the inevitable consequence of the convenience and efficiency we benefit from the open, networked control system operation of safety-critical applications: vulnerability to such system from cyber-attacks. Even with numerous metrics and methods for intrusion detection and mitigation strategy, a complete detection and deterrence of internal code flaws and outside cyber-attacks has not been found and would not be found anytime soon. Considering the ever incompleteness of detection and prevention and the impact and consequence of mal-functions of the safety-critical operations caused by cyber incidents, this paper proposes a new computer control system architecture which assures resiliency even under compromised situations. The proposed architecture is centered on diversification of hardware systems and unidirectional communication from the proposed system in alerting suspicious activities to upper layers. This paper details the architectural structure of the proposed cyber defensive computer control system architecture for power substation applications and its validation in lab experimentation and on a cybersecurity testbed.
Hybrid Technique for Detection of Denial of Service (DOS) Attack in Wireless ...Eswar Publications
ย
Wireless Sensor Network (WSNs) are deployed at aggressive environments which are vulnerable to various security attacks such as Wormholes, Denial of Attacks and Sybil Attacks. There are various intrusion detection techniques that are used to identify attacks in a network with high accuracy level. This paper has focused on Denial of Service attack, since it is the most common attack that affects the environment severely. Therefore a new hybrid technique combining Hidden Markov Model with Ant Colony Optimization (HMM+ACO) has been
proposed that gives improved performance than the other techniques.
In recent years, wireless sensor network (WSN) is used in several application areas resembling observance, tracking, and dominant in IoTs. for several applications of WSN, security is a crucial demand. However, security solutions in WSN disagree from ancient networks because of resource limitation and process constraints. This paper analyzes security solutions: TinySec, IEEE 802.15.4, SPINS, MiniSEC, LSec, LLSP, LISA, and LISP in WSN. This paper additionally presents characteristics, security needs, attacks, cryptography algorithms, and operation modes. This paper is taken into account to be helpful for security designers in WSNs.
JPJ1439 On False Data-Injection Attacks against Power System State Estimation...chennaijp
ย
We are good IEEE java projects development center in Chennai and Pondicherry. We guided advanced java technologies projects of cloud computing, data mining, Secure Computing, Networking, Parallel & Distributed Systems, Mobile Computing and Service Computing (Web Service).
For More Details:
http://jpinfotech.org/final-year-ieee-projects/2014-ieee-projects/java-projects/
In this research work an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) will be implemented to detect and prevent critical networks infrastructure from cyber-attacks. To strengthen network security and improve the network's active defense intrusion detection capabilities, this project will consist of intrusion detection system using honey token based encrypted pointers and intrusion prevention system which based on the mixed interactive honeypot. The Intrusion Detection System (IDS) is based on the novel approach of Honey Token based Encrypted Pointers. This honey token inside the frame will serve as a trap for the attacker. All nodes operating within the working domain of critical infrastructure network are divided into four different pools. This division is based per their computational power and level of vulnerability. These pools are provided with different levels of security measures within the network. IDS use different number of Honey Tokens (HT) per frame for every different pool e.g. Pool-A contains 4 HT/frame, Pool-B contains 3 HT/frame, Pool-C contains 2 HT/frame and Pool-D contain 1 HT/frame. Moreover, every pool uses different types of encryption schemes (AES-128,192,256). Our critical infrastructure network of 64 nodes is under the umbrella of unified security provided by this single Network Intrusion Detection System (NIDS). After the design phase of IDS, we analyze the performance of IDS in terms of True Positives (TP) and False Negatives (FN). Finally, we test these IDS through Network Penetration Testing (NPT) phase. The detection rate depends on the number of honey tokens per frame. Our proposed IDS are a scalable solution and it can be implemented for any number of nodes in critical infrastructure network. However, in case of Intrusion Prevention System (IPS) we use Virtual honeypot technology which is the best active prevention technology among all honeypot technologies. By using the original operating system and virtual technology, the honeypot lures attackers in a pre-arranged manner, analyzes and audits various attacking behavior, tracks the attack source, obtains evidence, and finds effective solutions.
Wireless sensor networks are made up of number of tiny mobile nodes, which
have the capability of computation, sensing and wireless network communication. The
energy efficiency of each node in such kind of networks is one of the important issues under
consideration. Thus for these networks, sensor nodes life time is basically depends on use of
routing protocols for routing operations in WSN. There are various routing protocols
proposed by different researchers, which are considered as efficient on the basis of
performance of network lifetime and energy scavenging. There are different routing
protocols introduced for WSN such as flat routing protocols, clustering routing protocols,
hierarchical routing protocols etc. On the other hand, there are basically two types of
WSNs, homogeneous and heterogeneous sensor networks. As WSN is vulnerable to different
types of security threats, there are many security methods presented with their own
advantages and disadvantages. Most of security methods are applied only on homogeneous
WSN, but recently some methods were presented to provide the routing security in
heterogeneous WSNs as well. In this paper, the different security threats and Intrusions in
WSNs are presented, with review of different security methods.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This presentation pointed out cyber attack detection and prevention of Cyber Physical System. The Chi square detector and Fuzzy logic based attack classifier (FLAC) were used to identify distributed denial of service and False data injection attacks. The fuzzy attributes for selecting the mentioned attacks are activity profiling, average packet rate, change point detection algorithm, cusum algorithm, unexpired session of users, injected incomplete information, reuse of session key. An example scenario has been created using OpNET Simulator. Simulation results depict that the use of Chi-square detector and FLAC are able to detect the mentioned cyber physical attacks with high accuracy. Compared to existing Fuzzy logic based attack detector, the proposed model outperforms the traditional distributed denial of service and False data detector.
A NOVEL INTRUSION DETECTION MODEL FOR MOBILE AD-HOC NETWORKS USING CP-KNNIJCNCJournal
ย
Mobile ad-hoc network security problems are the subject of in depth analysis. A group of mobile nodes area unit connected to a set wired backbone. In MANET, the node themselves implement the network management in a very cooperative fashion. All the nodes area unit accountable to create a constellation that is dynamically, modification it and conjointly the absence of any clear network boundaries. We tend to project a completely unique intrusion detection model for mobile ad-hoc network victimization. CP-KNN (Conformal Prediction K-Nearest Neighbor) algorithmic rule is to classify the audit knowledge for anomaly detection. The non-conformity score worth is employed to cut back the classification period of time for multi level iteration. It is effectively notice anomalies with high true positive rate, low false positive rate and high confidence that the progressive of assorted anomaly detection ways. Additionally it is interfered
by โnoisyโ knowledge (unclean data), the projected technique is strong, effective and conjointly it retains
its smart detection performance and to avoid the abnormal activity.
CYBER ATTACKS ON INTRUSION DETECTION SYSTEMijistjournal
ย
Soft Computing techniques are fast growing technology used for problem solving, Information security is of essence factor in the age of computer world. Protecting information, systems and resources from unauthorized use, duplication, modification ,adjustment or any kind of cause which damage the resources such that it cannot be repaired or no longer exist to the real user is one of the part of soft computing. Researcher proposed several mechanism to fight against cyber attacks. Several existing techniques available intrusion detection systems are responsible to face upcoming cyber attacks. Soft computing is one of the best presently using techniques which is applied in Intrusion Detection System to manage network traffic and use to detect cyber attacks with increased efficiency and accuracy.
ENHANCED THREE TIER SECURITY ARCHITECTURE FOR WSN AGAINST MOBILE SINK REPLI...ijwmn
ย
Recent developments on Wireless Sensor Networks have made their application in a wide range
such as military sensing and tracking, health monitoring, traffic monitoring, video surveillance and so on.
Wireless sensor nodes are restricted to computational resources, and are always deployed in a harsh,
unattended or unfriendly environment. Therefore, network security becomes a tough task and it involves
the authorization of admittance to data in a network. The problem of authentication and pair wise key
establishment in sensor networks with mobile sink is still not solved in the mobile sink replication attacks.
In q-composite key pre distribution scheme, a large number of keys are compromised by capturing a
small fraction of sensor nodes by the attacker. The attacker can easily take a control of the entire network
by deploying a replicated mobile sinks. Those mobile sinks which are preloaded with compromised keys
are used authenticate and initiate data communication with sensor node. To determine the above problem
the system adduces the three-tier security framework for authentication and pair wise key establishment
between mobile sinks and sensor nodes. The previous system used the polynomial key pre distribution
scheme for the sensor networks which handles sink mobility and continuous data delivery to the
neighbouring nodes and sinks, but this scheme makes high computational cost and reduces the life time of
sensors. In order to overcome this problem a random pair wise key pre distribution scheme is suggested
and further it helps to improve the network resilience. In addition to this an Identity Based Encryption is
used to encrypt the data and Mutual authentication scheme is proposed for the identification and
isolation of replicated mobile sink from the network.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Self protection mechanism for wireless sensor networksIJNSA Journal
ย
Because of the widespread use of wireless sensor ne
tworks in many applications, and due to the nature
of
the specifications of these networks (WSN) in terms
of wireless communication, the network contract
specifications, and published it in difficult envir
onments. All this leads to the network exposure to
many
types of external attacks. Therefore, the protectio
n of these networks from external attacks is consid
ered the
one of the most important researches at this time.
In this paper we investigated the security in wirel
ess
sensor networks, Limitations of WSN, Characteristic
Values for some types of attacks, and have been
providing protection mechanism capable of detecting
and protecting wireless sensor networks from a wid
e
range of attacks.
SELF-PROTECTION MECHANISM FOR WIRELESS SENSOR NETWORKS IJNSA Journal
ย
Because of the widespread use of wireless sensor networks in many applications, and due to the nature of the specifications of these networks (WSN) in terms of wireless communication, the network contract specifications, and published it in difficult environments. All this leads to the network exposure to many types of external attacks. Therefore, the protection of these networks from external attacks is considered the one of the most important researches at this time. In this paper we investigated the security in wireless sensor networks, Limitations of WSN, Characteristic Values for some types of attacks, and have been providing protection mechanism capable of detecting and protecting wireless sensor networks from a wide range of attacks.
A review on techniques and modelling methodologies used for checking electrom...nooriasukmaningtyas
ย
The proper function of the integrated circuit (IC) in an inhibiting electromagnetic environment has always been a serious concern throughout the decades of revolution in the world of electronics, from disjunct devices to todayโs integrated circuit technology, where billions of transistors are combined on a single chip. The automotive industry and smart vehicles in particular, are confronting design issues such as being prone to electromagnetic interference (EMI). Electronic control devices calculate incorrect outputs because of EMI and sensors give misleading values which can prove fatal in case of automotives. In this paper, the authors have non exhaustively tried to review research work concerned with the investigation of EMI in ICs and prediction of this EMI using various modelling methodologies and measurement setups.
Wireless sensor networks are made up of number of tiny mobile nodes, which
have the capability of computation, sensing and wireless network communication. The
energy efficiency of each node in such kind of networks is one of the important issues under
consideration. Thus for these networks, sensor nodes life time is basically depends on use of
routing protocols for routing operations in WSN. There are various routing protocols
proposed by different researchers, which are considered as efficient on the basis of
performance of network lifetime and energy scavenging. There are different routing
protocols introduced for WSN such as flat routing protocols, clustering routing protocols,
hierarchical routing protocols etc. On the other hand, there are basically two types of
WSNs, homogeneous and heterogeneous sensor networks. As WSN is vulnerable to different
types of security threats, there are many security methods presented with their own
advantages and disadvantages. Most of security methods are applied only on homogeneous
WSN, but recently some methods were presented to provide the routing security in
heterogeneous WSNs as well. In this paper, the different security threats and Intrusions in
WSNs are presented, with review of different security methods.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This presentation pointed out cyber attack detection and prevention of Cyber Physical System. The Chi square detector and Fuzzy logic based attack classifier (FLAC) were used to identify distributed denial of service and False data injection attacks. The fuzzy attributes for selecting the mentioned attacks are activity profiling, average packet rate, change point detection algorithm, cusum algorithm, unexpired session of users, injected incomplete information, reuse of session key. An example scenario has been created using OpNET Simulator. Simulation results depict that the use of Chi-square detector and FLAC are able to detect the mentioned cyber physical attacks with high accuracy. Compared to existing Fuzzy logic based attack detector, the proposed model outperforms the traditional distributed denial of service and False data detector.
A NOVEL INTRUSION DETECTION MODEL FOR MOBILE AD-HOC NETWORKS USING CP-KNNIJCNCJournal
ย
Mobile ad-hoc network security problems are the subject of in depth analysis. A group of mobile nodes area unit connected to a set wired backbone. In MANET, the node themselves implement the network management in a very cooperative fashion. All the nodes area unit accountable to create a constellation that is dynamically, modification it and conjointly the absence of any clear network boundaries. We tend to project a completely unique intrusion detection model for mobile ad-hoc network victimization. CP-KNN (Conformal Prediction K-Nearest Neighbor) algorithmic rule is to classify the audit knowledge for anomaly detection. The non-conformity score worth is employed to cut back the classification period of time for multi level iteration. It is effectively notice anomalies with high true positive rate, low false positive rate and high confidence that the progressive of assorted anomaly detection ways. Additionally it is interfered
by โnoisyโ knowledge (unclean data), the projected technique is strong, effective and conjointly it retains
its smart detection performance and to avoid the abnormal activity.
CYBER ATTACKS ON INTRUSION DETECTION SYSTEMijistjournal
ย
Soft Computing techniques are fast growing technology used for problem solving, Information security is of essence factor in the age of computer world. Protecting information, systems and resources from unauthorized use, duplication, modification ,adjustment or any kind of cause which damage the resources such that it cannot be repaired or no longer exist to the real user is one of the part of soft computing. Researcher proposed several mechanism to fight against cyber attacks. Several existing techniques available intrusion detection systems are responsible to face upcoming cyber attacks. Soft computing is one of the best presently using techniques which is applied in Intrusion Detection System to manage network traffic and use to detect cyber attacks with increased efficiency and accuracy.
ENHANCED THREE TIER SECURITY ARCHITECTURE FOR WSN AGAINST MOBILE SINK REPLI...ijwmn
ย
Recent developments on Wireless Sensor Networks have made their application in a wide range
such as military sensing and tracking, health monitoring, traffic monitoring, video surveillance and so on.
Wireless sensor nodes are restricted to computational resources, and are always deployed in a harsh,
unattended or unfriendly environment. Therefore, network security becomes a tough task and it involves
the authorization of admittance to data in a network. The problem of authentication and pair wise key
establishment in sensor networks with mobile sink is still not solved in the mobile sink replication attacks.
In q-composite key pre distribution scheme, a large number of keys are compromised by capturing a
small fraction of sensor nodes by the attacker. The attacker can easily take a control of the entire network
by deploying a replicated mobile sinks. Those mobile sinks which are preloaded with compromised keys
are used authenticate and initiate data communication with sensor node. To determine the above problem
the system adduces the three-tier security framework for authentication and pair wise key establishment
between mobile sinks and sensor nodes. The previous system used the polynomial key pre distribution
scheme for the sensor networks which handles sink mobility and continuous data delivery to the
neighbouring nodes and sinks, but this scheme makes high computational cost and reduces the life time of
sensors. In order to overcome this problem a random pair wise key pre distribution scheme is suggested
and further it helps to improve the network resilience. In addition to this an Identity Based Encryption is
used to encrypt the data and Mutual authentication scheme is proposed for the identification and
isolation of replicated mobile sink from the network.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Self protection mechanism for wireless sensor networksIJNSA Journal
ย
Because of the widespread use of wireless sensor ne
tworks in many applications, and due to the nature
of
the specifications of these networks (WSN) in terms
of wireless communication, the network contract
specifications, and published it in difficult envir
onments. All this leads to the network exposure to
many
types of external attacks. Therefore, the protectio
n of these networks from external attacks is consid
ered the
one of the most important researches at this time.
In this paper we investigated the security in wirel
ess
sensor networks, Limitations of WSN, Characteristic
Values for some types of attacks, and have been
providing protection mechanism capable of detecting
and protecting wireless sensor networks from a wid
e
range of attacks.
SELF-PROTECTION MECHANISM FOR WIRELESS SENSOR NETWORKS IJNSA Journal
ย
Because of the widespread use of wireless sensor networks in many applications, and due to the nature of the specifications of these networks (WSN) in terms of wireless communication, the network contract specifications, and published it in difficult environments. All this leads to the network exposure to many types of external attacks. Therefore, the protection of these networks from external attacks is considered the one of the most important researches at this time. In this paper we investigated the security in wireless sensor networks, Limitations of WSN, Characteristic Values for some types of attacks, and have been providing protection mechanism capable of detecting and protecting wireless sensor networks from a wide range of attacks.
A review on techniques and modelling methodologies used for checking electrom...nooriasukmaningtyas
ย
The proper function of the integrated circuit (IC) in an inhibiting electromagnetic environment has always been a serious concern throughout the decades of revolution in the world of electronics, from disjunct devices to todayโs integrated circuit technology, where billions of transistors are combined on a single chip. The automotive industry and smart vehicles in particular, are confronting design issues such as being prone to electromagnetic interference (EMI). Electronic control devices calculate incorrect outputs because of EMI and sensors give misleading values which can prove fatal in case of automotives. In this paper, the authors have non exhaustively tried to review research work concerned with the investigation of EMI in ICs and prediction of this EMI using various modelling methodologies and measurement setups.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
ย
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
Nuclear Power Economics and Structuring 2024Massimo Talia
ย
Title: Nuclear Power Economics and Structuring - 2024 Edition
Produced by: World Nuclear Association Published: April 2024
Report No. 2024/001
ยฉ 2024 World Nuclear Association.
Registered in England and Wales, company number 01215741
This report reflects the views
of industry experts but does not
necessarily represent those
of World Nuclear Associationโs
individual member organizations.
We have compiled the most important slides from each speaker's presentation. This yearโs compilation, available for free, captures the key insights and contributions shared during the DfMAy 2024 conference.
Online aptitude test management system project report.pdfKamal Acharya
ย
The purpose of on-line aptitude test system is to take online test in an efficient manner and no time wasting for checking the paper. The main objective of on-line aptitude test system is to efficiently evaluate the candidate thoroughly through a fully automated system that not only saves lot of time but also gives fast results. For students they give papers according to their convenience and time and there is no need of using extra thing like paper, pen etc. This can be used in educational institutions as well as in corporate world. Can be used anywhere any time as it is a web based application (user Location doesnโt matter). No restriction that examiner has to be present when the candidate takes the test.
Every time when lecturers/professors need to conduct examinations they have to sit down think about the questions and then create a whole new set of questions for each and every exam. In some cases the professor may want to give an open book online exam that is the student can take the exam any time anywhere, but the student might have to answer the questions in a limited time period. The professor may want to change the sequence of questions for every student. The problem that a student has is whenever a date for the exam is declared the student has to take it and there is no way he can take it at some other time. This project will create an interface for the examiner to create and store questions in a repository. It will also create an interface for the student to take examinations at his convenience and the questions and/or exams may be timed. Thereby creating an application which can be used by examiners and examineeโs simultaneously.
Examination System is very useful for Teachers/Professors. As in the teaching profession, you are responsible for writing question papers. In the conventional method, you write the question paper on paper, keep question papers separate from answers and all this information you have to keep in a locker to avoid unauthorized access. Using the Examination System you can create a question paper and everything will be written to a single exam file in encrypted format. You can set the General and Administrator password to avoid unauthorized access to your question paper. Every time you start the examination, the program shuffles all the questions and selects them randomly from the database, which reduces the chances of memorizing the questions.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
ย
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
6th International Conference on Machine Learning & Applications (CMLA 2024)ClaraZara1
ย
6th International Conference on Machine Learning & Applications (CMLA 2024) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of on Machine Learning & Applications.
1. Effect of Intrusion Detection and
Response on Reliability of Cyber
Physical Systems
Robert Mitchell, Ing-Ray Chen
Paper Presentation by Michael Matarazzo (mfm11@vt.edu)
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
2. Overview
I. Introduction
II. Reference Model
III.System Model and Analysis
IV.Parameterization Process
V. Numerical Data with Interpretations
VI.Conclusions and Future Work
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
3. I. Introduction
๏ง Cyber Physical System (CPS)
๏ง A system using sensors, actuators, control units, and other physical
objects to control and protect a physical infrastructure.
๏ง Failure can have severe consequences, thus it is very important to
protect it from malicious attacks.
๏ง Reliability of CPS
๏ง This paper explores the reliability of a CPS designed to sustain malicious
attacks over time without energy replenishment.
๏ง A CPS usually operates in some hostile environment where energy
replenishment may not be possible and nodes may be compromised.
๏ง To prolong the system lifetime, an Intrusion Detection and Response
System (IDRS) must effectively detect malicious nodes without
unnecessarily wasting energy.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
4. I. Introduction
๏ง Intrusion Detection System (IDS) Designs
๏ง Signature Based
๏ง Oman and Phillips [22] study an IDS for CPSs that tests an automated
transform from XML profile to Snort signature in an electricity
distribution laboratory.
๏ง Anomaly Based
๏ง Barbosa and Pras [2] study an IDS for CPSs that tests state machine
and Markov chain approaches to traffic analysis on a water distribution
system based on a comprehensive vulnerability assessment.
๏ง Specification Based
๏ง Cheung, et al. [12] study a specification based IDS that uses PVS to
transform protocol, communication patterns, and service availability
specifications into a format compatible with EMERALD.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
5. I. Introduction
๏ง This paper uses a Specification based approach
with the following features:
๏ง A specification is automatically mapped into a state
machine consisting of good and bad states.
๏ง For intrusion detection, nodeโs deviation from good
states is measured at runtime.
๏ง Specification-based techniques are applied to host-
level intrusion detection only.
๏ง System-level intrusion detection is devised based on
multitrust to yield low false alarm probability.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
6. I. Introduction
๏ง Addressing Response
๏ง Unlike intrusion detection, little work has been done on the
response aspect of IDRS.
๏ง This design addresses both intrusion detection and
response issues, with the goal to maximize the CPS
lifetime.
๏ง Methodology
๏ง We use a probability model-based analysis to assess the
reliability of a CPS w/ IDRS.
๏ง A variety of attacker behaviors are considered, including
persistent, random, and insidious.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
7. I. Introduction
๏ง To achieve high reliability, we identify the
best design settings of the detection strength
and response strength to best balance energy
conservation vs. intrusion tolerance given a
set of parameter values characterizing the
operational environment and network
conditions.
๏ง Parameterization of the model using the
properties of the IDS system is one major
contribution of the paper.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
8. II. Reference Model
A. Reference CPS Model
๏ง Comprised of 128 sensor-carried mobile nodes,
each of which ranges its neighbors periodically, uses
its sensor to measure any detectable phenomena
nearby, and transmits a CDMA waveform.
๏ง Neighbors receiving the waveform transform the
timing of the PN code and RF carrier into distance.
๏ง Each node performs sensing and reporting functions
to provide information to upper layer control
devices and utilizes its ranging function for node
localization and intrusion detection.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
9. II. Reference Model
๏ง It is a special case of a single-enclave system with
homogeneous nodes.
๏ง The IDS functionality is distributed to all nodes in the
system for intrusion and fault tolerance.
๏ง On top of the mobile nodes sits a control node
responsible for setting system parameters in response
to dynamically changing conditions, such as changes
of attacker strength.
๏ง The control module is assumed to be fault and
intrusion free through security and hardware
protection mechanisms against capture attacks and
hardware failure.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
10. II. Reference Model
๏ง Fig. 1 depicts the reference
CPS:
๏ง The mobile nodes (RTUs) are
capable of sensing physical
environments as well as actuating
and controlling the underlying
physical objects in the CPS.
๏ง On top is a control unit (MTU)
which receives sensing data from
the nodes and determines actions
to be performed them.
๏ง MTU sends actuator commands to
trigger the actuating devices of the
mobile nodes.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
11. II. Reference Model
๏ง Real World Applications of Reference CPS
๏ง Disaster Recovery โ a group of mobile nodes with
motion/video sensing and actuating capabilities cooperating
under the control of a disaster corrective control unit to protect
and recover physical objects.
๏ง Military Patrol โ a group of mobile patrol nodes equipped with
motion sensing and fighting capabilities cooperating under the
control of a control unit to protect and control physical objects.
๏ง Unmanned aircraft systems - a group of UAVs equipped with
sensing and fighting capabilities cooperating under the control of
a remote control unit to control and protect physical objects.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
12. II. Reference Model
๏ง MTU (control unit) contains the control logic, provides
management services, and implements the broad
strategic control functions.
๏ง This reference CPS is highly mobile (nodes are mobile)
and safety-critical, using ad-hoc networking with
bidirectional flows.
๏ง Host IDS design is based on local monitoring.
๏ง System-level IDS design is based on the voting of
neighbor monitoring nodes.
๏ง These techniques can be generically applied to any
network structure used in a CPS.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
13. II. Reference Model
B. Security Failure
๏ง Byzantine Fault Model
๏ง The system fails if 1/3 or more of the nodes are compromised.
๏ง Represents the situation in which the control unit is unable to obtain
any sensor reading consensus.
๏ง Impairment Failure
๏ง The system fails because an undetected compromised node
performing active attacks has impaired the functionality of the system.
๏ง This is modeled by defining an impairment failure attack period by a
compromised node beyond which the system cannot sustain the
damage.
๏ง Represents the situation when the system is severely impaired due to
impairment by an undetected bad node (especially an actuator) over
an impairment failure period.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
14. II. Reference Model
C. Attack Model
๏ง We consider capture attacks which turn a good node
into a bad insider node:
๏ง At the sensor-actuator layer of the CPS architecture, a bad
node can perform data spoofing attacks and bad command
execution attacks.
๏ง At the networking layer, a bad node can perform various
communication attacks such as selective forwarding, packet
dropping, packet flooding, etc. to disrupt the systemโs
packet routing capability.
๏ง At the control layer, a bad node can perform control-level
attacks including aggregated data and command spoofing
attacks.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
15. II. Reference Model
๏ง Our primary interest is on capture attacks of sensor-actuator nodes:
๏ง Persistent attacker - performs attacks whenever it has a chance,
with ๐ฉ๐ซ๐จ๐๐๐๐ข๐ฅ๐ข๐ญ๐ฒ = ๐ and a primary objective to cause impairment
failure.
๏ง Random attacker - performs attacks randomly with ๐ฉ๐ซ๐จ๐๐๐๐ข๐ฅ๐ข๐ญ๐ฒ =
๐๐๐๐๐ ๐๐ and a primary objective of evading detection.
๏ง It may take a longer time to cause impairment failure.
๏ง It may increase the probability of a Byzantine security failure.
๏ง Insidious attacker - is hidden all the time to evade detection until a
critical mass of compromised nodes is reached.
๏ง It then performs an โall inโ attack.
๏ง The primary objective is to maximize the security failure probability caused by
either impairment or Byzantine failure.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
16. II. Reference Model
D. Host Intrusion Detection (two core techniques):
๏ง Behavior rule specification
๏ง To specify the behavior of an entity (sensor or actuator) by a set of rules from which a state
machine is automatically derived.
๏ง Then, node misbehavior can be assessed by observing the behaviors of the node against
the state machine (or behavior rules).
๏ง Vector similarity specification
๏ง To compare similarity of a sequence of sensor readings, commands, or votes among entities
performing the same set of functions.
๏ง A state machine is also automatically derived from which a similarity test is performed to
detect outliers.
๏ง The states derived in the state machine would be labeled as secure vs. insecure.
๏ง A monitoring node then applies snooping and overhearing techniques observing the
percentage of time a neighbor node is in secure states over the intrusion detection
interval ๐ป๐ฐ๐ซ๐บ.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
17. II. Reference Model
๏ง A longer time in secure states indicates greater specification
compliance, while a shorter time indicates less โ if ๐ฟ๐ falls below ๐ช๐ป,
node ๐ is considered compromised.
๏ง Application of these two host IDS techniques to reference CPS:
๏ง A monitoring node periodically determines a sequence of locations of a
sensor-carried mobile node within radio range and detects if the
location sequence (corresponding to the state sequence) deviates from
the expected location sequence.
๏ง A monitoring node periodically collects votes from neighbor nodes and
detects dissimilarity of vote sequences for outlier detection.
๏ง Measurement of compliance degree is not perfect and can be
affected by noise and unreliable wireless communication in the CPS.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
18. ๏ง We model the compliance degree by a random variable ๐ฟ with ๐ฎ โ =
๐ฉ๐๐๐(๐ถ, ๐ท) distribution, with value 0 indicating that the output is totally
unacceptable (zero compliance), and 1 indicating the output is totally acceptable
(perfect compliance)
๏ง ๐ฎ ๐ , ๐ โค ๐ โค ๐, is given by:
๏ง And the expected value of ๐ฟ is given by:
๏ง The ๐ถ and ๐ท parameters are to be estimated based on the method of maximum
likelihood by using the compliance degree history collected during the systemโs
testing phase.
๏ง The system is tested with its anticipated attacker event profile and the
compliance degree is assessed using the specification-based host IDS
described above.
II. Reference Model
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
19. II. Reference Model
๏ง A nodeโs anticipated event profile describes a
nodeโs behaviors, and predicts the next state the
node will be entering upon an event occurrence.
๏ง A persistent attacker will likely go to another bad
state because it performs attacks continuously.
๏ง A random attacker will likely go to a bad state in
accordance to its random attack probability.
๏ง A good node on the other hand will likely go to
another good state because it complies with its
behavior rules, unless the detection of its behaviors is
hindered by noise or wireless channel error.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
20. II. Reference Model
๏ง The compliance degree history is the realization of a sequence of random variables
(๐๐, ๐๐, โฆ , ๐๐) and ๐ is the total number of compliance degree outputs observed.
๏ง The maximum likelihood estimates of ๐ถ and ๐ท are obtained by numerically solving:
๏ง where
๏ง A simpler model involves a single parameter ๐ฉ๐๐๐(๐ท) distribution with ๐ถ = ๐.
๏ง The density is ๐ท(๐ โ ๐)๐ทโ๐
for ๐ โค ๐ โค ๐, and 0 otherwise.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
21. II. Reference Model
๏ง Host intrusion detection is characterized by:
๏ง ๐๐๐ง (probability of per-host IDS false negative)
๏ง ๐๐๐ฉ (probability of per-host IDS false positive)
๏ง We consider a System minimum compliance threshold (๐ช๐ป) criterion:
๏ง If ๐ฟ๐ (compliance degree of a bad node) > ๐ช๐ป, then there is a false negative.
๏ง Assuming ๐ฟ๐ is modeled by ๐ฎ โ = ๐ฉ๐๐๐(๐ถ, ๐ท) distribution:
๏ง ๐๐๐ง = ๐๐ซ ๐ฟ๐ > ๐ช๐ป = ๐ โ ๐ฎ(๐ช๐ป)
๏ง If ๐ฟ๐ (compliance degree of a good node) < ๐ช๐, then there is a false positive.
๏ง Assuming ๐ฟ๐ is modeled by the same distribution:
๏ง ๐๐๐ฉ = ๐๐ซ ๐ฟ๐ โค ๐ช๐ป = ๐ฎ(๐ช๐ป)
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
22. II. Reference Model
๏ง These two probabilities are largely affected by
the setting of ๐ช๐ป;
๏ง A large ๐ช๐ป induces a small false negative
probability at the expense of a large false
positive probability, and vice versa;
๏ง A proper setting of ๐ช๐ป in response to attacker
strength detected at runtime helps maximize
the system lifetime.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
23. II. Reference Model
E. System Intrusion Detection
๏ง Based on majority voting of host IDS results to cope with incomplete
and uncertain information available to nodes;
๏ง Involves the selection of m detectors as well as the invocation interval
๐ป๐ฐ๐ซ๐บ to best balance energy conservation vs. intrusion tolerance for
achieving high reliability.
๏ง Each node periodically exchanges its routing information, location, and
identifier with its neighbor nodes, and a coordinator is selected
randomly among neighbors so that the adversaries will not have
specific targets.
๏ง Randomness is added to this selection process by introducing a keyed
hash function.
๏ง The node with the smallest returned hash value would then become
the coordinator.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
24. II. Reference Model
๏ง Because the candidate nodes know each otherโs identifier and location, they
can, without trading information, execute the hash function to determine
which node would be the coordinator.
๏ง The coordinator selects m detectors randomly (including itself) and lets all
detectors know each othersโ identities so that each voter can send its yes or
no vote to other detectors.
๏ง At the end of the voting process, all detectors will know the same result.
๏ง The node is diagnosed as good, or as bad based on the majority vote.
๏ง The system IDS is characterized by ๐ฌ๐๐ง and ๐ฌ๐๐ฉ, which are two false
alarm probabilities derived in the paper.
๏ง They are not constant but vary dynamically, depending on the percentage
of bad nodes in the system when majority voting is performed.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
25. II. Reference Model
F. Response
๏ง Our IDRS reacts to malicious events at runtime by adjusting ๐ช๐ป.
๏ง Upon sensing increasing attacker strength, it can increase ๐ช๐ป with the
objective to prevent impairment security failure.
๏ง Results in a smaller false negative probability, reducing the number of bad nodes in
the system, and decreasing the probability of impairment security failure.
๏ง However, it could reduce the number of good nodes in the system due to a resulting
larger false positive probability, thus increasing the probability of a Byzantine failure.
๏ง To compensate, the IDRS increases the audit rate or number of detectors to reduce
the false positive probability at the expense of more energy consumption.
๏ง The relationship between the minimum compliance threshold ๐ช๐ป set versus
๐๐๐ง and ๐๐๐ฉ must be determined at static time so the system can adjust ๐ช๐ป
dynamically in response to malicious events detected at runtime.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
26. III. System Model and Analysis
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
27. III. System Model and Analysis
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
28. III. System Model and Analysis
๏ง The theoretical model utilizes
stochastic Petri net (SPN)
techniques.
๏ง Figure 2 shows the SPN
model describing the
ecosystem of a CPS with
intrusion detection and
response under capture,
impairment, and Byzantine
security attacks.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
29. III. System Model and Analysis
๏ง The underlying model of the SPN
model is a continuous-time semi-
Markov process with a state
representation of:
๏ง (๐ต๐, ๐ต๐, ๐ต๐, ๐๐๐๐๐๐๐๐ , ๐๐๐๐๐๐):
๏ง ๐ต๐: number of good nodes
๏ง ๐ต๐: number of bad nodes
๏ง ๐ต๐: number of evicted nodes
๏ง ๐๐๐๐๐๐๐๐ & ๐๐๐๐๐๐ are
represented with a binary values:
๏ง 1 indicates impairment security
failure
๏ง 1 also indicates energy availability
๏ง 0 indicates energy exhaustion
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
30. III. System Model and Analysis
๏ง Places hold tokens, and tokens
represent nodes โ initially all
๐ต nodes (128) are good nodes
located in ๐ต๐.
๏ง Transitions model events:
๏ง TCP models good nodes
being compromised;
๏ง TFP models a good node
being falsely identified as
compromised;
๏ง TIDS models a bad node
being detected correctly.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
31. III. System Model and Analysis
๏ง Good nodes become
compromised due to capture
attacks with rate ๐๐
๏ง This is modeled by associating
transition TCP with a rate of
๐๐ โ ๐ต๐
๏ง Firing TCP will move tokens
one at a time from place ๐ต๐ to
๐ต๐
๏ง Tokens in place ๐ต๐ represent
bad nodes performing
impairment attacks with
probability ๐๐
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
32. III. System Model and Analysis
๏ง ๐ต๐ will be incremented by 1 when a bad
node is detected by the system IDS as
compromised, and ๐ต๐ will be
decremented by 1.
๏ง These events are modeled with the
associated transition TIDS, with (๐ โ
๐ฌ๐๐ง) accounting for the system IDS true
positive probability.
๏ง The system-level IDS can incorrectly
identify a good node as compromised.
๏ง This is modeled by moving a good node
in place ๐ต๐ to place ๐ต๐ by firing the
transition TFP, with ๐ฌ๐๐ฉ accounting for
the system IDS false positive
probability.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
33. III. System Model and Analysis
๏ง System energy is exhausted after time
๐ต๐๐๐ โ ๐ป๐๐๐, where ๐ต๐๐๐ is the max
number of intrusion detection intervals
the CPS can perform before exhaustion.
๏ง It can be estimated by considering the
amount of energy consumed in each ๐ป๐๐๐
interval.
๏ง This event is modeled by placing a token
in place energy initially and firing
transition TENERGY.
๏ง When the exhaustion event occurs, the
token in place energy will be vanished.
๏ง The system enters an absorbing state and
all transitions are disabled.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
34. III. System Model and Analysis
๏ง When the number of bad nodes
(tokens in ๐ต๐) is at least 1/3 of the
total number of nodes, the system fails
due to a Byzantine Failure.
๏ง Bad nodes in place ๐ต๐ perform attacks
with probability ๐๐, and cause
impairment to the system.
๏ง After an impairment-failure time period
is elapsed, heavy impairment will
result in a security failure.
๏ง This is modeled by firing transition
TIF, indicating the amount of time
needed by ๐๐๐ต๐ bad nodes to reach
this level of impairment, beyond which
the system cannot sustain the damage.
๏ง The value of ๐๐ข๐ is system specific, and
is determined by domain experts.
๏ง A token is flown into place impaired
when such a security failure occurs.
๏ง Once a token is in place impaired, the
system enters an absorbing state.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
35. III. System Model and Analysis
๏ง We utilize the SPN model to analyze two design
tradeoffs:
๏ง Detection strength vs. energy consumption
๏ง As we increase the detection frequency (a smaller ๐ป๐๐๐) or the
number of detectors (a larger m), the detection strength
increases, thus preventing the system from running into a
security failure.
๏ง However, this increases the rate at which energy is consumed,
thus resulting in a shorter system lifetime.
๏ง There is an optimal setting of ๐ป๐๐๐ and m under which the
system MTTF is maximized, given the node capture rate and
attack model.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
36. III. System Model and Analysis
๏ง Detection response vs. attacker strength
๏ง As the random attack probability ๐๐ decreases, the attacker strength decreases, thus
lowering the probability of security failure due to impairment attacks.
๏ง However, compromised nodes become more hidden and difficult to detect because
they leave less evidence traceable, resulting in higher per-host false negative
probability ๐๐๐ง, and consequently a higher system-level false negative probability ๐ฌ๐๐ง.
๏ง This increases the probability of security failure due to Byzantine attacks.
๏ง The system can respond to a detected instantaneous attacker strength, and adjust ๐ช๐ป
to trade a high per-host false positive probability ๐๐๐ฉ for a low per-host false negative
probability ๐๐๐ง, or vice versa, so as to minimize the probability of security failure.
๏ง Again, there exists an optimal setting of ๐ช๐ป as a function of attacker strength detected
at time ๐ under which the system security failure probability is minimized.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
37. III. System Model and Analysis
๏ง Let ๐ณ be a binary random variable denoting the lifetime
of the system
๏ง If the system is alive at time ๐, it takes on the value of 1,
๏ง Otherwise it takes on the value 0.
๏ง The expected value of ๐ณ is the reliability of the system ๐น(๐) at
time ๐.
๏ง The MTTF (average lifetime) of the system we aim to
maximize:
๏ง ๐ด๐ป๐ป๐ญ = ๐
โ
๐น ๐ ๐ ๐
๏ง The binary assignment to ๐ณ can be done by means of a
reward function assigning a reward ๐๐ of 0 (if the system
fails) or 1 (if the system is alive) to state ๐ and time ๐.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
38. III. System Model and Analysis
๏ง Once the binary value of 0 or 1 is assigned to all states
of the system, the reliability of the system ๐น(๐) is the
expected value of ๐ณ weighted on the probability that the
system stays at a particular state at time ๐, which we
can obtain easily from solving the SPN model.
๏ง The MTTF of the system is equal to the cumulative
reward to absorption, which can again be computed
easily using SPNP.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
39. IV. Parameterization
๏ง We consider the reference
CPS model operating in a 2x2
area with a network size (๐) of
128 nodes initially.
๏ง Initially, ๐ โ
๐๐๐
๐
= ๐๐ nodes.
๏ง This design is based on local
monitoring so it can be
generically applied to any
network structure.
๏ง A node uses a 35 Wh battery,
so its energy is ๐๐๐๐๐๐ ๐.
๏ง System energy, ๐ฌ๐, is therefore
๐๐๐๐๐๐ ๐ โ ๐๐๐ = ๐๐๐๐๐๐๐๐ ๐
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
40. IV. Parameterization
A. System-Level IDS ๐ฌ๐๐ง and ๐ธ๐๐ฉ
๏ง We first parameterize the system IDS ๐ฌ๐๐ง and ๐ฌ๐๐ฉ:
๏ง The per-host IDS ๐๐๐ฉ and ๐๐๐ง as given input.
๏ง ๐ฌ๐๐ง and ๐ฌ๐๐ฉ highly depend on the attacker behavior.
๏ง A persistent attacker constantly performs slandering attacks;
๏ง Voting a bad node as a good node, and vice versa.
๏ง However, a random or an insidious attacker will only perform
slandering attacks randomly w/ ๐๐ to avoid detection.
๏ง We first differentiate the number of active bad nodes ๐ต๐๐ from
the number of inactive bad nodes ๐ต๐๐, with ๐ต๐๐ + ๐ต๐๐ = ๐ต๐,
such that at any time:
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
41. IV. Parameterization
๏ง An inactive bad node behaves as if it were a good node to
evade detection.
๏ง It casts votes the same way as a good node would.
๏ง For a persistent attacker, ๐๐ = ๐.
๏ง For a random attacker, ๐๐ = ๐๐๐๐๐ ๐๐.
๏ง For an insidious attacker:
๏ง a compromised node stays dormant until a critical mass
of compromised nodes is gathered so that;
๏ง ๐๐ = ๐ when ๐ต๐ โฅ ๐ต๐ป๐, and ๐๐ = ๐ otherwise.
๏ง ๐ต๐ป๐ represents insidousness degree.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
42. IV. Parameterization
๏ง Here, ๐ this is the number of detectors, and ๐๐ is the majority of ๐.
๏ง The first summation aggregates the probability of a false negative stemming from selecting
a majority of active bad nodes.
๏ง The second summation aggregates the probability of a false negative stemming from
selecting a minority of ๐ nodes from the set of active bad nodes which always cast
incorrect votes, coupled with selecting a sufficient number of nodes from the set of good
nodes and inactive bad nodes which make incorrect votes with probability ๐๐๐ง, resulting in
a majority of incorrect votes being cast.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
43. IV. Parameterization
B. Host IDS ๐๐๐ง and ๐๐๐ฉ
๏ง Next, we parameterize ๐๐๐ง and ๐๐๐ฉ for persistent,
random, and insidious attacks
๏ง The system, after testing and debugging, determines
a minimum threshold ๐ช๐ป such that ๐๐๐ง and ๐๐๐ฉ are
acceptable to system design.
๏ง Persistent Attacks
๏ง Let ๐๐๐๐ง and ๐๐๐๐ฉ be the false negative probability and the
false positive probability of the host IDS when ๐๐ = ๐.
๏ง Let the minimum threshold ๐ช๐ป value set for the persistent
attack case be denoted by ๐ช๐๐ป.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
44. IV. Parameterization
๏ง Random Attacks
๏ง Let ๐๐๐๐ง and ๐๐๐๐ฉ be the false negative probability and the false
positive probability of the host IDS when ๐๐ < ๐.
๏ง The amount of evidence observable from a bad node would be
diminished proportionally to ๐๐.
๏ง Consequently, with the same minimum threshold ๐ช๐๐ป being
used, the host false negative probability would increase.
๏ง The host false positive probability would remain the same, i.e.
๐๐๐๐ฉ = ๐๐๐๐ฉ, because the attacker behavior does not affect false
positives, given the same minimum threshold ๐ช๐๐ป being used.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
45. IV. Parameterization
๏ง Insidious Attacks
๏ง Let ๐๐๐๐ง and ๐๐๐๐ฉ be the false negative and false positive
probability of the host IDS under insidious attacks.
๏ง The false positive probability is not affected, so ๐๐๐๐ฉ = ๐๐๐๐ฉ.
๏ง Because insidious nodes stay dormant until a critical mass is
achieved:
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
46. IV. Parameterization
๏ง The ๐๐๐ง and ๐๐๐ฉ values obtained above for would be a
function of time as input to (10) for calculating system-
level IDS ๐ธ๐๐ง and ๐ธ๐๐ฉ dynamically.
๏ง We apply the statistical analysis described by (1) - (4) to
get the maximum likelihood estimates of ๐ท (with ๐ถ set
as 1) under each attacker behavior model, and then
utilize (5) and (6) to yield ๐๐๐ง and ๐๐๐ฉ.
๏ง The system minimum threshold ๐ช๐ป is set to ๐ช๐๐ป = ๐. ๐ to
yield ๐๐๐๐ง = ๐. ๐% and ๐๐๐๐ฉ = ๐. ๐%.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
47. IV. Parameterization
๏ง Table IV summarizes beta
values, and the resulting ๐๐๐ง
and ๐๐๐ฉ values under various
attacker behavior models.
๏ง The persistent attack model is
a special case in which ๐๐ = ๐.
๏ง The insidious attack model is
another special case in which
๐๐ = ๐ during the โall inโ
attack period, and ๐๐ = ๐
during the dormant period.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
48. IV. Parameterization
C. Parameterizing ๐ช๐ป for Dynamic Intrusion Response
๏ง The parameterization of ๐๐๐ง and ๐๐๐ฉ above is based on a
constant ๐ช๐ป being used.
๏ง A dynamic IDS response design is to adjust ๐ช๐ป in
response to the attacker strength detected with the goal to
maximize the system lifetime.
๏ง The attacker strength of a node ๐ may be estimated
periodically by node ๐โs intrusion detectors.
๏ง That is, the compliance degree value of node ๐, ๐ฟ๐(๐),
based on observations collected during [๐ โ ๐ป๐๐๐, ๐], is
compared against the minimum threshold ๐ช๐๐ป set for
persistent attacks.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
49. IV. Parameterization
๏ง If ๐ฟ๐ ๐ < ๐ช๐๐ป, then node ๐ is considered a bad node performing
active attacks at time ๐; otherwise, it is a good node.
๏ง This information is passed to the control module which
subsequently estimates ๐ต๐๐(๐), representing the attacker
strength at time ๐.
๏ง We want a simple yet efficient IDS response design that can
decrease ๐๐๐ง when the attacker strength is high, allowing quick
removal of active attackers to prevent impairment failure.
๏ง This goal is achieved by increasing the ๐ช๐ป value.
๏ง Conversely, when there is little attacker evidence detected, we
lower ๐ช๐ป to quickly decrease ๐๐๐ฉ and prevent Byzantine failure.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
50. IV. Parameterization
๏ง While there are many possible ways to dynamically control ๐ช๐ป, this
paper considers a linear one-to-one mapping function:
๏ง We set ๐ช๐ป to ๐ช๐๐ป when ๐ต๐๐ ๐ detected at time ๐ is 1, and linearly
increase/decrease ๐ช๐ป with increasing/decreasing attacker strength.
๏ง With ๐ช๐๐ป = ๐. ๐ in our CPS reference system, we set ๐น๐ช๐ป
= ๐. ๐ and
parameterize ๐ช๐ป(๐) as:
๏ง When ๐ช๐ป is closer to 1, a node will more likely be considered as
compromised even if it wanders only for a small amount of time in
insecure states.
๏ง A large ๐ช๐ป induces a small ๐๐๐ง at the expense of a large ๐๐๐ฉ.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
51. IV. Parameterization
D. Energy
๏ง Lastly, we parameterize ๐ต๐๐๐, the maximum number of intrusion
detection cycles the system can possibly perform before energy
exhaustion.
๏ง ๐ต๐๐๐ = ๐ฌ๐/๐ฌ๐๐๐ (14), where ๐ฌ๐ is the initial energy of the
reference CPS.
๏ง ๐ฌ๐๐๐ is the energy consumed per ๐ป๐๐๐ interval due to ranging,
sensing, and intrusion detection functions, calculated as:
๏ง The energy spent per node is multiplied with the node
population in the CPS to get the total energy spent by all nodes
per cycle.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
52. IV. Parameterization
๏ง ๐ฌ๐๐๐๐๐๐๐ is calculated as:
๏ง A node spends ๐ฌ๐ energy to transmit a CDMA
waveform.
๏ง Its ๐ neighbors each spend ๐ฌ๐ energy to transform it
into distance.
๏ง This operation is repeated for ๐ธ times for determining a
sequence of locations.
๏ง ๐ฌ๐๐๐๐๐๐๐ is computed as:
๏ง A node spends ๐ฌ๐ energy for sensing navigation and
multipath mitigation data, and ๐ฌ๐ energy for analyzing
sensed data for each of its ๐ neighbors.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
53. IV. Parameterization
๏ง ๐ฌ๐ ๐๐๐๐๐๐๐๐ can be calculated by:
๏ง We consider the energy required to choose ๐ intrusion
detectors to evaluate a target node (the first term), and
the energy required for ๐ intrusion detectors to vote
(the second term).
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
54. V. Numerical Data
A. Effect of Intrusion Detection
Strength
๏ง We first examine the effect of
intrusion detection strength
measured by the intrusion interval,
๐ป๐๐๐, and the number of intrusion
detectors, ๐. (Persistent attacks
only)
๏ง Fig. 3 shows MTTF versus ๐ป๐๐๐ as
the number of detectors ๐ in the
system-level IDS varies over the
range of [3,11] in increments of 2.
๏ง There exists an optimal ๐ป๐๐๐ value
at which the system lifetime is
maximized to best tradeoff energy
consumption versus intrusion
tolerance.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
55. V. Numerical Data
๏ง Initially, when ๐ป๐๐๐ is too
small, the system performs
ranging, sensing, and intrusion
detection too frequently, and
quickly exhausts its energy,
resulting in a small lifetime.
๏ง As ๐ป๐๐๐ increases, the system
saves more energy, and its
lifetime increases.
๏ง Finally, when ๐ป๐๐๐ is too large,
it saves more energy but fails
to catch bad nodes often
enough.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
56. V. Numerical Data
๏ง Bad nodes through active
attacks can cause impairment
security failure.
๏ง When the system has 1/3 or
more bad nodes out of the
total population, a Byzantine
failure occurs.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
57. V. Numerical Data
๏ง We observe that the optimal
๐ป๐๐๐ value at which the system
MTTF is maximized is sensitive
to the ๐ value.
๏ง The general trend is that, as ๐
increases, the optimal ๐ป๐๐๐
value decreases.
๏ง Here we observe that ๐ = ๐ is
optimal to yield the maximum
MTTF.
๏ง Using ๐ = ๐ can best balance
energy exhaustion failure
versus security failure for high
reliability.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
58. V. Numerical Data
๏ง Fig. 4 shows MTTF versus ๐ป๐๐๐
as the compromising rate ๐๐
varies over the range of once
per 4 hours to once per 24
hours.
๏ง This tests the sensitivity of
MTTF with respect to ๐๐, with
๐ fixed at five to isolate its
effect.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
59. V. Numerical Data
๏ง As ๐๐ increases, MTTF
decreases because a more
compromised nodes will be
present in the system.
๏ง The optimal ๐ป๐๐๐ decreases as
๐๐ increases because more
compromised nodes exist, and
the system needs to execute
intrusion detection more
frequently to maximize MTTF.
๏ง Fig. 4 identifies the best ๐ป๐๐๐ to
be used to maximize the lifetime
of the reference CPS to balance
energy exhaustion versus
security failure.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
60. V. Numerical Data
B. Effect of Attacker Behavior
๏ง We analyze the effect of various
attacker behavior models, including
persistent, random, and insidious
attacks.
๏ง The analysis conducted here is
based on static ๐ช๐ป.
๏ง Fig. 5 shows MTTF versus ๐ป๐๐๐ with
varying ๐๐๐๐๐ ๐๐ values.
๏ง The system MTTF is low when
๐๐๐๐๐ ๐๐ is small.
๏ง Most bad nodes are dormant and
remain undetected.
๏ง Eventually, the system suffers from
Byzantine failure quickly, leading to a
low MTTF.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
61. V. Numerical Data
๏ง As ๐๐๐๐๐ ๐๐ increases from 0.025
to 0.2, the system MTTF
increases.
๏ง Bad nodes are more likely to be
detected and removed.
๏ง As ๐๐๐๐๐ ๐๐ increases further,
however, the system MTTF
decreases again.
๏ง Due to larger number of impairment
attacks.
๏ง In the extreme case of ๐๐๐๐๐ ๐๐ =
๐, all bad nodes perform attacks,
and the system failure is mainly
caused by impairment.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
62. V. Numerical Data
๏ง The maximum MTTF occurs
when ๐๐๐๐๐ ๐๐ = ๐. ๐.
๏ง The probability of security
failure due to either type of
security attacks is
minimized.
๏ง This represents a balance of
impairment security failure
rate vs. Byzantine failure
rate dictated by the
parameter settings of the
reference CPS.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
63. V. Numerical Data
๏ง Fig. 6 compares the MTTF versus ๐ป๐๐๐ of
the reference CPS under the three
attacker types.
๏ง MTTF of the CPS is the highest under
random attacks.
๏ง MTTF of the CPS under persistent
attacks is the second highest.
๏ง As expected, the CPS under insidious
attacks has the lowest MTTF.
๏ง Unlike persistent attacks which aim to
cause impairment failure, insidious
attacks while dormant can cause
Byzantine failure, and โ
โall inโโ
can also
cause impairment failure.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
64. V. Numerical Data
๏ง MTTF variation depends on the relative rate at
which impairment failure vs. Byzantine failure
occurs.
๏ง The former is dictated by ๐๐ข๐, and the latter is
dictated by how fast the Byzantine failure
condition is satisfied.
๏ง The MTTF difference between persistent
attacks and insidious attacks is relatively
significant is due to a large Byzantine failure
rate compared with the impairment failure rate.
๏ง However, the reference CPS under random
attacks can more effectively prevent either
Byzantine failure or impairment failure from
occurring by removing bad nodes as soon as
they perform attacks.
๏ง The system MTTF difference between random
versus persistent attacks again depends on the
relative rate at which impairment failure versus
Byzantine failure occurs.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
65. V. Numerical Data
C. Effect of Intrusion Response
๏ง We analyze the effect of intrusion
response (dynamic ๐ช๐ป) to attacker
strength detected at runtime on the
system MTTF.
๏ง Fig. 7 shows MTTF versus ๐ป๐๐๐ under
the static ๐ช๐ป design and the dynamic ๐ช๐ป
design for the persistent attack case.
๏ง There is a significant gain in MTTF under
dynamic ๐ช๐ป over static ๐ช๐ป.
๏ง With persistent attacks, all bad nodes are
actively performing attacks, so increasing
๐ช๐ป to a high level to quickly removes bad
nodes to prevent impairment failure.
๏ง Also, the optimal ๐ป๐๐๐ decreases for the
dynamic configuration.
๏ง This allows the IDS to remove bad nodes
from the system quickly.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
66. V. Numerical Data
๏ง Fig. 8 shows the MTTF vs. ๐ป๐๐๐ under
the static ๐ช๐ป design and the dynamic ๐ช๐ป
design for the random attack case with
๐๐๐๐๐ ๐๐ = ๐. ๐.
๏ง ๐๐๐๐๐ ๐๐ = ๐. ๐ yields the highest MTTF
among all random attack cases in the
reference CPS system.
๏ง Again, dynamic ๐ช๐ป performs significantly
better than static ๐ช๐ป at the identified
optimal ๐ป๐๐๐ value.
๏ง The optimal ๐ป๐๐๐ value under dynamic ๐ช๐ป
design again is smaller than that under
static ๐ช๐ป design to quickly remove nodes
that perform active attacks.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
67. V. Numerical Data
๏ง Fig. 9 shows the MTTF versus ๐ป๐๐๐
under the static ๐ช๐ป design and the
dynamic ๐ช๐ป design for the insidious
attack case.
๏ง The MTTF difference is relatively small
compared with persistent or random
attacks.
๏ง Bad nodes do not perform active attacks
until a critical mass is reached, so
dynamic ๐ช๐ป would set a lower ๐ช๐ป value
during the dormant period while rapidly
setting a higher ๐ช๐ป value during the
attack period.
๏ง Since the attack period is relatively short
compared with the dormant period, the
gain in MTTF isn't very significant.
๏ง Still, dynamic ๐ช๐ป performs better than
static ๐ช๐ป.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
68. V. Numerical Data
โข As our ๐ช๐ป dynamic control function (12) adjusts
๐ช๐ป solely based on the attacker strength
detected regardless of the attacker type, we
conclude that the dynamic ๐ช๐ป design as a
response to attacker strength detected at
runtime can improve MTTF compared with the
static ๐ช๐ป design.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
69. VI. Conclusions and Future Work
๏ง This paper explores the development of a probability model to analyze the reliability of a
cyber physical system (CPS) containing malicious nodes exhibiting a range of attacker
behaviors and an intrusion detection and response system (IDRS) for detecting and
responding to malicious events at runtime.
๏ง For each attacker behavior, we identified the best detection strength (in terms of the
detection interval and the number of detectors), and the best response strength (in terms
of the per-host minimum compliance threshold for setting the false positive and negative
probabilities), under which the reliability of the system may be maximized.
๏ง There are several future research directions, including:
๏ง Investigating other intrusion detection criteria other than the current binary criterion used in the
paper;
๏ง Exploring other attack behavior models (e.g., an oracle attacker that can adjust the attacker
strength depending on the detection strength to maximize security failure), and investigating the
best dynamic response design to cope with such attacks.
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen
70. Itโs finally over! Questions?
Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
Robert Mitchell, Ing-Ray Chen