Presentation given by George Margelis (Communication Systems & Networks Research Group at the University of Bristol at IEEE Globecom in Washington D.C., USA on 7th December 2016.
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
Detecting Smart Attacks on IoT Integrity Using Game Theory
1. Smart Attacks on the integrity
of the Internet of Things
Avoiding detection by employing Game Theory
George Margelis Robert J. Piechocki, Theo Tryfonas, Paul Thomas
IEEE GLOBECOM - 7 December 2016
2. Presentation Outline
• Problem Statement
• Model
• Assumptions and Definitions
• Game Theory aspects
• Numerical Simulation results
• Conclusions
3. The Internet of Things
Smart
Metering
Home
Automation
Smart
Agriculture
Transportation
Infrastructure
Monitoring
Smart
Metering
e-Health
Industrial
Enterprise
ζ
V2x
The
Internet
Of Things
4. The Internet of Things
• The IoT will connect different
domains into one
homogenous network
• Different domains →
different requirements
• However all domains share
one requirement:
Robust
Security
5. Inherent Uncertainty
Cheap Nodes → Cheap Sensors → Limited Precision
Limited precision → Measurement Uncertainty
“Weird” behaviour: Is a node malicious?
Or simply malfunctioning?
Are a group of nodes whose values deviate
from the mean compromised?
Or simply they are the first to sense
a change in the measured values?
6. Detecting Malicious Nodes
Traditional approach:
Outlier detection and intrusion detection schemes.
However, modern penetration techniques are smarter:
Infecting but remaining in stealth, without changing node
behaviour.
Also when the majority of the nodes have been infected, the
outliers are the healthy ones.
Attackers are exploiting the characteristics of the IoT with
smarter penetration strategies.
10. Defining a Smart Attacker
• Can compromise healthy nodes
• Avoids changing node behaviour radically
• Exploits the inherent uncertainty in the
measurements
11. Defining a Smart Attacker
Assumptions regarding the Attacker:
• The attacker can see the final extracted value.
• Every attack that the attacker attempts is successful,
leading to a compromised node.
• The attacker attempts to change the reported value to
something else, which we name ”Attacker’s Target”.
• The attacker controls the number of compromised
nodes(A) and how much the value of the compromised
nodes differs compared to the measured value (lj ).
12. Defining a Smart Attacker
Assumptions regarding the network:
• Similar to Low Throughtput Networks like LoRA or Sigfox.
• Nodes communicate a measured value (either in a
scheduled or opportunistic manner).
• The mean of the distribution of the values of the network
is the extracted value.
15. Applying Game Theory
A game in it’s normal form is a tuple 𝐺 = 𝑁, 𝐴, 𝑢 , where:
• 𝑁 = {1,2, … , 𝑛𝑖}a set of n rational players. By rational in this
context we mean that the player chooses the strategy that
maximizes his payoff.
• 𝐴 = 𝐴1 × ⋯ × 𝐴2, where 𝐴𝑖 the finite set of actions available to
player 𝑖
• 𝑢 = 𝑢1, … , 𝑢 𝑛 where 𝑢𝑖: 𝐴 → ℝ, a real-valued payoff function
for player 𝑖
16. Applying Game Theory
Utility Function
Reported
Value
Attacker’s
Target
Compromised
Nodes Cost of
Attack
Hellinger’s Distance
From model distribution
Hellinger’s Distance
Detection Threshold
Reward
𝐴𝑃 = 𝜇 ≥ 𝐴𝑇 ∙ 𝑅𝑊𝐷 − 𝐴 ∙ 𝐶𝑃𝐴 − 𝐷(𝑃,𝑄) > 𝑇ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 ∙ 2 ∙ (𝑅𝑊𝐷)
18. Scenarios and results
Scenario 1: Cost of attack remains constant as number of attacks is increased
Scenario 2: Cost of attack rises as number of attacks is increased
Scenario 3: Cost of attack reduces as number of attacks is increased
19. Scenarios and results
Pay-out for the attacker for the first scenario when the
attacker aims to shift the mean of the distribution 1% higher
20. Scenarios and results
Pay-out for the attacker for the second scenario when the
attacker aims to shift the mean of the distribution 5% higher
21. Scenarios and results
Pay-out for the attacker for the third scenario when the
attacker aims to shift the mean of the distribution 1% higher
26. Conclusions
• The uncertainty inherent in the measurements can
be exploited by smart attackers.
• Outlier detection based IDS might not be enough in
light of smart-deployment strategies of malware.
• Distribution comparison can provide insights for
potential penetrations with low complexity costs.
• However the attackers can still compromise the
integrity of the network if they set modest targets.