1 / 32

Game-Theory-Based Active Defense for Intrusion Detection in Cyber-Physical Embedded Systems

Game-Theory-Based Active Defense for Intrusion Detection in Cyber-Physical Embedded Systems. Presented by: Jesse Hoskins. Overview. Introduction. Embedded Sensor Networks (ESNs) in Cyber-Physical Embedded Systems (CPES) becoming ubiquitous in many applications

nicolette
Télécharger la présentation

Game-Theory-Based Active Defense for Intrusion Detection in Cyber-Physical Embedded Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Game-Theory-Based Active Defense for Intrusion Detection in Cyber-Physical Embedded Systems Presented by: Jesse Hoskins

  2. Overview

  3. Introduction • Embedded Sensor Networks (ESNs) in Cyber-Physical Embedded Systems (CPES) becoming ubiquitous in many applications • How to secure these systems with intrusion detection systems? • Motivation: Unmanned unattended systems becoming part of critical infrastructure need to be secured

  4. ESNs and Intrusion Detection • ESNs used extensively in safety critical applications • Supervisory Control and Data Acquisition (SCADA) • Process Control Systems (PCS) • Low power/bandwidth security mechanism needed • Deep packet inspection too resource heavy • ESNs have inherent limited bandwidth and energy constraints • Intrusion detection: Detect abnormalities/malicious activities in the network via single/multiple collaborating sensor nodes

  5. Why Game Theory? • Deep packet inspection is too resource heavy • Pattern-matching IDS is not scalable

  6. Why Game Theory for IDS? • Heuristic-based solutions use central data analysis engine • Constantly use resources for monitoring • Distributed IDS processes are subject to tampering • Game theory solution • Better handle multistage attacks • More accurate in modelling payoff • Can determine optimal response

  7. Problem Statement

  8. Contributions • Repeated game model for IDS, uses a mixed strategy to achieve dynamic equilibrium between attackers and defenders • Game model for both attack and defense to reduce energy consumption and improve detection rate • Game tree model used to solve error detection and missing detection

  9. Related Work Non-Game Theory Based • Unmanned unattended systems becoming part of critical infrastructure need to be secured via IDS • Most existing IDS architectures assume IDS cooperate honestly and unselfishly • Existing trust models for IDS are insufficient. No study on collaboration incentives

  10. Related Work Game Theory Based • Decentralized approach to maximize network performance (resource allocation) used in P2P and routing networks • Optimize resource allocation while accounting for malicious nodes prevent malicious nodes from overusing network resources but can lead to unfairness • Two-player non-cooperative host based game theory framework (HIDS) for dynamically adjusting objects based on expected attacks • Model for IDS to achieve fairness and incentive compatibility • Two-person non-zero-sum incomplete information game for IDS to minimize loss based on its own belief

  11. Attack-Defense Game Model

  12. Attack-Defense Game Model

  13. Payoff Function Definition and Strategies Payoff function

  14. Strategies Continued

  15. Strategies Continued • Attackers always want to attack to maximize payoffs • Payoffs maximized when defenders don’t start IDS • However, more frequently attackers attack, higher probability of detection, once detected, they will suffer a huge loss • Therefore must consider not attacking all the time • Defenders should not start IDS for a long time due to resource consumption • Payoffs maximized when they do not start the IDS • However, if attacked, the loss is far greater than the resource consumption from starting IDS • Therefore must consider starting IDS sooner

  16. Nash Equilibrium • Game model has no pure strategy Nash Equilibrium • Attackers/Defenders will not choose fixed strategy • Game model has mixed strategy Nash Equilibrium

  17. Mixed Strategy

  18. Mixed Strategy Nash Equilibrium • Attacker’s/defender’s strategies inversely proportional • Eventually will achieve dynamic Nash equilibrium

  19. Strategy Summary

  20. Payoff Analysis

  21. Game Tree Model for Error Detection and Missing Detection

  22. Game Tree Model for Error Detection and Missing Detection

  23. Mixed Strategy Nash Equilibrium in Game Tree Model • Mixed probability matrix changes with time • Nodes can take into account missing detection (IDS missed an attack) or error detection (IDS misidentifies an attack)

  24. Performance Evaluations • Simulate using embedded network environment • Compare attack-defense game model with All Monitor (AM) and Cluster Head (CH) • Comparison parameters are energy performance and detection rate performance over 3 groups of different mixed strategies • 3 different attack types (eavesdropping, DOS, black hole)

  25. Simulation Setup

  26. Performance Results – Energy Consumption

  27. Performance Results – Detection Rate

  28. Performance Results - Payoffs

  29. Conclusions

  30. Discussion • Of the three attack types considered, which do you think is most likely to occur in autonomous vehicles and why? How does this effect the value of the repeated game model approach? • What are some potential weaknesses of the repeated game model approach described in the paper? How could those weaknesses be mitigated? • What do you see as barriers to the widespread adoption of this approach? Please explain

  31. References • Wang, Kun, et al. “Game-Theory-Based Active Defense for Intrusion Detection in Cyber-Physical Embedded Systems.” ACM Transactions on Embedded Computing Systems, vol. 16, no. 1, 2016, pp. 1–21., doi:10.1145/2886100. • O. Kreibich, J. Neuzil, and R. Smid. 2014. Quality-based multiple-sensor fusion in an industrial wireless sensor network for MCM. IEEE Trans. Ind. Electron. 61, 9, 4903–4911. • K. Wang, Y. Shao, L. Shu, Y. Zhang, and C. Zhu. 2016. Mobile big data fault-tolerant processing for eHealth networks. IEEE Netw. 30, 1, 1–7. • K. Wang, Y. Shao, L. Shu, G. Han, and C. Zhu. 2015. LDPA: A local data processing architecture in ambient assisted living communications, IEEE Commun. Mag. 53, 1, 56–63. • A. Abduvaliyev, A. S. K. Pathan, Z. Jianying, R. Roman, and W. Wai Choong. 2013. On the vital areas of intrusion detection systems in wireless sensor networks. Commun. Surveys Tuts. 15, 3, 1223–1237. • C. Lin and J. Leneutre. 2009. A game theoretical framework on intrusion detection in heterogeneous networks,” IEEE Trans. Inf. Forens. Secur. 4, 2, 165–178. • W. Min and K. Keecheon. 2012. Intrusion detection scheme using traffic prediction for wireless industrial networks. IEEE Trans. Commun. 14, 3, 310–318. • R. Mitchell and C. Ing Ray. 2014. Adaptive intrusion detection of malicious unmanned air vehicles using behavior rule specifications. IEEE Trans. Syst. Man Cybern. 44, 5, 593–604.

  32. References 9. C. Grothoff. 2003. An excess-based economic model for resource allocation in peer-to-peer networks. IEEE Trans. Internet Comput. 45, 3, 285–292. 10. K. Wang and M. Wu. 2012. Nash equilibrium of node cooperation based on metamodel for MANETs. J. Informat. Sci. Eng. 28, 2, 317–333. 11. M. Mohi, A. Movaghar, and P. M. Zadeh. 2009. A Bayesian game approach for preventing DoS attacks in wireless sensor networks. In Proceedings of the IEEE International Conference on Communications and Mobile Computing, pp. 507–511. 12. Y. Liu and C. Comaniciu. 2006. A Bayesian game approach for intrusion detection in wireless ad hoc networks. In Proceedings of the IEEE International Conferences on Valuetools, pp. 1–5. 13. C. J. Fung, J. Zhang, I. Aib, and R. Boutaba. 2011. Dirichlet-based trust management for effective collaborative intrusion detection networks. IEEE Trans. Netw. 8, 2, 79–91. 14. H. Moosavi and F. M. Bui. 2014. A game-theoretic framework for robust optimal intrusion detection in wireless sensor networks. IEEE Trans. Inf. Forens. Secur. 9, 9, 1367–1379. 15. Z. Ziming, S. Lambotharan, C. Woon Hau, and F. Zhong. 2015. A game theoretic optimization framework for home demand management incorporating local energy resources. IEEE Trans. Ind. Inf. 11, 2, 353–362. 16. N. C. Ekneligoda and W. W. Weaver. 2014. Game-theoretic cold-start transient optimization in DC microgrids. IEEE.Trans. Ind. Electron. 61, 12, 6681–6690.

More Related