Effect of Intrusion Detection on Reliability - PowerPoint PPT Presentation

About This Presentation
Title:

Effect of Intrusion Detection on Reliability

Description:

Mission-Oriented GCSs. Mission execution is an application-level goal built on top of connectivity-oriented group communications. Clarence Bingsheng Wang ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 46
Provided by: vte80
Learn more at: https://people.cs.vt.edu
Category:

less

Transcript and Presenter's Notes

Title: Effect of Intrusion Detection on Reliability


1
Effect of Intrusion Detection on Reliability
of Mission-Oriented Mobile Group Systems
in Mobile Ad Hoc Networks
  • Jin-Hee Cho, Member, IEEE, Ing-Ray Chen, Member,
    IEEE, and Phu-Gui Feng
  • IEEE TRANSACTIONS ON RELIABILITY, VOL. 59, NO. 1,
    MARCH 2010

Reporter Clarence Bingsheng Wang
2
Outline
  • Introduction Background
  • System Model
  • Performance Model
  • Parameterization
  • Numerical Results Analysis
  • Applicability Conclusion
  • Reference
  • Q A

3
Introduction
  • Analyzing the effect of intrusion detection
    system (IDS) techniques on the reliability of a
    mission-oriented group communication in mobile ad
    hoc networks.
  • Knowing design conditions for employing intrusion
    detection system (IDS) techniques that can
    enhance the reliability, and thus prolong the
    lifetime of GCS.

4
Introduction
  • Identify the optimal rate at which IDS should be
    executed to maximize the system lifetime.
  • Consider the effect of security threats, and
    Intrusion Detection Systems (IDSs) techniques on
    system lifetime of a mission-oriented Group
    Communication System (GCS) in Mobile Ad Hoc
    Networks (MANETs).

5
Background
  • Mobile ad hoc networks (MANETs)
  • Move Independently Rapid Change in Topology
  • Forward Traffic

6
Background
  • Group Communication Systems.
  • Group Directly Communicate
  • Group Partition
  • Group Merge
  • Security Protocol in MANETs
  • Characteristics
  • Actions Against Malicious Attacks
  • Prevention Security holes
  • Detection Mission-Oriented GCSs
  • Recovery

7
Background
  • Optimal setting for IDS techniques
  • Maximize the security-induced failure time

security-induced failure time
Prolong
  • MMTSF Mean time to security failure
  • Reflect the expected system lifetime

8
System Model
  • Connectivity-Oriented Mobile Group
  • Defined based on Connectivity
  • Single Hop All members are connected
  • Multi Hops Separation between groups

9
System Model
  • Mission-Oriented GCSs
  • Mission execution is an application-level goal
    built on top of connectivity-oriented group
    communications

10
System Model
  • Secure Group Communications Broadcast
  • Group Key
  • Encrypt the message for Confidentiality
  • Rekey Group member Join/Leave/Eviction, Group
    Partition/Merge
  • Contributory key agreement protocol GDH

11
  • Group Members Authenticity
  • Public/Private key pair
  • Challenge/Response mechanism
  • Assumption The public keys of all group members
    preloaded into every node. No certificate
    authority (CA) in the MANET during mission period
  • A nodes public key servers as the identifier of
    the node

12
System Model-IDSs
  •  

Detection Situation Detection Situation
Bad Nodes Good Nodes
Actual Situation Bad Nodes a(TP) b(FN)
Actual Situation Good Nodes c(FP) d(TN)
 
 
13
System Model-IDSs
  •  

14
System Model-IDSs
  •  
  • (a) The per-node false negative, and positive
    probabilities ( ??1, and ??2)
  • (b) The number of vote-participants, ??
  • (c) The estimate of the current number of
    compromised nodes which may collude with the
    objective to disrupt the service of the system.

15
System Model-IDSs
  • Intrusion tolerance
  • For the selection of participants, each node
    periodically exchanges its routing information,
    location, and identifier with its neighboring
    nodes
  • Candidates all neighbor nodes of a target node
  • A coordinator is selected randomly so that the
    adversaries will not have specific targets

Coordinator
16
System Model-IDSs
  •  

17
System Model-IDSs
  • Intrusion tolerance
  • Any node not following the protocol raises a flag
    as a potentially compromised node, and may get
    itself evicted when it is being evaluated as a
    target node.
  • The vote-participants are known to other nodes,
    and based on votes received, they can determine
    whether or not a target node is to be evicted.

18
System Model
  • Failure Definition
  • Definition 1 The failure of any group leads to
    GCSs failure. (SF1)
  • Definition 2 The failures of all groups lead to
    GCSs failure. (SF2)
  • Condition 1 a compromised but undetected group
    member requests and subsequently obtains data
    using the group key. (C1)
  • Condition 2 more than 1/3 of group member nodes
    are compromised, but undetected by IDS (Byzantine
    Failure model) (C2)

19
System Model
  • Network Connectivity, System Failure
  • Group nodes are connected within a single hop,
    forming a single group in the system without
    experiencing group merge or partition events
  • Only a single group in the system, SF1 and SF2
    (i.e., the two system failure definitions) are
    the same.
  • Group nodes are connected through multi-hops so
    that there are multiple groups in the system due
    to group partition/merge events because of node
    mobility or node failure.

20
System Model
  • Reliability Metric MTTSF
  • Indicates the lifetime of the GCSs before it
    fails.
  • A GCS fails when one mobile group fails, or when
    all mobile groups fail in the mission-oriented
    GCS, as defined by SF1 or SF2.
  • A mobile group fails when either C1 or C2 is
    true.
  • A lower MTTSF Implies a faster loss of system
    integrity, or availability.
  • The goal is to maximize MTTSF.

21
Performance Model
  • Use places to deposit tokens.
  • Use transitions to model events.
  • Tracks the behavior of a single mobile group
  • Tracks the number of mobile groups existing in
    the GCSs during the system lifetime
  • A transition is eligible to fire when the firing
    conditions associated with the event are met,
    including (a) its input places each must contain
    at least one token, and (b) the associated
    enabling guard function, if it exists, must
    return true

22
Performance Model
  • SPN

23
Performance Model
24
Performance Model
  •  

25
Performance Model
  •  

26
Performance Model
  •  

27
Performance Model
  •  

28
Performance Model
  •  

29
Performance Model
  •  

30
Parameterization
  •  

31
Parameterization
  •  

32
Parameterization
  •  

33
Parameterization
  •  

34
Parameterization
Collusion
Incorrect factor
35
Parameterization
36
 
False Alarm
Good nodes-gt Bad nodes
37
 
SF1
Node Density
SF2
38
 
Data Leak
Good nodes-gt Bad nodes
39
 
SF1
Node Density
SF2
40
 
Compromised Rate
41
 
SF1
Node Density
SF2
42
Applicability Conclusion
Attacker Behavior
System Failure definitions
Operational Conditions
mathematic model
Optimal Intrusion Detection interval T_IDS
43
Applicability Conclusion
  • Results

m
Node Density
 
 
m
Node Density
 
 
Optimal intrusion detection interval T_IDS for
maximizing the MTTSF decreases
44
Reference
  1. Jin-Hee Cho, Ing-Ray Chen, Phu-Gui Feng,
    Effect of Intrusion Detection on Reliability of
    Mission-Oriented Mobile Group Systems in Mobile
    Ad Hoc Networks, IEEE TRANSACTIONS ON
    RELIABILITY, pp. 231 241, VOL. 59, NO. 1, MARCH
    2010.
  2. Jin-Hee Cho, Design and Analysis of QoS-Aware
    Key Management and Intrusion Detection Protocols
    for Secure Mobile Group Communications in
    Wireless Networks, PhD. Dissertation, Nov. 12,
    2008.
  3. http//en.wikipedia.org/wiki/Challenge-response_au
    thentication
  4. http//en.wikipedia.org/wiki/Public-key_cryptograp
    hy

45
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com