effect of intrusion detection on reliability jin-hee cho, member, ieee, ing-ray chen, member, ieee,...

Effect of Intrusion Detection on Reliability

Jin-Hee Cho, Member, IEEE, Ing-Ray Chen, Member, IEEE, and Phu-Gui Feng

IEEE TRANSACTIONS ON RELIABILITY, VOL. 59, NO. 1, MARCH 2010

1Clarence Bingsheng Wang – CS5214– M & E of CSs

of Mission-Oriented Mobile Group Systems

Reporter: Clarence Bingsheng Wang

in Mobile Ad Hoc Networks

Effect of IDSs on Reliability

Outline

Introduction & Background System Model Performance Model Parameterization Numerical Results & Analysis Applicability & Conclusion Reference Q & A

Clarence Bingsheng Wang – CS5214– M & E of CSs 2


Introduction

Analyzing the effect of intrusion detection system (IDS) techniques on the reliability of a mission-oriented group communication in mobile ad hoc networks.

Knowing design conditions for employing intrusion detection system (IDS) techniques that can enhance the reliability, and thus prolong the lifetime of GCS.



Introduction

Identify the optimal rate at which IDS should be executed to maximize the system lifetime.

Consider the effect of security threats, and Intrusion Detection Systems (IDSs) techniques on system lifetime of a mission-oriented Group Communication System (GCS) in Mobile Ad Hoc Networks (MANETs).



Background

Mobile ad hoc networks (MANETs) Move Independently: Rapid Change in Topology Forward Traffic



Background

Group Communication Systems. Group: “Directly Communicate” Group Partition Group Merge

Security Protocol in MANETs Characteristics

Actions Against Malicious Attacks Prevention: “Security holes” Detection: Mission-Oriented GCSs Recovery



Background

Optimal setting for IDS techniques Maximize the security-induced failure time


SECURITY-INDUCED FAILURE TIME

MMTSF: Mean time to security failure Reflect the expected system

lifetime

PROLONG


System Model

Connectivity-Oriented Mobile Group Defined based on “Connectivity” Single Hop: All members are connected Multi Hops: Separation between groups


Group

PartitionFailure

/Mobility

Group

Merge


System Model

Mission-Oriented GCSs Mission execution is an application-level goal built on top

of connectivity-oriented group communications



System Model

Secure Group Communications: Broadcast Group Key Encrypt the message for Confidentiality Rekey: Group member Join/Leave/Eviction, Group

Partition/Merge Contributory key agreement protocol: GDH



Group Member’s Authenticity Public/Private key pair Challenge/Response mechanism Assumption: The public keys of all group members

preloaded into every node. No certificate authority (CA) in the MANET during mission period

A node’s public key servers as the identifier of the node



System Model-IDSs

Host-based IDS Each node performs local detection to determine if a

neighboring node has been compromised. Effectiveness is measured by: false negative probability (

) and false positive probability ( ) Host-based IDS is preinstalled in each host.


𝑃 1=𝑏

𝑎+𝑏𝑃 2=

𝑐𝑐+𝑑

Detection Situation

Bad Nodes Good Nodes

Actual Situation

Bad Nodes a(TP) b(FN)

Good Nodes c(FP) d(TN)


System Model-IDSs

Voting-based IDS Each node is preinstalled with host-based IDS. Periodically, a target node would be evaluated by vote-

participants dynamically selected. If the majority of nodes decided to vote against the

target node, then the target node would be evicted from the system

Shortages: (a) evicting good nodes by always voting “no” to good nodes, and (b) keeping bad nodes in the system by always voting “yes” to bad nodes.



System Model-IDSs

Intrusion tolerance Tolerate collusion of compromised nodes in MANETs as it

takes a majority of bad nodes among nodes to work against the system

Characterize voting-based IDS by two parameters: false negative probability ( ), and false positive probability ( ). They are calculated based on:


(a) The per-node false negative, and positive probabilities ( 1, and 2) 𝑃 𝑃

(b) The number of vote-participants, 𝑚 (c) The estimate of the current number of

compromised nodes which may collude with the objective to disrupt the service of the system.


System Model-IDSs

Intrusion tolerance For the selection of participants, each

node periodically exchanges its routing information, location, and identifier with its neighboring nodes

Candidates: all neighbor nodes of a target node

A coordinator is selected randomly so that the adversaries will not have specific targets


Coordinator


System Model-IDSs

Intrusion tolerance Coordinator Selection: a hashing

function that takes in the identifier of a node concatenated with the current location of the node as the hash key. The node with the smallest returned hash value would then become the coordinator

The coordinator then selects nodes randomly (including itself), and broadcasts this list of selected vote-participants to all group members



System Model-IDSs

Intrusion tolerance Any node not following the

protocol raises a flag as a potentially compromised node, and may get itself evicted when it is being evaluated as a target node.

The vote-participants are known to other nodes, and based on votes received, they can determine whether or not a target node is to be evicted.



System Model

Failure Definition Definition 1: The failure of any group leads to GCSs’

failure. (SF1)

Definition 2: The failures of all groups lead to GCSs’ failure. (SF2)

Condition 1: a compromised but undetected group member requests and subsequently obtains data using the group key. (C1)

Condition 2: more than 1/3 of group member nodes are compromised, but undetected by IDS (Byzantine Failure model) (C2)



System Model

Network Connectivity, System Failure Group nodes are connected within a single hop, forming

a single group in the system without experiencing group merge or partition events

Only a single group in the system, SF1 and SF2 (i.e., the two system failure definitions) are the same.

Group nodes are connected through multi-hops so that there are multiple groups in the system due to group partition/merge events because of node mobility or node failure.



System Model

Reliability Metric: MTTSF Indicates the lifetime of the GCSs before it fails. A GCS fails when one mobile group fails, or when all

mobile groups fail in the mission-oriented GCS, as defined by SF1 or SF2.

A mobile group fails when either C1 or C2 is true. A lower MTTSF Implies a faster loss of system integrity,

or availability. The goal is to maximize MTTSF.



Performance Model

Use places to deposit tokens. Use transitions to model events. Tracks the behavior of a single mobile group Tracks the number of mobile groups existing in

the GCSs during the system lifetime A transition is eligible to fire when the firing

conditions associated with the event are met, including (a) its input places each must contain at least one token, and (b) the associated enabling guard function, if it exists, must return true



Performance Model SPN



Performance Model


𝑚𝑎𝑟𝑘

(NG

)

𝑚𝑎𝑟𝑘 (U Cm )𝑚𝑎𝑟𝑘 ( D Cm )


Performance Model

Node compromised rate Rate(T_CP) =

Intrusion detection rate Rate(T_IDS) =

The rate of a compromised, undetected node is detected by IDS Rate(T_IDS) =

The rate of A node being falsely identified by IDS Rate(T_FA) =



Performance Model

Expected query rate by a member Rate(query) =

Due to C1, the rate of a security data failure when data is leaked out to compromised but undetected member Rate(T_DRQ) =



Performance Model

Mobile group’s security failure: C1 or C2 is satisfied.

C1: The number of security failure group is bigger than 0

C2: The number of compromised nodes is bigger than of

total number of nodes.( Byzantine Failure model )



Performance Model

Group Merge, and Partition Obtain group merge/partition rate through observing the

number of group merge and partition events under a multi-hop MANET.

Sojourn time at state is when groups are present in the system

The number of group merge events is during The number of group partition events is during Merging rate: Partition rate:



Performance Model

Calculation of MTTF MTTA: mean time to absorption

Assigning proper rewards to the states of the system Absorbing states: C1 or C2

Under SF1: Reward of 1 to all states except absorbing states

Under SF2 Based on the concept of 1-out-of-n system , where is the number of groups



Performance Model

Calculation of MTTF

where denotes the set of all states except the absorbing states, is the instantaneous probability at state .



Parameterization

Assign model parameters proper values reflecting the operational and environmental conditions of the system.

Transition rate of rekeying Depends on the number of group members Generating a key is linear with the number of nodes

executing the key agreement protocol, GDH



Parameterization

Transition rate of rekeying Let be the time used to generate a new group key with

numbers Rate(T_RK) = , where

where is the length of an intermediate value in applying GDH.3 (bits)

, the number of current member nodes is the wireless bandwidth



Parameterization

Node compromised rate

where is the compromising rate, obtained from design knowledge, or by linear approximation from observing the number of compromised nodes over a time period based on past experiences, and is the degree of compromised nodes,



Parameterization

Intrusion detection rate Its intensity adjusted linear to the cumulative number of

compromised nodes that have been detected by IDS.

where is a design parameter to be adjusted to maximize MTTSF, and is the degree of nodes that have detected by IDS,where Number of trusted member nodes in the system initially



Parameterization


Collusion

Incorrect factor


Parameterization



The effect of on MTTSF under varying in Single hop MANETs


Good nodes-> Bad nodes

False Alarm


The effect of on MTTSF under varying in multi-hop MANETs


SF1

SF2

Node Density




Good nodes-> Bad nodes

Data Leak




SF1

SF2

Node Density




Compromised Rate




SF1

SF2

Node Density


Applicability & Conclusion


Optimal Intrusion Detection interval T_IDS

Attacker BehaviorSystem

Failure definitions

Operational Conditions

MATHEMATIC MODEL


Applicability & Conclusion

Results


m Node Density𝜆𝑞𝜆𝑐

Optimal intrusion detection interval T_IDS for maximizing the MTTSF decreases

m Node Density𝜆𝑞𝜆𝑐


Reference

1. Jin-Hee Cho, Ing-Ray Chen, Phu-Gui Feng, “Effect of Intrusion Detection on Reliability of Mission-Oriented Mobile Group Systems in Mobile Ad Hoc Networks,” IEEE TRANSACTIONS ON RELIABILITY, pp. 231 – 241, VOL. 59, NO. 1, MARCH 2010.

2. Jin-Hee Cho, “Design and Analysis of QoS-Aware Key Management and Intrusion Detection Protocols for Secure Mobile Group Communications in Wireless Networks,” PhD. Dissertation, Nov. 12, 2008.

3. http://en.wikipedia.org/wiki/Challenge-response_authentication

4. http://en.wikipedia.org/wiki/Public-key_cryptography


effect of intrusion detection on reliability jin-hee cho, member, ieee, ing-ray chen, member, ieee,...

Documents

networks effect of idss

e of css5 effect of

e of css6 effect of

single group

e of css3effect

e of css8effect

e of css4effect

e of css2effect