Presentation is loading. Please wait.

Presentation is loading. Please wait.

Effect Of Intrusion Detection on Reliability of Mission-Oriented Mobile Group Systems in Mobile Ad Hoc Networks Author: J.H. Cho, I.R. Chen and P.G. Feng.

Published byLester Curtis Modified over 9 years ago

Similar presentations

Presentation on theme: "Effect Of Intrusion Detection on Reliability of Mission-Oriented Mobile Group Systems in Mobile Ad Hoc Networks Author: J.H. Cho, I.R. Chen and P.G. Feng."— Presentation transcript:

1 Effect Of Intrusion Detection on Reliability of Mission-Oriented Mobile Group Systems in Mobile Ad Hoc Networks Author: J.H. Cho, I.R. Chen and P.G. Feng IEEE Transactions on Reliability, Vol. 59, No. 1, 2010, pp. 231-241. [P1] (4/6 - Presented by R. Mitchell, C. Jian, and A.H. Saoud)

2 Outline Introduction (A.H. Saoud) System Model (A.H. Saoud) Performance Model (R. Mitchell) Parameterization (R. Mitchell) Numerical Results, and Analysis (C. Jian) Applicability & Conclusion (C. Jian) 2

3 Introduction Analyzing the effect of intrusion detection system (IDS) techniques on the reliability of a mission-oriented group communication in mobile ad hoc networks. Knowing design conditions for employing intrusion detection system (IDS) techniques that can enhance the reliability, and thus prolong the lifetime of GCS. Limitations. Techniques (prevention, detection, recovery). 3

4 Introduction Applying model-based quantitative analysis to security analysis. MTTSF is a measure to reflect the expected system lifetime, representing a measure against loss of service availability, or system integrity. Identify the optimal rate at which IDS should be executed to maximize the system lifetime. 4

5 Introduction Consider the effect of security threats, and counter IDS techniques on system lifetime of a mission-oriented GCS in MANETs. Mathematical models to identify the optimal intrusion detection rate at which MTTSF is maximized through analyzing the tradeoff between positive and negative effects of IDS. Show that the analysis methodology developed is generally applicable to varying network conditions. 5

6 System Model The notion of a mobile group is defined based on “connectivity.” The GCS, and its constituent mobile groups are “mission-oriented” Mission execution is an application-level goal built on top of connectivity-oriented group communications.  leave rate, rejoin rate, Mobility rate  /( +  ) probability node is in any group  /( +  ) probability node is not in any group 6

7 System Model - Confidentiality Shared symmetric (group) key for secure group communications, to encrypt the message sent by a member to others in the group for confidentiality. Rekeying upon group member join/leave/eviction, or group partition/merge events to preserve secrecy. Group Diffie-Hellman (GDH), a contributory key agreement protocol, used for group key rekeying for decentralized control, and to eliminate a single point of failure. Identify optimal intrusion detection intervals to maximize MTTSF, leading to improved service availability. 7

8 System Model - Authentication Each member has a private key, and public key, available for authentication. The public keys of all group members preloaded into every node. No certificate authority (CA), or key revocation. A node’s public key therefore serves as the identifier of the node 8

9 System Model - IDS Host-based IDS, each node performs local detection to determine if a neighboring node has been compromised. The effectiveness of IDS techniques applied: the false negative probability (P1), and false positive probability (P2). Voting-based IDS: m nodes each preinstalled with host-based IDS -ve (a) evicting good nodes by always voting “no” to good nodes (b) keeping bad nodes in the system by al- ways voting “yes” to bad nodes. 9

10 System Model –IDS Tolerance False negative probability, and false positive probability. Calculated based on (a) the per-node false negative, and positive probabilities of host-based IDS in each node; (b) the number of vote-participants selected to vote for or against a target node. (c) an estimate of the current number of compromised nodes For the selection of participants, each node periodically exchanges its routing information, location, and identifier with its neighboring nodes. 10

11 System Model – Tolerance 2 With respect to a target node, all neighbor nodes that are within a number of hops from the target node are candidates as vote- participants. A coordinator is selected randomly by introducing a hashing function that takes in the identifier of a node concatenated with the current location of the node as the hash key. The node with the smallest returned hash value would then become the coordinator 11

12 System Model – Tolerance 3 Coordinator selects m nodes randomly and broadcasts the list of m nodes. Any node not following the protocol raises a flag as a potentially compromised node, and may get itself evicted when it is being evaluated as a target node. The vote-participants are known to other nodes, and based on votes received, they can determine whether or not a target node is to be evicted. 12

13 System Model – Failure Def System Failure Definition 1 (SF1), which is when the GCS fails when any mobile group fails; System Failure Definition 2 (SF2), which is when the GCS fails when all mobile groups fail. Evaluation of the effect of the two system failure definitions on the MTTSF of the system. 13

14 System Module – Failure Con. Condition 1 (C1): undetected member requests and obtains data using the group key. (leading to the loss of system integrity Condition 2 (C2):more than 1/3 of group member nodes are compromised, but undetected by IDS. This failure condition follows the Byzantine Failure model (loss of availability of system service). 14

15 System Model - Connectivity Single hop, single group, not experiencing group merge or partition events. SF1 and SF2 are the same. Multi-hops so that there are multiple groups in the system due to group partition/merge. 15

16 System Module – Reliability MTTSF: indicates the lifetime of the GCS before it fails. A GCS fails when one mobile group fails, or when all mobile groups fail in the mission-oriented GCS, as defined by SF1 or SF2. a mobile group fails when either C1 or C2 is true. A lower MTTSF implies a faster loss of system integrity, or availability. 16

17 Outline Introduction (A.H. Saoud) System Model (A.H. Saoud) Performance Model (R. Mitchell) Parameterization (R. Mitchell) Numerical Results, and Analysis (C. Jian) Applicability & Conclusion (C. Jian) 17

18 Performance Model SPN Places Transitions Review 18

19 19

20 Places groups N G uncompromised members T m undetected compromised nodes UC m evicted nodes DC m well detected compromised false detected uncompromised security failure GF absorbing 20

21 Transitions group partition T PAR group merge T MER member compromise T CP false detection T FA confidentiality violation (C1) T DRQ rate = λ q · mark(UC m ) · p1 well detection T IDS rekey T RK 21

22 Review Why is T DRQ rate scaled by p1? Where is the Byzantine failure (C2) transition into GF? T BYZ from UC m with multiplicity mark(T m ) / 2 Derive SF2 reward model 22

23 Parameterization T RK rate T CP rate IDS interval δ P fp and P fn 23

24 T RK rate For one group: b GDH / datalink rate For multiple groups: 3b GDH (N-1) / datalink rate 24

25 T CP rate adversary becomes more aggressive when they have the upper hand λ c · (mark(T m ) + mark(UC m ) / mark(T m )) 25

26 IDS interval δ IDS becomes more aggressive as it detects more compromised nodes (T IDS ) -1 · (N init / (mark(T m ) + mark(U cm )) 26

27 27

28 Outline Introduction (A.H. Saoud) System Model (A.H. Saoud) Performance Model (R. Mitchell) Parameterization (R. Mitchell) Numerical Results, and Analysis (C. Jian) Applicability & Conclusion (C. Jian) 28

29 Parameterization & Metric MTTSF IDS interval (T IDS )Single-hop 5s - 1200sSF1=SF2 Multi-hop 5s - 1200sSF1, SF2 # of vote-participants (m)3,5,7 group communication rate q 1/30s 1/1min 1/2min 1/4min 1/8min base compromising rate c 1/3h 1/6h 1/12h 1/d 1/2d 29

30 Tids on MTTSF under m (1) Optimal T IDS increasing MTTSF as T IDS increases, negative effects of IDS are mostly due to false positives decreasing MTTSF as T IDS increases, more compromised nodes will remain in the system 30

31 Tids on MTTSF under m (2) large m reduce the possibility of collusion by compromised nodes, thus get high MTTSF, small m, the false alarm probability is relative large, resulting in a small MTTSF 31

32 Tids on MTTSF under m (3) MTTSF in single-hop is comparatively higher than that in multi-hop due to the difference of node density (adverse effect) MTTSF under SF2 > MTTSF under SF1 32

33 Sensitivity of MTTSF on q(1) q is low, a high MTTSF, q is high, a low MTTSF depends on the frequency of data-leak attack q increases, optimal T IDS becomes smaller the adverse effect of false positives dominates when T IDS is sufficiently small 33

34 Sensitivity of MTTSF on q(2) Optimal TIDS in single-hop < Optimal T IDS in multi-hop, because single-hop need to perform IDS more frequently to prevent potentially more compromised nodes MTTSF under SF2 > MTTSF under SF1 34

35 Sensitivity of MTTSF on c (1) IDS is more effective when c is sufficiently low 35

36 Sensitivity of MTTSF on c (2) single-hop MANETs have higher MTTSF because more members exist in single- hop MANETs the optimal T IDS is smaller in single-hop MANETs under identical conditions because the system tends to execute IDS more frequently 36

37 Conclusion a mathematic model input: operational conditions, system failure definitions, attacker behaviors output: the optimal rate to execute intrusion detection to enhance the system reliability of GCS results TIDS , as m , node density  or group size , q  c  37

38 Questions?

Download ppt "Effect Of Intrusion Detection on Reliability of Mission-Oriented Mobile Group Systems in Mobile Ad Hoc Networks Author: J.H. Cho, I.R. Chen and P.G. Feng."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Presented by: Vijay Kumar.

Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Presented by: Vijay Kumar.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.
Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.
1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.

Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Bidding Protocols for Deploying Mobile Sensors Reporter: Po-Chung Shih Computer Science and Information Engineering Department Fu-Jen Catholic University.

Bidding Protocols for Deploying Mobile Sensors Reporter: Po-Chung Shih Computer Science and Information Engineering Department Fu-Jen Catholic University.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
1 Performance Char’ of Region- Based Group Key Management --- in Mobile Ad Hoc Networks --- by Ing-Ray Chen, Jin-Hee Cho and Ding-Chau Wang Presented by.

1 Performance Char’ of Region- Based Group Key Management --- in Mobile Ad Hoc Networks --- by Ing-Ray Chen, Jin-Hee Cho and Ding-Chau Wang Presented by.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
An Interest-Driven Approach to Integrated Unicast and Multicast Routing in MANETs Rolando Menchaca-Mendez J.J. Garcia-Luna-Aceves 280N Seminar: 4/28/2008.

An Interest-Driven Approach to Integrated Unicast and Multicast Routing in MANETs Rolando Menchaca-Mendez J.J. Garcia-Luna-Aceves 280N Seminar: 4/28/2008.
URSA: Providing Ubiquitous and Robust Security Support for MANET

URSA: Providing Ubiquitous and Robust Security Support for MANET
Source-Location Privacy Protection in Wireless Sensor Network Presented by: Yufei Xu Xin Wu Da Teng.

Source-Location Privacy Protection in Wireless Sensor Network Presented by: Yufei Xu Xin Wu Da Teng.
Specification-based Intrusion Detection Michael May CIS-700 Fall 2004.

Specification-based Intrusion Detection Michael May CIS-700 Fall 2004.
Jorge Hortelano, Juan Carlos Ruiz, Pietro Manzoni

Jorge Hortelano, Juan Carlos Ruiz, Pietro Manzoni
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

Similar presentations

Ads by Google