Smart Attacks on the integrity of the Internet of Things Avoiding detection by employing Game Theory
-
Upload
communication-systems-networks -
Category
Engineering
-
view
46 -
download
3
Transcript of Smart Attacks on the integrity of the Internet of Things Avoiding detection by employing Game Theory
Smart Attacks on the integrityof the Internet of Things
Avoiding detection by employing Game Theory
George Margelis Robert J. Piechocki, Theo Tryfonas, Paul Thomas
IEEE GLOBECOM - 7 December 2016
Presentation Outline
• Problem Statement• Model
• Assumptions and Definitions• Game Theory aspects
• Numerical Simulation results• Conclusions
The Internet of Things
Smart Metering
Home Automation
Smart Agriculture
Transportation
Infrastructure Monitoring
Smart Metering
e-Health
Industrial
Enterprise
ζ
V2x
The
Internet Of Things
The Internet of Things
• The IoT will connect different domains into one homogenous network
• Different domains →different requirements
• However all domains share one requirement:
RobustSecurity
Inherent Uncertainty
Cheap Nodes → Cheap Sensors → Limited Precision
Limited precision → Measurement Uncertainty
“Weird” behaviour: Is a node malicious? Or simply malfunctioning?
Are a group of nodes whose values deviate from the mean compromised?
Or simply they are the first to sense a change in the measured values?
Detecting Malicious NodesTraditional approach:
Outlier detection and intrusion detection schemes.
However, modern penetration techniques are smarter: Infecting but remaining in stealth, without changing node behaviour.
Also when the majority of the nodes have been infected, the outliers are the healthy ones.
Attackers are exploiting the characteristics of the IoT with smarter penetration strategies.
Defining a Smart Attacker
• Can compromise healthy nodes
• Avoids changing node behaviour radically
• Exploits the inherent uncertainty in the measurements
Defining a Smart Attacker
Assumptions regarding the Attacker:
• The attacker can see the final extracted value.
• Every attack that the attacker attempts is successful, leading to a compromised node.
• The attacker attempts to change the reported value to something else, which we name ”Attacker’s Target”.
• The attacker controls the number of compromised nodes(A) and how much the value of the compromised nodes differs compared to the measured value (lj ).
Defining a Smart Attacker
Assumptions regarding the network:
• Similar to Low Throughtput Networks like LoRA or Sigfox.
• Nodes communicate a measured value (either in a scheduled or opportunistic manner).
• The mean of the distribution of the values of the network is the extracted value.
Distance metrics
Kullback – Leibler Divergence 𝐷𝐾𝐿(𝑃| 𝑄 =
𝑖
𝑃 𝑖 𝑙𝑜𝑔𝑃(𝑖)
𝑄(𝑖)
Euclidean Distance 𝐷 𝑃, 𝑄 =
𝑖=1
𝑛
(𝑄 𝑖 − 𝑃 𝑖 2
Hellinger’s Distance 𝐷 𝑃, 𝑄 = −𝑙𝑛 𝑃 𝑖 𝑄(𝑖)
Applying Game Theory
A game in it’s normal form is a tuple 𝐺 = 𝑁, 𝐴, 𝑢 , where:
• 𝑁 = {1,2,… , 𝑛𝑖}a set of n rational players. By rational in this context we mean that the player chooses the strategy that maximizes his payoff.
• 𝐴 = 𝐴1 ×⋯× 𝐴2, where 𝐴𝑖 the finite set of actions available to player 𝑖
• 𝑢 = 𝑢1, … , 𝑢𝑛 where 𝑢𝑖: 𝐴 → ℝ, a real-valued payoff function for player 𝑖
Applying Game Theory
Utility Function
ReportedValue
Attacker’sTarget
CompromisedNodes Cost of
Attack
Hellinger’s DistanceFrom model distribution
Hellinger’s DistanceDetection Threshold
Reward
𝐴𝑃 = 𝜇 ≥ 𝐴𝑇 ∙ 𝑅𝑊𝐷 − 𝐴 ∙ 𝐶𝑃𝐴 − 𝐷(𝑃,𝑄) > 𝑇ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 ∙ 2 ∙ (𝑅𝑊𝐷)
Applying Game Theory
Utility Function
𝐴𝑃 = 𝜇 ≥ 𝐴𝑇 ∙ 𝑅𝑊𝐷 − 𝐴 ∙ 𝐶𝑃𝐴 − 𝐷(𝑃,𝑄) > 𝑇ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 ∙ 2 ∙ (𝑅𝑊𝐷)
𝑖=1N−A𝑥𝑖 + 𝑗=1
A (𝑥𝑗+𝑙𝑗)
𝑖=1N 𝑥𝑖
𝜇 ≥ 𝐴𝑇 = 1, 𝑖𝑓 𝑖𝑛𝑒𝑞𝑢𝑎𝑙𝑖𝑡𝑦 ℎ𝑜𝑙𝑑𝑠
0, 𝑜𝑡ℎ𝑒𝑟𝑤𝑖𝑠𝑒
𝐷(𝑃,𝑄) > 𝑇ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 = 1, 𝑖𝑓 𝑖𝑛𝑒𝑞𝑢𝑎𝑙𝑖𝑡𝑦 ℎ𝑜𝑙𝑑𝑠
0, 𝑜𝑡ℎ𝑒𝑟𝑤𝑖𝑠𝑒
Scenarios and resultsScenario 1: Cost of attack remains constant as number of attacks is increasedScenario 2: Cost of attack rises as number of attacks is increasedScenario 3: Cost of attack reduces as number of attacks is increased
Scenarios and results
Pay-out for the attacker for the first scenario when the
attacker aims to shift the mean of the distribution 1% higher
Scenarios and results
Pay-out for the attacker for the second scenario when the
attacker aims to shift the mean of the distribution 5% higher
Scenarios and results
Pay-out for the attacker for the third scenario when the
attacker aims to shift the mean of the distribution 1% higher
Scenarios and results
Percentage of Nodes needed to be compromised vs.
Threshold for the attacker to win the first scenario.
Scenarios and results
Percentage of Nodes needed to be compromised vs.
Threshold for the discounted game.
Conclusions
• The uncertainty inherent in the measurements can be exploited by smart attackers.
• Outlier detection based IDS might not be enough in light of smart-deployment strategies of malware.
• Distribution comparison can provide insights for potential penetrations with low complexity costs.
• However the attackers can still compromise the integrity of the network if they set modest targets.