Shortfall-Based Optimal Security Provisioning for Internet of Things

Rullo, Antonino; Serra, Edoardo; Bertino, Elisa; Lobo, Jorge

doi:10.1109/icdcs.2017.12

Cited by 7 publications

(7 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some existing approaches have adopted a risk-based or vulnerability-based security model to assess the effectiveness of defense mechanisms [1], [24], [26]. Abie and Balasingham [1] proposed a risk-based security framework for IoT environments in the eHealth domain to measure expected risk and/or potential benefits by taking a game theoretic approach and context-aware techniques.…”

Section: Security Models and Metricsmentioning

confidence: 99%

“…However, both works [1], [26] only proposed high-level ideas about the metrics without any formulation and did not consider the key characteristics of IoT environments where lightweight defense mechanisms are vital to securing a large-scale, resource-constrained IoT system. Rullo et al [24] proposed an approach to compute the optimal security resource allocation plan for an IoT network consisting of mobile nodes and introduced a risk metric inspired by economics to evaluate the allocation plans. However, it only considered the device-level mechanisms and did not show the system-level evaluation.…”

Section: Security Models and Metricsmentioning

confidence: 99%

“…Unlike the existing approaches above [1], [24], [26], we proposed a lightweight, affordable method to evaluate the deployment of an integrated defense mechanism for an IoT environment by meeting both security and performance goals of a system.…”

Section: Security Models and Metricsmentioning

confidence: 99%

See 2 more Smart Citations

Modeling and Analysis of Integrated Proactive Defense Mechanisms for Internet of Things

Cho

Ishfaq

et al. 2020

Modeling and Design of Secure Internet of Things

View full text Add to dashboard Cite

As a solution to protect and defend a system against inside attacks, many intrusion detection systems (IDSs) have been developed to identify and react to them for protecting a system. However, the core idea of an IDS is a reactive mechanism in nature even though it detects intrusions which have already been in the system. Hence, the reactive mechanisms would be way behind and not effective for the actions taken by agile and smart attackers. Due to the inherent limitation of an IDS with the reactive nature, intrusion prevention systems (IPSs) have been developed to thwart potential attackers and/or mitigate the impact of the intrusions before they penetrate into the system. In this chapter, we introduce an integrated defense mechanism to achieve intrusion prevention in a software-defined Internetof-Things (IoT) network by leveraging the technologies of cyberdeception (i.e., a decoy system) and moving target defense, namely MTD (i.e., network topology shuffling). In addition, we validate their effectiveness and efficiency based on the devised graphical security model (GSM)-based evaluation framework. To develop an adaptive, proactive intrusion prevention mechanism, we employed fitness functions based on the genetic algorithm in order to identify an optimal network topology where a network topology can be shuffled based on the detected level of the system vulnerability. Our simulation results show that GA-based shuffling schemes outperform random shuffling schemes in terms of the number of attack paths toward decoy targets. In addition, we observe that there exists a tradeoff between the system lifetime (i.e., mean time to security failure) and the defense cost introduced by the proposed MTD technique for fixed and adaptive shuffling schemes. That is, a fixed GA-based shuffling can achieve higher MTTSF with more cost while an adaptive GA-based shuffling obtains less MTTSF with less cost. Introduction Research Goal & ContributionsThis work aims to propose an integrated proactive defense based on intrusion preventive mechanisms, such as cyberdeception and MTD techniques, to minimize the impact of potential attackers trying to penetrate into IoT systems via multiple entries. We make the following key contributions in this book chapter:  We developed an integrated proactive defense system by proposing an adaptive MTD technique by shuffling a network topology where a network consists of both decoy nodes and real nodes. As decoy nodes are the part of a decoy system,

show abstract

Section: Security Models and Metricsmentioning

confidence: 99%

Section: Security Models and Metricsmentioning

confidence: 99%

See 1 more Smart Citation

Modeling and Analysis of Integrated Proactive Defense Mechanisms for Internet of Things

Cho

Ishfaq

et al. 2020

Modeling and Design of Secure Internet of Things

View full text Add to dashboard Cite

show abstract

“…In the literature, a risk-based security model has also been used to assess the effectiveness of defense mechanisms [28], [29], [30]. [28] proposed a risk-based security framework for IoT environments in the eHealth domain to measure expected risk and/or potential benefits by taking a game theoretic approach and context-aware techniques.…”

Section: Security Models and Metricsmentioning

confidence: 99%

“…However, only high-level ideas about the metrics were described without taking into account key characteristics of IoT environments that would require lightweight solutions. [29] proposed a method to come up with the optimal security resource allocation plan for an IoT network consisting of mobile nodes using a risk metric estimated by reflecting an economic perspective. However, only device-level evaluations were considered without showing system-level evaluations.…”

Section: Security Models and Metricsmentioning

confidence: 99%

Proactive Defense for Internet-of-Things: Integrating Moving Target Defense with Cyberdeception

Ge,

Cho,

Kim

et al. 2020

Preprint

View full text Add to dashboard Cite

Resource constrained Internet-of-Things (IoT) devices are highly likely to be compromised by attackers because strong security protections may not be suitable to be deployed. This requires an alternative approach to protect vulnerable components in IoT networks. In this paper, we propose an integrated defense technique to achieve intrusion prevention by leveraging cyberdeception (i.e., a decoy system) and moving target defense (i.e., network topology shuffling). We verify the effectiveness and efficiency of our proposed technique analytically based on a graphical security model in a software defined networking (SDN)based IoT network. We develop four strategies (i.e., fixed/random and adaptive/hybrid) to address "when" to perform network topology shuffling and three strategies (i.e., genetic algorithm/decoy attack pathbased optimization/random) to address "how" to perform network topology shuffling on a decoy-populated IoT network, and analyze which strategy can best achieve a system goal such as prolonging the system lifetime, maximizing deception effectiveness, maximizing service availability, or minimizing defense cost. Our results demonstrate that a software defined IoT network running our intrusion prevention technique at the optimal parameter setting prolongs system lifetime, increases attack complexity of compromising critical nodes, and maintains superior service availability compared with a counterpart IoT network without running our intrusion prevention technique. Further, when given a single goal or a multi-objective goal (e.g., maximizing the system lifetime and service availability while minimizing the defense cost) as input, the best combination of "when" and "how" strategies is identified for executing our proposed technique under which the specified goal can be best achieved.

show abstract

IoTCop: A Blockchain-Based Monitoring Framework for Detection and Isolation of Malicious Devices in Internet-of-Things Systems

Seshadri

Rodriguez

Subedi

et al. 2021

IEEE Internet Things J.

View full text Add to dashboard Cite

Shortfall-Based Optimal Security Provisioning for Internet of Things

Cited by 7 publications

References 4 publications

Modeling and Analysis of Integrated Proactive Defense Mechanisms for Internet of Things

Modeling and Analysis of Integrated Proactive Defense Mechanisms for Internet of Things

Proactive Defense for Internet-of-Things: Integrating Moving Target Defense with Cyberdeception

IoTCop: A Blockchain-Based Monitoring Framework for Detection and Isolation of Malicious Devices in Internet-of-Things Systems

Contact Info

Product

Resources

About