research-article

Public Access

Scheduling Intrusion Detection Systems in Resource-Bounded Cyber-Physical Systems

Authors:

Yevgeniy Vorobeychik,

Xenofon KoutsoukosAuthors Info & Claims

CPS-SPC '15: Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy

Pages 55 - 66

https://doi.org/10.1145/2808705.2808711

Published: 16 October 2015 Publication History

Abstract

In order to be resilient to attacks, a cyber-physical system (CPS) must be able to detect attacks before they can cause significant damage. To achieve this, \emph{intrusion detection systems} (IDS) may be deployed, which can detect attacks and alert human operators, who can then intervene. However, the resource-constrained nature of many CPS poses a challenge, since reliable IDS can be computationally expensive. Consequently, computational nodes may not be able to perform intrusion detection continuously, which means that we have to devise a schedule for performing intrusion detection. While a uniformly random schedule may be optimal in a purely cyber system, an optimal schedule for protecting CPS must also take into account the physical properties of the system, since the set of adversarial actions and their consequences depend on the physical systems. Here, in the context of water distribution networks, we study IDS scheduling problems in two settings and under the constraints on the available battery supplies. In the first problem, the objective is to design, for a given duration of time $T$, scheduling schemes for IDS so that the probability of detecting an attack is maximized within that duration. We propose efficient heuristic algorithms for this general problem and evaluate them on various networks. In the second problem, our objective is to design scheduling schemes for IDS so that the overall lifetime of the network is maximized while ensuring that an intruder attack is always detected. Various strategies to deal with this problem are presented and evaluated for various networks.

References

[1]

W. Abbas and M. Egerstedt. Characterizing heterogeneity in cooperative networks from a resource distribution view-point. Communications in Information and Systems, 14:1--22, 2014.

[2]

W. Abbas, M. Egerstedt, C.-H. Liu, R. Thomas, and P. Whalen. Deploying robots with two sensors in k_ 1, 6-free graphs. arXiv preprint arXiv:1308.5450, 2014.

[3]

M. Abrams and J. Weiss. Malicious control system cyber security attack case study -- Maroochy Water Services, Australia. http://csrc.nist.gov/groups/SMA/fisma/ics/documents/Maroochy-Water-Services-Case-Study_report.pdf, Jul 2008.

[4]

N. Ahn and S. Park. A new mathematical formulation and a heuristic for the maximum disjoint set covers problem to improve the lifetime of the wireless sensor network. Ad Hoc & Sensor Wireless Networks, 13(3--4):209--225, 2011.

[5]

G. Arslan, J. R. Marden, and J. S. Shamma. Autonomous vehicle-target assignment: A game-theoretical formulation. Journal of Dynamic Systems, Measurement, and Control, 129(5):584--596, 2007.

[6]

A.-L. Barabási and R. Albert. Emergence of scaling in random networks. Science, 286(5439):509--512, October 1999.

[7]

L. E. Blume. The statistical mechanics of strategic interaction. Games and economic behavior, 5(3):387--424, 1993.

[8]

W. A. Brock and S. N. Durlauf. Discrete choice with social interactions. The Review of Economic Studies, 68(2):235--260, 2001.

[9]

M. Cardei and D.-Z. Du. Improving wireless sensor network lifetime through power aware organization. Wireless Networks, 11(3):333--340, 2005.

Digital Library

[10]

A. Deshpande, S. E. Sarma, K. Youcef-Toumi, and S. Mekid. Optimal coverage of an infrastructure network using sensors with distance-decaying sensing quality. Automatica, 49(11):3351--3358, 2013.

Digital Library

[11]

U. Feige, M. M. Halldórsson, G. Kortsarz, and A. Srinivasan. Approximating the domatic number. SIAM Journal on computing, 32(1):172--195, 2002.

Digital Library

[12]

S. Fujita, M. Yamashita, and T. Kameda. A study on r-configurations--a resource assignment problem on graphs. SIAM Journal on Discrete Mathematics, 13(2):227--254, 2000.

Digital Library

[13]

S. Henna and T. Erlebach. Approximating maximum disjoint coverage in wireless sensor networks. In Ad-hoc, Mobile, and Wireless Network, pages 148--159. Springer, 2013.

[14]

K. Islam, S. G. Akl, and H. Meijer. Maximizing the lifetime of wireless sensor networks through domatic partition. In Local Computer Networks, 2009. LCN 2009. IEEE 34th Conference on, pages 436--442. IEEE, 2009.

[15]

Kaspersky Lab. Kaspersky Lab provides its insights on Stuxnet worm. http://www.kaspersky.com/about/news/virus/2010/Kaspersky_Lab_provides_its_insights_on_Stuxnet_worm, Sep 2010. Accessed: June 21st, 2015.

[16]

M. B. Kelley. The Stuxnet attack on Iran's nuclear plant was 'far more dangerous' than previously thought.textitBusiness Insider, http://www.businessinsider.com/stuxnet-was-far-more-dangerous-than-previous -thought-2013--11, Nov 2013. Accessed: June 21st, 2015.

[17]

D. Kushner. The real story of Stuxnet. IEEE Spectrum, 50(3):48--53, 2013.

[18]

J. Marden and J. Shamma. Revisiting log-linear learning: Asynchrony, completeness, and pay-off based implementation. Games and Economic Behavior, 75(2):788--808, 2012.

[19]

I. Menache and A. Ozdaglar. Network games: Theory, models, and dynamics. Synthesis Lectures on Communication Networks, 4(1):1--159, 2011.

[20]

T. Moscibroda and R. Wattenhofer. Maximizing the lifetime of dominating sets. In Parallel and Distributed Processing Symposium, 2005. Proceedings. 19th IEEE International, pages 8--pp. IEEE, 2005.

Digital Library

[21]

A. Ostfeld, J. G. Uber, E. Salomons, J. W. Berry, W. E. Hart, C. A. Phillips, J.-P. Watson, G. Dorini, P. Jonkergouw, Z. Kapelan, et al. The battle of the water sensor networks: A design challenge for engineers and algorithms. Journal of Water Resources Planning and Management, 134(6):556--568, 2008.

[22]

S. V. Pemmaraju and I. A. Pirwani. Energy conservation via domatic partitions. In Proceedings of the 7th ACM international symposium on Mobile ad hoc networking and computing, pages 143--154. ACM, 2006.

Digital Library

[23]

RSA FraudAction Research Labs. Anatomy of an attack. https://blogs.rsa.com/anatomy-of-an-attack/, Apr 2011. Accessed: June 21st, 2015.

[24]

A. Y. Yazicioglu, M. Egerstedt, and J. S. Shamma. A game theoretic approach to distributed coverage of graphs by heterogeneous mobile agents. In Estimation and Control of Networked Systems, volume 4, pages 309--315, 2013.

[25]

J. Yu, Q. Zhang, D. Yu, C. Chen, and G. Wang. Domatic partition in homogeneous wireless sensor networks. Journal of Network and Computer Applications, 37:186--193, 2014.

Digital Library

[26]

M. Zhu and S. Martınez. Distributed coverage games for energy-aware mobile sensor networks. SIAM Journal on Control and Optimization, 51(1):1--27, 2013.

Cited By

Holdbrook ROdeyomi OYi SRoy K(2024)Network-Based Intrusion Detection for Industrial and Robotics Systems: A Comprehensive SurveyElectronics10.3390/electronics1322444013:22(4440)Online publication date: 13-Nov-2024
https://doi.org/10.3390/electronics13224440
Nguyen HRakib A(2023)Formal Modelling and Verification of Probabilistic Resource Bounded AgentsJournal of Logic, Language and Information10.1007/s10849-023-09405-132:5(829-859)Online publication date: 15-Nov-2023
https://doi.org/10.1007/s10849-023-09405-1
Sakhnini JKarimipour HDehghantanha AParizi R(2020)AI and Security of Critical InfrastructureHandbook of Big Data Privacy10.1007/978-3-030-38557-6_2(7-36)Online publication date: 19-Mar-2020
https://doi.org/10.1007/978-3-030-38557-6_2
Show More Cited By

Index Terms

Scheduling Intrusion Detection Systems in Resource-Bounded Cyber-Physical Systems
1. Information systems

Recommendations

A survey of intrusion detection techniques for cyber-physical systems

Pervasive healthcare systems, smart grids, and unmanned aircraft systems are examples of Cyber-Physical Systems (CPSs) that have become highly integrated in the modern world. As this integration deepens, the importance of securing these systems ...
Time-based intrusion detection in cyber-physical systems
ICCPS '10: Proceedings of the 1st ACM/IEEE International Conference on Cyber-Physical Systems

Embedded systems, particularly real-time systems with temporal constraints, are increasingly deployed in every day life. Such systems that interact with the physical world are also referred to as cyber-physical systems (CPS). These systems commonly find ...
A Survey on Intrusion Detection and Prevention Systems
Abstract
In the digital world, malicious activities that violate the confidentiality, integrity, or availability of data and devices are known as intrusions. An intrusion detection system (IDS) analyses the activities of a single system or a network to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CPS-SPC '15: Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy

October 2015

132 pages

ISBN:9781450338271

DOI:10.1145/2808705

General Chair:
Indrajit Ray
Colorado State University, USA
,
Program Chairs:
Roshan Thomas
The MITRE Corporation, USA
,
Alvaro A. Cardenas
University of Texas at Dallas, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Institute of Standards and Technology
Air Force Research Laboratry
National Science Foundation

Conference

CCS'15

Sponsor:

SIGSAC

CCS'15: The 22nd ACM Conference on Computer and Communications Security

October 16, 2015

Colorado, Denver, USA

Acceptance Rates

CPS-SPC '15 Paper Acceptance Rate 11 of 20 submissions, 55%;

Overall Acceptance Rate 53 of 66 submissions, 80%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
475
Total Downloads

Downloads (Last 12 months)58
Downloads (Last 6 weeks)15

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Holdbrook ROdeyomi OYi SRoy K(2024)Network-Based Intrusion Detection for Industrial and Robotics Systems: A Comprehensive SurveyElectronics10.3390/electronics1322444013:22(4440)Online publication date: 13-Nov-2024
https://doi.org/10.3390/electronics13224440
Nguyen HRakib A(2023)Formal Modelling and Verification of Probabilistic Resource Bounded AgentsJournal of Logic, Language and Information10.1007/s10849-023-09405-132:5(829-859)Online publication date: 15-Nov-2023
https://doi.org/10.1007/s10849-023-09405-1
Sakhnini JKarimipour HDehghantanha AParizi R(2020)AI and Security of Critical InfrastructureHandbook of Big Data Privacy10.1007/978-3-030-38557-6_2(7-36)Online publication date: 19-Mar-2020
https://doi.org/10.1007/978-3-030-38557-6_2
Nguyen HRakib A(2019)A probabilistic logic for resource-bounded multi-agent systemsProceedings of the 28th International Joint Conference on Artificial Intelligence10.5555/3367032.3367107(521-527)Online publication date: 10-Aug-2019
https://dl.acm.org/doi/10.5555/3367032.3367107
Nguyen HRakib AElkind EVeloso MAgmon NTaylor M(2019)Probabilistic Resource-bounded Alternating-time Temporal LogicProceedings of the 18th International Conference on Autonomous Agents and MultiAgent Systems10.5555/3306127.3332037(2141-2143)Online publication date: 8-May-2019
https://dl.acm.org/doi/10.5555/3306127.3332037
Kharitonov AZimmermann AMathur AZhou J(2019)Intrusion Detection Using Growing Hierarchical Self-Organizing Maps and Comparison with other Intrusion Detection TechniquesProceedings of the 5th on Cyber-Physical System Security Workshop10.1145/3327961.3329531(13-23)Online publication date: 2-Jul-2019
https://dl.acm.org/doi/10.1145/3327961.3329531
Zhao CHe JChen J(2018)Resilient Consensus with Mobile Detectors Against Malicious AttacksIEEE Transactions on Signal and Information Processing over Networks10.1109/TSIPN.2017.27428594:1(60-69)Online publication date: Mar-2018
https://doi.org/10.1109/TSIPN.2017.2742859
Jardine WFrey SGreen BRashid APayer MMangard SWeippl EKatzenbeisser SCárdenas ABobba R(2016)SENAMIProceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy10.1145/2994487.2994496(23-34)Online publication date: 28-Oct-2016
https://dl.acm.org/doi/10.1145/2994487.2994496
Laszka AAbbas WSastry SVorobeychik YKoutsoukos XScherlis WBrumley D(2016)Optimal thresholds for intrusion detection systemsProceedings of the Symposium and Bootcamp on the Science of Security10.1145/2898375.2898399(72-81)Online publication date: 19-Apr-2016
https://dl.acm.org/doi/10.1145/2898375.2898399
Mangathayaru NKumar GNarsimha G(2016)Text mining based approach for intrusion detection2016 International Conference on Engineering & MIS (ICEMIS)10.1109/ICEMIS.2016.7745351(1-5)Online publication date: Sep-2016
https://doi.org/10.1109/ICEMIS.2016.7745351
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten