Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems
read more
Citations
Cyber-Physical Systems Security—A Survey
A survey of intrusion detection techniques for cyber-physical systems
Internet of things security: A top-down survey
Trust Management for SOA-Based IoT and Its Application to Service Composition
Trust-Based Service Management for Social Internet of Things Systems
References
The Byzantine Generals Problem
The Byzantine generals problem
Introduction to Probability Models.
Introduction to Probability Models (4th ed.).
SPNP: stochastic Petri net package
Related Papers (5)
A survey of intrusion detection techniques for cyber-physical systems
Frequently Asked Questions (13)
Q2. What are the two core techniques used in the host intrusion detection protocol?
Their host intrusion detection protocol design is based on two core techniques: behavior rule specification, and vector similarity specification.
Q3. What is the probability of a security failure?
As the random attack probability pa decreases, the attacker strength decreases, thus lowering the probability of security failure due to impairment attacks.
Q4. What is the way to minimize the probability of security failure?
The system can respond to a detected instantaneous attacker strength, and adjust CT to trade a high per-host false positive probability pfp for a low per-host false negative probability pfn, or vice versa, so as to minimize the probability of security failure.
Q5. How does the coordinator selection process work?
The authors add randomness to the coordinator selection process by introducing a hashing function that takes in the identifier of a node concatenated with the current location of the node as the hash key.
Q6. What is the reliability of the system R(t)?
Once the binary value of 0 or 1 is assigned to all states of the system as described above, the reliability of the system R(t) is the expected value of L weighted on the probability that the system stays at aparticular state at time t, which the authors can obtain easily from solving the SPN model using SPNP [14].
Q7. What is the way to minimize the probability of a security failure?
As weincrease the detection frequency (a smaller TIDS) or the number of detectors (a larger m), the detection strength increases, thus preventing the system from running into a security failure.
Q8. How can the authors calculate the MTTF of the system?
The MTTF of the system is equal to the cumulative reward to absorption, i.e.,MTTF =∫∞0R(t)dt, (7)which the authors can again compute easily using SPNP.IV.
Q9. What is the optimal setting of CT?
there exists an optimal setting of CT as a function of attacker strength detected at time t under which the system security failure probability is minimized.
Q10. Why do the authors observe that MTTF is better under static CT?
The authors also observe that, in the case the optimal TIDS at which MTTF is maximized decreases compared with the static CT case so to as quicklyremove bad nodes from the system.
Q11. What is the optimal setting of TIDS and m?
there is an optimal setting of TIDS and m under which the system MTTF is maximized, given the node capture rate and attack model.
Q12. What is the compliance degree history collected this way?
The compliance degree history collected this way is the realization of a sequence of random variables (c1, c2, ..., cn), and n is the total number of compliance degree outputs observed.
Q13. How does the CPS model model the impairment failure?
Impairment failure is modeled by defining an impairmentfailure attack period by a compromised node beyond which the system cannot sustain the damage.