ieee iciot securing iot-based cyber-physical human systems ... · • anomaly detection by means of...
TRANSCRIPT
![Page 1: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/1.jpg)
SecuringIoT-basedCyber-PhysicalHumanSystemsagainstCollaborativeAttacks
1
SathishA.PKumar,CoastalCarolinaUniversity,Conway,SC,USABharatBhargavaandGanapathyManiPurdueUniversity,WestLafayette,IN,USARaimundoMacêdoFederalUniversityofBahia,Ondina,Salvador,Bahia,Brazil
![Page 2: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/2.jpg)
IntroductionandBackground
• CPHSisIntegrationofCyber,Physical,andHumanElements.
• InternetofThingsisusedasamethodologytodeployCPHSystems.
• Duetotheirunpredictability,humanbehaviorisdifficulttomodel.
• Dynamichumaninvolvementinthecontextofcollaborativeattacksneedsfurtherresearch– Multipleadversariescollude,interleave,andattack
• ResultsinsophisticatedCPSattacks• Systembehavesinbyzantinemanner
• Securingsuchsystemistougher 2
![Page 3: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/3.jpg)
MotivationandRationale
• CPHSystemsinICU– Riskoflifethreateningsituations
• Stressfulandunfriendlyenvironments– Possibilitiesofattacksarehigh
– Effectiveandimmediateinterventionisneededtoreducetherisk
• Intrusiontolerance,prevention,anddetectionshouldworkincoordinatedandintegratedfashion
• ResearchisneededtostudyhumaninteractionsinvariousrolesinCPHS– Requirespropermodelingandtools
3
![Page 4: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/4.jpg)
SecurityFrameworkforIoTBasedCPHSEnvironment
4
IoT Based CPHS environmentf(x1(t),x2(t),…xn(t), v1(t), v2(t)…vn(t), h1(t), h2(t),…hn(t),m1(t), m2(t),…mn(t), k(t), u(t))
Threat Modeling in IoT Based CPHS environment
Co-ordinated Intrusion Detection of Malicious Collaborating Entities in CPHS TI(t)
Adaptive Coordinated Intrusion Response
Co-ordinated Intrusion Prevention
Autonomic Intrusion Tolerance Using Byzantine Fault Tolerant Replication
A B
CDE
![Page 5: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/5.jpg)
SecurityFrameworkforIoT BasedCPHSEnvironment(Cont)
• Theproposedframeworkusesafeedbackcontrolscheme.
• Analogoustoahumanbiologicalmodel- whereattackisdetectedbymeasuringthebodyparameters.
• VariousparametersofCPHScomponentsaremonitoredtodetectanattack.
• Ourphilosophyisthatbyidentifyingtheparametersandmonitoringthechangerapidlyinagiventimeframe,theappropriatethreatcanbeidentifiedandacorrectiveactioncanbetaken.5
![Page 6: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/6.jpg)
IoT-basedCPHSenvironment• NotationofIoTbasedCPHSenvironment
– Attacksensitiveparameters(xn(t))• Examples- PacketDrop,QueueLength,EnergyConsumption
– Nonattacksensitiveparameters(vn(t))• Examples– PatientDemographicDetails,VehicleLocation
– Attackparameters(k(t))• Examples- DoS,CommandInjection,ARPSpoofing
– Controlparameter(u(t))• Examples– IDM,Faulttolerance
– Humanbehaviourparameters(h(t))• Examples–LoginPatterns,PasswordChanges,Accessdetails
6
![Page 7: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/7.jpg)
ThreatModelinginCPHS- ThreatIndex(TI)
– MetricusedtodetectifaCPHSnodeisunderattackornot.
– TIquantifiesthethreatofnodeinCPHS.
– Computedusingfuzzylogicbasedonsignificantparameters.
![Page 8: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/8.jpg)
TIEvaluationExample
0 163119 208
NS USVS
Number of packets drop, PD
µ(x)1
0
908656 1157
NS US VS
Queue length, QL
µ(x)1
0 1.661.33 1.99
NS
US
VS
Energy Consumption, EC (Joules)
µ(x)1
• NS is normal state, US is uncertain state and VS is vulnerable state• Parameters: x1 is packet drop, x2 is queue length and x3 is energy consumption• μj (xi) is the grade of membership of parameter xi for fuzzy rule j.
![Page 9: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/9.jpg)
• Fortheparametersidentifiedtodetectthreat– Normalstate,UncertainstateandVulnerablestatethresholdsareidentified
• Xaxisindicatesthevaluesoftheparameters• Yaxisindicatesthefuzzymembershipfunctions– Foreg.,ifthepacketdropislessthan119membershipfunctionofNS
is1andtheMFforUSandVSare0– IfthePDisgreaterthan208MFofVSis1andtheMFforUSandNS
are0– IfthePDisexactly163MFofUSis1andtheMFforVSandNSare0
9
TIEvaluationExample(Cont.)
![Page 10: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/10.jpg)
TIEvaluationExample(Cont.)• k=numberofstates=3[NS,US,VS]• iisnumberofparameters=3[PD,QL,EC]• misnoofrules=ki =33=27;• Ruleoutput[yj]cantakeanyvaluefrom1to10• Foreachrulej,therulestrength[wj]andruleoutput[yj]areidentified– RulestrengthistheminimumMFvalue[μj (xi)] amongallparametersifor rule j
– Foreg.,forrule7ifμ7 (x1) is 1, μ7 (x2) is 0.5 and μ7 (x3) is 0.25 • Min (μ7 (xi)) is 0.25
– Assuming rule output for rule 7 [[y7] is 7, – then w7y7is 7*0.25 =1.75
10
![Page 11: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/11.jpg)
TIEvaluationExample(Cont.)
• Forallmrules– rulestrength[wj]andruleoutput[yj]arecalculated
• TIisthencalculatedas
• ForexampleifonlyonerulehasWj tobe0.25,whoseoutputyj is7andtherestofWjare0
–TIwillbe1.75/0.25=711
∑
∑
=
=
m
jj
m
jjj
w
yw
1
1TI =
![Page 12: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/12.jpg)
DetectingCollaborativeAttacks
• Detectionofmultiplehumanentitiesusingtwokeymechanisms,– DataRoutingInformation(DRI)Table– CrossChecking
• DRItablewillhaveinformationaboutdeviceidentities,networkconnectioninformation,andlogofinteractionsofentities.
• CrosscheckingisnothingbutamechanismwhereinsideentitiescheckeachotherandDRItabletoidentifymaliciousentities. 12
![Page 13: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/13.jpg)
DetectingCollaborativeAttacks
• AnomalydetectionbymeansofdataminingfromuncategorizedsensordataandorderedDRItabledata
• Clustering-layoutapproachtoCPHSystemswhereaCentralMonitor(CM)canvalidatenewentitiesinthesystemandcrosscheckinregulartimeintervals.– CPHsystementitieswillbegroupedinclusters– EachclusterwithCMandbackupCMs– Beaconthecompromisedentities’identitiestootherentitiesinCPHSystems
13
![Page 14: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/14.jpg)
DetectingCollaborativeAttacks
• DeceptiveSecurityLoopholes:inthisapproach,CPHSystemwillappeartobevulnerabletolureattackers.
• Eachattempt’sinformationandtypeofattackwillbeclassifiedandstored.– Createaknowledgerepository
• Underlyingsystemanditsvulnerabilities• Defendableattacks• Novelattacks• Attacksources
– Collaborativeattackerscanbeidentifiedwithcrosscheckingtheknowledgerepositories.
14
![Page 15: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/15.jpg)
WhyIntrusionToleranceisrequiredinCPHSystems?
• DetectionisNOTalwayspossibleortimelyfeasible.– NovelAttacks– Securityloopholes– Insiders’collaborativeattacks
• Recoveringfromintrusiondetectionistimecritical.– Criticalprocessmaynotrecover– Affectdistributedprocessing– Redundancyfromreplicas– Self-healingiscostly
15
![Page 16: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/16.jpg)
CoordinatedIntrusionPreventionUsingCryptographicPrimitives
• DesignHashfunctionbaseddefensemechanism– GenerateCPHSentitybehavioralproofs– Containinformationfromdatatrafficandforwardingpaths
• Measureandevaluateimpactonparameters– Throughputofapplication– Resourcesdepletion– Detectionandmitigationcapability– Extentofsystemunavailability
16
![Page 17: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/17.jpg)
Co-ordinatedIntrusionDetectionofMaliciousCollaboratingEntitiesinCPHS
• ThreatIndexTIforIoTnodeiscalculated– Usingattacksensitiveparametersandmachinelearning
• IndicatesvulnerabilityoftheCPHS• TIcanbecomputedoverperiodoftimeandcomparedwithbenchmark
• Datacollectedfromsimulationenvironmentwithandwithoutattacksisusedfortraining
• IfcomputedTI(t)isgreaterthanvulnerablestatethresholdreferenceTI’,thenodeisidentifiedtobeunderthreat 17
![Page 18: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/18.jpg)
Co-ordinatedIntrusionDetectionofMaliciousCollaboratingEntitiesinCPHS- Example
• N1isnodeunderattack• Thresholdsofparameters[PD,QL,EC]areidentifiedtoconstructfuzzyMF
• Basedontheparameters[PD,QL,EC]observedatN1– Fuzzyrulesaregenerated– TIiscalculated– IfvalueofTIis7,itindicatesnodeisunderthreat
• TI<4isnothreat,TI>6isthreat,TIbetween4and6isvulnerable
18
![Page 19: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/19.jpg)
AdaptiveCoordinatedIntrusionResponse
• Developandapplyautonomic/self-adaptivetechniquestoimplementadaptivecoordinatedresponseinCPHS
• Ifanodeisunderthreat,neighboringnodesaresubjectedtoresponseandprotectionalgorithm– ToidentifyintruderandisolateintruderfromCPHS
19
![Page 20: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/20.jpg)
20
AdaptiveCoordinatedIntrusionResponseExample
• Fortheparametersobservedforneighboringnodeforanodeunderattack– IftheIftheparameterswithnormalvaluesaregreaterthanabnormalanduncertainvalues
• Thenode isflaggednormalandaccordinglycertainactionplanistaken– Elseiftheparameterswithabnormalvaluesaregreaterthannormalanduncertainvalues
• Thenode isflaggedmaliciousandaccordinglycertainactionplanistaken
– Elseiftheparameterswithuncertainvaluesaregreaterthannormalandabnormalvalues• Thenode isflaggeduncertainandaccordinglycertainactionplanistaken
![Page 21: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/21.jpg)
AutonomicIntrusionToleranceUsingByzantineFault-tolerantReplication
21
![Page 22: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/22.jpg)
AutonomicIntrusionToleranceUsingByzantineFault-tolerantReplication(cont.)
• n-t replicastoreplaceuptot compromisedsystems
l Intelligent adversary requires combination of replica diversity, voting and cryptographic schemes
l Dynamic and complex nature of CPHS requires self-manageable behaviour
l Feedback loop for sensing and adapting to current conditions 22
![Page 23: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/23.jpg)
OurOngoingWorkonByzantineReplication
• BFT protocol that implements a series ofperformance optimization mechanisms: requestbatching, replica rejuvenation, etc.
l Needrightconfigurationofthesystemtoachieve:Sizeandtimeoutforbatching,checkpointperiod,rejuvenationperiod,primarybackupfailuredetectiontimeout,etc.
23
![Page 24: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/24.jpg)
OurOngoingWorkonByzantineReplication(cont.)
• Developedaself-manageableversionofBFTtooptimizetherelationthroughput/deliverytime.
• Itisonlineadaptivebecausetheobjective“optimizingdelay/throughput”isnotmodifiedatruntime.
24
Controller PBFT
BFTparameters
clientactivityprotocol/systemperformance
Self-manageablePBFT
![Page 25: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/25.jpg)
AutonomicBFT:Onestepahead
• BFTAdaptationpoliciesshouldbedynamicallydefinedbyCoordinatedIntrusionResponse.
• DistinctactionplanswilltriggerdistinctadaptationpoliciesoroperationmodesforBFT.Forexample,– ActionPlan3mayrequireBFTtooptimizethroughputtohandleapossibleDoSattack,evenontheexpenseofdelayingservicesresponses.
– OrAction4mayrequireBFTtoimmediatelycheck-pointingstatetodealwithapossibleshutdown.
25
![Page 26: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/26.jpg)
ThreatModelingWithHumanEntities
• Nearly95%ofthealltheSecurityincidentsarecausedbyhumanerrors[Report:2014IBM’sCyberSecurityIntelligenceIndex].
• HumanentitiesadduncertaintytoCPHSystems.– Intentional(malicious)errors– Maliciouscollaborativeattacks– Unintentional(commonmistakes)errors– Identitycompromise– Privacybreach
26
![Page 27: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/27.jpg)
ThreatModelingWithHumanEntities
• Nearly95%ofthealltheSecurityincidentsarecausedbyhumanerrors[Report:2014IBM’sCyberSecurityIntelligenceIndex].
• HumanentitiesadduncertaintytoCPHSystems.– Intentional(malicious)errors– Maliciouscollaborativeattacks– Unintentional(commonmistakes)errors– Identitycompromise– Privacybreach
27
![Page 28: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/28.jpg)
ModelingAttacksUsingCausalRelationships
• Humanerrors(intentionalorintentional)areconsideredasevents(en).– Oneormorecanoccuratthesametime– Theysequentiallyfollowotherevent(s)
• e1à e2à e3e4• Eventscanbe(a)individualattacksor(b)collaborativeattacks
• Thecausalmodel:astateofanindividualattackcausedbyasequenceofintentionalhumanerrorsrepresentsfiniteperiodofindividualattackexecution. 28
![Page 29: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/29.jpg)
Typeofcollaboration
• Weidentifytwodistincteventscalled“positive”and“negative”collaboration.
• Positivehappenswhentwoindependentattackscollaboratetoincreasethenumberandeffectsoftheresultantdamageevents.
• Oneattackinterferingwithanotherattackandnullifyingtheeffectknownasnegativecollaboration.
29
![Page 30: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/30.jpg)
ModelingAttacksUsingCausalRelationships(cont.)
• Weemploycausalgraphtomaptheattackpatternsthroughhumanerrors.
• AcausalgraphG=<V,E>forasetofcausalrulesofanattackisalabeleddigraphwith– verticesV={e|events}– edgesE={<p,q>|∃
• acausalrelationshipc• localoperationL• predicateBsuchthat<p,c,q,L,B>isacausalmodel}.
30
![Page 31: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/31.jpg)
AdvantagesofCausalModel
• ByidentifyingallattackeventswecanproduceaCausalAttackGraph(CAG):itcanmodelattacksthataresequentialaswellasconcurrent.
• Thepre-conditionsandpost-conditionsofattacksthatsatisfychangedynamically,thecausalmodelcancapturethechangethatthestate-of-artattackgraphreductiontechniquescannot.
• Thecausalmodelcanhelpusinmodellinglargescalenetworks. 31
![Page 32: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/32.jpg)
AdvantagesofCausalModel(cont.)
• Thecausalmodelcandescribetimingofattacks.– Attacksmayneedtobeoperatingwithinaspecifictimeintervalandtraditionalattackgraphanalysisdidnotconsiderit.
• Thecasualmodelcanrepresentunsuccessfulattacks.– Someattemptedattacksareneversuccessfulandcannotbemodeledbytraditionalattackgraphs
32
![Page 33: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/33.jpg)
Contributions
• HolisticFrameworktomitigatesecurityissuesinCPHSenvironment
• GuidelinesfordevelopingadaptivedefensemechanismsformaliciouscollaborativeattacksinCPHS.
• Leadstoimprovedunderstandinganddealingwithcollaborativeattacksandcoordinateddefensethrough
– Faultyhumancomponent– Byzantinefaulttolerance,– Identitymanagement(IDM)
• Autonomic,self-adaptivetechniquestoprevent,detectandcounterthoseCPHSattacks.
33
![Page 34: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/34.jpg)
Conclusion
• DiscussedsecurityissuesinIoTbasedCPS• HumanparticipationinCPHSdeepensthosesecurityissues
• ProposedholisticsecurityframeworkforIoTbasedCPHS
• ThreatmodelinginvolvinghumanelementsinCPHS
• ProposedresearchquestionsanddirectionsfortheCPHSsecurity
34
![Page 35: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/35.jpg)
Questions
35
![Page 36: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/36.jpg)
Appendix
36
![Page 37: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/37.jpg)
TIEvaluationExample(Contd.)
TI =
FOR PD=174, QL =843 and EC = 1.8Joules
m is no of rules = kn = 33 = 27;
Here, j ε {1, 2, …m }, n is the number of input metrics and k the number of membership functions for each metric
= 11.5/2.5 = 4.6
∑
∑
=
=
m
jj
m
jjj
w
yw
1
1
TI =
Here m is the number of fuzzy rules, j ε {1, 2, …m }, and m = kn where n is the number of input metrics and k the number of fuzzy membership functions.
Here, wj = min(μj (xi)) where μj (xi) indicate MF of significant parameters of that rule.
weight yj à NS, US and VS TI threshold values denoting the particular rule output.
∑
∑
=
=
m
jj
m
jjj
w
yw
1
1
![Page 38: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/38.jpg)
TIEvaluationExample(Contd.) FOR PD=174, QL =843 and EC = 1.8Joules
Rule Number (j) μj (PD)μj (QL) μj(EC) Rule Strength, wj , min(μj(PD)μj(QL)
μj(EC))
Output, yj wjyj
10 0.25 0
01 0
20 0.25 0.4
01 0
30 0.25 0.6
01 0
40 0.75 0
01 0
50 0.75 0.4
04 0
60 0.75 0.6
04 0
70 0 0
01 0
80 0 0.4
04 0
90 0 0.6
07 0
100.75 0.25 0
01 0
110.75 0.25 0.4
0.254 1
120.75 0.25 0.6
0.254 1
130.75 0.75 0
04 0
140.75 0.75 0.4
0.44 1.6
150.75 0.75 0.6
0.64 2.4
160.75 0 0
04 0
170.75 0 0.4
04 0
180.75 0 0.6
07 0
190.25 0.25 0
01 0
200.25 0.25 0.4
0.254 1
21 0.25 0.25 0.6 0.25 7 1.7522
0.25 0.75 00
4 023
0.25 0.75 0.40.25
4 124 0.25 0.75 0.6 0.25 7 1.7525
0.25 0 00
7 026
0.25 0 0.40
7 027
0.25 0 0.60
7 0
m is no of rules = kn = 33 = 27;
Here, j ε {1, 2, …m }, n is the number of input metrics and k the number of membership functions for each metric
= 11.5/2.5 = 4.6TI =
∑
∑
=
=
m
jj
m
jjj
w
yw
1
1
![Page 39: IEEE ICIOT Securing IoT-based Cyber-Physical Human Systems ... · • Anomaly detection by means of data mining from uncategorized sensor data and ordered DRI table data • Clustering-layout](https://reader034.vdocuments.us/reader034/viewer/2022042200/5e9f4d8727e78c3d9068b32b/html5/thumbnails/39.jpg)
39
N1
M0,1
M2,1
M3,1
M4,1
M5,1
Parameter UCLvs UCLus M01to N1 M21toN1 M31to N1 M41to N1 M51toN1 Average
(PD) 208.63 119.1 155/ US 2000/VS 20/NS 20/NS 20/NS 443
(QL) 1157.72 656.0 120/ NS 12000/VS
120/NS 120/NS 120/ NS 2496
(EC) 1.9941 1.34 1.3 /NS 3.92 /VS 2.33 /VS 2.36 /VS 2.61/ VS 2.51
Rule Number (j) μj (PD) μj (QL) μj(EC) Rule Strength, wj , min(μj(PD)μj(QL) μj(EC))
Output, yj wjyj10 0 0 1 020 0 1
01 03
0 0 00
4 040 0 1
04 05
0 1 00
1 060 1 0
04 07
0 1 10
7 081 0 0
01 09
1 0 00
4 0101 0 1
07 0
11 1 1 000 7 012
1 1 111 7 7
TI = = 7/1 = 7∑
∑
=
=
m
jj
m
jjj
w
yw
1
1
Co-ordinatedIntrusionDetectionofMaliciousCollaboratingEntitiesinCPHS- Example