Scheduling Intrusion Detection Systems in Resource-Bounded Cyber-Physical Systems
Waseem Abbas, Aron Laszka, Yevgeniy Vorobeychik, Xenofon Koutsoukos

Citation
Waseem Abbas, Aron Laszka, Yevgeniy Vorobeychik, Xenofon Koutsoukos. "Scheduling Intrusion Detection Systems in Resource-Bounded Cyber-Physical Systems". 1st ACM Workshop on Cyber-Physical Systems Security and Privacy, in conjunction with ACM CCS 2015 (CPS-SPC), October, 2015.

Abstract
In order to be resilient to attacks, a cyber-physical system (CPS) must be able to detect attacks before they can cause significant damage. To achieve this, intrusion detection systems (IDS) may be deployed, which can detect attacks and alert human operators, who can then intervene. However, the resource-constrained nature of many CPS poses a challenge, since reliable IDS can be computationally expensive. Consequently, computational nodes may not be able to perform intrusion detection continuously, which means that we have to devise a schedule for performing intrusion detection. While a uniformly random schedule may be optimal in a purely cyber system, an optimal schedule for protecting CPS must also take into account the physical properties of the system, since the set of adversarial actions and their consequences depend on the physical systems. Here, in the context of water distribution networks, we study IDS scheduling problems in two settings and under the constraints on the available battery supplies. In the first problem, the objective is to design, for a given duration of time, scheduling schemes for IDS so that the probability of detecting an attack is maximized within that duration. We propose efficient heuristic algorithms for this general problem and evaluate them on various networks. In the second problem, our objective is to design scheduling schemes for IDS so that the overall lifetime of the network is maximized while ensuring that an intruder attack is always detected. Various strategies to deal with this problem are presented and evaluated for various networks.

Electronic downloads

Internal. This publication has been marked by the author for FORCES-only distribution, so electronic downloads are not available without logging in.

Citation formats

• HTML

  Waseem Abbas, Aron Laszka, Yevgeniy Vorobeychik, Xenofon
  Koutsoukos. <a
  href="http://www.cps-forces.org/pubs/120.html"
  >Scheduling Intrusion Detection Systems in
  Resource-Bounded Cyber-Physical Systems</a>, 1st ACM
  Workshop on Cyber-Physical Systems Security and Privacy, in
  conjunction with ACM CCS 2015 (CPS-SPC), October, 2015.

• Plain text

  Waseem Abbas, Aron Laszka, Yevgeniy Vorobeychik, Xenofon
  Koutsoukos. "Scheduling Intrusion Detection Systems in
  Resource-Bounded Cyber-Physical Systems". 1st ACM
  Workshop on Cyber-Physical Systems Security and Privacy, in
  conjunction with ACM CCS 2015 (CPS-SPC), October, 2015.

• BibTeX

  @inproceedings{AbbasLaszkaVorobeychikKoutsoukos15_SchedulingIntrusionDetectionSystemsInResourceBounded,
      author = {Waseem Abbas and Aron Laszka and Yevgeniy
                Vorobeychik and Xenofon Koutsoukos},
      title = {Scheduling Intrusion Detection Systems in
                Resource-Bounded Cyber-Physical Systems},
      booktitle = {1st ACM Workshop on Cyber-Physical Systems
                Security and Privacy, in conjunction with ACM CCS
                2015 (CPS-SPC)},
      month = {October},
      year = {2015},
      abstract = {In order to be resilient to attacks, a
                cyber-physical system (CPS) must be able to detect
                attacks before they can cause significant damage.
                To achieve this, intrusion detection systems (IDS)
                may be deployed, which can detect attacks and
                alert human operators, who can then intervene.
                However, the resource-constrained nature of many
                CPS poses a challenge, since reliable IDS can be
                computationally expensive. Consequently,
                computational nodes may not be able to perform
                intrusion detection continuously, which means that
                we have to devise a schedule for performing
                intrusion detection. While a uniformly random
                schedule may be optimal in a purely cyber system,
                an optimal schedule for protecting CPS must also
                take into account the physical properties of the
                system, since the set of adversarial actions and
                their consequences depend on the physical systems.
                Here, in the context of water distribution
                networks, we study IDS scheduling problems in two
                settings and under the constraints on the
                available battery supplies. In the first problem,
                the objective is to design, for a given duration
                of time, scheduling schemes for IDS so that the
                probability of detecting an attack is maximized
                within that duration. We propose efficient
                heuristic algorithms for this general problem and
                evaluate them on various networks. In the second
                problem, our objective is to design scheduling
                schemes for IDS so that the overall lifetime of
                the network is maximized while ensuring that an
                intruder attack is always detected. Various
                strategies to deal with this problem are presented
                and evaluated for various networks.},
      URL = {http://cps-forces.org/pubs/120.html}
  }
  

Posted by Aron Laszka on 15 Mar 2016.
For additional information, see the Publications FAQ or contact webmaster at cps-forces org.