Ing-Ray Chen

A survey of intrusion detection techniques for cyber-physical systems

Pervasive healthcare systems, smart grids, and unmanned aircraft systems are examples of Cyber-Physical Systems (CPSs) that have become highly integrated in the modern world. As this integration deepens, the importance of securing these systems increases. In order to identify gaps and propose research directions in CPS intrusion detection research, we survey the literature of this area. Our approach is to classify modern CPS Intrusion Detection System (IDS) techniques based on two design dimensions: detection technique and audit material. We summarize advantages and drawbacks of each dimension’s options. We also summarize the most and least studied CPS IDS techniques in the literature and provide insight on the effectiveness of IDS techniques as they apply to CPSs. Finally, we identify gaps in CPS IDS research and suggest future research areas.

Dynamic Trust Management for Delay Tolerant Networks and Its Application to Secure Routing

Delay tolerant networks (DTNs) are characterized by high end-to-end latency, frequent disconnection, and opportunistic communication over unreliable wireless links. In this paper, we design and validate a dynamic trust management protocol for secure routing optimization in DTN environments in the presence of well-behaved, selfish and malicious nodes. We develop a novel model-based methodology for the analysis of our trust protocol and validate it via extensive simulation. Moreover, we address dynamic trust management, i.e., determining and applying the best operational settings at runtime in response to dynamically changing network conditions to minimize trust bias and to maximize the routing application performance. We perform a comparative analysis of our proposed routing protocol against Bayesian trust-based and non-trust based (PROPHET and epidemic) routing protocols. The results demonstrate that our protocol is able to deal with selfish behaviors and is resilient against trust-related attacks. Furthermore, our trust-based routing protocol can effectively trade off message overhead and message delay for a significant gain in delivery ratio. Our trust-based routing protocol operating under identified best settings outperforms Bayesian trust-based routing and PROPHET, and approaches the ideal performance of epidemic routing in delivery ratio and message delay without incurring high message or protocol maintenance overhead.

Dynamic trust management for internet of things applications

We propose a dynamic trust management protocol for Internet of Things (IoT) systems to deal with misbehaving nodes whose status or behavior may change dynamically. We consider an IoT system being deployed in a smart community where each node autonomously performs trust evaluation. We provide a formal treatment of the convergence, accuracy, and resilience properties of our dynamic trust management protocol and validate these desirable properties through simulation. We demonstrate the effectiveness of our dynamic trust management protocol with a trust-based service composition application in IoT environments. Our results indicate that trust-based service composition significantly outperforms non-trust-based service composition and approaches the maximum achievable performance based on ground truth status. Furthermore, our dynamic trust management protocol is capable of adaptively adjusting the best trust parameter setting in response to dynamically changing environments to maximize application performance.

Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems

In this paper we analyze the effect of intrusion detection and response on the reliability of a cyber physical system (CPS) comprising sensors, actuators, control units, and physical objects for controlling and protecting a physical infrastructure. We develop a probability model based on stochastic Petri nets to describe the behavior of the CPS in the presence of both malicious nodes exhibiting a range of attacker behaviors, and an intrusion detection and response system (IDRS) for detecting and responding to malicious events at runtime. Our results indicate that adjusting detection and response strength in response to attacker strength and behavior detected can significantly improve the reliability of the CPS. We report numerical data for a CPS subject to persistent, random and insidious attacks with physical interpretations given.

Review: A survey of intrusion detection in wireless network applications

Information systems are becoming more integrated into our lives. As this integration deepens, the importance of securing these systems increases. Because of lower installation and maintenance costs, many of these systems are largely networked by wireless means. In order to identify gaps and propose research directions in wireless network intrusion detection research, we survey the literature of this area. Our approach is to classify existing contemporary wireless intrusion detection system (IDS) techniques based on target wireless network, detection technique, collection process, trust model and analysis technique. We summarize pros and cons of the same or different types of concerns and considerations for wireless intrusion detection with respect to specific attributes of target wireless networks including wireless local area networks (WLANs), wireless personal area networks (WPANs), wireless sensor networks (WSNs), ad hoc networks, mobile telephony, wireless mesh networks (WMNs) and cyber physical systems (CPSs). Next, we summarize the most and least studied wireless IDS techniques in the literature, identify research gaps, and analyze the rationale for the degree of their treatment. Finally, we identify worthy but little explored topics and provide suggestions for ways to conduct research.

Modeling and analysis of trust management with trust chain optimization in mobile ad hoc networks

We develop and analyze a trust management protocol for mission-driven group communication systems in mobile ad hoc networks using hierarchical modeling techniques based on stochastic Petri nets. Trust among mobile nodes is crucial for team collaborations with new coalition partners without prior interactions for mission-driven group communication systems in battlefield situations. In addition, ensuring a certain level of trust is also critical for successful mission completion. Our work seeks to identify the optimal length of a trust chain among peers in a trust web that generates the most accurate trust levels without revealing risk based on a tradeoff between trust availability and path reliability over trust space. We define a trust metric for mission-driven group communication systems in mobile ad hoc networks to properly reflect unique characteristics of trust concepts and demonstrate that an optimal trust chain length exists for generating the most accurate trust levels for trust-based collaboration among peers in mobile ad hoc networks while meeting trust availability and path reliability requirements.

Behavior-Rule Based Intrusion Detection Systems for Safety Critical Smart Grid Applications

In this paper, a behavior-rule based intrusion detection system (BRIDS) is proposed for securing head-ends (HEs), distribution access points/data aggregation points (DAPs) and subscriber energy meters (SEMs) of a modern electrical grid in which continuity of operation is of the utmost importance. The impact of attacker behaviors on the effectiveness of a behavior-rule intrusion detection design is investigated. Using HEs, DAPs and SEMs as examples, it is demonstrated that a behavior-rule based intrusion detection technique can effectively trade false positives for a high detection probability to cope with sophisticated and hidden attackers to support ultra safe and secure applications. It is shown that BRIDS outperforms contemporary anomaly-based IDSs via comparative analysis.

Trust Management for SOA-Based IoT and Its Application to Service Composition

A future Internet of Things (IoT) system will connect the physical world into cyberspace everywhere and everything via billions of smart objects. On the one hand, IoT devices are physically connected via communication networks. The service oriented architecture (SOA) can provide interoperability among heterogeneous IoT devices in physical networks. On the other hand, IoT devices are virtually connected via social networks. In this paper we propose adaptive and scalable trust management to support service composition applications in SOA-based IoT systems. We develop a technique based on distributed collaborative filtering to select feedback using similarity rating of friendship, social contact, and community of interest relationships as the filter. Further we develop a novel adaptive filtering technique to determine the best way to combine direct trust and indirect trust dynamically to minimize convergence time and trust estimation bias in the presence of malicious nodes performing opportunistic service and collusion attacks. For scalability, we consider a design by which a capacity-limited node only keeps trust information of a subset of nodes of interest and performs minimum computation to update trust. We demonstrate the effectiveness of our proposed trust management through service composition application scenarios with a comparative performance analysis against EigenTrust and PeerTrust.

A Survey of Mobile Cloud Computing Applications: Perspectives and Challenges

As mobile computing has been developed for decades, a new model for mobile computing, namely, mobile cloud computing, emerges resulting from the marriage of powerful yet affordable mobile devices and cloud computing. In this paper we survey existing mobile cloud computing applications, as well as speculate future generation mobile cloud computing applications. We provide insights for the enabling technologies and challenges that lie ahead for us to move forward from mobile computing to mobile cloud computing for building the next generation mobile cloud applications. For each of the challenges, we provide a survey of existing solutions, identify research gaps, and suggest future research areas.

Trust Management for Encounter-Based Routing in Delay Tolerant Networks

We propose and analyze a class of trust management protocols for encounter-based routing in delay tolerant networks (DTNs). The underlying idea is to incorporate trust evaluation in the routing protocol, considering not only quality-of-service (QoS) trust properties (connectivity) but also social trust properties (honesty and unselfishness) to evaluate other nodes encountered. Two versions of trust management protocols are considered: an equal-weight QoS and social trust management protocol (called trust-based routing) and a QoS only trust management protocol (called connectivity-based routing). By utilizing a stochastic Petri net model describing a DTN behavior, we analyze the performance characteristics of these two routing protocols in terms of message delivery ratio, latency, and message overhead. We also perform a comparative performance analysis with epidemic routing for a DTN consisting of heterogeneous mobile nodes with vastly different social and networking behaviors. The results indicate that trust-based routing approaches the ideal performance of epidemic routing in delivery ratio, while connectivity-based routing approaches the ideal performance in message delay of epidemic routing, especially as the percentage of selfish and malicious nodes present in the DTN system increases. By properly selecting weights associated with QoS and social trust metrics for trust evaluation, our trust management protocols can approximate the ideal performance obtainable by epidemic routing in delivery ratio and message delay without incurring high message overhead.