TY - GEN
T1 - Scheduling intrusion detection systems in resource-bounded cyber-physical systems
AU - Abbas, Waseem
AU - Laszka, Aron
AU - Vorobeychik, Yevgeniy
AU - Koutsoukos, Xenofon
N1 - Funding Information:
This work was supported in part by the National Science Foundation (CNS-1238959), Air Force Research Laboratory (FA8750-14-2-0180), and National Institute of Standards and Technology (70NANB13H169).
PY - 2015/10/16
Y1 - 2015/10/16
N2 - In order to be resilient to attacks, a cyber-physical system (CPS) must be able to detect attacks before they can cause significant damage. To achieve this, intrusion detection systems (IDS) may be deployed, which can detect attacks and alert human operators, who can then intervene. However, the resource-constrained nature of many CPS poses a challenge, since reliable IDS can be computationally expensive. Consequently, computational nodes may not be able to perform intrusion detection continuously, which means that we have to devise a schedule for performing intrusion detection. While a uniformly random schedule may be optimal in a purely cyber system, an optimal schedule for protecting CPS must also take into account the physical properties of the system, since the set of adversarial actions and their consequences depend on the physical systems. Here, in the context of water distribution networks, we study IDS scheduling problems in two settings and under the constraints on the available battery supplies. In the first problem, the objective is to design, for a given duration of time T, scheduling schemes for IDS so that the probability of detecting an attack is maximized within that duration. We propose efficient heuristic algorithms for this general problem and evaluate them on various networks. In the second problem, our objective is to design scheduling schemes for IDS so that the overall lifetime of the network is maximized while ensuring that an intruder attack is always detected. Various strategies to deal with this problem are presented and evaluated for various networks.
AB - In order to be resilient to attacks, a cyber-physical system (CPS) must be able to detect attacks before they can cause significant damage. To achieve this, intrusion detection systems (IDS) may be deployed, which can detect attacks and alert human operators, who can then intervene. However, the resource-constrained nature of many CPS poses a challenge, since reliable IDS can be computationally expensive. Consequently, computational nodes may not be able to perform intrusion detection continuously, which means that we have to devise a schedule for performing intrusion detection. While a uniformly random schedule may be optimal in a purely cyber system, an optimal schedule for protecting CPS must also take into account the physical properties of the system, since the set of adversarial actions and their consequences depend on the physical systems. Here, in the context of water distribution networks, we study IDS scheduling problems in two settings and under the constraints on the available battery supplies. In the first problem, the objective is to design, for a given duration of time T, scheduling schemes for IDS so that the probability of detecting an attack is maximized within that duration. We propose efficient heuristic algorithms for this general problem and evaluate them on various networks. In the second problem, our objective is to design scheduling schemes for IDS so that the overall lifetime of the network is maximized while ensuring that an intruder attack is always detected. Various strategies to deal with this problem are presented and evaluated for various networks.
UR - http://www.scopus.com/inward/record.url?scp=84964801519&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84964801519&partnerID=8YFLogxK
U2 - 10.1145/2808705.2808711
DO - 10.1145/2808705.2808711
M3 - Conference contribution
AN - SCOPUS:84964801519
T3 - CPS-SPC 2015 - Proceedings of the 1st ACM Workshop on Cyber-Physical Systems-Security and/or Privacy, co-located with CCS 2015
SP - 55
EP - 66
BT - CPS-SPC 2015 - Proceedings of the 1st ACM Workshop on Cyber-Physical Systems-Security and/or Privacy, co-located with CCS 2015
PB - Association for Computing Machinery, Inc
T2 - 1st ACM Workshop on Cyber-Physical Systems-Security and/or Privacy, CPS-SPC 2015
Y2 - 16 October 2015
ER -