1 / 13

7 April 2009 CS 5214 Presenter: Phu-Gui Feng

Performance Analysis of Distributed IDS Protocols for Mobile GCS Dr. Jin-Hee Cho, Dr. Ing-Ray Chen. 7 April 2009 CS 5214 Presenter: Phu-Gui Feng. MITRE. MITRE. Agenda. Introduction System Description Secure GCS Distributed IDS Resulting Metrics Performance Model (SPN)

masako
Download Presentation

7 April 2009 CS 5214 Presenter: Phu-Gui Feng

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Performance Analysis of Distributed IDS Protocols for Mobile GCSDr. Jin-Hee Cho, Dr. Ing-Ray Chen 7 April 2009 CS 5214 Presenter: Phu-Gui Feng MITRE MITRE

  2. Agenda • Introduction • System Description • Secure GCS • Distributed IDS • Resulting Metrics • Performance Model (SPN) • Key Parameterization • SRN Calculations • Conclusions

  3. MANET Design Challenges Paper Objective: to Design Secure GCS • Mobile Ad Hoc Network (MANET) hosts form secure group communication systems (Secure GCS) • In GCS, mobile nodes join and leave a group dynamically High security vulnerability: • Outsider attacks: 1st line of defense with key pairs • Insider attacks: IDS is 2nd line of defense Unique characteristics: • Open medium, Dynamic topology • De-centralized decision and cooperation • Lack of centralized authority • Lack of resources (power, BW, memory) • No clear line of defense [7] The Problem: System Failure Before Mission Completion Our Goal: To Improve High Survivability (MTTSF)

  4. Related Work & Application Related Work: • No reactive IDS against changing attacker behaviors • No analysis on detection latency vs performance degradation • No impact of IDS on performance degradation Our Unique Contribution: • The need for Secure GCS in MANET • Trade off between security and performance • Insider attacks and IDS defects • Identify optimal design of adaptive IDS • Develop SRN to describe and analyze IDS & tradeoff • Evaluate Maxed MTTSF and optimalIDS detection interval

  5. System Description (1 of 3) Secure GCS: • Shared key to maintain group confidentiality • Group key agreement protocol [9] • Distributed key management protocol– CKA GDH[10] • Dynamic group rekeying to change group key • Forward secrecy: know previous key, not current • Backward secrecy: know current key, not previous • Mission oriented to detect/evict compromised nodes • E.g. Rescue teams in disaster recovery • E.g. Soldiers groups in battle field • Compromised nodes result in compromised system • Accepting leaked info (C1) resulted in loss of system integrity • More than 1/3 member nodes are un-detected & compromised (C2) resulted in loss of system availability • Collusion (Pfn, Pfp) result in detection defects

  6. System Description (2 of 3) Distributed IDS: • Host based IDS [15] • Local detection on compromised neighboring nodes • Pre-install host-based IDS • misuse detection, anomaly detection [15] • Voting based IDS • Independent framework • Cooperative detection • Majority voting on sensor networks [2] • Approach: • Host-based IDS collects info • Periodically, a target node evaluated/being voted • m voters are selected

  7. System Description (3 of 3) Security and Performance Metrics: • MTTSF: • Average time before reaching failure absorption state • Lower MTTSF means faster C1 or C2 • Goal: maximize MTTSF • Communication Traffic Cost ( ) • Total traffic per sec: • Group communication, • Status exchange, rekeying, • Intrusion detection, beacon, • Group partition/merge • High cost means high contention, high delay • Goal: to minimize total cost

  8. Performance Model

  9. Key Parameterization

  10. SRN Calculations Expected cumulative reward: MTTSF • Reward assignment: • Operational states, 1 • Failure state, 0

  11. Conclusions (1 of 3) Optimal TIDS Sensitivity: higher m lower Pfp, Pfn  MTTSF increases  Cost is high smaller m large Pfp, Pfn  MTTSF decreases, • Before Topt, TIDS increases so that fewer IDS less probable false alarms  • less probable GF from C2  MTTSF increases • After Topt, TIDS increases so that fewer IDS • more T_CP more UCm  • more probable GF from C1MTTSF decreases

  12. Conclusions (2 of 3) Optimal TIDS: tradeoff CGC, CIDS higher m lower Pfp, Pfn  CGC higher higher m more voters  CIDS higher Sensitive TIDS: higher m higher Cost saving

  13. Conclusions (3 of 3) Secure GCS: • Identify optimal design of adaptive IDS in response to changing attacker strength

More Related