Jichao Bi,Shibo He,Fengji Luo,Wenchao Meng,Luyue Ji,Da-Wen Huang

DOI: https://doi.org/10.1109/TII.2022.3231406

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial Internet of Things (IIoT) is vulnerable to advanced persistent threat (APT). In this article, we study a scenario in which APT is launched to attack IIoT devices. Considering the APTs lateral movement, a node-level state evolution model is established to calculate the probability of every device in an IIoT system to be compromised by APT. Based on this, a Stackelberg game model is proposed for the APT attacker and defender, which can accurately describe the gaming process. An effective computational approach is developed to obtain the potential Stackelberg equilibrium strategy pair of the game. Extensive case studies and comparison studies are conducted to validate the effectiveness of the proposed method.

Juntao Chen,Corinne Touati,Quanyan Zhu

DOI: https://doi.org/10.48550/arXiv.2108.13159

2021-07-26

Networking and Internet Architecture

Abstract:The emerging Internet of Things (IoT) applications that leverage ubiquitous connectivity and big data are facilitating the realization of smart everything initiatives. IoT-enabled infrastructures have naturally a multi-layer system architecture with an overlaid or underlaid device network and its coexisting infrastructure network. The connectivity between different components in these two heterogeneous interdependent networks plays an important role in delivering real-time information and ensuring a high-level situational awareness. However, IoT-enabled infrastructures face cyber threats due to the wireless nature of communications. Therefore, maintaining network connectivity in the presence of adversaries is a critical task for infrastructure network operators. In this paper, we establish a three-player three-stage dynamic game-theoretic framework including two network operators and one attacker to capture the secure design of multi-layer interdependent infrastructure networks by allocating limited resources. We use subgame perfect Nash equilibrium (SPE) to characterize the strategies of players with sequential moves. In addition, we assess the efficiency of the equilibrium network by comparing with its team optimal solution counterparts in which two network operators can coordinate. We further design a scalable algorithm to guide the construction of the equilibrium IoT-enabled infrastructure networks. Finally, we use case studies on the emerging paradigm of the Internet of Battlefield Things (IoBT) to corroborate the obtained results.

Lili Chen,Zhen Wang,Jintao Wu,Yunchuan Guo,Fenghua Li,Zifu Li

DOI: https://doi.org/10.1002/cpe.6944

2022-04-20

Concurrency and Computation: Practice and Experience

Abstract:As mobile communications, the Internet, databases, distributed computing, and other technologies continue to develop, the Internet of Things (IoT) has emerged as prevalent technique. However, attacks on security and sensitive data in IoT occur frequently, and these attacks often evade intrusion detection systems strategically by mutating their traffic. To prevent security threats and sensitive data leakage, we propose a game approach based on adversarial deep learning to optimize a dynamic security threshold strategy. We introduce a mobile edge computing framework and utilize a game model to describe the adversarial interaction between the two participants. To solve the complexity of the game problem to gain dynamically randomized adversarial attacks, we present a column generation (CG) framework, which uses a feedforward neural network to quantify data flowing through IoT devices. Considering the limited resources of IoT devices, we calculate an optimal response to cyberattacks via a particle swarm optimization algorithm, aiming to reduce the false alarm rate. The adversarial dynamic threshold (ADT)‐based column generation (CG‐ADT) algorithm generates the set of detection threshold and the probability. Finally, we present the results of experiments conducted to demonstrate the effectiveness and robustness of the proposed dynamic threshold scheme for sensitive data security protection in IoT and its suitability for implementation in production systems.

Lili Chen,Zhen Wang,Fenghua Li,Yunchuan Guo,Kui Geng

DOI: https://doi.org/10.3390/s20030804

IF: 3.9

2020-01-01

Sensors

Abstract:With limited computing resources and a lack of physical lines of defense, the Internet of Things (IoT) has become a focus of cyberattacks. In recent years, outbreak propagation attacks against the IoT have occurred frequently, and these attacks are often strategical. In order to detect the outbreak propagation as soon as possible, t embedded Intrusion Detection Systems (IDSs) are widely deployed in the IoT. This paper tackles the problem of outbreak detection in adversarial environment in the IoT. A dynamic scheduling strategy based on specific IDSs monitoring of IoT devices is proposed to avoid strategic attacks. Firstly, we formulate the interaction between the defender and attacker as a Stackelberg game in which the defender first chooses a set of device nodes to activate, and then the attacker selects one seed (one device node) to spread the worms. This yields an extremely complex bilevel optimization problem. Our approach is to build a modified Column Generation framework for computing the optimal strategy effectively. The optimal response of the defender's problem is expressed as mixed-integer linear programming (MILPs). It is proved that the solution of the defender's optimal response is a NP-hard problem. Moreover, the optimal response of defenders is improved by an approximate algorithm--a greedy algorithm. Finally, the proposed scheme is tested on some randomly generated instances. The experimental results show that the scheme is effective for monitoring optimal scheduling.

Yue Wu,Tao Jing,Qinghe Gao,Yingzhen Wu,Yan Huo

DOI: https://doi.org/10.1016/j.dcan.2022.12.016

IF: 6.348

2023-01-01

Digital Communications and Networks

Abstract:The Internet of Things (IoT) has permeated various fields relevant to our lives. In these applications, countless IoT devices transmit vast amounts of data, which often carry important and private information. To prevent malicious users from spoofing these information, the first critical step is effective authentication. Physical Layer Authentication (PLA) employs unique characteristics inherent to wireless signals and physical devices and is promising in the IoT due to its flexibility, low complexity, and transparency to higher layer protocols. In this paper, the focus is on the interaction between multiple malicious spoofers and legitimate receivers in the PLA process. First, the interaction is formulated as a static spoof detection game by including the spoofers and receivers as players. The best authentication threshold of the receiver and the attack rate of the spoofers are consideblack as Nash Equilibrium (NE). Then, closed-form expressions are derived for all NEs in the static environment in three cases: multiplayer games, zero-sum games with collisions, and zero-sum games without collisions. Considering the dynamic environment, a Multi-Agent Deep Deterministic Policy Gradient (MADDPG) algorithm is propsed to analyse the interactions of recevier and spoofers. Last, comprehensive simulation experiments are conducted and demonstrate the impact of environmental parameters on the NEs, which provides guidance to design effective PLA schemes.

telecommunications

Siyang Yu,Fan Wu,Baoding Chen,Ronghui Cao,Zhibang Yang,Keqin Li

DOI: https://doi.org/10.1002/cpe.7826

2023-01-01

Abstract:SummaryWith the rise of industrialization, the importance of the industrial Internet of Things (IIoT) has increased significantly, and with it comes a variety of security threats. Therefore, the security of these networks is critical. Industrial Response Systems (IRSs), as the last line of security, plays an important role in the security system of the Industrial Internet of Things. In this paper, a new IRS model based on the non‐cooperative game is proposed. First, by combining the Partially Observable Markov Decision Process (POMDP) model with the stochastic game model based on the expanded attack tree, our model could effectively perceive the changes at each node. Second, our model incorporates the alarms of intrusion detection system (IDS) and the physical quantities of sensors in Industrial Cyber‐Physical System (ICPS) into the quantization system so that the model can respond to intruders more accurately and comprehensively. Finally, we develop this model based on multiprocessors to speed up the solution process, and adopt an approximation algorithm to reduce the number of iterations of the POMDP

Mengmeng Ge,Jin-Hee Cho,Dong Seong Kim,Gaurav Dixit,Ing-Ray Chen

DOI: https://doi.org/10.48550/arXiv.2005.04220

2020-05-08

Abstract:Resource constrained Internet-of-Things (IoT) devices are highly likely to be compromised by attackers because strong security protections may not be suitable to be deployed. This requires an alternative approach to protect vulnerable components in IoT networks. In this paper, we propose an integrated defense technique to achieve intrusion prevention by leveraging cyberdeception (i.e., a decoy system) and moving target defense (i.e., network topology shuffling). We verify the effectiveness and efficiency of our proposed technique analytically based on a graphical security model in a software defined networking (SDN)-based IoT network. We develop four strategies (i.e., fixed/random and adaptive/hybrid) to address "when" to perform network topology shuffling and three strategies (i.e., genetic algorithm/decoy attack path-based optimization/random) to address "how" to perform network topology shuffling on a decoy-populated IoT network, and analyze which strategy can best achieve a system goal such as prolonging the system lifetime, maximizing deception effectiveness, maximizing service availability, or minimizing defense cost. Our results demonstrate that a software defined IoT network running our intrusion prevention technique at the optimal parameter setting prolongs system lifetime, increases attack complexity of compromising critical nodes, and maintains superior service availability compared with a counterpart IoT network without running our intrusion prevention technique. Further, when given a single goal or a multi-objective goal (e.g., maximizing the system lifetime and service availability while minimizing the defense cost) as input, the best combination of "how" and "how" strategies is identified for executing our proposed technique under which the specified goal can be best achieved.

Cryptography and Security

Huici Wu,Qiuyue Gao,Xiaofeng Tao,Ning Zhang,Dajiang Chen,Zhu Han

DOI: https://doi.org/10.1109/jiot.2021.3122115

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) is vulnerable to various cyber attacks due to the massive deployment of IoT devices and the openness of wireless environments. In this article, taking IoT devices as the network resources competed between an attacker and a defender, we study the modeling and analysis of network resource competition in an attack-defense game. The attacker and defender inject different competition strength in each IoT device as their strategies. As a result, the security state of each IoT device will change, which is captured by differential equations. To study the interaction between the attacker and defender and the evolution of the system security states, a zero-sum differential game is formulated by modeling the competition of IoT devices. To achieve the equilibrium of the formulated differential game, optimal control theory is employed to solve the optimization problems of players. Further, a Gauss–Seidel-like implicit finite-difference method is utilized to obtain the saddle point strategy. Finally, numerical results are provided to demonstrate the evolution of network resource competition between the attacker and defender. The results show that our formulated model can effectively and accurately characterize the evolution of the system security states with strategic interactions between the attacker and defender.

She'ifa Z. Punla‐Green,John E. Mitchell,Jared L. Gearhart,William E. Hart,Cynthia A. Phillips

DOI: https://doi.org/10.1002/net.22208

2024-01-17

Networks

Abstract:This paper considers an extension of the shortest path network interdiction problem that incorporates robustness to account for parameter uncertainty. The shortest path interdiction problem is a game of two players with conflicting agendas and capabilities: an evader, who traverses the arcs of a network from a source node to a sink node using a path of shortest length, and an interdictor, who maximizes the length of the evader's shortest path by interdicting arcs on the network. It is usually assumed that the parameters defining the network are known exactly by both players. We consider the situation where the evader assumes the nominal parameter values while the interdictor uses robust optimization techniques to account for parameter uncertainty or sensor degradation. We formulate this problem as a nonlinear mixed‐integer semi‐infinite bilevel program and show that it can be converted into a mixed‐integer linear program with a second order cone constraint. We use random geometric networks and transportation networks to perform computational studies and demonstrate the unique decision strategies that our variant produces. Solving the shortest path interdiction problem with asymmetric uncertainty protects the interdictor from investing in a strategy that hinges on key interdictions performing as promised. It also provides an alternate strategy that mitigates the risk of these worst‐case possibilities.

computer science, hardware & architecture,operations research & management science

Yikai Liu,Yong Zeng,Yang Liu,and Zhihong Liu

DOI: https://doi.org/10.1145/3417311.3430706

2020-01-01

Abstract:Distributed Internet of things (IoT) is becoming an important technology with the popularization of intelligent devices, which builds a bridge between physical networks and social networks. Therefore, how to ensure the security of IoT is an urgent problem. As an effective measure to improve physical layer security, cooperative jamming has been extensively adopted to reduce the eavesdropper's ability to listen to the transmitted signals. Over the past decades, there has been lots of research on cooperative jamming in the single physical layer network. Meanwhile, some works use game theory to analyze the strategies of jammers and legitimate channels. However, these studies assume that the system is ideal and static, which does not conform to the real-world environment. On the other hand, they often ignore the social relationships that exist in the network, nor do they consider the impact of social relationships on the game. In this paper, we first establish a two-layer network model, which includes a physical layer and a social layer. Then we combine a two-layer network with game theory. In the single jamming node scenario, the jamming node is the leader and the legitimate channel is the follower, so we establish a Stackelberg game. Noting the influence of social strength on the game, we rewrite the benefit function of the jamming node. Our experiment results show the relationship between a legitimate channel's benefit and its purchase power quantity. At the same time, we can find those good social relationships can significantly improve the security rate of the communication system.

Jing Jiang,Xiao Liu

DOI: https://doi.org/10.1109/IEEM.2018.8607827

2018-01-01

Abstract:Critical infrastructures are significant for national security, economic development and social stability. With the development of economic globalization and information technology, the increasing network complexity and dynamic information have brought challenges to generate data-driven defense strategies for an infrastructure network against multiple interdictions. In order to optimize the defense strategy dynamically, we develop a data-driven finite Bayesian Stackelberg game model among a defender and multiple interdictors. In this model, the defender, with incomplete information on the interdictors' risk attitude and objective weight, initiates to improve the network performance in the most cost-effective way; whereas the interdictor, with incomplete information on the valuation of components and effectiveness ratio, follows to destroy the network structure in the most cost-effective way. Over the dynamic interactions among the defender and multiple interdictors, the interdictor's knowledge of the effectiveness ratio is updated by Bayesian updating rule. In order to solve the proposed model, smallest-depth binary-partition based hierarchical algorithm is developed to obtain the strong Stackelberg equilibrium. Finally, the practical applicability is demonstrated by a case study of Zhi Jiang network.

MingChu Li,Wanyu Dong,Xiao Zheng,Anil Carie,Yuan Tian

DOI: https://doi.org/10.1007/978-981-19-0604-6_49

2022-01-01

Abstract:This paper proposes a method to enable a risk-averse and resource-constrained network defender to deploy security countermeasures in an optimal way to prevent multiple potential attackers with uncertain budgets. To solve the problem of information asymmetry between the attacker and the defender, a fake countermeasure (FC) is placed on the arc, and the situation of multiple attackers is also taken into consideration. This method is based on the risk aversion bi-level stochastic network interdiction model on the attack graph, which can easily map the path of attackers. Meanwhile, our method can minimize the weighted sum of all losses and minimize the risk of the defender's key nodes being destroyed. At the same time, in order to prevent the key node of the defender from being destroyed, the risk condition value measurement is taken into account in the stochastic programming model. We design a SA-CPLEX algorithm to provide a high-quality approximate optimal solution. And computational results suggest that our method provides better network interdiction decisions than traditional deterministic and risk-neutral models.

LIANG Haoran,WU Jun,ZHAO Chengcheng,LI Jianhua

DOI: https://doi.org/10.11959/j.issn.2096-3750.2021.00226

2021-01-01

Abstract:With the commercialization of 5G and the development of 6G, more and more Internet of things (IoT) devices are linked to the novel cyber-physical system (CPS) to support intelligent decision making.However, the highly decentralized and heterogeneous IoT devices face potential threats that may mislead the CPS.Traditional intrusion detection solutions cannot protect the privacy of IoT devices, and they have to deal with the single point of failure, which prevents these solutions from being deploying in IoT scenarios.The edge learning and game theory based intrusion detection for IoT was proposed.Firstly, an edge learning based intrusion detection framework was proposed to detect potential threats in IoT.Moreover, a multi-leader multi-follower game was employed to motivate trusted parameter servers and edge devices to participate in the edge learning process.Experiments and evaluations show the security and effectiveness of the proposed intrusion detection framework.

Peiyu Li,Hui Wang,Guo Tian,Zhihui Fan

DOI: https://doi.org/10.3390/s24154766

2024-07-23

Abstract:Maintaining security in communication networks has long been a major concern. This issue has become increasingly crucial due to the emergence of new communication architectures like the Internet of Things (IoT) and the advancement and complexity of infiltration techniques. For usage in networks based on the Internet of Things, previous intrusion detection systems (IDSs), which often use a centralized design to identify threats, are now ineffective. For the resolution of these issues, this study presents a novel and cooperative approach to IoT intrusion detection that may be useful in resolving certain current security issues. The suggested approach chooses the most important attributes that best describe the communication between objects by using Black Hole Optimization (BHO). Additionally, a novel method for describing the network's matrix-based communication properties is put forward. The inputs of the suggested intrusion detection model consist of these two feature sets. The suggested technique splits the network into a number of subnets using the software-defined network (SDN). Monitoring of each subnet is done by a controller node, which uses a parallel combination of convolutional neural networks (PCNN) to determine the presence of security threats in the traffic passing through its subnet. The proposed method also uses the majority voting approach for the cooperation of controller nodes in order to more accurately detect attacks. The findings demonstrate that, in comparison to the prior approaches, the suggested cooperative strategy can detect assaults in the NSLKDD and NSW-NB15 datasets with an accuracy of 99.89 and 97.72 percent, respectively. This is a minimum 0.6 percent improvement.

Geethapriya Thamilarasu,Shiven Chawla

DOI: https://doi.org/10.3390/s19091977

2019-04-27

Abstract:Cyber-attacks on the Internet of Things (IoT) are growing at an alarming rate as devices, applications, and communication networks are becoming increasingly connected and integrated. When attacks on IoT networks go undetected for longer periods, it affects availability of critical systems for end users, increases the number of data breaches and identity theft, drives up the costs and impacts the revenue. It is imperative to detect attacks on IoT systems in near real time to provide effective security and defense. In this paper, we develop an intelligent intrusion-detection system tailored to the IoT environment. Specifically, we use a deep-learning algorithm to detect malicious traffic in IoT networks. The detection solution provides security as a service and facilitates interoperability between various network communication protocols used in IoT. We evaluate our proposed detection framework using both real-network traces for providing a proof of concept, and using simulation for providing evidence of its scalability. Our experimental results confirm that the proposed intrusion-detection system can detect real-world intrusions effectively.

Xu Chen,Liang Xiao,Wei Feng,Ning Ge,Xianbin Wang

DOI: https://doi.org/10.1109/jiot.2021.3138094

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The proliferation of Distributed Denial of Service (DDoS) attacks in Internet of Things (IoT) not only threatens the security of digital devices and infrastructure but also severely degrades IoT system performance due to the overly consumed network resources. With the knowledge of identity information of devices and signaling data, Internet service providers (ISPs) can detect and block DDoS traffic by monitoring the upstream IoT packets, and thereby, improve network efficiency. However, inspecting all data packets online for DDoS detection will significantly increase both the network delay and the computational overhead. Therefore, the packet sampling strategy is crucial for the defenders to detect DDoS attacks. To this end, this article formulates a Stackelberg game model to analyze the collaborative IoT packet sampling against DDoS attacks. Through the equilibrium analysis of the DDoS game, we derive the lower bound of packet sampling rate (PSR) that can effectively deter potential attackers. Unlike traditional offline detection, our proposed packet sampling strategy can support both the online detection and proactive prevention of DDoS traffic. As a use case, a multipoint DDoS defense framework is developed to address the IP spoofing in 5G networks based on the proposed packet sampling strategy, which deters DDoS attacks and reduces the packet sampling cost, and thereby, maximizes the IoT utility, compared with existing methods. In typical reflection attacks (in which no more than five packets of response are triggered by a request packet), our proposed scheme not only reduces more than 70% of the sampling rate but also demonstrates superior robustness against boundary condition variation.

Bingjie Liu,Haitao Xu,Xianwei Zhou

DOI: https://doi.org/10.3390/s18114074

2018-01-01

Abstract:With the rapid development of the Internet of Things, there are a series of security problems faced by the IoT devices. As the IoT devices are generally devices with limited resources, how to effectively allocate the restricted resources facing the security problems is the key issue at present. In this paper, we study the resource allocation problem in threat defense for the resource-constrained IoT system, and propose a Stackelberg dynamic game model to get the optimal allocated resources for both the defender and attackers. The proposed Stackelberg dynamic game model is composed by one defender and many attackers. Given the objective functions of the defender and attackers, we analyze both the open-loop Nash equilibrium and feedback Nash equilibrium for the defender and attackers. Then both the defender and attackers can control their available resources based on the Nash equilibrium solutions of the dynamic game. Numerical simulation results show that correctness and effeteness of the proposed model.

Benjamin A. Miller,Zohair Shafi,Wheeler Ruml,Yevgeniy Vorobeychik,Tina Eliassi-Rad,Scott Alfeld

2023-05-30

Abstract:Identifying shortest paths between nodes in a network is an important task in applications involving routing of resources. Recent work has shown that a malicious actor can manipulate a graph to make traffic between two nodes of interest follow their target path. In this paper, we develop a defense against such attacks by modifying the weights of the graph that users observe. The defender must balance inhibiting the attacker against any negative effects of the defense on benign users. Specifically, the defender's goals are: (a) to recommend the shortest paths possible to users, (b) for the lengths of the shortest paths in the published graph to be close to those of the same paths in the true graph, and (c) to minimize the probability of an attack. We formulate the defense as a Stackelberg game in which the defender is the leader and the attacker is the follower. In this context, we also consider a zero-sum version of the game, in which the defender's goal is to minimize cost while achieving the minimum possible attack probability. We show that this problem is NP-hard and propose heuristic solutions based on increasing edge weights along target paths in both the zero-sum and non-zero-sum settings. Relaxing some constraints of the original problem, we formulate a linear program for local optimization around a feasible point. We present defense results with both synthetic and real network datasets and show that these methods often reach the lower bound of the defender's cost.

Social and Information Networks

Shuaishuai Tan,Wenyin Liu,Qingkuan Dong,Sammy Chan,Shui Yu,Xiaoxiong Zhong,Daojing He

DOI: https://doi.org/10.1109/jiot.2023.3284155

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Massive Internet of Things (IoT) devices have been playing a critical role in both the cyber and physical worlds. Various cyber attacks pose significant risks to IoT. Machine learning-based intrusion detection system (IDS) has earned much research attention. However, the intrusion prevention system (IPS) is rarely explored. Realtime intrusion prevention is quite challenging because the decision has to be made during a flow rather than after it finishes. Restricted by aligning with the shortest flows, existing IPSs generally inspect only the very first packets, leading to information loss for accurate detection. In this article, we first measure the information loss quantitatively. Then we devise Sniper, an IoT IPS scheme consisting of a flow length predictor, a novel feature space, and an enhanced ensemble learning algorithm. The flow length predictor guides a proper prevention time point to preserve as much information as possible. The proposed Markov matrix-based feature encoding method further saves more information than existing ones. The enhanced learning algorithm ensures a low-false positive rate (FPR), which is critical for IPSs. We benchmark Sniper with one closed-world and three open-world data sets. The results show that Sniper achieves a 99.89% prevention rate and 0.03% FPR, which is superior to the five state-of-the-art baseline models.

Wenji He,Yifeng Liu,Haipeng Yao,Tianle Mai,Ni Zhang,F. Richard Yu

DOI: https://doi.org/10.1109/jiot.2020.3041656

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The past few years have witnessed the compelling applications of the Internet of Things (IoT) in our daily life. The explosive growth of the number of IoT devices also presents a great challenge in network security, especially the DDoS attack. Current DDoS defense mechanisms adopted out-of-band architecture, which is accomplished by a process that receives monitoring data from routers and switches, then analyzes that flow data to detect attacks. However, facing IoT devices growing rapidly, this out-of-band architecture confronted with limited processing capacity, bandwidth resources, and service assurance problems. Recently, with the development of the programming switch, it opens up new possibilities for in-network DDoS detection, where the detection algorithms could be directly implemented inside the routers and switches. Benefit from switch processing performance, the in-network mechanism could achieve high scalability and line speed performance. Therefore, in this article, we design a machine learning-based in-network DDoS detection framework. We implement the lightweight variational Bayes algorithm in each switch to detect the anomaly traffic. Besides, considering the shortage of training data in each switch, a centralized platform is introduced to synchronize parameters among distributed switches to realize collaborative learning. Extensive simulations are conducted to evaluate our proposed algorithm in comparison to some state-of-the-art schemes.