Modeling and Analysis of Integrated Proactive Defense Mechanisms for Internet-of-Things

TL;DR

This paper proposes an integrated proactive defense mechanism for IoT networks combining cyberdeception and moving target defense, validated through a graphical security model and genetic algorithm-based topology shuffling.

Contribution

It introduces a novel integrated proactive defense approach for IoT, leveraging cyberdeception, MTD, and genetic algorithms for optimal network topology shuffling.

Findings

GA-based shuffling outperforms random schemes in reducing attack paths.

Tradeoff observed between system lifetime and defense cost.

Adaptive shuffling balances security and cost effectively.

Abstract

As a solution to protect and defend a system against inside attacks, many intrusion detection systems (IDSs) have been developed to identify and react to them for protecting a system. However, the core idea of an IDS is a reactive mechanism in nature even though it detects intrusions which have already been in the system. Hence, the reactive mechanisms would be way behind and not effective for the actions taken by agile and smart attackers. Due to the inherent limitation of an IDS with the reactive nature, intrusion prevention systems (IPSs) have been developed to thwart potential attackers and/or mitigate the impact of the intrusions before they penetrate into the system. In this chapter, we introduce an integrated defense mechanism to achieve intrusion prevention in a software-defined Internet-of-Things (IoT) network by leveraging the technologies of cyberdeception (i.e., a decoy system) and moving target defense, namely MTD (i.e., network topology shuffling). In addition, we validate their effectiveness and efficiency based on the devised graphical security model (GSM)-based evaluation framework. To develop an adaptive, proactive intrusion prevention mechanism, we employed fitness functions based on the genetic algorithm in order to identify an optimal network topology where a network topology can be shuffled based on the detected level of the system vulnerability. Our simulation results show that GA-based shuffling schemes outperform random shuffling schemes in terms of the number of attack paths toward decoy targets. In addition, we observe that there exists a tradeoff between the system lifetime (i.e., mean time to security failure) and the defense cost introduced by the proposed MTD technique for fixed and adaptive shuffling schemes. That is, a fixed GA-based shuffling can achieve higher MTTSF with more cost while an adaptive GA-based shuffling obtains less MTTSF with less cost.