A resource-preserving self-regulating Uncoupled MAC algorithm to be applied in incident detection

Abstract The connectivity of embedded systems is increasing accompanied with thriving technology such as Internet of Things/Everything (IoT/E), Connected Cars, Smart Cities, Industry 4.0, 5G or Software-Defined Everything. Apart from the benefits of these trends, the continuous networking offers hackers a broad spectrum of attack vectors. The identification of attacks or unknown behavior through Intrusion Detection Systems (IDS) has established itself as a conducive and mandatory mechanism apart from the protection by cryptographic schemes in a holistic security eco-system. In systems where resources are valuable goods and stand in contrast to the ever increasing amount of network traffic, sampling has become a useful utility in order to detect malicious activities on a manageable amount of data. In this work an algorithm – Uncoupled MAC – is presented which secures network communication through a cryptographic scheme by uncoupled Message Authentication Codes (MAC) but as a side effect also provides IDS functionality producing alarms based on the violation of Uncoupled MAC values. Through a novel self-regulation extension, the algorithm adapts it’s sampling parameters based on the detection of malicious actions. The evaluation in a virtualized environment clearly shows that the detection rate increases over runtime for different attack scenarios. Those even cover scenarios in which intelligent attackers try to exploit the downsides of sampling.

[1]  Adrian Taylor,et al.  Anomaly-Based Detection of Malicious Activity in In-Vehicle Networks , 2017 .

[2]  Jie Liu,et al.  Optimal combined intrusion detection and biometric-based continuous authentication in high security mobile ad hoc networks , 2009, IEEE Transactions on Wireless Communications.

[3]  Gabriel Maciá-Fernández,et al.  A model-based survey of alert correlation techniques , 2013, Comput. Networks.

[4]  Amrita Roy Chowdhury,et al.  LMAC: A Lightweight Message Authentication Code for Wireless Sensor Network , 2014, 2015 IEEE Global Communications Conference (GLOBECOM).

[5]  T. Sukumara,et al.  Cyber security – security strategy for distribution management system and security architecture considerations , 2017 .

[6]  Gulshan Kumar,et al.  Evaluation Metrics for Intrusion Detection Systems - A Study , 2014 .

[7]  Tomás Pevný,et al.  Loda: Lightweight on-line detector of anomalies , 2016, Machine Learning.

[8]  P. Balasubramanie,et al.  An Adaptive Hybrid Multi-level Intelligent Intrusion Detection System for Network Security , 2014 .

[9]  Daniel Fallstrand,et al.  Applicability analysis of intrusion detection and prevention in automotive systems , 2015 .

[10]  Anat Bremler-Barr,et al.  Spoofing prevention method , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[11]  Ajay Kushwaha,et al.  A Novel Selective Encryption Method for Securing Text Over Mobile Ad Hoc Network , 2016 .

[12]  Guo-Xin Wu,et al.  Packet-level adaptive sampling on multi-fluctuation scale traffic , 2005, Proceedings. 2005 International Conference on Communications, Circuits and Systems, 2005..

[13]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[14]  Antoine Boulanger,et al.  A simple intrusion detection method for controller area network , 2016, 2016 IEEE International Conference on Communications (ICC).

[15]  Erdal Cayirci,et al.  Security in Wireless Ad Hoc and Sensor Networks , 2009 .

[16]  Jin Cao,et al.  An Automata Based Intrusion Detection Method for Internet of Things , 2017, Mob. Inf. Syst..

[17]  Xiaolei Wang,et al.  Adaptive traffic sampling for P2P botnet detection , 2017, Int. J. Netw. Manag..

[18]  Jay Beale,et al.  Snort Intrusion Detection and Prevention Toolkit , 2007 .

[19]  Martin Rehák,et al.  Optimizing flow sampling for network anomaly detection , 2011, 2011 7th International Wireless Communications and Mobile Computing Conference.

[20]  Dalibor Fiala,et al.  A Lightweight Quantum-Safe Security Concept for Wireless Sensor Network Communication , 2019, 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[21]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[22]  R. Srinivasan,et al.  Smart vehicles with everything , 2016, 2016 2nd International Conference on Contemporary Computing and Informatics (IC3I).

[23]  Yu-Lin He,et al.  Fuzziness based semi-supervised learning approach for intrusion detection system , 2017, Inf. Sci..

[24]  Ezzat G. Bakhoum,et al.  Intrusion detection model based on selective packet sampling , 2011, EURASIP J. Inf. Secur..

[25]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[26]  Ingrid Verbauwhede,et al.  Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers , 2014, Selected Areas in Cryptography.

[27]  EMMANOUIL VASILOMANOLAKIS,et al.  Taxonomy and Survey of Collaborative Intrusion Detection , 2015, ACM Comput. Surv..

[28]  S. Papavassiliou,et al.  Improving network anomaly detection via selective flow-based sampling , 2008, IET Commun..

[29]  Wei Xu,et al.  CIDS: Adapting Legacy Intrusion Detection Systems to the Cloud with Hybrid Sampling , 2016, 2016 IEEE International Conference on Computer and Information Technology (CIT).

[30]  Martin Schramm,et al.  Embedded plug-in devices to secure industrial network communications , 2016, 2016 International Conference on Applied Electronics (AE).

[31]  Hui Zang,et al.  Impact of Packet Sampling on Portscan Detection , 2006, IEEE Journal on Selected Areas in Communications.

[32]  Radu Lupu,et al.  Agent-based IDMEF alerting infrastructure for distributed intrusion detection and prevention systems: Design and validation , 2016, 2016 International Conference on Communications (COMM).

[33]  Albert C. Esterline,et al.  Behavioral Modeling Intrusion Detection System (BMIDS) Using Internet of Things (IoT) Behavior-Based Anomaly Detection via Immunity-Inspired Algorithms , 2016, 2016 25th International Conference on Computer Communication and Networks (ICCCN).

[34]  Chang-qing Zhu,et al.  Selective authentication algorithm based on semi-fragile watermarking for vector geographical data , 2014, 2014 22nd International Conference on Geoinformatics.

[35]  Vincent Nicomette,et al.  A language-based intrusion detection approach for automotive embedded networks , 2015, Int. J. Embed. Syst..

[36]  Aws Naser Jaber,et al.  Host Based Intrusion Detection and Prevention Model Against DDoS Attack in Cloud Computing , 2017, 3PGCIC.

[37]  E. A. Akkoyunlu,et al.  Some constraints and tradeoffs in the design of network communications , 1975, SOSP.

[38]  Ryszard Erazm Jurga,et al.  Packet Sampling for Network Monitoring , 2007 .

[39]  Mohsen Rezvani,et al.  Assessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing , 2018 .

[40]  Dalibor Fiala,et al.  Assessment simulation model for uncoupled message authentication , 2017, 2017 International Conference on Applied Electronics (AE).

[41]  JongWon Kim,et al.  Suspicious traffic sampling for intrusion detection in software-defined networks , 2016, Comput. Networks.

[42]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[43]  Severin Kacianka,et al.  A real-time remote IDS testbed for connected vehicles , 2018, SAC.

[44]  Christopher Krügel,et al.  Intrusion Detection and Correlation - Challenges and Solutions , 2004, Advances in Information Security.