Deception-Based Security of IOBT Networks Using Intelligent Hybrid Honeypots and Game Theory

Abstract

Internet of Battlefield Things (IoBT) is the application of IoT (Internet of Things) to a battlefield environment. Internet of Things (IoT) is a network of interconnected devices. IoBT is a set of interconnected things specific to a battlefield such as wearable devices, sensors, weapons, etc, that are self-configurable, self-aware, mobile and dynamic. There is a lot of interest in IoBT from the defense community due to their ability to improve the effectiveness and efficiency of military operations. IoBT networks operate in challenging battle field conditions. They have no infrastructure, are highly mobile, dynamic and unpredictable. The information is time sensitive and decisions have to be made quickly. They have a high demand on bandwidth, are susceptible to outages, and jamming by adversaries. In such an environment The aim of this effort is to acquire deep understanding of the security challenges faced by IoBT networks and research and develop an effective solution. Specifically, we will investigate the application of deception and camouflage using intelligent sensor gateways and honeypots to give the defender an advantage over the attacker in a game theoretical framework. To intelligently and effectively detect and mitigate cyber-attacks in an IoBT network, we propose a novel scheme which uses artificial intelligence (AI) and game theory models. The proposed scheme includes Intelligent Attack Detection System (IADS), Intelligent Dual Function Sensor Gateways (IDFGs), Static Honeypots (SHs), and Intelligent Response System (IRS). We propose to investigate the applicability of machine learning, specifically transfer learning techniques to IoBT and select optimal models to develop the IADS. To reduce attack mitigation latency, we propose to use the Lambda architecture to enable the IADS to classify incoming traffic as normal or suspicious in real-time / near real-time. We will test various network topologies to determine whether to deploy the IADS as a separate system or integrate it into the sensor gateways. The IDFGs will intelligently switch between real function and honeypot depending on a decision threshold value, which will be affected by factors such as attack frequency, type, available bandwidth and energy resources. This makes it difficult to select a threshold value that is optimal for all different situations. To meet this challenge, we will create a decision threshold function that is simultaneously adaptive to variations in these factors. Here we will leverage our expertise in designing adaptive protocols in vehicular ad-hoc networks; a branch of IoT. The SHs will not route attacker requests to any real device. Attack data will be collected and fed back to the machine learning models to predict attacks in real-time / near real-time and to improve model accuracy. The IRS will use game theoretic models to select the optimal next move: block the data, provide incorrect data, or route to a honeypot. The proposed scheme will be validated on a test bed that we will build using devices such as real sensors, Intel NUCs as gateways, and drones. The results obtained from this project will be integrated in our vehicular networking, mobile computing, IoT, and emerging network technologies research-oriented courses, and will also be disseminated in educational and technical conferences and journals.

Document Details

Document Type

DoD Grant Award

Publication Date

Aug 31, 2020

Source ID

W911NF2010300

Entities

Tags