AI帮你理解科学

AI 生成解读视频

AI抽取解析论文重点内容自动生成视频


pub
生成解读视频

AI 溯源

AI解析本论文相关学术脉络


Master Reading Tree
生成 溯源树

AI 精读

AI抽取本论文的概要总结


微博一下
In this paper we present our first steps in the design of an intrusion detection system for these attacks, a system that takes into account the performance, energy, and memory constraints of mobile computing devices

Towards an Intrusion Detection System for Battery Exhaustion Attacks on Mobile Computing Devices

PerCom Workshops, pp.141-145, (2005)

引用100|浏览30
EI WOS
下载 PDF 全文
引用
微博一下

摘要

Mobile computers are subject to a unique form of denial of service attack known as a battery exhaustion attack, in which an attacker attempts to rapidly drain the battery of the device. In this paper we present our first steps in the design of an intrusion detection system for these attacks, a system that takes into account the performanc...更多

代码

数据

0
简介
  • A key element in a successful pervasive computing environment is a personal computing device that enables the user to have continuous access to information [7].
  • One security attack that is unique to battery powered devices is a denial of service attack aimed at draining the battery.
  • These “sleep deprivation torture” or “battery exhaustion” attacks, as called by Stajano and Anderson, prevent devices from entering normal low power idle or sleep states [8].
  • The Cabir virus was created to illustrate a vulnerability in mobile devices running Symbian OS Series 60 [9].
  • It transmits itself using the Bluetooth communication protocol between devices.
  • The virus causes the Bluetooth radio on the mobile device to broadcast at frequent intervals, seriously reducing the battery life of the device
重点内容
  • A key element in a successful pervasive computing environment is a personal computing device that enables the user to have continuous access to information [7]
  • We have identified and implemented three different classes of these attacks [6]: (1) malignant attacks, in which a virus or Trojan horse is used to make the device consume significant power, (2) benign attacks, in which an unmodified program is given pathological data such that the program consumes excessive energy, and (3) service request attacks, a special form of the benign attack in which repeated requests are made to a network service provided by the device
  • In addition to our proof-of-concept implementations, there is already a virus “in the wild” that has the properties of a battery exhaustion attack, its excessive power consumption appears to have been a side effect rather than the main intent
  • We propose the development of an intrusion detection system designed to detect this new form of attack, subject to the performance, memory, and energy limitations of pervasive computing devices
  • The laptop was chosen for this paper because it provided greater flexibility in testing our fundamental ideas than would a more limited platform such as a cell phone, but we believe the method we describe here can be generalized to work for any battery-powered computing system with the appropriate choice of variables for the regression model
  • An open question is whether an intrusion detection system (IDS) based on self-contained power measurement such as we have described here can be used to detect non-battery-related intrusions
方法
  • Methods used in commercial

    IDSs may be difficult, if not impossible to implement. For instance, the extensive audit data, in the form of system logging, collected and analyzed by an IDS may not be present or may require too much time and energy to collect.
  • If a device could operate at idle power for 3 hours under normal usage, the goal might be to guarantee 2 hours of operational life in the face of repeated attacks.
  • Given this goal, it is necessary to know when the system has high power consumption over a long period of time, such that the system is in danger of not meeting the guaranteed battery life.
  • When the time threshold has been exceeded, the authors identify which process or processes are responsible for using the most energy over that period of time
  • Such an IDS is unique in that it can still be successful even if it does not detect all attacks against the system.
  • Even though the attacks are successful, the goal of guaranteeing a specific battery life is still achieved
结论
  • Conclusions and Future Work

    The proposed IDS proved to be effective in identifying when the system has exceeded the power consumption that would allow it to achieve a guaranteed battery life.
  • The authors' IDS can identify those processes that caused the increased load on the system.
  • This allows a user to take a necessary action to stop such processes from continuing to operate.
  • The cache attack program used in [6] showed increased power consumption for cache misses on some platforms while other platforms showed increased power consumption for cache hits.
  • Through mechanisms such as Intel’s Pentium performance counters, cache behavior could be recorded and integrated into the power estimation
表格
  • Table1: Multiple linear regression was used to derive these coefficients
Download tables as Excel
基金
  • This material is based upon work supported by the National Science Foundation under grant no
研究对象与分析
samples: 10000
Using the Microsoft Performance Data Counters available in Microsoft Windows NT 4.0 and later operating systems, many of these metrics were measured on the above mentioned system while at the same time measuring the power consumption of the system externally. The power measurement setup used was the same as that used in [6], using a high-end digital multimeter capable of sampling system current at 10,000 samples per second. The laptop was chosen for this paper because it provided greater flexibility in testing our fundamental ideas than would a more limited platform such as a cell phone, but we believe the method we describe here can be generalized to work for any battery-powered computing system with the appropriate choice of variables for the regression model

引用论文
  • S. Forrest and A. Somayaji, “Automated Response Using System-Call Delays,” Proceedings of the 9th USENIX Security Symposium, pp. 185-197, August 2000.
    Google ScholarLocate open access versionFindings
  • S. Forrest, S. Hofmeyr, and A. Somayaji, A. "Computer immunology," Communications of the ACM,, October 1997, vol. 40, no. 10, pp. 88-96.
    Google ScholarLocate open access versionFindings
  • A. Jones and R. Sielken, “Computer Intrusion Detection: A Survey”, University of Virginia, Computer Science Technical Report, 2000.
    Google ScholarFindings
  • P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," Advances in Cryptology, Crytpo '99, Springer LNCS 1666, pp. 388-397, 1999.
    Google ScholarFindings
  • W. Lee and S. Stolfo, “Data Mining Approaches to Intrusion Detection,” Proceedings of the 7th USENIX Security Symposium, pp. 79-94, January 1998.
    Google ScholarLocate open access versionFindings
  • T. Martin, M. Hsiao, D. Ha, and J. Krishnaswami, “Denialof-Service Attacks on Battery-powered Mobile Computers,” Second IEEE International Conference on Pervasive Computing and Communications, pp. 309-318, March 2004.
    Google ScholarLocate open access versionFindings
  • M. Satyanarayanan, "Pervasive computing: vision and challenges," IEEE Personal Communications, Volume: 8 Issue: 4, pp. 10 -17, Aug. 2001.
    Google ScholarLocate open access versionFindings
  • F. Stajano and R. Anderson, "The resurrecting duckling: Security issues for adhoc wireless networks," in Proceedings of the 7th International Workshop on Security Protocols, Lecture Notes in Computer Science volume 1796, pp. 172-194, April 1999.
    Google ScholarLocate open access versionFindings
0
您的评分 :

暂无评分

标签
评论
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn