AI帮你理解科学

AI 生成解读视频

AI抽取解析论文重点内容自动生成视频

生成解读视频

AI 溯源

AI解析本论文相关学术脉络

生成溯源树

AI 精读

AI抽取本论文的概要总结

微博一下：

In this paper we present our first steps in the design of an intrusion detection system for these attacks, a system that takes into account the performance, energy, and memory constraints of mobile computing devices

Towards an Intrusion Detection System for Battery Exhaustion Attacks on Mobile Computing Devices

PerCom Workshops, pp.141-145, (2005)

引用：100|浏览30

EI WOS

下载 PDF 全文

原文链接

其它链接

dl.acm.org dblp.uni-trier.de academic.microsoft.com

引用

微博一下

关键词

service attackintrusion detection systemmobile computerlinear regression modelcpu load更多(16+)

摘要

Mobile computers are subject to a unique form of denial of service attack known as a battery exhaustion attack, in which an attacker attempts to rapidly drain the battery of the device. In this paper we present our first steps in the design of an intrusion detection system for these attacks, a system that takes into account the performanc...更多

代码：

数据：

精读

下载 PDF 全文

PPT (上传PPT)

相似论文

引用论文

被引论文

简介

A key element in a successful pervasive computing environment is a personal computing device that enables the user to have continuous access to information [7].
One security attack that is unique to battery powered devices is a denial of service attack aimed at draining the battery.
These “sleep deprivation torture” or “battery exhaustion” attacks, as called by Stajano and Anderson, prevent devices from entering normal low power idle or sleep states [8].
The Cabir virus was created to illustrate a vulnerability in mobile devices running Symbian OS Series 60 [9].
It transmits itself using the Bluetooth communication protocol between devices.
The virus causes the Bluetooth radio on the mobile device to broadcast at frequent intervals, seriously reducing the battery life of the device

重点内容

A key element in a successful pervasive computing environment is a personal computing device that enables the user to have continuous access to information [7]
We have identified and implemented three different classes of these attacks [6]: (1) malignant attacks, in which a virus or Trojan horse is used to make the device consume significant power, (2) benign attacks, in which an unmodified program is given pathological data such that the program consumes excessive energy, and (3) service request attacks, a special form of the benign attack in which repeated requests are made to a network service provided by the device
In addition to our proof-of-concept implementations, there is already a virus “in the wild” that has the properties of a battery exhaustion attack, its excessive power consumption appears to have been a side effect rather than the main intent
We propose the development of an intrusion detection system designed to detect this new form of attack, subject to the performance, memory, and energy limitations of pervasive computing devices
The laptop was chosen for this paper because it provided greater flexibility in testing our fundamental ideas than would a more limited platform such as a cell phone, but we believe the method we describe here can be generalized to work for any battery-powered computing system with the appropriate choice of variables for the regression model
An open question is whether an intrusion detection system (IDS) based on self-contained power measurement such as we have described here can be used to detect non-battery-related intrusions

方法

Methods used in commercial

IDSs may be difficult, if not impossible to implement. For instance, the extensive audit data, in the form of system logging, collected and analyzed by an IDS may not be present or may require too much time and energy to collect.
If a device could operate at idle power for 3 hours under normal usage, the goal might be to guarantee 2 hours of operational life in the face of repeated attacks.
Given this goal, it is necessary to know when the system has high power consumption over a long period of time, such that the system is in danger of not meeting the guaranteed battery life.
When the time threshold has been exceeded, the authors identify which process or processes are responsible for using the most energy over that period of time
Such an IDS is unique in that it can still be successful even if it does not detect all attacks against the system.
Even though the attacks are successful, the goal of guaranteeing a specific battery life is still achieved

结论

Conclusions and Future Work

The proposed IDS proved to be effective in identifying when the system has exceeded the power consumption that would allow it to achieve a guaranteed battery life.
The authors' IDS can identify those processes that caused the increased load on the system.
This allows a user to take a necessary action to stop such processes from continuing to operate.
The cache attack program used in [6] showed increased power consumption for cache misses on some platforms while other platforms showed increased power consumption for cache hits.
Through mechanisms such as Intel’s Pentium performance counters, cache behavior could be recorded and integrated into the power estimation

表格

Table1: Multiple linear regression was used to derive these coefficients

Download tables as Excel

基金

This material is based upon work supported by the National Science Foundation under grant no

研究对象与分析

samples: 10000

Using the Microsoft Performance Data Counters available in Microsoft Windows NT 4.0 and later operating systems, many of these metrics were measured on the above mentioned system while at the same time measuring the power consumption of the system externally. The power measurement setup used was the same as that used in [6], using a high-end digital multimeter capable of sampling system current at 10,000 samples per second. The laptop was chosen for this paper because it provided greater flexibility in testing our fundamental ideas than would a more limited platform such as a cell phone, but we believe the method we describe here can be generalized to work for any battery-powered computing system with the appropriate choice of variables for the regression model

引用论文

S. Forrest and A. Somayaji, “Automated Response Using System-Call Delays,” Proceedings of the 9th USENIX Security Symposium, pp. 185-197, August 2000.
S. Forrest, S. Hofmeyr, and A. Somayaji, A. "Computer immunology," Communications of the ACM,, October 1997, vol. 40, no. 10, pp. 88-96.
A. Jones and R. Sielken, “Computer Intrusion Detection: A Survey”, University of Virginia, Computer Science Technical Report, 2000.
P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," Advances in Cryptology, Crytpo '99, Springer LNCS 1666, pp. 388-397, 1999.
W. Lee and S. Stolfo, “Data Mining Approaches to Intrusion Detection,” Proceedings of the 7th USENIX Security Symposium, pp. 79-94, January 1998.
T. Martin, M. Hsiao, D. Ha, and J. Krishnaswami, “Denialof-Service Attacks on Battery-powered Mobile Computers,” Second IEEE International Conference on Pervasive Computing and Communications, pp. 309-318, March 2004.
M. Satyanarayanan, "Pervasive computing: vision and challenges," IEEE Personal Communications, Volume: 8 Issue: 4, pp. 10 -17, Aug. 2001.
F. Stajano and R. Anderson, "The resurrecting duckling: Security issues for adhoc wireless networks," in Proceedings of the 7th International Workshop on Security Protocols, Lecture Notes in Computer Science volume 1796, pp. 172-194, April 1999.