Modeling and analysis of integrated proactive defense mechanisms for Internet of Things

As a solution to protect and defend a system against inside attacks, many intrusion detection systems (IDSs) have been developed to identify and react to them for protecting a system. However, the core idea of an IDS is a reactive mechanism in nature even though it detects intrusions which have already been in the system. Hence, the reactive mechanisms would be way behind and not effective for the actions taken by agile and smart attackers. Due to the inherent limitation of an IDS with the reactive nature, intrusion prevention systems (IPSs) have been developed to thwart potential attackers and/or mitigate the impact of the intrusions before they penetrate into the system. In this chapter, we introduce an integrated defense mechanism to achieve intrusion prevention in a software‐defined Internet of Things (IoT) network by leveraging the technologies of cyber deception (i.e. a decoy system) and moving target defense, namely MTD (i.e. network topology shuffling). In addition, we validate their effectiveness and efficiency based on the devised graphical security model (GSM)‐based evaluation framework. To develop an adaptive, proactive intrusion prevention mechanism, we employed fitness functions based on the genetic algorithm (GA) in order to identify an optimal network topology where a network topology can be shuffled based on the detected level of system vulnerability. Our simulation results show that GA‐based shuffling schemes outperform random shuffling schemes in terms of the number of attack paths toward decoy targets. In addition, we observe that there exists a trade‐off between the system lifetime (i.e. mean time to security failure, MTTSF) and the defense cost introduced by the proposed MTD technique for fixed and adaptive shuffling schemes. That is, a fixed GA‐based shuffling can achieve higher MTTSF with more cost while an adaptive GA‐based shuffling obtains less MTTSF with less cost.