Design and Development of Adaptive Intrusion Management for Cyber-Based Systems

Muhamad Felemban, Purdue University


With the growing Cyber-security threats to governmental and organizational infrastructures, the need to develop high resilient Cyber-Based Systems (CBSs) that preserve the security of data is becoming increasingly important. A prominent type of Cyber-attacks is intrusion attacks that aim at data tampering, which can impair the confidentiality and the integrity of data. Therefore, it is imperative to design a holistic intrusion management approach for CBSs. In this dissertation, we address the challenges of designing and developing a resilient intrusion management system. In particular, we propose an adaptive data Partitioning-based Intrusion Management System (PIMS) that can endure intense malicious intrusion attacks on Database Management Systems (DBMSs). The novelty of PIMS is a data partitioning scheme that provides the ability to contain the damage in confined partitions. We formulate the demarcation problem as a dual-objective optimization problem and prove that it is NP-hard. Accordingly, we propose two heuristic solutions for the problem. Furthermore, PIMS incorporates a novel partition-based response and recovery mechanisms, which executes compensating transactions to automatically repair the damage caused by the intrusion attacks. Then, we consider access-controlled skewed workload, in which the transactions are executed based on a specified access control policy and the data objects are accessed non-uniformly. We formulate the related demarcation problem and propose two heuristics. The new problem has significantly less number of variables as compared to the original demarcation problem. We present a Malicious Transaction Benchmark (MTB) to evaluate the performance of the proposed intrusion management systems. The novelty of the MTB is the ability to generate transactional workload and to orchestrate various attacking scenarios. Then, we extend the functionality of PIMS to design a time-aware Threat Management System (TMS) for Data-driven IoT-based Collaborative Systems (DIoTCS). The novelty of the TMS is confining the damage into partitions based on the execution time-constraints specified by the DIoTCS applications. We model the execution time- constraints of the DIoTCS applications and then formulate the partitioning problem as a cost-driven optimization problem. We prove that the partitioning problem is NP-hard and accordingly propose two efficient heuristics. We evaluate the TMS using the MTB and demonstrate that intelligent data-partitioning improves the overall availability of the DIoTCS.




Ghafoor, Purdue University.

Subject Area

Computer Engineering|Computer science

Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server