Stuck in Traffic (SiT) Attacks: A Framework for Identifying Stealthy Attacks that Cause Traffic Congestion

Recent advances in wireless technologies have enabled many new applications in Intelligent Transportation Systems (ITS) such as collision avoidance, cooperative driving, congestion avoidance, and traffic optimization. Due to the vulnerable nature of wireless communication against interference and intentional jamming, ITS face new challenges to ensure the reliability and the safety of the overall system. In this paper, we expose a class of stealthy attacks -- Stuck in Traffic (SiT) attacks -- that aim to cause congestion by exploiting how drivers make decisions based on smart traffic signs. An attacker mounting a SiT attack solves a Markov Decision Process problem to find optimal/suboptimal attack policies in which he/she interferes with a well-chosen subset of signals that are based on the state of the system. We apply Approximate Policy Iteration (API) algorithms to derive potent attack policies. We evaluate their performance on a number of systems and compare them to other attack policies including random, myopic and DoS attack policies. The generated policies, albeit suboptimal, are shown to significantly outperform other attack policies as they maximize the expected cumulative reward from the standpoint of the attacker

Sosiaaliturvajärjestelmien vaikutuksista maatalouden rakenteellisiin muutoksiin : (Suomen osuus FAO:n suorittamasta tutkimuksesta)

With the increased use of "Virtual Machines" (VMs) as vehicles that isolate applications running on the same host, it is necessary to devise techniques that enable multiple VMs to share underlying resources both fairly and efficiently. To that end, one common approach is to deploy complex resource management techniques in the hosting infrastructure. Alternately, in this paper, we advocate the use of self-adaptation in the VMs themselves based on feedback about resource usage and availability. Consequently, we define a "Friendly" VM (FVM) to be a virtual machine that adjusts its demand for system resources, so that they are both efficiently and fairly allocated to competing FVMs. Such properties are ensured using one of many provably convergent control rules, such as AIMD. By adopting this distributed application-based approach to resource management, it is not necessary to make assumptions about the underlying resources nor about the requirements of FVMs competing for these resources. To demonstrate the elegance and simplicity of our approach, we present a prototype implementation of our FVM framework in User-Mode Linux (UML)-an implementation that consists of less than 500 lines of code changes to UML. We present an analytic, control-theoretic model of FVM adaptation, which establishes convergence and fairness properties. These properties are also backed up with experimental results using our prototype FVM implementation

Bandwidth Stealing via Link Targeted RoQ Attacks

We present a scheme that enables a set of flows to acquire an unfair share of bandwidth by mounting an adversarial distributed Reduction of Quality (RoQ) attack on flows competing for that bandwidth. This adversarial behavior stands in sharp contrast to other network exploits, e.g., Denial-of-Service (DoS) attacks, whose aim is to simply take down a resource, or severely limit access to a service. The extent to which the scheme we expose is successful in slowing down competing flows determines the amount of “stolen bandwidth.” We present two schemes for the construction of a RoQ attack stream that would evade detection, and thus would challenge counter-DoS techniques. Our results show the vulnerability of the Internet to the distributed nature of RoQ attacks, which could be mounted through a relatively small number of zombie clients, motivating the need for the development of counter measures. We validate our findings through simple analysis, simulations and real Internet experiments

BLOC: A Game-Theoretic Approach to Orchestrate CPS with Check Blocks against Cyber Attacks

Cyber-Physical Systems (CPS) will be core to most emerging computing systems. A myriad of activities in our lives will rely on the correct operation of these systems, from transportation and energy domains, to manufacturing and healthcare. Securing CPS against cyber-attacks, however, is challenging due to the wide range of possible attacks — from stealthy ones that seek to manipulate control and measurement signals to malware that infects host machines that control the physical process. This has prompted the research community to develop targeted methods that protect and check the run-time operation of the CPS. Since protecting signals and checking for errors result in performance penalties, they must be performed within the delay bounds dictated by the control loop. Due to the large number of potential checks that can be performed, coupled with various degrees of their effectiveness to detect a wide range of attacks, strategic assignment of these checks in the control loop is a critical endeavor. In this talk, I will present a coherent runtime framework — which we coin BLOC — for orchestrating the CPS with check blocks to secure them against cyber-attacks. BLOC capitalizes on game theoretical techniques to enable the defender to find an optimal randomized use of check blocks to secure the CPS while abiding to the control-loop delay constraints. In the first part of the talk, I will present a Stackelberg game model for stateless blocks and a Markov game model for stateful ones and derive optimal policies that minimize the worst-case damage from rational adversaries. In the second part of the talk, I will present a Deep Reinforcement Learning framework that solves for optimal/sub-optimal assignments of check blocks against the explosion in the size of the state/action spaces. I will present results obtained from extensive simulations as well as real instantiations of CPS. By first understanding the behavioral consequences of policy changes in cyberspace, we are better able to defend and understand the increasingly connected world in which we live. One of the greatest drivers of human progress in the last couple of decades is the ability to access technology and the internet, but how we enforce cybersecurity is a pressing problem. Cybersecurity requires an interdisciplinary approach to solve the many problems in fields such as fintech, cyber crime, human rights violations, e-commerce, etc. How individual freedoms can be preserved while human progress can be advanced within cyberspace is the focus of the research within this initiative.Salem Cente

Stuck In Traffic (Sit) Attacks: A Framework For Identifying Stealthy Attacks That Cause Traffic Congestion

Recent advances in wireless technologies have enabled many new applications in Intelligent Transportation Systems (ITS) such as collision avoidance, cooperative driving, congestion avoidance, and traffic optimization. Due to the vulnerable nature of wireless communication against interference and intentional jamming, ITS face new challenges to ensure the reliability and the safety of the overall system. In this paper, we expose a class of stealthy attacks - Stuck in Traffic (SiT) attacks - that aim to cause congestion by exploiting how drivers make decisions based on smart traffic signs. An attacker mounting a SiT attack solves a Markov Decision Process problem to find optimal/suboptimal attack policies in which he/she interferes with a well-chosen subset of signals that are based on the state of the system. We apply approximate policy iteration algorithms to derive potent attack policies. We evaluate their performance on a number of systems and compare them to other attack policies including random, myopic and DoS attack policies. The generated policies, albeit suboptimal, are shown to significantly outperform other attack policies as they maximize the expected cumulative reward from the standpoint of the attacker. © 2013 IEEE