Abstract
In this chapter, we present a model that characterizes the propagation of stepping‐stone attacks in the Internet of Things (IoT) using a vulnerability graph with fixed and switching topology. The cost of a stepping‐stone stack path is modeled as a first‐order dynamical system where the control input is the biased min‐consensus protocol, which converges to the minimum cost, giving us the tool for the calculation of the shortest stepping‐stone attack path from every source node to every target node. The model is discretized, and for the convergence analysis of the stepping‐stone dynamics, the min‐plus algebra is introduced. In this framework, the stepping‐stone dynamic is formulated as a linear system in a min‐plus algebra. The model is expanded to a more realistic scenario where the vulnerability graph is not fixed, that is, when the vulnerability graph changes due to the attack have been detected, triggering the intrusion detection system, or because the attacker that has exploited a vulnerability in any node will exploit the same vulnerability more efficiently in any other node. In this scenario, the stepping‐stone dynamics are modeled as a switched linear system in a min‐plus algebra. Necessary and sufficient conditions for the convergence of the stepping‐stone dynamics to the minimum cost in the fixed topology case and a sufficient condition for the switching topology case are provided. For the validation of the model, simulations for the fixed and switching topology case are presented. A preliminary version of this work was published at the 2018 IEEE ICC conference (M. Gamarra, S. Shetty, O. Gonzalez, D. Nicol, C. A. Kamhoua, and L. Njilla. “Analysis of stepping stone attacks in dynamic vulnerability graphs.” In: IEEE International Conference on Communications (ICC) , Kansas City, MO, 20–24 May 2018.). In this chapter, we have extended the preliminary work to frame the model within IoT context with more detailed mathematical results.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
