Survivability Analysis of IoT Systems Under Resource Exhausting Attacks

Abstract

Essential services in an Internet of Things (IoT)-based critical system should be continuously provided even when undesirable events like failures, attacks, and emergencies happen. In this work, we analyze the system’s ability to survive failures that are caused by resource exhaustion attacks. Such ability to survive means that the system’s services should be provided in compliance with the associated requirements also in presence of failures and other undesired events. Accordingly, we present a hybrid method (i.e., measurements- and model-based) to assess the expected survivability of an IoT system under resource-exhaustion attacks and, based on it, to optimize the preventive maintenance trigger period that maximizes survivability and minimizes the expected downtime cost. A realistic case study is implemented to emulate an IoT scenario and used to estimate the extent of resource consumption at each layer of the IoT stack when the system is subject to a resource-exhaustion attack. A semi-Markov process is then adopted to model the transient behavior of the system during an intrusion. The model is enriched with an additional state that represents a proactive recovery, in which the system is not available for a maintenance action aimed at preventing failure. The model solution gives the optimal maintenance triggering time.