Use this URL to cite or link to this record in EThOS:
Title: Detecting misbehaviour in a complex system-of-systems environment
Author: Shone, N.
ISNI:       0000 0004 5992 905X
Awarding Body: Liverpool John Moores University
Current Institution: Liverpool John Moores University
Date of Award: 2014
Availability of Full Text:
Access from EThOS:
Access from Institution:
Modern systems are becoming increasingly complex, integrated and distributed, in order to meet the escalating demands for functionality. This has given rise to concepts such as system-of-systems (SoS), which organise a myriad of independent component systems into a collaborative super-system, capable of achieving unmatchable levels of functionality. Despite its advantages, SoS is still an infantile concept with many outstanding security concerns, including the lack of effective behavioural monitoring. This can be largely attributed to its distributed, decentralised and heterogeneous nature, which poses many significant challenges. The uncertainty and dynamics of both the SoS’s structure and function poses further challenges to overcome. Due to the unconventional nature of a SoS, existing behavioural monitoring solutions are often inadequate as they are unable to overcome these challenges. This monitoring deficiency can result in the occurrence of misbehaviour, which is one of the most serious yet underestimated security threats facing SoSs and their components. This thesis presents a novel misbehaviour detection framework specifically developed for operation in a SoS environment. By combining the use of uniquely calculated behavioural threshold profiles and periodic threshold adaptation, the framework is able to cope with monitoring the dynamic behaviour and suddenly occurring changes that affect threshold reliability. The framework improves SoS contribution and monitoring efficiency by controlling monitoring observations using statecharts, which react to the level of behavioural threat perceived by the system. The accuracy of behavioural analysis is improved by using a novel algorithm to quantify detected behavioural abnormalities, in terms of their level of irregularity. The framework utilises collaborative behavioural monitoring to increase the accuracy of the behavioural analysis, and to combat the threat posed by training based attacks to the threshold adaptation process. The validity of the collaborative behavioural monitoring is assured by using the novel behavioural similarity assessment algorithm, which selects the most behaviourally appropriate SoS components to collaborate with. The proposed framework and its subsequent techniques are evaluated via numerous experiments. These examine both the limitations and relative merits when compared to monitoring solutions and techniques from similar research areas. The results of these conclude that the framework is able to offer misbehaviour monitoring in a SoS environment, with increased efficiency and reduced false positive rates, false negative rates, resource usage and run-time requirements.
Supervisor: Shi, Qi ; Merabti, Madjid ; Kifayat, Kashif Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
Keywords: QA75 Electronic computers. Computer science ; QA76 Computer software