Facial reconstruction

Search LJMU Research Online

Browse Repository | Browse E-Theses

Detecting Misbehaviour in a Complex System-of-Systems Environment

Shone, N (2014) Detecting Misbehaviour in a Complex System-of-Systems Environment. Doctoral thesis, Liverpool John Moores University.

[img] Text

Download (2MB)


Modern systems are becoming increasingly complex, integrated and distributed, in order to meet the escalating demands for functionality. This has given rise to concepts such as system-of-systems (SoS), which organise a myriad of independent component systems into a collaborative super-system, capable of achieving unmatchable levels of functionality. Despite its advantages, SoS is still an infantile concept with many outstanding security concerns, including the lack of effective behavioural monitoring. This can be largely attributed to its distributed, decentralised and heterogeneous nature, which poses many significant challenges. The uncertainty and dynamics of both the SoS’s structure and function poses further challenges to overcome. Due to the unconventional nature of a SoS, existing behavioural monitoring solutions are often inadequate as they are unable to overcome these challenges. This monitoring deficiency can result in the occurrence of misbehaviour, which is one of the most serious yet underestimated security threats facing SoSs and their components. This thesis presents a novel misbehaviour detection framework specifically developed for operation in a SoS environment. By combining the use of uniquely calculated behavioural threshold profiles and periodic threshold adaptation, the framework is able to cope with monitoring the dynamic behaviour and suddenly occurring changes that affect threshold reliability. The framework improves SoS contribution and monitoring efficiency by controlling monitoring observations using statecharts, which react to the level of behavioural threat perceived by the system. The accuracy of behavioural analysis is improved by using a novel algorithm to quantify detected behavioural abnormalities, in terms of their level of irregularity. The framework utilises collaborative behavioural monitoring to increase the accuracy of the behavioural analysis, and to combat the threat posed by training based attacks to the threshold adaptation process. The validity of the collaborative behavioural monitoring is assured by using the novel behavioural similarity assessment algorithm, which selects the most behaviourally appropriate SoS components to collaborate with. The proposed framework and its subsequent techniques are evaluated via numerous experiments. These examine both the limitations and relative merits when compared to monitoring solutions and techniques from similar research areas. The results of these conclude that the framework is able to offer misbehaviour monitoring in a SoS environment, with increased efficiency and reduced false positive rates, false negative rates, resource usage and run-time requirements.

Item Type: Thesis (Doctoral)
Uncontrolled Keywords: security, system-of-systems, monitoring, behavioural monitoring
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Divisions: Computer Science & Mathematics
Date Deposited: 20 Oct 2016 13:49
Last Modified: 03 Sep 2021 23:27
DOI or ID number: 10.24377/LJMU.t.00004537
Supervisors: Shi, Qi, Merabti, Madjid and Kifayat, Kashif
URI: https://researchonline.ljmu.ac.uk/id/eprint/4537
View Item View Item