Essential services in an Internet of Things (IoT)-based critical system should be continuously provided even when undesirable events like failures, attacks, and emergencies happen. In this work, we analyze the system’s ability to survive failures that are caused by resource exhaustion attacks. Such ability to survive means that the system’s services should be provided in compliance with the associated requirements also in presence of failures and other undesired events. Accordingly, we present a hybrid method (i.e., measurements- and model-based) to assess the expected survivability of an IoT system under resource-exhaustion attacks and, based on it, to optimize the preventive maintenance trigger period that maximizes survivability and minimizes the expected downtime cost. A realistic case study is implemented to emulate an IoT scenario and used to estimate the extent of resource consumption at each layer of the IoT stack when the system is subject to a resource-exhaustion attack. A semi-Markov process is then adopted to model the transient behavior of the system during an intrusion. The model is enriched with an additional state that represents a proactive recovery, in which the system is not available for a maintenance action aimed at preventing failure. The model solution gives the optimal maintenance triggering time.

中文翻译：

---

物联网系统在资源耗尽攻击下的生存能力分析

即使在发生故障、攻击和紧急情况等不良事件时，也应持续提供基于物联网 (IoT) 的关键系统中的基本服务。在这项工作中，我们分析了系统在资源耗尽攻击引起的故障中的生存能力。这种生存能力意味着在出现故障和其他意外事件时，系统的服务也应按照相关要求提供。因此，我们提出了一种混合方法（即基于测量和模型）来评估物联网系统在资源耗尽攻击下的预期生存能力，并在此基础上优化预防性维护触发期，以最大限度地提高生存能力并最大限度地减少预期停机成本。实施了一个真实的案例研究来模拟物联网场景，并用于估计当系统受到资源耗尽攻击时物联网堆栈每一层的资源消耗程度。然后采用半马尔可夫过程来模拟入侵期间系统的瞬态行为。该模型增加了一个代表主动恢复的附加状态，其中系统不可用于旨在防止故障的维护操作。模型解决方案给出了最佳维护触发时间。该模型增加了一个代表主动恢复的附加状态，其中系统不可用于旨在防止故障的维护操作。模型解决方案给出了最佳维护触发时间。该模型增加了一个代表主动恢复的附加状态，其中系统不可用于旨在防止故障的维护操作。模型解决方案给出了最佳维护触发时间。