基于加权信任优化的传感器网络安全实现

In this paper, an optimized malicious nodes detection algorithm, based on Weighted Confidence Filter (WCF), is proposed to protect sensor networks from attacks. In this algorithm, each cluster head in a cluster-based hierarchical network figures out an average confidence degree by means of messages from its child nodes. The cluster head only accepts a message from the child node whose confidence degree is higher than the average. Meanwhile, it updates the confidence degrees for each of its child nodes by comparing the aggregation value and the received messages, and regards them as the weight of exactness of messages from nodes. A sensor node is judged to be malicious if its weight value is lower than the predefined threshold. Comparative simulation results verify that the proposed WCF algorithm is better than the Weighted Trust Evaluation (WTE) in terms of the detection ratio and the false alarm ratio. More specifically, with the WCF, the detection ratio is significantly improved and the false alarm ratio is observably reduced, especially when the malicious node ratio is 0.25 or greater. When 40% of 100 sensors are malicious, the detection accuracy is above 90% and the false alarm ratio is nearly only 1.8% .     

DCR‐MAC: distributed cognitive radio MAC protocol for wireless ad hoc networks

The MAC protocol for a cognitive radio network should allow access to unused spectrum holes without (or with minimal) interference to incumbent system devices. To achieve this main goal, in this paper a distributed cognitive radio MAC (DCR‐MAC) protocol is proposed for wireless ad hoc networks that provides for the detection and protection of incumbent systems around the communication pair. DCR‐MAC operates over a separate common control channel and multiple data channels; hence, it is able to deal with dynamics of resource availability effectively in cognitive networks. A new type of hidden node problem is introduced that focuses on possible signal collisions between incumbent devices and cognitive radio ad hoc devices. To this end, a simple and efficient sensing information exchange mechanism between neighbor nodes with little overhead is proposed. In DCR‐MAC, each ad hoc node maintains a channel status table with explicit and implicit channel sensing methods. Before a data transmission, to select an optimal data channel, a reactive neighbor information exchange is carried out. Simulation results show that the proposed distributed cognitive radio MAC protocol can greatly reduce interference to the neighbor incumbent devices. A higher number of neighbor nodes leads to better protection of incumbent devices. Copyright © 2008 John Wiley & Sons, Ltd.     

恶意节点容忍的间断连接无线网络消息转发策略

间断连接无线网络中的节点以协作方式完成消息投递,恶意节点将严重影响网络性能。利用节点历史行为信息,该文提出一种恶意节点容忍的消息转发策略,节点结合直接观察信息与邻居节点的推荐信息,通过动态推荐声誉阈值感知节点恶意行为,进而利用证据理论量化节点信任度,从而检测网络中串谋及独立的恶意节点,为消息选择最优的转发节点。结果表明,在带有串谋的恶意攻击下,所提出的消息转发策略能准确检测出恶意节点,并显著提高消息投递率,改善平均时延。     

Node coloring based replica detection technique in wireless sensor networks

Node replication attack possess a higher level of threat in wireless sensor networks. A replicated node takes advantage of having legal identity of the compromised node to control the network traffic and inject malicious information into the network. Several techniques have been proposed to detect node replication in wireless sensor networks. However, in most of these techniques, the responsibility for replica detection lies either with the base station or a few randomly selected witness nodes. In this paper, we propose a technique for detecting replicas without the participation of base station and witness nodes. In the proposed scheme, each node is assigned with a color (value), which is unique within its neighborhood. A color conflict within the neighborhood of a node is detected as a replica. We made a comparison of the proposed scheme with RED (Conti et al. in IEEE Trans Dependable Secure Comput 8(5):685–698, 2011), LSM (Parno et al. in Proceedings of IEEE symposium on security and privacy. IEEE, pp 49–63, 2005), and SET (Choi et al. in Proceedings of third international conference on security and privacy in communications networks and the workshops, SecureComm 2007. IEEE, pp 341–350, 2007). Parameters considered for comparison are detection probability, communication complexity and storage overhead. We observed that the proposed scheme has a higher detection probability, and lower communication and storage overhead.     

Access control in wireless sensor networks

Nodes in a sensor network may be lost due to power exhaustion or malicious attacks. To extend the lifetime of the sensor network, new node deployment is necessary. In military scenarios, adversaries may directly deploy malicious nodes or manipulate existing nodes to introduce malicious “new” nodes through many kinds of attacks. To prevent malicious nodes from joining the sensor network, access control is required in the design of sensor network protocols. In this paper, we propose an access control protocol based on Elliptic Curve Cryptography (ECC) for sensor networks. Our access control protocol accomplishes node authentication and key establishment for new nodes. Different from conventional authentication methods based on the node identity, our access control protocol includes both the node identity and the node bootstrapping time into the authentication procedure. Hence our access control protocol cannot only identify the identity of each node but also differentiate between old nodes and new nodes. In addition, each new node can establish shared keys with its neighbors during the node authentication procedure. Compared with conventional sensor network security solutions, our access control protocol can defend against most well-recognized attacks in sensor networks, and achieve better computation and communication performance due to the more efficient algorithms based on ECC than those based on RSA.     

Secure Multi-copy Routing in Compromised Delay Tolerant Networks

Routing in delay tolerant networks (DTNs) is challenging due to their unique characteristics of intermittent node connectivity. Different protocols (single-, multi-copy, erasure-coding-based etc.) utilizing store-carry-and-forward paradigm have been proposed to achieve routing of messages in such environments by opportunistic message exchanges between nodes that are in the communication range of each other. The sparsity and distributed nature of these networks together with the lack of stable connectivity between source destination pairs make these networks vulnerable to malicious nodes which might attempt to learn the content of the messages being routed between the nodes. In this paper, we study DTNs in which malicious nodes are present, to which we refer to as compromised DTNs. We discuss and analyze the effects of presence of malicious nodes on routing of messages in compromised DTNs. We propose a two period routing approach which aims at achieving the desired delivery ratio by a given delivery deadline in presence of malicious nodes. Our simulation results with both random networks and real DTN traces show that, with proper parameter setting, the proposed method can achieve delivery ratios which surpass those reached by other algorithms by a given delivery deadline.     

Towards a reputation-based routing protocol to contrast blackholes in a delay tolerant network

A Delay Tolerant Network (DTN) relies on the implicit assumption that nodes cooperate towards message forwarding. However, this assumption cannot be satisfied when there are malicious nodes acting as blackholes and voluntarily attracting and dropping messages.In this paper we propose a reputation-based protocol for contrasting blackholes. Every node locally maintains the reputation of forwarding nodes it comes in touch with and, then, upon selecting the next forwarding node, the node chooses among those having the highest reputation. The proposed reputation protocol is composed of three basic mechanisms—acknowledgments, node lists, and aging—that make communication efficient and capable of adapting to the changing operating conditions of a DTN.The protocol has been used to extend CAR [1]. The resulting protocol RCAR (reputation-based CAR) has been compared with T-ProPHET [2], a state-of-the-art reputation-based DTN routing protocol, from several standpoints. As it turns out, RCAR is more effective than T-ProPHET and outperforms it in most cases.     

基于FSM检测的移动自组网攻击分类研究

在移动自组网环境下,由于移动节点可能被攻击截获,导致攻击从内部产生,传统的网络安全措施难以应用,只有通过入侵检测才能发现攻击者。通过分析移动自组网的攻击类型,并构造从恶意节点发起的攻击树,采用有限状态机的思想,设计一个基于FSM的入侵检测算法。采用该算法的入侵检测系统可通过邻居节点的监视,实时地检测到节点的各种攻击行为。     

Improving route discovery in on-demand routing protocols using two-hop connected dominating sets

Many signaling or data forwarding operations involve the broadcasting of packets, which incurs considerable collisions in ad hoc networks based on a contention-based channel access protocol. We propose the Three-hop Horizon Pruning (THP) algorithm to compute two-hop connected dominating set (TCDS) using only local topology information (i.e., two-hop neighborhood). Because every node has the two-hop neighborhood information, it is possible to maintain fresh routes to all nodes within two hops. In this situation, a TCDS is ideal for the propagation of route request (RREQ) messages in the route discovery process of on-demand routing protocols. THP is shown to be more efficient than all prior distributed broadcasting mechanisms, when a TCDS is preferred over a connected dominating sets (CDS). Like all other algorithms that depend on local topology information, THP is not reliable when the topology changes frequently, and there is a clear trade-off between reliability and efficiency. We describe and analyze two enhancements to THP that address the lack of reliability of neighbor information. First we adopt a virtual radio range (VR), shorter than the physical radio range (RR), and consider as one-hop neighbors only those nodes within VR (we do not use two different radio ranges, as in prior work, because it can incur additional interference). The gap between VR and RR works as a buffer zone, in which nodes can move without loss of connectivity. Second, upon receiving a broadcast packet, the forwarder list in the packet header is analyzed together with the current information about the local neighborhood. Based on that, a node may decide to broadcast the packet even though it has not been selected as a forwarder. We conduct extensive simulations and show that AODV-THP with these two enhancements attains better performance than AODV in terms of delivery ratio, control overhead, packet collisions, and end-to-end delay.     

Machine Learning-Driven Optimization for Intrusion Detection in Smart Vehicular Networks

An essential element in the smart city vision is providing safe and secure journeys via intelligent vehicles and smart roads. Vehicular ad hoc networks (VANETs) have played a significant role in enhancing road safety where vehicles can share road information conditions. However, VANETs share the same security concerns of legacy ad hoc networks. Unlike exiting works, we consider, in this paper, detection a common attack where nodes modify safety message or drop them. Unfortunately, detecting such a type of intrusion is a challenging problem since some packets may be lost or dropped in normal VANET due to congestion without malicious action. To mitigate these concerns, this paper presents a novel scheme for minimizing the invalidity ratio of VANET packets transmissions. In order to detect unusual traffic, the proposed scheme combines evidences from current as well as past behaviour to evaluate the trustworthiness of both data and nodes. A new intrusion detection scheme is accomplished through a four phases, namely, rule-based security filter, Dempster–Shafer adder, node’s history database, and Bayesian learner. The suspicion level of each incoming data is determined based on the extent of its deviation from data reported from trustworthy nodes. Dempster–Shafer’s theory is used to combine multiple evidences and Bayesian learner is adopted to classify each event in VANET into well-behaved or misbehaving event. The proposed solution is validated through extensive simulations. The results confirm that the fusion of different evidences has a significant positive impact on the performance of the security scheme compared to other counterparts.

     

A novel approach for mitigating gray hole attack in MANET

Mobile ad hoc network (MANET) is defined as the category of wireless network that is capable of operating without any fixed infrastructure. The main assumption considered in this network is that all nodes are trusted nodes but in real scenario, some nodes can be malicious node and therefore can perform selective dropping of data packets instead of forwarding the data packets to the destination node. These malicious nodes behave normally during route discovery phase and afterwards drop fractions of the data packets routed through them. Such type of attack is known as smart gray hole attack which is variation of sequence number based gray hole attack. In this paper, we have launched smart gray hole attack and proposed a new mechanism for mitigating the impact of smart gray hole attack. Mitigating Gray hole Attack Mechanism (MGAM) uses several special nodes called as G-IDS (gray hole-intrusion detection system) nodes which are deployed in MANETs for detecting and preventing smart gray hole attack. G-IDS nodes overhear the transmission of its neighbouring nodes and when it detects that the node is dropping the data packets which are greater than threshold value then it broadcast the ALERT message in the network notifying about the identity of malicious node. The identified malicious is then blocked from further its participation by dropping the request and reply packet. In order to validate the effectiveness of our proposed mechanism, NS-2.35 simulator is used. The simulation results show that the proposed mechanism performs slightly well as compared with the existing scheme under smart gray hole attack.     

可防御SSDF攻击的宽带压缩频谱感知

SSDF（Spectrum Sensing Data Falsification）攻击是认知无线网络中对频谱感知性能危害最大的攻击方式之一。基于认知无线网络中信号频域的固有稀疏性,本文结合了压缩感知(CS)技术与平均一致(average consensus)算法,建立了可防御SSDF攻击的分布式宽带压缩频谱感知模型。本文建立了次用户的声望值指标,用以在分布式信息融合的过程中更加准确地排除潜在的恶意次用户影响。在感知阶段,各个CR节点对接收到的主用户信号进行压缩采样以减少对宽带信号采样的开销和复杂度,并做出本地频谱估计。在信息融合阶段,各CR节点的本地频谱估计结果以分布式的方式进行信息融合,排除潜在恶意次用户的影响,得到最终的频谱估计结果。仿真结果表明,本文提出的分布式频谱感知模型可以有效地抵御SSDF攻击,提高了频谱感知的性能。      

A trust mechanism-based channel assignment and routing scheme in cognitive wireless mesh networks with intrusion detection

Cognitive Wireless Mesh Networks (CWMN) is a novel wireless network which combines the advantage of Cognitive Radio (CR) and wireless mesh networks. CWMN can realize seamless integration of heterogeneous wireless networks and achieve better radio resource utilization. However, it is particularly vulnerable due to its features of open medium, dynamic spectrum, dynamic topology, and multi-top routing, etc.. Being a dynamic positive security strategy, intrusion detection can provide powerful safeguard to CWMN. In this paper, we introduce trust mechanism into CWMN with intrusion detection and present a trust establishment model based on intrusion detection. Node trust degree and the trust degree of data transmission channels between nodes are defined and an algorithm of calculating trust degree is given based on distributed detection of attack to networks. A channel assignment and routing scheme is proposed, in which selects the trusted nodes and allocates data channel with high trust degree for the transmission between neighbor nodes to establish a trusted route. Simulation results indicate that the scheme can vary channel allocation and routing dynamically according to network security state so as to avoid suspect nodes and unsafe channels, and improve the packet safe delivery fraction effectively.     

A Game Theory Based Multi Layered Intrusion Detection Framework for Wireless Sensor Networks

Most of the existing intrusion detection frameworks proposed for wireless sensor networks (WSNs) are computation and energy intensive, which adversely affect the overall lifetime of the WSNs. In addition, some of these frameworks generate a significant volume of IDS traffic, which can cause congestion in bandwidth constrained WSNs. In this paper, we aim to address these issues by proposing a game theory based multi layered intrusion detection framework for WSNs. The proposed framework uses a combination of specification rules and a lightweight neural network based anomaly detection module to identify the malicious sensor nodes. Additionally, the framework models the interaction between the IDS and the sensor node being monitored as a two player non-cooperative Bayesian game. This allows the IDS to adopt probabilistic monitoring strategies based on the Bayesian Nash Equilibrium of the game and thereby, reduce the volume of IDS traffic introduced into the sensor network. The framework also proposes two different reputation update and expulsion mechanisms to enforce cooperation and discourage malicious behavior among monitoring nodes. These mechanisms are based on two different methodologies namely, Shapley Value and Vickery–Clark–Grooves (VCG) mechanism. The complexity analysis of the proposed reputation update and expulsion mechanisms have been carried out and are shown to be linear in terms of the input sizes of the mechanisms. Simulation results show that the proposed framework achieves higher accuracy and detection rate across wide range of attacks, while at the same time minimizes the overall energy consumption and volume of IDS traffic in the WSN.     

Trust-aware FuzzyClus-Fuzzy NB: intrusion detection scheme based on fuzzy clustering and Bayesian rule

The dynamic nature of the nodes on the mobile ad hoc network (MANET) imposes security issues in the network and most of the Intrusion detection methods concentrated on the energy dissipation and obtained better results, whereas the trust remained a hectic factor. This paper proposes a trust-aware scheme to detect the intrusion in the MANET. The proposed Trust-aware fuzzy clustering and fuzzy Naive Bayes (trust-aware FuzzyClus-Fuzzy NB) method of detecting the intrusion is found to be effective. The fuzzy clustering concept determines the cluster-head to form the clusters. The proposed BDE-based trust factors along with the direct trust, indirect trust, and the recent trust, hold the information of the nodes and the fuzzy Naive Bayes determine the intrusion in the nodes using the node trust table. The simulation results convey the effectiveness of the proposed method and the proposed method is analyzed based on the metrics, such as delay, energy, detection rate, and throughput. The delay is in minimum at a rate of 0.00434, with low energy dissipation of 9.933, high detection rate of 0.623, and greater throughput of 0.642.

     

Analytical Termination of Malicious Nodes (ATOM): An Intrusion Detection System for Detecting Black Hole attack in Mobile Ad Hoc Networks

The decentralized administration and the lack of an appropriate infrastructure causes the MANET prone to attacks. The attackers play on the vulnerable characteristics of the MANET and its underlying routing protocols such as AODV, DSR etc. to bring about a disruption in the data forwarding operation. Hence, the routing protocols need mechanisms to confront and tackle the attacks by the intruders. This research introduces the novel host-based intrusion detection system (HIDS) known as analytical termination of malicious nodes (ATOM) that systematically detects one of the most significant black hole attacks that affects the performance of AODV routing protocol. ATOM IDS performs detection by computing the RREP count (Route Reply) and the packet drop value for each individual node. This system has been simulated over the AODV routing protocol merged with the black hole nodes and the resultant simulation scenario in NS2 has been generated. The trace obtained shows a colossal increase in the packet delivery ratio (PDR) and throughput. The results prove the efficacy of the proposed system.

     

Early detection and rejection probability‐based congestion control scheme for deep space networks

Deep Space Networks (DSNs) are a class of DTNs. In such networks, owing to limited radio range and node mobility, end‐to‐end paths between source and destination nodes are not available. Messages are relayed by store‐and‐forward strategy and may be buffered for long periods before being forwarded to the next hop. Therefore, the buffer of message carriers may overflow, and congestion follows. To address this issue, this paper proposes an early detection and rejection probability‐based congestion control algorithm, named ERBA, in which every intermediate node estimates rejection probability when a new message arrives and refuses to receive the message with the rejection probability, so as to avoid congestion. To validate its effectiveness, ERBA is merged into static routing (SR) and dynamic routing (DR). SR and DR are classical routing algorithms for DSNs. The simulation results show that when working with ERBA, the routing overhead of SR and DR decreases rapidly. However, the message delivery ratio also decreases. To deal with this problem, we propose a buffer‐compensation mechanism that effectively reduces the routing overhead for SR and DR without causing the reduction of the message delivery ratio.Copyright © 2014 John Wiley & Sons, Ltd.     

Geometrical Kernel Machine for Prediction and Novelty Detection of Disruptive Events in TOKAMAK Machines

With the wide adoption of internet into our everyday lives, internet security becomes an important issue. Intrusion detection at the network level is an effective way of stopping malicious attacks at the source and preventing viruses and worms from wide spreading. The key component in a successful network intrusion detection system is a high performance pattern matching engine that can uncover the malicious activities in real time. In this paper, we propose a highly parallel, scalable hardware based network intrusion detection system, that can handle variable pattern length efficiently and effectively. Pattern matching for a packet is completed in O(N log M) time where N is the size of the packet and M is the longest pattern length. Implementation is done on a standard off-the-shelf field-programmable gate array. Comparison with the other techniques shows promising results.     

Challenge-based collaborative intrusion detection in software-defined networking: an evaluation

Software-Defined Networking (SDN) is an emerging architecture that enables a computer network to be intelligently and centrally controlled via software applications. It can help manage the whole network environment in a consistent and holistic way, without the need of understanding the underlying network structure. At present, SDN may face many challenges like insider attacks, i.e., the centralized control plane would be attacked by malicious underlying devices and switches. To protect the security of SDN, effective detection approaches are indispensable. In the literature, challenge-based Collaborative Intrusion Detection Networks (CIDNs) are an effective detection framework in identifying malicious nodes. It calculates the nodes’ reputation and detects a malicious node by sending out a special message called a challenge. In this work, we devise a challenge-based CIDN in SDN and measure its performance against malicious internal nodes. Our results demonstrate that such a mechanism can be effective in SDN environments.     

Encounter based fuzzy logic routing in delay tolerant networks

Delay tolerant networks (DTNs) are a newest class of networks that have the ability to provide connectivity to areas that are yet to be served by conventional networks. Routing in DTN is a tough task because nodes have no prior information about the partitioned network and transfer opportunities between peer nodes are limited. A node in a DTN delivers messages to the destination using the store and forward strategy. Messages are transmitted to multiple intermediate relay nodes encountered in order to increase the opportunity for the message to reach the destination. Encounter duration is the time period in which a pair or more mobile nodes move into the communication range of each other and hence are able to transfer messages between them. Since the node movements are arbitrary, the encounter duration is unpredictable. This research work proposes a novel encounter based fuzzy logic routing (EFLR) scheme to maximize message delivery with reduced overhead. The fuzzy based utility computation is used for finding a better node to forward messages as well as to drop messages from buffer. Simulation results reveal that EFLR performs better than other existing DTN routing protocols.