2,334 research outputs found
Recommended from our members
A novel intrusion detection and prevention scheme for network coding-enabled mobile small cells
Network coding (NC)-enabled mobile small cells are observed as a promising technology for fifth-generation (5G) networks that can cover the urban landscape by being set up on demand at any place and at any time on any device. Nevertheless, despite the significant benefits that this technology brings to the 5G of mobile networks, major security issues arise due to the fact that NC-enabled mobile small cells are susceptible to pollution attacks; a severe security threat exploiting the inherent vulnerabilities of NC. Therefore, intrusion detection and prevention mechanisms to detect and mitigate pollution attacks are of utmost importance so that NC-enabled mobile small cells can reach their full potential. Thus, in this article, we propose for the first time, to the best of our knowledge, a novel intrusion detection and prevention scheme (IDPS) for NC-enabled mobile small cells. The proposed scheme is based on a null space-based homomorphic message authentication code (MAC) scheme that allows detection of pollution attacks and takes proper risk mitigation actions when an intrusive incident is detected. The proposed scheme has been implemented in Kodo and its performance has been evaluated in terms of computational overhead
Recommended from our members
IDLP: an efficient intrusion detection and location-aware prevention mechanism for network coding-enabled mobile small cells
Mobile small cell technology is considered as a 5G enabling technology for delivering ubiquitous 5G services in a cost-effective and energy efficient manner. Moreover, Network Coding (NC) technology can be foreseen as a promising solution for the wireless network of mobile small cells to increase its throughput and improve its performance. However, NC-enabled mobile small cells are vulnerable to pollution attacks due to the inherent vulnerabilities of NC. Although there are several works on pollution attack detection, the attackers may continue to pollute packets in the next transmission of coded packets of the same generation from the source node to the destination nodes. Therefore, in this paper, we present an intrusion detection and location-aware prevention (IDLP) mechanism which does not only detect the polluted packets and drop them but also identify the attacker's exact location so as to block them and prevent packet pollution in the next transmissions. In the proposed IDLP mechanism, the detection and locating schemes are based on a null space-based homomorphic MAC scheme. However, the proposed IDLP mechanism is efficient because, in its initial phase (i.e., Phase 1), it is not needed to be applied to all mobile devices in order to protect the NC-enabled mobile small cells from the depletion of their resources. The proposed efficient IDLP mechanism has been implemented in Kodo, and its performance has been evaluated and compared with our previous IDPS scheme proposed in [1], in terms of computational complexity, communicational overhead, and successfully decoding probability as well
Recommended from our members
IDLP mechanism for NC-enabled mobile small cells based on broadcast nature of wireless communication
Network Coding (NC) technology can be foreseen as a promising solution for mobile small cell technology problems existing in the 5th generation of mobile networks. NC-enabled mobile small cells increase network throughput and improve their performance in a cost-effective and energy-efficient manner. However, NC-enabled mobile small cells are vulnerable to pollution attacks. Although there have been some works done on pollution attack detection, the attackers may continue to pollute packets in the next transmission of coded packets from the source to the destinations. Therefore, in this paper, we present an intrusion detection and location-aware prevention mechanism to not only detect the pollution attacks and drop them but also detect the attacker’s exact location in order to block them from making pollution in the next transmissions. In the proposed mechanism, the detection scheme is based on a homomorphic MAC scheme, and we make use of the advantages within broadcast nature in the wireless communication medium to find the source of the pollution attacks. The proposed mechanism, SpaceMac proposed in [1] and the IDLP mechanism proposed in [2] have been implemented in Kodo and their performance has been evaluated in terms of decoding probability
Recommended from our members
On the performance analysis of IDLP and SpaceMac for network coding-enabled mobile small cells
Network coding (NC)-enabled mobile small cells are observed as a promising technology for 5G networks in a cost-effective and energy-efficient manner. The NC-enabled environment suffers from pollution attacks where malicious intermediate nodes manipulate packets in transition. Detecting the polluted packets as well as identifying the exact location of malicious users are equally important tasks for these networks. SpaceMac [1] is one of the most competitive mechanisms in the literature for detecting pollution attacks and identifying the exact location of attackers in RLNC. In this paper, we compare SpaceMac with the IDLP mechanism presented in [2]. Both mechanisms have been implemented in KODO and they are compared in terms of computational complexity, computational overhead, communication overhead and decoding probability. The performance evaluation results demonstrated that IDLP is more efficient than SpaceMac while at the same time is more secure as shown through the security analysis part in this paper
LGTBIDS: Layer-wise Graph Theory Based Intrusion Detection System in Beyond 5G
The advancement in wireless communication technologies is becoming more
demanding and pervasive. One of the fundamental parameters that limit the
efficiency of the network are the security challenges. The communication
network is vulnerable to security attacks such as spoofing attacks and signal
strength attacks. Intrusion detection signifies a central approach to ensuring
the security of the communication network. In this paper, an Intrusion
Detection System based on the framework of graph theory is proposed. A
Layerwise Graph Theory-Based Intrusion Detection System (LGTBIDS) algorithm is
designed to detect the attacked node. The algorithm performs the layer-wise
analysis to extract the vulnerable nodes and ultimately the attacked node(s).
For each layer, every node is scanned for the possibility of susceptible
node(s). The strategy of the IDS is based on the analysis of energy efficiency
and secrecy rate. The nodes with the energy efficiency and secrecy rate beyond
the range of upper and lower thresholds are detected as the nodes under attack.
Further, detected node(s) are transmitted with a random sequence of bits
followed by the process of re-authentication. The obtained results validate the
better performance, low time computations, and low complexity. Finally, the
proposed approach is compared with the conventional solution of intrusion
detection.Comment: in IEEE Transactions on Network and Service Management, 202
Parallelizing a network intrusion detection system using a GPU.
As network speeds continue to increase and attacks get increasingly more complicated, there is need to improved detection algorithms and improved performance of Network Intrusion Detection Systems (NIDS). Recently, several attempts have been made to use the underutilized parallel processing capabilities of GPUs, to offload the costly NIDS pattern matching algorithms. This thesis presents an interface for NIDS Snort that allows porting of the pattern-matching algorithm to run on a GPU. The analysis show that this system can achieve up to four times speedup over the existing Snort implementation and that GPUs can be effectively utilized to perform intensive computational processes like pattern matching
AI Solutions for MDS: Artificial Intelligence Techniques for Misuse Detection and Localisation in Telecommunication Environments
This report considers the application of Articial Intelligence (AI) techniques to
the problem of misuse detection and misuse localisation within telecommunications
environments. A broad survey of techniques is provided, that covers inter alia
rule based systems, model-based systems, case based reasoning, pattern matching,
clustering and feature extraction, articial neural networks, genetic algorithms, arti
cial immune systems, agent based systems, data mining and a variety of hybrid
approaches. The report then considers the central issue of event correlation, that
is at the heart of many misuse detection and localisation systems. The notion of
being able to infer misuse by the correlation of individual temporally distributed
events within a multiple data stream environment is explored, and a range of techniques,
covering model based approaches, `programmed' AI and machine learning
paradigms. It is found that, in general, correlation is best achieved via rule based approaches,
but that these suffer from a number of drawbacks, such as the difculty of
developing and maintaining an appropriate knowledge base, and the lack of ability
to generalise from known misuses to new unseen misuses. Two distinct approaches
are evident. One attempts to encode knowledge of known misuses, typically within
rules, and use this to screen events. This approach cannot generally detect misuses
for which it has not been programmed, i.e. it is prone to issuing false negatives.
The other attempts to `learn' the features of event patterns that constitute normal
behaviour, and, by observing patterns that do not match expected behaviour, detect
when a misuse has occurred. This approach is prone to issuing false positives,
i.e. inferring misuse from innocent patterns of behaviour that the system was not
trained to recognise. Contemporary approaches are seen to favour hybridisation,
often combining detection or localisation mechanisms for both abnormal and normal
behaviour, the former to capture known cases of misuse, the latter to capture
unknown cases. In some systems, these mechanisms even work together to update
each other to increase detection rates and lower false positive rates. It is concluded
that hybridisation offers the most promising future direction, but that a rule or state
based component is likely to remain, being the most natural approach to the correlation
of complex events. The challenge, then, is to mitigate the weaknesses of
canonical programmed systems such that learning, generalisation and adaptation
are more readily facilitated
- …