84 research outputs found
Using trust to detect denial of service attacks in the internet of things over MANETs
The rapid growth of employing devices as tools in daily life and the technological revolution have led to the invention of a novel paradigm; the Internet of Things (IoT). It includes a group of ubiquitous devices that communicate and share data with each other. These devices use the Internet Protocol (IP) to manage network nodes through mobile ad hoc networks (MANET). IoT is beneficial to MANET as the nodes are self-organising and the information reach can be expanded according to the network range. Due to the nature of MANET, such as dynamic topology, a number of challenges are inherent, such as Denial of Service (DoS) attacks. DoS attacks prohibit legitimate users from accessing their authorised services. In addition, because of the high mobility of MANET, the network can merge with other networks. In this situation, two or more networks of untrusted nodes may join one another leaving each of the networks open to attack. This paper proposes a novel method to detect DoS attacks immediately prior to the merger of two MANETs. To demonstrate the applicability of the proposed approach, a Grayhole attack is used in this study to evaluate the performance of the proposed method in detecting attacks
A Survey of Security in UAVs and FANETs: Issues, Threats, Analysis of Attacks, and Solutions
Thanks to the rapidly developing technology, unmanned aerial vehicles (UAVs)
are able to complete a number of tasks in cooperation with each other without
need for human intervention. In recent years, UAVs, which are widely utilized
in military missions, have begun to be deployed in civilian applications and
mostly for commercial purposes. With their growing numbers and range of
applications, UAVs are becoming more and more popular; on the other hand, they
are also the target of various threats which can exploit various
vulnerabilities of UAV systems in order to cause destructive effects. It is
therefore critical that security is ensured for UAVs and the networks that
provide communication between UAVs. In this survey, we aimed to present a
comprehensive detailed approach to security by classifying possible attacks
against UAVs and flying ad hoc networks (FANETs). We classified the security
threats into four major categories that make up the basic structure of UAVs;
hardware attacks, software attacks, sensor attacks, and communication attacks.
In addition, countermeasures against these attacks are presented in separate
groups as prevention and detection. In particular, we focus on the security of
FANETs, which face significant security challenges due to their characteristics
and are also vulnerable to insider attacks. Therefore, this survey presents a
review of the security fundamentals for FANETs, and also four different routing
attacks against FANETs are simulated with realistic parameters and then
analyzed. Finally, limitations and open issues are also discussed to direct
future wor
Dynamic and Efficient Protocol for Detection and Mitigation of Multiple Black Hole Attacks in MANETs
On the Security of the Automatic Dependent Surveillance-Broadcast Protocol
Automatic dependent surveillance-broadcast (ADS-B) is the communications
protocol currently being rolled out as part of next generation air
transportation systems. As the heart of modern air traffic control, it will
play an essential role in the protection of two billion passengers per year,
besides being crucial to many other interest groups in aviation. The inherent
lack of security measures in the ADS-B protocol has long been a topic in both
the aviation circles and in the academic community. Due to recently published
proof-of-concept attacks, the topic is becoming ever more pressing, especially
with the deadline for mandatory implementation in most airspaces fast
approaching.
This survey first summarizes the attacks and problems that have been reported
in relation to ADS-B security. Thereafter, it surveys both the theoretical and
practical efforts which have been previously conducted concerning these issues,
including possible countermeasures. In addition, the survey seeks to go beyond
the current state of the art and gives a detailed assessment of security
measures which have been developed more generally for related wireless networks
such as sensor networks and vehicular ad hoc networks, including a taxonomy of
all considered approaches.Comment: Survey, 22 Pages, 21 Figure
A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks
With increasing reliance on Internet of Things (IoT) devices and services, the capability to detect intrusions and malicious activities within IoT networks is critical for resilience of the network infrastructure. In this paper, we present a novel model for intrusion detection based on two-layer dimension reduction and two-tier classification module, designed to detect malicious activities such as User to Root (U2R) and Remote to Local (R2L) attacks. The proposed model is using component analysis and linear discriminate analysis of dimension reduction module to spate the high dimensional dataset to a lower one with lesser features. We then apply a two-tier classification module utilizing Naïve Bayes and Certainty Factor version of K-Nearest Neighbor to identify suspicious behaviors. The experiment results using NSL-KDD dataset shows that our model outperforms previous models designed to detect U2R and R2L attacks
A layered security approach for cooperation enforcement in MANETs
In fully self-organized MANETs, nodes are naturally reluctant to spend their precious resources forwarding other nodes' packets and are therefore liable to exhibit selfish or sometimes malicious behaviour. This selfishness could potentially lead to network partitioning and network performance degradation. Cooperation enforcement schemes, such as reputation and trust based schemes have been proposed to counteract the issue of selfishness. The sole purpose of these schemes is to ensure selfish nodes bear the consequences of their bad actions. However, malicious nodes can exploit mobility and free identities available to breach the security of these systems and escape punishment or detection. Firstly, in the case of mobility, a malicious node can gain benefit even after having been detected by a reputation-based system, by interacting directly with its source or destination nodes. Secondly, since the lack of infrastructure in MANETs does not suit centralized identity management or centralized Trusted Third Parties, nodes can create zero-cost identities without any restrictions. As a result, a selfish node can easily escape the consequences of whatever misbehaviour it has performed by simply changing identity to clear all its bad history, known as whitewashing. Hence, this makes it difficult to hold malicious nodes accountable for their actions. Finally, a malicious node can concurrently create and control more than one virtual identity to launch an attack, called a Sybil attack. In the context of reputation-based schemes, a Sybil attacker can disrupt the detection accuracy by defaming other good nodes, self-promoting itself or exchanging bogus positive recommendations about one of its quarantined identities. This thesis explores two aspects of direct interactions (DIs), i. e. Dis as a selfish nodes' strategy and Dis produced by inappropriate simulation parameters. In the latter case DIs cause confusion in the results evaluation of reputation-based schemes. We propose a method that uses the service contribution and consumption information to discourage selfish nodes that try to increase their benefit through DIs. We also propose methods that categorize nodes' benefits in order to mitigate the confusion caused in the results evaluation. A novel layered security approach is proposed using proactive and reactive paradigms to counteract whitewashing and Sybil attacks. The proactive paradigm is aimed at removing the advantages that whitewashing can provide by enforcing a non-monetary entry fee per new identity, in the form of cooperation in the network. The results show that this method deters these attackers by reducing their benefits in the network. In the reactive case, we propose a lightweight approach to detect new identities of whitewashers and Sybil attackers on the MAC layer using the 802.11 protocol without using any extra hardware. The experiments show that a signal strength based threshold exists which can help us detect Sybil and whitewashers' identities. Through the help of extensive simulations and real-world testbed experimentations, we are able to demonstrate that our proposed solution detects Sybil or whitewashers' new identities with good accuracy and reduces the benefits of malicious activity even in the presence of mobility
Bio-inspired network security for 5G-enabled IoT applications
Every IPv6-enabled device connected and communicating over the Internet forms the Internet of things (IoT) that is prevalent in society and is used in daily life. This IoT platform will quickly grow to be populated with billions or more objects by making every electrical appliance, car, and even items of furniture smart and connected. The 5th generation (5G) and beyond networks will further boost these IoT systems. The massive utilization of these systems over gigabits per second generates numerous issues. Owing to the huge complexity in large-scale deployment of IoT, data privacy and security are the most prominent challenges, especially for critical applications such as Industry 4.0, e-healthcare, and military. Threat agents persistently strive to find new vulnerabilities and exploit them. Therefore, including promising security measures to support the running systems, not to harm or collapse them, is essential. Nature-inspired algorithms have the capability to provide autonomous and sustainable defense and healing mechanisms. This paper first surveys the 5G network layer security for IoT applications and lists the network layer security vulnerabilities and requirements in wireless sensor networks, IoT, and 5G-enabled IoT. Second, a detailed literature review is conducted with the current network layer security methods and the bio-inspired techniques for IoT applications exchanging data packets over 5G. Finally, the bio-inspired algorithms are analyzed in the context of providing a secure network layer for IoT applications connected over 5G and beyond networks
- …