Using trust to detect denial of service attacks in the internet of things over MANETs

The rapid growth of employing devices as tools in daily life and the technological revolution have led to the invention of a novel paradigm; the Internet of Things (IoT). It includes a group of ubiquitous devices that communicate and share data with each other. These devices use the Internet Protocol (IP) to manage network nodes through mobile ad hoc networks (MANET). IoT is beneficial to MANET as the nodes are self-organising and the information reach can be expanded according to the network range. Due to the nature of MANET, such as dynamic topology, a number of challenges are inherent, such as Denial of Service (DoS) attacks. DoS attacks prohibit legitimate users from accessing their authorised services. In addition, because of the high mobility of MANET, the network can merge with other networks. In this situation, two or more networks of untrusted nodes may join one another leaving each of the networks open to attack. This paper proposes a novel method to detect DoS attacks immediately prior to the merger of two MANETs. To demonstrate the applicability of the proposed approach, a Grayhole attack is used in this study to evaluate the performance of the proposed method in detecting attacks

A Survey of Security in UAVs and FANETs: Issues, Threats, Analysis of Attacks, and Solutions

Thanks to the rapidly developing technology, unmanned aerial vehicles (UAVs) are able to complete a number of tasks in cooperation with each other without need for human intervention. In recent years, UAVs, which are widely utilized in military missions, have begun to be deployed in civilian applications and mostly for commercial purposes. With their growing numbers and range of applications, UAVs are becoming more and more popular; on the other hand, they are also the target of various threats which can exploit various vulnerabilities of UAV systems in order to cause destructive effects. It is therefore critical that security is ensured for UAVs and the networks that provide communication between UAVs. In this survey, we aimed to present a comprehensive detailed approach to security by classifying possible attacks against UAVs and flying ad hoc networks (FANETs). We classified the security threats into four major categories that make up the basic structure of UAVs; hardware attacks, software attacks, sensor attacks, and communication attacks. In addition, countermeasures against these attacks are presented in separate groups as prevention and detection. In particular, we focus on the security of FANETs, which face significant security challenges due to their characteristics and are also vulnerable to insider attacks. Therefore, this survey presents a review of the security fundamentals for FANETs, and also four different routing attacks against FANETs are simulated with realistic parameters and then analyzed. Finally, limitations and open issues are also discussed to direct future wor

On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Automatic dependent surveillance-broadcast (ADS-B) is the communications protocol currently being rolled out as part of next generation air transportation systems. As the heart of modern air traffic control, it will play an essential role in the protection of two billion passengers per year, besides being crucial to many other interest groups in aviation. The inherent lack of security measures in the ADS-B protocol has long been a topic in both the aviation circles and in the academic community. Due to recently published proof-of-concept attacks, the topic is becoming ever more pressing, especially with the deadline for mandatory implementation in most airspaces fast approaching. This survey first summarizes the attacks and problems that have been reported in relation to ADS-B security. Thereafter, it surveys both the theoretical and practical efforts which have been previously conducted concerning these issues, including possible countermeasures. In addition, the survey seeks to go beyond the current state of the art and gives a detailed assessment of security measures which have been developed more generally for related wireless networks such as sensor networks and vehicular ad hoc networks, including a taxonomy of all considered approaches.Comment: Survey, 22 Pages, 21 Figure

A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks

With increasing reliance on Internet of Things (IoT) devices and services, the capability to detect intrusions and malicious activities within IoT networks is critical for resilience of the network infrastructure. In this paper, we present a novel model for intrusion detection based on two-layer dimension reduction and two-tier classification module, designed to detect malicious activities such as User to Root (U2R) and Remote to Local (R2L) attacks. The proposed model is using component analysis and linear discriminate analysis of dimension reduction module to spate the high dimensional dataset to a lower one with lesser features. We then apply a two-tier classification module utilizing Naïve Bayes and Certainty Factor version of K-Nearest Neighbor to identify suspicious behaviors. The experiment results using NSL-KDD dataset shows that our model outperforms previous models designed to detect U2R and R2L attacks

A layered security approach for cooperation enforcement in MANETs

In fully self-organized MANETs, nodes are naturally reluctant to spend their precious resources forwarding other nodes' packets and are therefore liable to exhibit selfish or sometimes malicious behaviour. This selfishness could potentially lead to network partitioning and network performance degradation. Cooperation enforcement schemes, such as reputation and trust based schemes have been proposed to counteract the issue of selfishness. The sole purpose of these schemes is to ensure selfish nodes bear the consequences of their bad actions. However, malicious nodes can exploit mobility and free identities available to breach the security of these systems and escape punishment or detection. Firstly, in the case of mobility, a malicious node can gain benefit even after having been detected by a reputation-based system, by interacting directly with its source or destination nodes. Secondly, since the lack of infrastructure in MANETs does not suit centralized identity management or centralized Trusted Third Parties, nodes can create zero-cost identities without any restrictions. As a result, a selfish node can easily escape the consequences of whatever misbehaviour it has performed by simply changing identity to clear all its bad history, known as whitewashing. Hence, this makes it difficult to hold malicious nodes accountable for their actions. Finally, a malicious node can concurrently create and control more than one virtual identity to launch an attack, called a Sybil attack. In the context of reputation-based schemes, a Sybil attacker can disrupt the detection accuracy by defaming other good nodes, self-promoting itself or exchanging bogus positive recommendations about one of its quarantined identities. This thesis explores two aspects of direct interactions (DIs), i. e. Dis as a selfish nodes' strategy and Dis produced by inappropriate simulation parameters. In the latter case DIs cause confusion in the results evaluation of reputation-based schemes. We propose a method that uses the service contribution and consumption information to discourage selfish nodes that try to increase their benefit through DIs. We also propose methods that categorize nodes' benefits in order to mitigate the confusion caused in the results evaluation. A novel layered security approach is proposed using proactive and reactive paradigms to counteract whitewashing and Sybil attacks. The proactive paradigm is aimed at removing the advantages that whitewashing can provide by enforcing a non-monetary entry fee per new identity, in the form of cooperation in the network. The results show that this method deters these attackers by reducing their benefits in the network. In the reactive case, we propose a lightweight approach to detect new identities of whitewashers and Sybil attackers on the MAC layer using the 802.11 protocol without using any extra hardware. The experiments show that a signal strength based threshold exists which can help us detect Sybil and whitewashers' identities. Through the help of extensive simulations and real-world testbed experimentations, we are able to demonstrate that our proposed solution detects Sybil or whitewashers' new identities with good accuracy and reduces the benefits of malicious activity even in the presence of mobility

Bio-inspired network security for 5G-enabled IoT applications

Every IPv6-enabled device connected and communicating over the Internet forms the Internet of things (IoT) that is prevalent in society and is used in daily life. This IoT platform will quickly grow to be populated with billions or more objects by making every electrical appliance, car, and even items of furniture smart and connected. The 5th generation (5G) and beyond networks will further boost these IoT systems. The massive utilization of these systems over gigabits per second generates numerous issues. Owing to the huge complexity in large-scale deployment of IoT, data privacy and security are the most prominent challenges, especially for critical applications such as Industry 4.0, e-healthcare, and military. Threat agents persistently strive to find new vulnerabilities and exploit them. Therefore, including promising security measures to support the running systems, not to harm or collapse them, is essential. Nature-inspired algorithms have the capability to provide autonomous and sustainable defense and healing mechanisms. This paper first surveys the 5G network layer security for IoT applications and lists the network layer security vulnerabilities and requirements in wireless sensor networks, IoT, and 5G-enabled IoT. Second, a detailed literature review is conducted with the current network layer security methods and the bio-inspired techniques for IoT applications exchanging data packets over 5G. Finally, the bio-inspired algorithms are analyzed in the context of providing a secure network layer for IoT applications connected over 5G and beyond networks