5,451 research outputs found
Recommended from our members
Protection of an intrusion detection engine with watermarking in ad hoc networks
Mobile ad hoc networks have received great attention in recent years, mainly due to the evolution of wireless networking and mobile computing hardware. Nevertheless, many inherent vulnerabilities exist in mobile ad hoc networks and their applications that affect the security of wireless transactions. As intrusion prevention mechanisms, such as encryption and authentication, are not sufficient we need a second line of defense, Intrusion Detection. In this pa-per we present an intrusion detection engine based on neural networks and a protection method based on watermarking techniques. In particular, we exploit information visualization and machine learning techniques in order to achieve intrusion detection and we authenticate the maps produced by the application of the intelligent techniques using a novel combined watermarking embedding method. The performance of the proposed model is evaluated under different traffic conditions, mobility patterns and visualization metrics
A consensus based network intrusion detection system
Network intrusion detection is the process of identifying malicious behaviors
that target a network and its resources. Current systems implementing intrusion
detection processes observe traffic at several data collecting points in the
network but analysis is often centralized or partly centralized. These systems
are not scalable and suffer from the single point of failure, i.e. attackers
only need to target the central node to compromise the whole system. This paper
proposes an anomaly-based fully distributed network intrusion detection system
where analysis is run at each data collecting point using a naive Bayes
classifier. Probability values computed by each classifier are shared among
nodes using an iterative average consensus protocol. The final analysis is
performed redundantly and in parallel at the level of each data collecting
point, thus avoiding the single point of failure issue. We run simulations
focusing on DDoS attacks with several network configurations, comparing the
accuracy of our fully distributed system with a hierarchical one. We also
analyze communication costs and convergence speed during consensus phases.Comment: Presented at THE 5TH INTERNATIONAL CONFERENCE ON IT CONVERGENCE AND
SECURITY 2015 IN KUALA LUMPUR, MALAYSI
A Survey on Wireless Sensor Network Security
Wireless sensor networks (WSNs) have recently attracted a lot of interest in
the research community due their wide range of applications. Due to distributed
nature of these networks and their deployment in remote areas, these networks
are vulnerable to numerous security threats that can adversely affect their
proper functioning. This problem is more critical if the network is deployed
for some mission-critical applications such as in a tactical battlefield.
Random failure of nodes is also very likely in real-life deployment scenarios.
Due to resource constraints in the sensor nodes, traditional security
mechanisms with large overhead of computation and communication are infeasible
in WSNs. Security in sensor networks is, therefore, a particularly challenging
task. This paper discusses the current state of the art in security mechanisms
for WSNs. Various types of attacks are discussed and their countermeasures
presented. A brief discussion on the future direction of research in WSN
security is also included.Comment: 24 pages, 4 figures, 2 table
Intrusion detection and response model for mobile ad hoc networks.
This dissertation presents a research whose objective is to design and develop an intrusion detection and response model for Mobile Ad hoc NETworks (MANET). Mobile ad hoc networks are infrastructure-free, pervasive and ubiquitous in nature, without any centralized authority. These unique MANET characteristics present several changes to secure them. The proposed security model is called the Intrusion Detection and Response for Mobile Ad hoc Networks (IDRMAN). The goal of the proposed model is to provide a security framework that will detect various attacks and take appropriate measures to control the attack automatically. This model is based on identifying critical system parameters of a MANET that are affected by various types of attacks, and continuously monitoring the values of these parameters to detect and respond to attacks. This dissertation explains the design and development of the detection framework and the response framework of the IDRMAN. The main aspects of the detection framework are data mining using CART to identify attack sensitive network parameters from the wealth of raw network data, statistical processing using six sigma to identify the thresholds for the attack sensitive parameters and quantification of the MANET node state through a measure called the Threat Index (TI) using fuzzy logic methodology. The main aspects of the response framework are intruder identification and intruder isolation through response action plans. The effectiveness of the detection and response framework is mathematically analyzed using probability techniques. The detection framework is also evaluated by performance comparison experiments with related models, and through performance evaluation experiments from scalability perspective. Performance metrics used for assessing the detection aspect of the proposed model are detection rate and false positive rate at different node mobility speed. Performance evaluation experiments for scalability are with respect to the size of the MANET, where more and more mobile nodes are added into the MANET at varied mobility speed. The results of both the mathematical analysis and the performance evaluation experiments demonstrate that the IDRMAN model is an effective and viable security model for MANET
A Comprehensive Survey on the Cooperation of Fog Computing Paradigm-Based IoT Applications: Layered Architecture, Real-Time Security Issues, and Solutions
The Internet of Things (IoT) can enable seamless communication between millions of billions of objects. As IoT applications continue to grow, they face several challenges, including high latency, limited processing and storage capacity, and network failures. To address these stated challenges, the fog computing paradigm has been introduced, purpose is to integrate the cloud computing paradigm with IoT to bring the cloud resources closer to the IoT devices. Thus, it extends the computing, storage, and networking facilities toward the edge of the network. However, data processing and storage occur at the IoT devices themselves in the fog-based IoT network, eliminating the need to transmit the data to the cloud. Further, it also provides a faster response as compared to the cloud. Unfortunately, the characteristics of fog-based IoT networks arise traditional real-time security challenges, which may increase severe concern to the end-users. However, this paper aims to focus on fog-based IoT communication, targeting real-time security challenges. In this paper, we examine the layered architecture of fog-based IoT networks along working of IoT applications operating within the context of the fog computing paradigm. Moreover, we highlight real-time security challenges and explore several existing solutions proposed to tackle these challenges. In the end, we investigate the research challenges that need to be addressed and explore potential future research directions that should be followed by the research community.©2023 The Authors. Published by IEEE. This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/fi=vertaisarvioitu|en=peerReviewed
Trust correlation of mobile agent nodes with a regular node in a Adhoc network using decision-making strategy
A mobile agent offers discrete advantage both in facilitating better transmission as well as controlling the traffic load in Mobile Adhoc Network (MANET). Hence, such forms of network offers maximized dependencies on mobile agents in terms of its trust worthiness. At present, there are various work being carried out towards resisting security breach in MANET; however approaches using mobile agent based mechanism is few to found. Therefore, the proposed system introduces a novel mathematical model where an extensive decision making system has been constructed for identifying the malicious intention of mobile agents in case they go rogues. By adopting multi-tier communication policy and fairness concept, the proposed system offers the capability to resist any form of malicious activity of mobile agent without even presence of any apriori information of adversary. The outcome shows proposed system outshines existing security scheme in MANET
Unified architecture of mobile ad hoc network security (MANS) system
In this dissertation, a unified architecture of Mobile Ad-hoc Network Security (MANS) system is proposed, under which IDS agent, authentication, recovery policy and other policies can be defined formally and explicitly, and are enforced by a uniform architecture. A new authentication model for high-value transactions in cluster-based MANET is also designed in MANS system. This model is motivated by previous works but try to use their beauties and avoid their shortcomings, by using threshold sharing of the certificate signing key within each cluster to distribute the certificate services, and using certificate chain and certificate repository to achieve better scalability, less overhead and better security performance. An Intrusion Detection System is installed in every node, which is responsible for colleting local data from its host node and neighbor nodes within its communication range, pro-processing raw data and periodically broadcasting to its neighborhood, classifying normal or abnormal based on pro-processed data from its host node and neighbor nodes. Security recovery policy in ad hoc networks is the procedure of making a global decision according to messages received from distributed IDS and restore to operational health the whole system if any user or host that conducts the inappropriate, incorrect, or anomalous activities that threaten the connectivity or reliability of the networks and the authenticity of the data traffic in the networks. Finally, quantitative risk assessment model is proposed to numerically evaluate MANS security
- …