A Survey on Spoofing and Selective Forwarding Attacks on Zigbee based WSN

The main focus of WSN is to gather data from the physical world. It is often deployed for sensing, processing as well as disseminating information of the targeted physical environments. The main objective of the WSN is to collect data from the target environment using sensors as well as transmit those data to the desired place of choice. In order to achieve an efficient performance, WSN should have efficient as well as reliable networking protocols. The most popular technology behind WSN is Zigbee. In this paper a pilot study is done on important security issues on spoofing and selective forwarding attack on Zigbee based WSN. This paper identifies the security vulnerabilities of Zigbee network and gaps in the existing methodologies to address the security issues and will help the future researchers to narrow down their research in WSN.Keywords: Zigbee, WSN, Protocol Stack, Spoofing and Selective Forwarding

Behaviour Profiling for Mobile Devices

With more than 5 billion users globally, mobile devices have become ubiquitous in our daily life. The modern mobile handheld device is capable of providing many multimedia services through a wide range of applications over multiple networks as well as on the handheld device itself. These services are predominantly driven by data, which is increasingly associated with sensitive information. Such a trend raises the security requirement for reliable and robust verification techniques of users.This thesis explores the end-user verification requirements of mobile devices and proposes a novel Behaviour Profiling security framework for mobile devices. The research starts with a critical review of existing mobile technologies, security threats and mechanisms, and highlights a broad range of weaknesses. Therefore, attention is given to biometric verification techniques which have the ability to offer better security. Despite a large number of biometric works carried out in the area of transparent authentication systems (TAS) and Intrusion Detection Systems (IDS), each have a set of weaknesses that fail to provide a comprehensive solution. They are either reliant upon a specific behaviour to enable the system to function or only capable of providing security for network based services. To this end, the behaviour profiling technique is identified as a potential candidate to provide high level security from both authentication and IDS aspects, operating in a continuous and transparent manner within the mobile host environment.This research examines the feasibility of a behaviour profiling technique through mobile users general applications usage, telephone, text message and multi-instance application usage with the best experimental results Equal Error Rates (EER) of 13.5%, 5.4%, 2.2% and 10% respectively. Based upon this information, a novel architecture of Behaviour Profiling on mobile devices is proposed. The framework is able to provide a robust, continuous and non-intrusive verification mechanism in standalone, TAS or IDS modes, regardless of device hardware configuration. The framework is able to utilise user behaviour to continuously evaluate the system security status of the device. With a high system security level, users are granted with instant access to sensitive services and data, while with lower system security levels, users are required to reassure their identity before accessing sensitive services.The core functions of the novel framework are validated through the implementation of a simulation system. A series of security scenarios are designed to demonstrate the effectiveness of the novel framework to verify legitimate and imposter activities. By employing the smoothing function of three applications, verification time of 3 minutes and a time period of 60 minutes of the degradation function, the Behaviour Profiling framework achieved the best performance with False Rejection Rate (FRR) rates of 7.57%, 77% and 11.24% for the normal, protected and overall applications respectively and with False Acceptance Rate (FAR) rates of 3.42%, 15.29% and 4.09% for their counterparts

IEEE 802.11 i Security and Vulnerabilities

Despite using a variety of comprehensive preventive security measures, the Robust Secure Networks (RSNs) remain vulnerable to a number of attacks. Failure of preventive measures to address all RSN vulnerabilities dictates the need for enhancing the performance of Wireless Intrusion Detection Systems (WIDSs) to detect all attacks on RSNs with less false positive and false negative rates

Behaviour based anomaly detection system for smartphones using machine learning algorithm

In this research, we propose a novel, platform independent behaviour-based anomaly detection system for smartphones. The fundamental premise of this system is that every smartphone user has unique usage patterns. By modelling these patterns into a profile we can uniquely identify users. To evaluate this hypothesis, we conducted an experiment in which a data collection application was developed to accumulate real-life dataset consisting of application usage statistics, various system metrics and contextual information from smartphones. Descriptive statistical analysis was performed on our dataset to identify patterns of dissimilarity in smartphone usage of the participants of our experiment. Following this analysis, a Machine Learning algorithm was applied on the dataset to create a baseline usage profile for each participant. These profiles were compared to monitor deviations from baseline in a series of tests that we conducted, to determine the profiling accuracy. In the first test, seven day smartphone usage data consisting of eight features and an observation interval of one hour was used and an accuracy range of 73.41% to 100% was achieved. In this test, 8 out 10 user profiles were more than 95% accurate. The second test, utilised the entire dataset and achieved average accuracy of 44.50% to 95.48%. Not only these results are very promising in differentiating participants based on their usage, the implications of this research are far reaching as our system can also be extended to provide transparent, continuous user authentication on smartphones or work as a risk scoring engine for other Intrusion Detection System

HUC-HISF: A Hybrid Intelligent Security Framework for Human-centric Ubiquitous Computing

制度:新 ; 報告番号:乙2336号 ; 学位の種類:博士(人間科学) ; 授与年月日:2012/1/18 ; 早大学位記番号:新584

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

SUIDS : a resource-efficient intrusion detection system for ubiquitous computing environments

The background of the project is based on the notion of ubiquitous computing. Ubiquitous computing was introduced as a prospective view about future usage of computers. Smaller and cheaper computer chips will enable us to embed computing ability into any appliances. Along with the convenience brought by ubiquitous computing, its inherent features also exposed its weaknesses. It makes things too easy for a malicious user to spy on others. An Intrusion Detection System (IDS) is a tool used to protect computer resources against malicious activities. Existing IDSs have several weaknesses that hinder their direct application to ubiquitous networks. These shortcomings are caused by their lack of considerations about the heterogeneity, flexibility and resource constraints of ubiquitous networks. Thus the evolution towards ubiquitous computing demands a new generation of resource-efficient IDSs to provide sufficient protections against malicious activities. SUIDS is the first intrusion detection system proposed for ubiquitous computing environments. It keeps the special requirements of ubiquitous computing in mind throughout its design and implementation. SUIDS adopts a layered and distributed system architecture, a novel user-centric design and service-oriented detection method, a new resource-sensitive scheme, including protocols and strategies, and a novel hybrid metric based algorithm. These novel methods and techniques used in SUIDS set a new direction for future research and development. As the experiment results demonstrated, SUIDS is able to provide a robust and resource-efficient protection for ubiquitous computing networks. It ensures the feasibility of intrusion detection in ubiquitous computing environments

Performance Metrics for Network Intrusion Systems

Intrusion systems have been the subject of considerable research during the past 33 years, since the original work of Anderson. Much has been published attempting to improve their performance using advanced data processing techniques including neural nets, statistical pattern recognition and genetic algorithms. Whilst some significant improvements have been achieved they are often the result of assumptions that are difficult to justify and comparing performance between different research groups is difficult. The thesis develops a new approach to defining performance focussed on comparing intrusion systems and technologies. A new taxonomy is proposed in which the type of output and the data scale over which an intrusion system operates is used for classification. The inconsistencies and inadequacies of existing definitions of detection are examined and five new intrusion levels are proposed from analogy with other detection-based technologies. These levels are known as detection, recognition, identification, confirmation and prosecution, each representing an increase in the information output from, and functionality of, the intrusion system. These levels are contrasted over four physical data scales, from application/host through to enterprise networks, introducing and developing the concept of a footprint as a pictorial representation of the scope of an intrusion system. An intrusion is now defined as “an activity that leads to the violation of the security policy of a computer system”. Five different intrusion technologies are illustrated using the footprint with current challenges also shown to stimulate further research. Integrity in the presence of mixed trust data streams at the highest intrusion level is identified as particularly challenging. Two metrics new to intrusion systems are defined to quantify performance and further aid comparison. Sensitivity is introduced to define basic detectability of an attack in terms of a single parameter, rather than the usual four currently in use. Selectivity is used to describe the ability of an intrusion system to discriminate between attack types. These metrics are quantified experimentally for network intrusion using the DARPA 1999 dataset and SNORT. Only nine of the 58 attack types present were detected with sensitivities in excess of 12dB indicating that detection performance of the attack types present in this dataset remains a challenge. The measured selectivity was also poor indicting that only three of the attack types could be confidently distinguished. The highest value of selectivity was 3.52, significantly lower than the theoretical limit of 5.83 for the evaluated system. Options for improving selectivity and sensitivity through additional measurements are examined.Stochastic Systems Lt