A Unified Wormhole Attack Detection Framework for Mobile Ad hoc Networks

The Internet is experiencing an evolution towards a ubiquitous network paradigm, via the so-called internet-of-things (IoT), where small wireless computing devices like sensors and actuators are integrated into daily activities. Simultaneously, infrastructure-less systems such as mobile ad hoc networks (MANET) are gaining popularity since they provide the possibility for devices in wireless sensor networks or vehicular ad hoc networks to share measured and monitored information without having to be connected to a base station. While MANETs offer many advantages, including self-configurability and application in rural areas which lack network infrastructure, they also present major challenges especially in regard to routing security. In a highly dynamic MANET, where nodes arbitrarily join and leave the network, it is difficult to ensure that nodes are trustworthy for multi-hop routing. Wormhole attacks belong to most severe routing threats because they are able to disrupt a major part of the network traffic, while concomitantly being extremely difficult to detect. This thesis presents a new unified wormhole attack detection framework which is effective for all known wormhole types, alongside incurring low false positive rates, network loads and computational time, for a variety of diverse MANET scenarios. The framework makes three original technical contributions: i) a new accurate wormhole detection algorithm based on packet traversal time and hop count analysis (TTHCA) which identifies infected routes, ii) an enhanced, dynamic traversal time per hop analysis (TTpHA) detection model which is adaptable to node radio range fluctuations, and iii) a method for automatically detecting time measurement tampering in both TTHCA and TTpHA. The thesis findings indicate that this new wormhole detection framework provides significant performance improvements compared to other existing solutions by accurately, efficiently and robustly detecting all wormhole variants under a wide range of network conditions

Artificial immune system based security algorithm for mobile ad hoc networks

Securing Mobile Ad hoc Networks (MANET) that are a collection of mobile, decentralized, and self-organized nodes is a challenging task. The most fundamental aspect of a MANET is its lack of infrastructure, and most design issues and challenges stem from this characteristic. The lack of a centralized control mechanism brings added difficulty in fault detection and correction. The dynamically changing nature of mobile nodes causes the formation of an unpredictable topology. This varying topology causes frequent traffic routing changes, network partitioning and packet losses. The various attacks that can be carried out on MANETs challenge the security capabilities of the mobile wireless network in which nodes can join, leave and move dynamically. The Human Immune System (HIS) provides a foundation upon which Artificial Immune algorithms are based. The algorithms can be used to secure both host-based and network-based systems. However, it is not only important to utilize the HIS during the development of Artificial Immune System (AIS) based algorithms as much as it is important to introduce an algorithm with high performance. Therefore, creating a balance between utilizing HIS and AIS-based intrusion detection algorithms is a crucial issue that is important to investigate. The immune system is a key to the defence of a host against foreign objects or pathogens. Proper functioning of the immune system is necessary to maintain host homeostasis. The cells that play a fundamental role in this defence process are known as Dendritic Cells (DC). The AIS based Dendritic Cell Algorithm is widely known for its large number of applications and well established in the literature. The dynamic, distributed topology of a MANET provides many challenges, including decentralized infrastructure wherein each node can act as a host, router and relay for traffic. MANETs are a suitable solution for distributed regional, military and emergency networks. MANETs do not utilize fixed infrastructure except where a connection to a carrier network is required, and MANET nodes provide the transmission capability to receive, transmit and route traffic from a sender node to the destination node. In the HIS, cells can distinguish between a range of issues including foreign body attacks as well as cellular senescence. The primary purpose of this research is to improve the security of MANET using the AIS framework. This research presents a new defence approach using AIS which mimics the strategy of the HIS combined with Danger Theory. The proposed framework is known as the Artificial Immune System based Security Algorithm (AISBA). This research also modelled participating nodes as a DC and proposed various signals to indicate the MANET communications state. Two trust models were introduced based on AIS signals and effective communication. The trust models proposed in this research helped to distinguish between a “good node” as well as a “selfish node”. A new MANET security attack was identified titled the Packet Storage Time attack wherein the attacker node modifies its queue time to make the packets stay longer than necessary and then circulates stale packets in the network. This attack is detected using the proposed AISBA. This research, performed extensive simulations with results to support the effectiveness of the proposed framework, and statistical analysis was done which showed the false positive and false negative probability falls below 5%. Finally, two variations of the AISBA were proposed and investigated, including the Grudger based Artificial Immune System Algorithm - to stimulate selfish nodes to cooperate for the benefit of the MANET and Pain reduction based Artificial Immune System Algorithm - to model Pain analogous to HIS

Detection and isolation of black hole attack in mobile ad hoc networks: A review

© 2020 SPIE. Mobile Ad hoc Network or MANET is a wireless network that allows communication between the nodes that are in range of each other and are self-configuring. The distributed administration and dynamic nature of MANET makes it vulnerable to many kind of security attacks. One such attack is Black hole attack which is a well known security threat. A node drops all packets which it should forward, by claiming that it has the shortest path to the destination. Intrusion Detection system identifies the unauthorized users in the system. An IDS collects and analyses audit data to detect unauthorized users of computer systems. This paper aims in identifying Black-Hole attack against AODV with Intrusion Detection System, to analyze the attack and find its countermeasure

Wireless Body Area Network (WBAN): A Survey on Architecture, Technologies, Energy Consumption, and Security Challenges

Wireless body area networks (WBANs) are a new advance utilized in recent years to increase the quality of human life by monitoring the conditions of patients inside and outside hospitals, the activities of athletes, military applications, and multimedia. WBANs consist of intelligent micro- or nano-sensors capable of processing and sending information to the base station (BS). Sensors embedded in the bodies of individuals can enable vital information exchange over wireless communication. Network forming of these sensors envisages long-term medical care without restricting patients’ normal daily activities as part of diagnosing or caring for a patient with a chronic illness or monitoring the patient after surgery to manage emergencies. This paper reviews WBAN, its security challenges, body sensor network architecture and functions, and communication technologies. The work reported in this paper investigates a significant security-level challenge existing in WBAN. Lastly, it highlights various mechanisms for increasing security and decreasing energy consumption

Modélisation formelle des systèmes de détection d'intrusions

L’écosystème de la cybersécurité évolue en permanence en termes du nombre, de la diversité, et de la complexité des attaques. De ce fait, les outils de détection deviennent inefficaces face à certaines attaques. On distingue généralement trois types de systèmes de détection d’intrusions : détection par anomalies, détection par signatures et détection hybride. La détection par anomalies est fondée sur la caractérisation du comportement habituel du système, typiquement de manière statistique. Elle permet de détecter des attaques connues ou inconnues, mais génère aussi un très grand nombre de faux positifs. La détection par signatures permet de détecter des attaques connues en définissant des règles qui décrivent le comportement connu d’un attaquant. Cela demande une bonne connaissance du comportement de l’attaquant. La détection hybride repose sur plusieurs méthodes de détection incluant celles sus-citées. Elle présente l’avantage d’être plus précise pendant la détection. Des outils tels que Snort et Zeek offrent des langages de bas niveau pour l’expression de règles de reconnaissance d’attaques. Le nombre d’attaques potentielles étant très grand, ces bases de règles deviennent rapidement difficiles à gérer et à maintenir. De plus, l’expression de règles avec état dit stateful est particulièrement ardue pour reconnaître une séquence d’événements. Dans cette thèse, nous proposons une approche stateful basée sur les diagrammes d’état-transition algébriques (ASTDs) afin d’identifier des attaques complexes. Les ASTDs permettent de représenter de façon graphique et modulaire une spécification, ce qui facilite la maintenance et la compréhension des règles. Nous étendons la notation ASTD avec de nouvelles fonctionnalités pour représenter des attaques complexes. Ensuite, nous spécifions plusieurs attaques avec la notation étendue et exécutons les spécifications obtenues sur des flots d’événements à l’aide d’un interpréteur pour identifier des attaques. Nous évaluons aussi les performances de l’interpréteur avec des outils industriels tels que Snort et Zeek. Puis, nous réalisons un compilateur afin de générer du code exécutable à partir d’une spécification ASTD, capable d’identifier de façon efficiente les séquences d’événements.Abstract : The cybersecurity ecosystem continuously evolves with the number, the diversity, and the complexity of cyber attacks. Generally, we have three types of Intrusion Detection System (IDS) : anomaly-based detection, signature-based detection, and hybrid detection. Anomaly detection is based on the usual behavior description of the system, typically in a static manner. It enables detecting known or unknown attacks but also generating a large number of false positives. Signature based detection enables detecting known attacks by defining rules that describe known attacker’s behavior. It needs a good knowledge of attacker behavior. Hybrid detection relies on several detection methods including the previous ones. It has the advantage of being more precise during detection. Tools like Snort and Zeek offer low level languages to represent rules for detecting attacks. The number of potential attacks being large, these rule bases become quickly hard to manage and maintain. Moreover, the representation of stateful rules to recognize a sequence of events is particularly arduous. In this thesis, we propose a stateful approach based on algebraic state-transition diagrams (ASTDs) to identify complex attacks. ASTDs allow a graphical and modular representation of a specification, that facilitates maintenance and understanding of rules. We extend the ASTD notation with new features to represent complex attacks. Next, we specify several attacks with the extended notation and run the resulting specifications on event streams using an interpreter to identify attacks. We also evaluate the performance of the interpreter with industrial tools such as Snort and Zeek. Then, we build a compiler in order to generate executable code from an ASTD specification, able to efficiently identify sequences of events

Optimising routing and trustworthiness of ad hoc networks using swarm intelligence

This thesis was submitted for the degree of Doctor of Philsophy and awarded by Brunel UniversityThis thesis proposes different approaches to address routing and security of MANETs using swarm technology. The mobility and infrastructure-less of MANET as well as nodes misbehavior compose great challenges to routing and security protocols of such a network. The first approach addresses the problem of channel assignment in multichannel ad hoc networks with limited number of interfaces, where stable route are more preferred to be selected. The channel selection is based on link quality between the nodes. Geographical information is used with mapping algorithm in order to estimate and predict the links’ quality and routes life time, which is combined with Ant Colony Optimization (ACO) algorithm to find most stable route with high data rate. As a result, a better utilization of the channels is performed where the throughput increased up to 74% over ASAR protocol. A new smart data packet routing protocol is developed based on the River Formation Dynamics (RFD) algorithm. The RFD algorithm is a subset of swarm intelligence which mimics how rivers are created in nature. The protocol is a distributed swarm learning approach where data packets are smart enough to guide themselves through best available route in the network. The learning information is distributed throughout the nodes of the network. This information can be used and updated by successive data packets in order to maintain and find better routes. Data packets act like swarm agents (drops) where they carry their path information and update routing information without the need for backward agents. These data packets modify the routing information based on different network metrics. As a result, data packet can guide themselves through better routes. In the second approach, a hybrid ACO and RFD smart data packet routing protocol is developed where the protocol tries to find shortest path that is less congested to the destination. Simulation results show throughput improvement by 30% over AODV protocol and 13% over AntHocNet. Both delay and jitter have been improved more than 96% over AODV protocol. In order to overcome the problem of source routing introduced due to the use of the ACO algorithm, a solely RFD based distance vector protocol has been developed as a third approach. Moreover, the protocol separates reactive learned information from proactive learned information to add more reliability to data routing. To minimize the power consumption introduced due to the hybrid nature of the RFD routing protocol, a forth approach has been developed. This protocol tackles the problem of power consumption and adds packets delivery power minimization to the protocol based on RFD algorithm. Finally, a security model based on reputation and trust is added to the smart data packet protocol in order to detect misbehaving nodes. A trust system has been built based on the privilege offered by the RFD algorithm, where drops are always moving from higher altitude to lower one. Moreover, the distributed and undefined nature of the ad hoc network forces the nodes to obligate to cooperative behaviour in order not to be exposed. This system can easily and quickly detect misbehaving nodes according to altitude difference between active intermediate nodes

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of-the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: quality-of-service and video communication, routing protocol and cross-layer design. A few interesting problems about security and delay-tolerant networks are also discussed. This book is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks

Wireless multimedia sensor networks, security and key management

Wireless Multimedia Sensor Networks (WMSNs) have emerged and shifted the focus from the typical scalar wireless sensor networks to networks with multimedia devices that are capable to retrieve video, audio, images, as well as scalar sensor data. WMSNs are able to deliver multimedia content due to the availability of inexpensive CMOS cameras and microphones coupled with the significant progress in distributed signal processing and multimedia source coding techniques. These mentioned characteristics, challenges, and requirements of designing WMSNs open many research issues and future research directions to develop protocols, algorithms, architectures, devices, and testbeds to maximize the network lifetime while satisfying the quality of service requirements of the various applications. In this thesis dissertation, we outline the design challenges of WMSNs and we give a comprehensive discussion of the proposed architectures and protocols for the different layers of the communication protocol stack for WMSNs along with their open research issues. Also, we conduct a comparison among the existing WMSN hardware and testbeds based on their specifications and features along with complete classification based on their functionalities and capabilities. In addition, we introduce our complete classification for content security and contextual privacy in WSNs. Our focus in this field, after conducting a complete survey in WMSNs and event privacy in sensor networks, and earning the necessary knowledge of programming sensor motes such as Micaz and Stargate and running simulation using NS2, is to design suitable protocols meet the challenging requirements of WMSNs targeting especially the routing and MAC layers, secure the wirelessly exchange of data against external attacks using proper security algorithms: key management and secure routing, defend the network from internal attacks by using a light-weight intrusion detection technique, protect the contextual information from being leaked to unauthorized parties by adapting an event unobservability scheme, and evaluate the performance efficiency and energy consumption of employing the security algorithms over WMSNs