An Immune Inspired Approach to Anomaly Detection

The immune system provides a rich metaphor for computer security: anomaly detection that works in nature should work for machines. However, early artificial immune system approaches for computer security had only limited success. Arguably, this was due to these artificial systems being based on too simplistic a view of the immune system. We present here a second generation artificial immune system for process anomaly detection. It improves on earlier systems by having different artificial cell types that process information. Following detailed information about how to build such second generation systems, we find that communication between cells types is key to performance. Through realistic testing and validation we show that second generation artificial immune systems are capable of anomaly detection beyond generic system policies. The paper concludes with a discussion and outline of the next steps in this exciting area of computer security.Comment: 19 pages, 4 tables, 2 figures, Handbook of Research on Information Security and Assuranc

libtissue - implementing innate immunity

In a previous paper the authors argued the case for incorporating ideas from innate immunity into articficial immune systems (AISs) and presented an outline for a conceptual framework for such systems. A number of key general properties observed in the biological innate and adaptive immune systems were hughlighted, and how such properties might be instantiated in artificial systems was discussed in detail. The next logical step is to take these ideas and build a software system with which AISs with these properties can be implemented and experimentally evaluated. This paper reports on the results of that step - the libtissue system.Comment: 8 pages, 4 tables, 5 figures, Workshop on Artificial Immune Systems and Immune System Modelling (AISB06), Bristol, U

An Energy Aware and Secure MAC Protocol for Tackling Denial of Sleep Attacks in Wireless Sensor Networks

Wireless sensor networks which form part of the core for the Internet of Things consist of resource constrained sensors that are usually powered by batteries. Therefore, careful energy awareness is essential when working with these devices. Indeed,the introduction of security techniques such as authentication and encryption, to ensure confidentiality and integrity of data, can place higher energy load on the sensors. However, the absence of security protection c ould give room for energy drain attacks such as denial of sleep attacks which have a higher negative impact on the life span ( of the sensors than the presence of security features. This thesis, therefore, focuses on tackling denial of sleep attacks from two perspectives A security perspective and an energy efficiency perspective. The security perspective involves evaluating and ranking a number of security based techniques to curbing denial of sleep attacks. The energy efficiency perspective, on the other hand, involves exploring duty cycling and simulating three Media Access Control ( protocols Sensor MAC, Timeout MAC andTunableMAC under different network sizes and measuring different parameters such as the Received Signal Strength RSSI) and Link Quality Indicator ( Transmit power, throughput and energy efficiency Duty cycling happens to be one of the major techniques for conserving energy in wireless sensor networks and this research aims to answer questions with regards to the effect of duty cycles on the energy efficiency as well as the throughput of three duty cycle protocols Sensor MAC ( Timeout MAC ( and TunableMAC in addition to creating a novel MAC protocol that is also more resilient to denial of sleep a ttacks than existing protocols. The main contributions to knowledge from this thesis are the developed framework used for evaluation of existing denial of sleep attack solutions and the algorithms which fuel the other contribution to knowledge a newly developed protocol tested on the Castalia Simulator on the OMNET++ platform. The new protocol has been compared with existing protocols and has been found to have significant improvement in energy efficiency and also better resilience to denial of sleep at tacks Part of this research has been published Two conference publications in IEEE Explore and one workshop paper

Secure Routing in Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to the service providers. Unlike traditional Wi-Fi networks, with each access point (AP) connected to the wired network, in WMNs only a subset of the APs are required to be connected to the wired network. The APs that are connected to the wired network are called the Internet gateways (IGWs), while the APs that do not have wired connections are called the mesh routers (MRs). The MRs are connected to the IGWs using multi-hop communication. The IGWs provide access to conventional clients and interconnect ad hoc, sensor, cellular, and other networks to the Internet. However, most of the existing routing protocols for WMNs are extensions of protocols originally designed for mobile ad hoc networks (MANETs) and thus they perform sub-optimally. Moreover, most routing protocols for WMNs are designed without security issues in mind, where the nodes are all assumed to be honest. In practical deployment scenarios, this assumption does not hold. This chapter provides a comprehensive overview of security issues in WMNs and then particularly focuses on secure routing in these networks. First, it identifies security vulnerabilities in the medium access control (MAC) and the network layers. Various possibilities of compromising data confidentiality, data integrity, replay attacks and offline cryptanalysis are also discussed. Then various types of attacks in the MAC and the network layers are discussed. After enumerating the various types of attacks on the MAC and the network layer, the chapter briefly discusses on some of the preventive mechanisms for these attacks.Comment: 44 pages, 17 figures, 5 table

Directional Sensitivity of Gaze-Collinearity Features in Liveness Detection

To increase the trust in using face recognition systems, these need to be capable of differentiating between face images captured from a real person and those captured from photos or similar artifacts presented at the sensor. Methods have been published for face liveness detection by measuring the gaze of a user while the user tracks an object on the screen, which appears at pre-defined, places randomly. In this paper we explore the sensitivity of such a system to different stimulus alignments. The aim is to establish whether there is such sensitivity and if so to explore how this may be exploited for improving the design of the stimulus. The results suggest that collecting feature points along the horizontal direction is more effective than the vertical direction for liveness detection

Hierarchical Design Based Intrusion Detection System For Wireless Ad hoc Network

In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system needs to be introduced. Though intrusion prevention mechanism is one of the major and efficient methods against attacks, but there might be some attacks for which prevention method is not known. Besides preventing the system from some known attacks, intrusion detection system gather necessary information related to attack technique and help in the development of intrusion prevention system. In addition to reviewing the present attacks available in wireless sensor network this paper examines the current efforts to intrusion detection system against wireless sensor network. In this paper we propose a hierarchical architectural design based intrusion detection system that fits the current demands and restrictions of wireless ad hoc sensor network. In this proposed intrusion detection system architecture we followed clustering mechanism to build a four level hierarchical network which enhances network scalability to large geographical area and use both anomaly and misuse detection techniques for intrusion detection. We introduce policy based detection mechanism as well as intrusion response together with GSM cell concept for intrusion detection architecture.Comment: 16 pages, International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010. arXiv admin note: text overlap with arXiv:1111.1933 by other author

Analysis of GNSS replay-attack detectors exploiting unpredictable symbols

Since its inception, GNSS (Global Navigation Satellite System) have become more popular year after year. GNSS is currently used in a wide variety of applications beyond the determination of the user position by means of a GNSS receiver. GNSS is used in sectors as different as finance, energy distribution or telecommunications. Due to this increase in popularity in the last years, GNSS has become objective of attacks, with the purpose of control the victim receiver and provide an erroneous PVT (Position, Time and Velocity) solution. In first place, in this document are described the basic concepts of GNSS, this means describe the elements that composes GNSS and how the PVT solution is determined by the receiver. Once are shown the basic concepts of GNSS, the attacks are presented. The state-of-the-art of the attacks against GNSS is described, with the objective of showing the wide variety of possibilities there are available. Next are explained in detail the SCER (Security Code Estimation and Replay) attacks based on the estimation of the impracticable bits. For this attack, are proposed three different strategies, two of them based on modifying the signal at chip level and a third one based on the modification of the bit amplitude, and four detection methods. Once there has been explained in detail in what consist each of them, a comparison of the different attacks and detection methods are carried out in order to determine which attack is the best (from the point of view of the attacker) and which detection method is more effective against each attack strategy.Des dels seus inicis, els sistemes de posicionament global per satèl·lit, o del anglès GNSS (Global Navigation Satellite System), han guanyat popularitat any rere any. Actualment, aquests sistemes són emprats en un gran nombre d'aplicacions, més enllà de determinar la posició del usuari mitjançant un receptor de GNSS. Actualment GNSS és utilitzat en sectors molt diversos com podrien ser les finances, la distribució d'energia o les telecomunicacions. Degut a aquest augment en popularitat en els darrer anys, els sistemes GNSS s'han convertit en objectiu d'atacs, amb la fi de controlar el receptor de la vı́ctima i aixı́ proporcionar una solució PVT (Posició, Velocitat i Temps) errònia. En primer lloc, en aquest document es descriuen els conceptes bàsics dels sistemes GNSS, és a dir, quins elements els componen i com es determina la solució PVT en el receptor. Una vegada mostrades les bases dels sistemes GNSS, s'introdueixen els atacs. La descripció dels atacs comença amb un resum de l'estat de l'art dels tipus d'atacs contra els sistemes GNSS, amb l'objectiu de mostrar la gran varietat de possibilitats que n'hi han. Seguidament, es detallen els atacs de tipus SCER (del anglès Security Code Estimation and Replay) basats en l'estimació dels bits impredictibles. Per aquest tipus d'atacs es proposen tres estratègies d'atac, dues de les quals basades en la modificació del senyal a nivell de chip i una tercera basada en modificar l'amplitud del bit, i quatre mètodes de detecció. Una vegada detallat en què consisteixen cadascuna de les estratègies i els mètodes de detecció, es realitza una comparació amb l'objectiu de determinar quin atac és millor (des del punt de vista del atacant) i quin mètode de detecció és més efectiu contra cadascuna de les estratègies d'atac.Desde sus inicios, los sistemas de posicionamiento global por satélite, o del inglés GNSS (Global Navigation Satellite System), han ido ganando popularidad año tras año. En la actualidad, estos sistemas son usados en un gran número de aplicaciones, mas allá de solamente determinar la posición del usuario mediante un receptor de GNSS. Actualmente GNSS es usado en sectores tan diversos como las finanzas, la distribución de energı́a o las telecomunicaciones. Debido a este aumento en popularidad en los últimos años, los sistemas GNSS se han convertido en objetivo de ataques, con el fin de tomar el control del receptor de la vı́ctima y ası́ proporcionar una solución PVT (Posición, Velocidad y Tiempo) errónea. En primer lugar, en este documento se describen los conceptos básicos de los sistemas GNSS, es decir, qué los componen y cómo se determina la solución PVT en el receptor. Tras conocer las bases de funcionamiento de los sistemas GNSS, se introducen los ataques. En un primer momento se describe el estado del arte de los ataques contra los sistemas GNSS, con el objetivo de mostrar la gran variedad de ataques que se pueden llevar a cabo. Tras esto, se detallan los ataques de tipo SCER (del inglés Security Code Estimation and Replay) basados en la estimación de los bits impredecibles. Para este tipo de ataques se proponen tres estrategias de ataque, dos de las cuales basadas en la modificación de la señal a nivel de chip y una tercera basada en la modificación de la amplitud del bit, y cuatro métodos de detección. Tras detallar en que consiste cada una de las estrategias y los métodos de detección, se realiza una comparación con el objetivo de determinar que ataque es mejor (desde el punto de vista del atacante) y que método de detección es mas efectivo contra cada uno de las estrategias de ataque