Optimized Monitoring and Detection of Internet of Things resources-constraints Cyber Attacks

This research takes place in the context of the optimized monitoring and detec- tion of Internet of Things (IoT) resource-constraints attacks. Meanwhile, the In- ternet of Everything (IoE) concept is presented as a wider extension of IoT. How- ever, the IoE realization meets critical challenges, including the limited network coverage and the limited resources of existing network technologies and smart devices. The IoT represents a network of embedded devices that are uniquely identifiable and have embedded software required to communicate between the transient states. The IoT enables a connection between billions of sensors, actu- ators, and even human beings to the Internet, creating a wide range of services, some of which are mission-critical. However, IoT networks are faulty; things are resource-constrained in terms of energy and computational capabilities. For IoT systems performing a critical mission, it is crucial to ensure connectivity, availability, and device reliability, which requires proactive device state moni- toring. This dissertation presents an approach to optimize the monitoring and detection of resource-constraints attacks in IoT and IoE smart devices. First, it has been shown that smart devices suffer from resource-constraints problems; therefore, using lightweight algorithms to detect and mitigate the resource-constraints at- tack is essential. Practical analysis and monitoring of smart device resources’ are included and discussed to understand the behaviour of the devices before and after attacking real smart devices. These analyses are straightforwardly extended for building lightweight detection and mitigation techniques against energy and memory attacks. Detection of energy consumption attacks based on monitoring the package reception rate of smart devices is proposed to de- tect energy attacks in smart devices effectively. The proposed lightweight algo- rithm efficiently detects energy attacks for different protocols, e.g., TCP, UDP, and MQTT. Moreover, analyzing memory usage attacks is also considered in this thesis. Therefore, another lightweight algorithm is also built to detect the memory-usage attack once it appears and stops. This algorithm considers mon- itoring the memory usage of the smart devices when the smart devices are Idle, Active, and Under attack. Based on the presented methods and monitoring analysis, the problem of resource-constraint attacks in IoT systems is systemat- ically eliminated by parameterizing the lightweight algorithms to adapt to the resource-constraint problems of the smart devices

User-side wi-fi hotspot spoofing detection on android-based devices

A Dissertation Submitted in Partial Fulfilment of the Requirements for the Degree of Master’s in Wireless and Mobile Computing of the Nelson Mandela African Institution of Science and TechnologyNetwork spoofing is becoming a common attack in wireless networks. Similarly, there is a rapid growth of numbers in mobile devices in the working environments. The trends pose a huge threat to users since they become the prime target of attackers. More unfortunately, mobile devices have weak security measures due to their limited computational powers, making them an easy target for attackers. Current approaches to detect spoofing attacks focus on personal computers and rely on the network hosts’ capacity, leaving users with mobile devices at risk. Furthermore, some approaches on Android-based devices demand root privilege, which is highly discouraged. This research aims to study users' susceptibility to network spoofing attacks and propose a detection solution in Android-based devices. The presented approach considers the difference in security information and signal levels of an access point to determine its legitimacy. On the other hand, it tests the legitimacy of the captive portal with fake login credentials since, usually, fake captive portals do not authenticate users. The detection approaches are presented in three networks: (a) open networks, (b) closed networks and (c) networks with captive portals. As a departure from existing works, this solution does not require root access for detection, and it is developed for portability and better performance. Experimental results show that this approach can detect fake access points with an accuracy of 98% and 99% at an average of 24.64 and 7.78 milliseconds in open and closed networks, respectively. On the other hand, it can detect the existence of a fake captive portal at an accuracy of 88%. Despite achieving this performance, the presented detection approach does not cover APs that do not mimic legitimate APs. As an improvement, future work may focus on pcap files which is rich of information to be used in detection

Journal of Telecommunications and Information Technology, 2014, nr 3

kwartalni