AIS for Misbehavior Detection in Wireless Sensor Networks: Performance and Design Principles

A sensor network is a collection of wireless devices that are able to monitor physical or environmental conditions. These devices (nodes) are expected to operate autonomously, be battery powered and have very limited computational capabilities. This makes the task of protecting a sensor network against misbehavior or possible malfunction a challenging problem. In this document we discuss performance of Artificial immune systems (AIS) when used as the mechanism for detecting misbehavior. We show that (i) mechanism of the AIS have to be carefully applied in order to avoid security weaknesses, (ii) the choice of genes and their interaction have a profound influence on the performance of the AIS, (iii) randomly created detectors do not comply with limitations imposed by communications protocols and (iv) the data traffic pattern seems not to impact significantly the overall performance. We identified a specific MAC layer based gene that showed to be especially useful for detection; genes measure a network's performance from a node's viewpoint. Furthermore, we identified an interesting complementarity property of genes; this property exploits the local nature of sensor networks and moves the burden of excessive communication from normally behaving nodes to misbehaving nodes. These results have a direct impact on the design of AIS for sensor networks and on engineering of sensor networks.Comment: 16 pages, 20 figures, a full version of our IEEE CEC 2007 pape

Rescuing Wireless Sensor Networks Security from Science Fiction

Abstract. We critically analyze the state of the art in research on wireless sensor network security. Assumptions about security requirements are not always consistent with the assumptions about the nature of sensor nodes. There are deficiencies in the specification of attacker models. Work on wireless sensor network security often fails to give proper definitions and justifications of what constitutes node misbehaviour. We analyze the merits and limitations of reputation-based routing protocols as a security mechanism, and observe that in wireless sensor networks there is a strong case for using application specific cross-layer optimizations and hence a diminished demand for generic security solutions

Identification of misbehavior detection solutions and risk scenarios in advanced connected and automated driving scenarios

The inclusion of 5G cellular communication system into vehicles, combined with other connected-vehicle technology, such as sensors and cameras, makes connected and advanced vehicles a promising application in the Cooperative Intelligent Transport Systems. One of the most challenging task is to provide resilience against misbehavior i.e., against vehicles that intentionally disseminate false information to deceive receivers and induce them to manoeuvre incorrectly or even dangerously. This calls for misbehaviour detection mechanisms, whose purpose is to analyze information semantics to detect and filter attacks. As a result, data correctness and integrity are ensured. Misbehaviour and its detection are rather new concepts in the literature; there is a lack of methods that leverage the available information to prove its trustworthiness. This is mainly because misbehaviour techniques come with several flavours and have different unpredictable purposes, therefore providing precise guidelines is rather ambitious. Moreover, dataset to test detection schemes are rare to find and inconvenient to customize and adapt according to needs. This work presents a misbehaviour detection scheme that exploits information shared between vehicles and received signal properties to investigate the behaviour of transmitters. Differently from most available solutions, this is based on the data of the on-board own resources of the vehicle. Computational effort and resources required are minor concerns, and concurrently time efficiency is gained. Also, the project addresses three different types of attack to show that detecting misbehaviour methods are more vulnerable to some profile of attacker than others. Moreover, a rich dataset was set up to test the scheme. The dataset was created according to the latest standardised evaluation methodologies and provides a valuable starting point for any further development and research

A taxonomy and survey of cyber-physical intrusion detection approaches for vehicles

With the growing threat of cyber and cyber-physical attacks against automobiles, drones, ships, driverless pods and other vehicles, there is also a growing need for intrusion detection approaches that can facilitate defence against such threats. Vehicles tend to have limited processing resources and are energy-constrained. So, any security provision needs to abide by these limitations. At the same time, attacks against vehicles are very rare, often making knowledge-based intrusion detection systems less practical than behaviour-based ones, which is the reverse of what is seen in conventional computing systems. Furthermore, vehicle design and implementation can differ wildly between different types or different manufacturers, which can lead to intrusion detection designs that are vehicle-specific. Equally importantly, vehicles are practically defined by their ability to move, autonomously or not. Movement, as well as other physical manifestations of their operation may allow cyber security breaches to lead to physical damage, but can also be an opportunity for detection. For example, physical sensing can contribute to more accurate or more rapid intrusion detection through observation and analysis of physical manifestations of a security breach. This paper presents a classification and survey of intrusion detection systems designed and evaluated specifically on vehicles and networks of vehicles. Its aim is to help identify existing techniques that can be adopted in the industry, along with their advantages and disadvantages, as well as to identify gaps in the literature, which are attractive and highly meaningful areas of future research

Enhancing Bio-inspired Intrusion Response in Ad-hoc Networks

Practical applications of Ad-hoc networks are developing everyday and safeguarding their security is becoming more important. Because of their specific qualities, ad-hoc networks require an anomaly detection system that adapts to its changing behaviour quickly. Bio-inspired algorithms provide dynamic, adaptive, real-time methods of intrusion detection and particularly in initiating a response. A key component of bio-inspired response methods is the use of feedback from the network to better adapt their response to the specific attack and the type of network at hand. However, calculating an appropriate length of time at which to provide feedback is crucial - premature feedback or delayed feedback from the network can have adverse effects on the attack mitigation process. The antigen-degeneracy response selection algorithm (Schaust & Szczerbicka, 2011) is one of the few bio-inspired algorithms for selecting the appropriate response for misbehavior that considers network performance and adapts to the network. The main drawback of this algorithm is that it has no measure of the amount of time to wait before it can take performance measurements (feedback) from the network. In this thesis, we attempt to develop an understanding of the length of time required before feedback is provided in a range of types of ad-hoc network that have been subject of an attack, in order that future development of bio-inspired intrusion detection algorithms can be enhanced.Aiming toward an adaptive timer, we discuss that ad-hoc networks can be divided into Wireless Sensor Network (WSN), Wireless Personal Area Network (WPAN) and Spontaneously Networked Users (SNU). We use ns2 to simulate these three different types of ad-hoc networks, each of which is analysed for changes in its throughput after an attack is responded to, in order to calculate the corresponding feedback time. The feedback time in this case is the time it takes for the network to stabilise. Feedback time is not only essential to bio-inspired intrusion response methods, but can also be used in network applications where a stable network reading is required, e.g. security monitoring and motion tracking.Interestingly, we found that the network feedback time does not vary greatly between the different types of networks, but it was calculated to be less than half of what Schaust and Szczerbicka used in their algorith

An architecture framework for enhanced wireless sensor network security

This thesis develops an architectural framework to enhance the security of Wireless Sensor Networks (WSNs) and provides the implementation proof through different security countermeasures, which can be used to establish secure WSNs, in a distributed and self-healing manner. Wireless Sensors are used to monitor and control environmental properties such as sound, acceleration, vibration, air pollutants, and temperature. Due to their limited resources in computation capability, memory and energy, their security schemes are susceptible to many kinds of security vulnerabilities. This thesis investigated all possible network attacks on WSNs and at the time of writing, 19 different types of attacks were identified, all of which are discussed including exposures to the attacks, and the impact of those attacks. The author then utilises this work to examine the ZigBee series, which are the new generation of wireless sensor network products with built-in layered security achieved by secure messaging using symmetric cryptography. However, the author was able to uniquely identify several security weaknesses in ZigBee by examining its protocol and launching the possible attacks. It was found that ZigBee is vulnerable to the following attacks, namely: eavesdropping, replay attack, physical tampering and Denial of Services (DoS). The author then provides solutions to improve the ZigBee security through its security schema, including an end-to-end WSN security framework, architecture design and sensor configuration, that can withstand all types of attacks on the WSN and mitigate ZigBee’s WSN security vulnerabilities

Trust-based energy efficient routing protocol for wireless sensor networks

Wireless Sensor Networks (WSNs) consist of a number of distributed sensor nodes that are connected within a specified area. Generally, WSN is used for monitoring purposes and can be applied in many fields including health, environmental and habitat monitoring, weather forecasting, home automation, and in the military. Similar, to traditional wired networks, WSNs require security measures to ensure a trustworthy environment for communication. However, due to deployment scenarios nodes are exposed to physical capture and inclusion of malicious node led to internal network attacks hence providing the reliable delivery of data and trustworthy communication environment is a real challenge. Also, malicious nodes intentionally dropping data packets, spreading false reporting, and degrading the network performance. Trust based security solutions are regarded as a significant measure to improve the sensor network security, integrity, and identification of malicious nodes. Another extremely important issue for WSNs is energy conversation and efficiency, as energy sources and battery capacity are often limited, meaning that the implementation of efficient, reliable data delivery is an equally important consideration that is made more challenging due to the unpredictable behaviour of sensor nodes. Thus, this research aims to develop a trust and energy efficient routing protocol that ensures a trustworthy environment for communication and reliable delivery of data. Firstly, a Belief based Trust Evaluation Scheme (BTES) is proposed that identifies malicious nodes and maintains a trustworthy environment among sensor nodes while reducing the impact of false reporting. Secondly, a State based Energy Calculation Scheme (SECS) is proposed which periodically evaluates node energy levels, leading to increased network lifetime. Finally, as an integrated outcome of these two schemes, a Trust and Energy Efficient Path Selection (TEEPS) protocol has been proposed. The proposed protocol is benchmarked with A Trust-based Neighbour selection system using activation function (AF-TNS), and with A Novel Trust of dynamic optimization (Trust-Doe). The experimental results show that the proposed protocol performs better as compared to existing schemes in terms of throughput (by 40.14%), packet delivery ratio (by 28.91%), and end-to-end delay (by 41.86%). In conclusion, the proposed routing protocol able to identify malicious nodes provides a trustworthy environment and improves network energy efficiency and lifetime