Individual Security and Network Design with Malicious Nodes

Networks are beneficial to those being connected but can also be used as carriers of contagious hostile attacks. These attacks are often facilitated by exploiting corrupt network users. To protect against the attacks, users can resort to costly defense. The decentralized nature of such protection is known to be inefficient but the inefficiencies can be mitigated by a careful network design. Is network design still effective when not all users can be trusted? We propose a model of network design and defense with byzantine nodes to address this question. We study the optimal defended networks in the case of centralized defense and, for the case of decentralized defense, we show that the inefficiencies due to decentralization can be fully mitigated, despite the presence of the byzantine nodes.Comment: 19 pages, 3 figure

Individual security, contagion, and network design

Individuals derive benefits from their connections, but these may expose them to external threats. Agents therefore invest in security to protect themselves. What are the network architectures that maximize collective welfare? We propose a model to explore the tension between connectivity and exposure to an external threat when security choices are decentralized. We find that both over-investment and under-investment in security are possible, and that optimal network architectures depend on the prevailing source of inefficiencies. Social welfare may be maximized in sparse connected networks when under-investment pressures are present, and fragmented networks when over-investment pressures prevail.Sanjeev Goyal and Diego Cerdeiro were supported by European Research Area Complexity-Net (http://www.complexitynet.eu) through grant, Resilience and interaction of networks in ecology and economics (RESINEE). Diego Cerdeiro acknowledges financial support from Queens' College and the Cambridge Overseas Trust. Marcin Dziubiński was supported by the Strategic Resilience of Networks project realized within the Homing Plus programme of the Foundation for Polish Science, co-financed by the European Union from the Regional Development Fund within Operational Programme Innovative Economy (“Grants for Innovation”). Sanjeev Goyal acknowledges financial support from a Keynes Fellowship and the Cambridge-INET Institute

IP Bouncer: An End-User Network Privacy Enhancing Tool

IP Bouncer is a novel IT artifact that exposes unexpected and unwanted network communication initiated by trusted “insider” applications. It closely follows design science guidelines illustrated in the five design principles of the artifact. One of the novel aspects of the design is the key-pair approach used for assessing appropriate or inappropriate network communications. By coupling the context-awareness of the user with online aggregators of blacklists, IP Bouncer offers greater individual and organizational security protection and earlier detection of network anomalies

Layered security design for mobile ad hoc networks

When security of a given network architecture is not properly designed from the beginning, it is difficult to preserve confidentiality, authenticity, integrity and non-repudiation in practical networks. Unlike traditional mobile wireless networks, ad hoc networks rely on individual nodes to keep all the necessary interconnections alive. In this article we investigate the principal security issues for protecting mobile ad hoc networks at the data link and network layers. The security requirements for these two layers are identified and the design criteria for creating secure ad hoc networks using multiple lines of defense against malicious attacks are discussed

Truthful Mechanisms for Secure Communication in Wireless Cooperative System

To ensure security in data transmission is one of the most important issues for wireless relay networks, and physical layer security is an attractive alternative solution to address this issue. In this paper, we consider a cooperative network, consisting of one source node, one destination node, one eavesdropper node, and a number of relay nodes. Specifically, the source may select several relays to help forward the signal to the corresponding destination to achieve the best security performance. However, the relays may have the incentive not to report their true private channel information in order to get more chances to be selected and gain more payoff from the source. We propose a Vickey-Clark-Grove (VCG) based mechanism and an Arrow-d'Aspremont-Gerard-Varet (AGV) based mechanism into the investigated relay network to solve this cheating problem. In these two different mechanisms, we design different "transfer payment" functions to the payoff of each selected relay and prove that each relay gets its maximum (expected) payoff when it truthfully reveals its private channel information to the source. And then, an optimal secrecy rate of the network can be achieved. After discussing and comparing the VCG and AGV mechanisms, we prove that the AGV mechanism can achieve all of the basic qualifications (incentive compatibility, individual rationality and budget balance) for our system. Moreover, we discuss the optimal quantity of relays that the source node should select. Simulation results verify efficiency and fairness of the VCG and AGV mechanisms, and consolidate these conclusions.Comment: To appear in IEEE Transactions on Wireless Communication

Improved detection of Probe Request Attacks : Using Neural Networks and Genetic Algorithm

The Media Access Control (MAC) layer of the wireless protocol, Institute of Electrical and Electronics Engineers (IEEE) 802.11, is based on the exchange of request and response messages. Probe Request Flooding Attacks (PRFA) are devised based on this design flaw to reduce network performance or prevent legitimate users from accessing network resources. The vulnerability is amplified due to clear beacon, probe request and probe response frames. The research is to detect PRFA of Wireless Local Area Networks (WLAN) using a Supervised Feedforward Neural Network (NN). The NN converged outstandingly with train, valid, test sample percentages 70, 15, 15 and hidden neurons 20. The effectiveness of an Intruder Detection System depends on its prediction accuracy. This paper presents optimisation of the NN using Genetic Algorithms (GA). GAs sought to maximise the performance of the model based on Linear Regression (R) and generated R > 0.95. Novelty of this research lies in the fact that the NN accepts user and attacker training data captured separately. Hence, security administrators do not have to perform the painstaking task of manually identifying individual frames for labelling prior training. The GA provides a reliable NN model and recognises the behaviour of the NN for diverse configurations

Career Transitions and Trajectories: A Case Study in Computing

From artificial intelligence to network security to hardware design, it is well-known that computing research drives many important technological and societal advancements. However, less is known about the long-term career paths of the people behind these innovations. What do their careers reveal about the evolution of computing research? Which institutions were and are the most important in this field, and for what reasons? Can insights into computing career trajectories help predict employer retention? In this paper we analyze several decades of post-PhD computing careers using a large new dataset rich with professional information, and propose a versatile career network model, R^3, that captures temporal career dynamics. With R^3 we track important organizations in computing research history, analyze career movement between industry, academia, and government, and build a powerful predictive model for individual career transitions. Our study, the first of its kind, is a starting point for understanding computing research careers, and may inform employer recruitment and retention mechanisms at a time when the demand for specialized computational expertise far exceeds supply.Comment: To appear in KDD 201