A Multi-agent System for Outliers Accommodation in Wireless Sensor Networks

This work has been partially supported by the European Commission under the contract FP7-ICT-224282 (GINSENG) and Project CENTRO-07-ST24-FEDER-002003 (iCIS-Intelligent Computing in the Internet of Services).In monitoring applications the accuracy of data is paramount. When considering wireless sensor networks the quality of readings taken from the environment may be hampered by outliers in raw data collected from transmitters attached to nodes' analogue-to-digital converter ports. To improve the data quality sent to the base-station, a real-time data analysis should be implemented at nodes' level, while taking into account their computing power and storage limitations. This paper deals with the problem of outliers detection and accommodation in raw data. The proposed approach relies on univariate statistics within an hierarchical multi-agent framework. Results from experiments on a real monitoring scenario, at a major oil refinery plant, show the relevance of the proposed approach.publishersversionpublishe

GPS Anomaly Detection And Machine Learning Models For Precise Unmanned Aerial Systems

The rapid development and deployment of 5G/6G networks have brought numerous benefits such as faster speeds, enhanced capacity, improved reliability, lower latency, greater network efficiency, and enablement of new applications. Emerging applications of 5G impacting billions of devices and embedded electronics also pose cyber security vulnerabilities. This thesis focuses on the development of Global Positioning Systems (GPS) Based Anomaly Detection and corresponding algorithms for Unmanned Aerial Systems (UAS). Chapter 1 provides an overview of the thesis background and its objectives. Chapter 2 presents an overview of the 5G architectures, their advantages, and potential cyber threat types. Chapter 3 addresses the issue of GPS dropouts by taking the use case of the Dallas-Fort Worth (DFW) airport. By analyzing data from surveillance drones in the (DFW) area, its message frequency, and statistics on time differences between GPS messages were examined. Chapter 4 focuses on modeling and detecting false data injection (FDI) on GPS. Specifically, three scenarios, including Gaussian noise injection, data duplication, data manipulation are modeled. Further, multiple detection schemes that are Clustering-based and reinforcement learning techniques are deployed and detection accuracy were investigated. Chapter 5 shows the results of Chapters 3 and 4. Overall, this research provides a categorization and possible outlier detection to minimize the GPS interference for UAS enhancing the security and reliability of UAS operations

Anomaly detection in smart city wireless sensor networks

Aquesta tesi proposa una plataforma de detecció d’intrusions per a revelar atacs a les xarxes de sensors sense fils (WSN, per les sigles en anglès) de les ciutats intel·ligents (smart cities). La plataforma està dissenyada tenint en compte les necessitats dels administradors de la ciutat intel·ligent, els quals necessiten accés a una arquitectura centralitzada que pugui gestionar alarmes de seguretat en un sistema altament heterogeni i distribuït. En aquesta tesi s’identifiquen els diversos passos necessaris des de la recollida de dades fins a l’execució de les tècniques de detecció d’intrusions i s’avalua que el procés sigui escalable i capaç de gestionar dades típiques de ciutats intel·ligents. A més, es comparen diversos algorismes de detecció d’anomalies i s’observa que els mètodes de vectors de suport d’una mateixa classe (one-class support vector machines) resulten la tècnica multivariant més adequada per a descobrir atacs tenint en compte les necessitats d’aquest context. Finalment, es proposa un esquema per a ajudar els administradors a identificar els tipus d’atacs rebuts a partir de les alarmes disparades.Esta tesis propone una plataforma de detección de intrusiones para revelar ataques en las redes de sensores inalámbricas (WSN, por las siglas en inglés) de las ciudades inteligentes (smart cities). La plataforma está diseñada teniendo en cuenta la necesidad de los administradores de la ciudad inteligente, los cuales necesitan acceso a una arquitectura centralizada que pueda gestionar alarmas de seguridad en un sistema altamente heterogéneo y distribuido. En esta tesis se identifican los varios pasos necesarios desde la recolección de datos hasta la ejecución de las técnicas de detección de intrusiones y se evalúa que el proceso sea escalable y capaz de gestionar datos típicos de ciudades inteligentes. Además, se comparan varios algoritmos de detección de anomalías y se observa que las máquinas de vectores de soporte de una misma clase (one-class support vector machines) resultan la técnica multivariante más adecuada para descubrir ataques teniendo en cuenta las necesidades de este contexto. Finalmente, se propone un esquema para ayudar a los administradores a identificar los tipos de ataques recibidos a partir de las alarmas disparadas.This thesis proposes an intrusion detection platform which reveals attacks in smart city wireless sensor networks (WSN). The platform is designed taking into account the needs of smart city administrators, who need access to a centralized architecture that can manage security alarms in a highly heterogeneous and distributed system. In this thesis, we identify the various necessary steps from gathering WSN data to running the detection techniques and we evaluate whether the procedure is scalable and capable of handling typical smart city data. Moreover, we compare several anomaly detection algorithms and we observe that one-class support vector machines constitute the most suitable multivariate technique to reveal attacks, taking into account the requirements in this context. Finally, we propose a classification schema to assist administrators in identifying the types of attacks compromising their networks

A Unified Wormhole Attack Detection Framework for Mobile Ad hoc Networks

The Internet is experiencing an evolution towards a ubiquitous network paradigm, via the so-called internet-of-things (IoT), where small wireless computing devices like sensors and actuators are integrated into daily activities. Simultaneously, infrastructure-less systems such as mobile ad hoc networks (MANET) are gaining popularity since they provide the possibility for devices in wireless sensor networks or vehicular ad hoc networks to share measured and monitored information without having to be connected to a base station. While MANETs offer many advantages, including self-configurability and application in rural areas which lack network infrastructure, they also present major challenges especially in regard to routing security. In a highly dynamic MANET, where nodes arbitrarily join and leave the network, it is difficult to ensure that nodes are trustworthy for multi-hop routing. Wormhole attacks belong to most severe routing threats because they are able to disrupt a major part of the network traffic, while concomitantly being extremely difficult to detect. This thesis presents a new unified wormhole attack detection framework which is effective for all known wormhole types, alongside incurring low false positive rates, network loads and computational time, for a variety of diverse MANET scenarios. The framework makes three original technical contributions: i) a new accurate wormhole detection algorithm based on packet traversal time and hop count analysis (TTHCA) which identifies infected routes, ii) an enhanced, dynamic traversal time per hop analysis (TTpHA) detection model which is adaptable to node radio range fluctuations, and iii) a method for automatically detecting time measurement tampering in both TTHCA and TTpHA. The thesis findings indicate that this new wormhole detection framework provides significant performance improvements compared to other existing solutions by accurately, efficiently and robustly detecting all wormhole variants under a wide range of network conditions

Edge Computing for Internet of Things

The Internet-of-Things is becoming an established technology, with devices being deployed in homes, workplaces, and public areas at an increasingly rapid rate. IoT devices are the core technology of smart-homes, smart-cities, intelligent transport systems, and promise to optimise travel, reduce energy usage and improve quality of life. With the IoT prevalence, the problem of how to manage the vast volumes of data, wide variety and type of data generated, and erratic generation patterns is becoming increasingly clear and challenging. This Special Issue focuses on solving this problem through the use of edge computing. Edge computing offers a solution to managing IoT data through the processing of IoT data close to the location where the data is being generated. Edge computing allows computation to be performed locally, thus reducing the volume of data that needs to be transmitted to remote data centres and Cloud storage. It also allows decisions to be made locally without having to wait for Cloud servers to respond

From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods

Over the last five years there has been an increase in the frequency and diversity of network attacks. This holds true, as more and more organisations admit compromises on a daily basis. Many misuse and anomaly based Intrusion Detection Systems (IDSs) that rely on either signatures, supervised or statistical methods have been proposed in the literature, but their trustworthiness is debatable. Moreover, as this work uncovers, the current IDSs are based on obsolete attack classes that do not reflect the current attack trends. For these reasons, this paper provides a comprehensive overview of unsupervised and hybrid methods for intrusion detection, discussing their potential in the domain. We also present and highlight the importance of feature engineering techniques that have been proposed for intrusion detection. Furthermore, we discuss that current IDSs should evolve from simple detection to correlation and attribution. We descant how IDS data could be used to reconstruct and correlate attacks to identify attackers, with the use of advanced data analytics techniques. Finally, we argue how the present IDS attack classes can be extended to match the modern attacks and propose three new classes regarding the outgoing network communicatio

Attack-Tolerant Time-Synchronization in Wireless Sensor Networks

Abstract—Achieving secure time-synchronization in wireless sensor networks (WSNs) is a challenging, but very important problem that has not yet been addressed effectively. This pa-per proposes an Attack-tolerant Time-Synchronization Protocol (ATSP) in which sensor nodes cooperate to safeguard the time-synchronization service against malicious attacks. ATSP exploits the high temporal correlation existing among adjacent nodes in a WSN to achieve (1) adaptive management of the profile of each sensor’s normal behavior, (2) distributed, cooperative detection of falsified clock values advertised by attackers or compromised nodes, and (3) significant improvement of syn-chronization accuracy and stability by effectively compensating the clock drifts with the calibrated clock. To reduce the risk of losing time-synchronization due to attacks on the reference node, ATSP utilizes distributed, mutual synchronization and confines the impact of attacks to a local area (where attacks took place). Furthermore, by maintaining an accurate profile of sensors’ normal synchronization behaviors, ATSP detects various critical attacks while incurring only reasonable communication and computation overheads, making ATSP attack-tolerant and ideal for resource-constrained WSNs. I

Exploitation of Data Correlation and Performance Enhancement in Wireless Sensor Networks

With the combination of wireless communications and embedded system, lots of progress has been made in the area of wireless sensor networks (WSNs). The networks have already been widely deployed, due to their self-organization capacity and low-cost advantage. However, there are still some technical challenges needed to be addressed. In the thesis, three algorithms are proposed in improving network energy efficiency, detecting data fault and reducing data redundancy. The basic principle behind the proposed algorithms is correlation in the data collected by WSNs. The first sensor scheduling algorithm is based on the spatial correlation between neighbor sensor readings. Given the spatial correlation, sensor nodes are clustered into groups. At each time instance, only one node within each group works as group representative, namely, sensing and transmitting sensor data. Sensor nodes take turns to be group representative. Therefore, the energy consumed by other sensor nodes within the same group can be saved. Due to the continuous nature of the data to be collected, temporal and spatial correlation of sensor data has been exploited to detect the faulty data. By exploitation of temporal correlation, the normal range of upcoming sensor data can be predicted by the historical observations. Based on spatial correlation, weighted neighbor voting can be used to diagnose whether the value of sensor data is reliable. The status of the sensor data, normal or faulty, is decided by the combination of these two proposed detection procedures. Similar to the sensor scheduling algorithm, the recursive principal component analysis (RPCA) based algorithm has been studied to detect faulty data and aggregate redundant data by exploitation of spatial correlation as well. The R-PCA model is used to process the sensor data, with the help of squared prediction error (SPE) score and cumulative percentage formula. When SPE score of a collected datum is distinctly larger than that of normal data, faults can be detected. The data dimension is reduced according to the calculation result of cumulative percentage formula. All the algorithms are simulated in OPNET or MATLAB based on practical and synthetic datasets. Performances of the proposed algorithms are evaluated in each chapter

Building a reliable and secure management framework for software-defined networks

Title from PDF of title page viewed December 15, 2021Dissertation advisor: Sejun SongVitaIncludes bibliographical references (pages 101-109)Thesis (Ph.D.)--School of Computing and Engineering. University of Missouri--Kansas City, 2021The Software-Defined Networking (SDN) technologies promise to enhance the performance and cost of managing both wired and wireless network infrastructures, functions, controls, and services (i.e., Internet of Things). However, centralized management in softwarization architecture poses new security, reliability, and scalability challenges. Significantly, the current OpenFlow Discovery Protocol (OFDP) in SDN induces substantial issues due to its gossipy, centralized, periodic, and tardy protocol. Furthermore, the problems are aggravated in the wireless and mobile SDN due to the dynamic topology churns and the lack of link-layer discovery methods. In this work, we tackle both security and reliability management issues in SDN. Specifically, we design and build a novel multitemporal cross-stratum discovery proto- col framework, which efficiently orchestrates different reliability monitoring mechanisms over SDN networks and synchronizes the control messages among various applications. It facilitates multiple discovery frequency timers for each target over different stratum instead of using a uniform discovery timer for the entire network. It supports many common reliability monitoring factors for registered applications by analyzing offline and online network architecture information such as network topologies, traffic flows, virtualization architectures, and protocols. The framework consists of traffic-aware discovery (TaDPole), and centrality-aware protocol (CAMLE) facilities. We implemented the framework on Ryu controller. Extensive Mininet experimental results validate that the framework significantly improves discovery message efficiency and makes the control traffic less bursty than OFDP with a uniform timer. It also reduces the network status discovery delay without increasing the control overhead. We then evaluated the security issues in SDN and proposed an SDN-based Wormhole Analysis using the Neighbor Similarity (SWANS) approach as a novel wormhole countermeasure in a Software-defined MANET. As SWANS analyses the similarity of neighbor counts at a centralized SDN controller, it apprehends wormholes not only without requiring any particular location information but also without causing significant communication and coordination overhead. SWANS also countermeasures various false-positive and false-negative scenarios generated by the Link Layer Discovery Protocol (LLDP) vulnerability. We performed extensive studies via both analysis and simulations. Our simulation results show that SWANS can detect wormhole attacks efficiently with low false-positive and false-negative rates.Introduction -- Background -- Literature review -- Traffic-aware discovery protocol for software-defined wireless and mobile networks -- Centrality-aware multitemporal discovery protocol for software-defined networks -- SDN-based wormhole analysis using the neighbor similarity for a Mobile Ad hoc Network (MANET) -- Conclusions and future wor