Intrusion Detection System for Platooning Connected Autonomous Vehicles

The deployment of Connected Autonomous Vehicles (CAVs) in Vehicular Ad Hoc Networks (VANETs) requires secure wireless communication in order to ensure reliable connectivity and safety. However, this wireless communication is vulnerable to a variety of cyber atacks such as spoofing or jamming attacks. In this paper, we describe an Intrusion Detection System (IDS) based on Machine Learning (ML) techniques designed to detect both spoofing and jamming attacks in a CAV environment. The IDS would reduce the risk of traffic disruption and accident caused as a result of cyber-attacks. The detection engine of the presented IDS is based on the ML algorithms Random Forest (RF), k-Nearest Neighbour (k-NN) and One-Class Support Vector Machine (OCSVM), as well as data fusion techniques in a cross-layer approach. To the best of the authors’ knowledge, the proposed IDS is the first in literature that uses a cross-layer approach to detect both spoofing and jamming attacks against the communication of connected vehicles platooning. The evaluation results of the implemented IDS present a high accuracy of over 90% using training datasets containing both known and unknown attacks

Stuck in Traffic (SiT) Attacks: A Framework for Identifying Stealthy Attacks that Cause Traffic Congestion

Recent advances in wireless technologies have enabled many new applications in Intelligent Transportation Systems (ITS) such as collision avoidance, cooperative driving, congestion avoidance, and traffic optimization. Due to the vulnerable nature of wireless communication against interference and intentional jamming, ITS face new challenges to ensure the reliability and the safety of the overall system. In this paper, we expose a class of stealthy attacks -- Stuck in Traffic (SiT) attacks -- that aim to cause congestion by exploiting how drivers make decisions based on smart traffic signs. An attacker mounting a SiT attack solves a Markov Decision Process problem to find optimal/suboptimal attack policies in which he/she interferes with a well-chosen subset of signals that are based on the state of the system. We apply Approximate Policy Iteration (API) algorithms to derive potent attack policies. We evaluate their performance on a number of systems and compare them to other attack policies including random, myopic and DoS attack policies. The generated policies, albeit suboptimal, are shown to significantly outperform other attack policies as they maximize the expected cumulative reward from the standpoint of the attacker

Data analytics methods for attack detection and localization in wireless networks

Wireless ad hoc network operates without any fixed infrastructure and centralized administration. It is a group of wirelessly connected nodes having the capability to work as host and router. Due to its features of open communication medium, dynamic changing topology, and cooperative algorithm, security is the primary concern when designing wireless networks. Compared to the traditional wired network, a clean division of layers may be sacrificed for performance in wireless ad hoc networks. As a result, they are vulnerable to various types of attacks at different layers of the protocol stack. In this paper, I present real-time series data analysis solutions to detect various attacks including in- band wormholes attack in the network layer, various MAC layer misbehaviors, and jamming attack in the physical layer. And, I also investigate the problem of node localization in wireless and sensor networks, where a total of n anchor nodes are used to determine the locations of other nodes based on the received signal strengths. A range-based machine learning algorithm is developed to tackle the challenges --Abstract, page iii

Diseño de mecanismos para el desarrollo de sistemas seguros con calidad de servicio (QoS)

Seguridad y Calidad de Servicio (QoS) son aspectos ampliamente confrontados. En esta tesis se realiza un análisis detallado de las características y requisitos de seguridad y QoS en las redes candidatas a formar parte de la Internet del Futuro (IF) y de la Internet de los Objetos (IdO), así como de los mecanismos actuales para el análisis de la compensación entre mecanismos de seguridad y QoS. De este estudio se desprende la necesidad de definir nuevos modelos para la evaluación del impacto entre mecanismos de seguridad y QoS, dado que la mayor parte de los estudios centra sus esfuerzos en entornos específicos y características determinadas que no pueden ser fácilmente mapeadas a otros entornos, o cambiar dinámicamente. Por ello definimos un modelo para la composición de esquemas de definición paramétrica basado en el contexto, definido por sus siglas en inglés, Context-based Parametric Relationship Model (CPRM). Este modelo es implementado en una herramienta para la evaluación de mecanismos de Seguridad y QoS (SQT), y su rendimiento evaluado en base a la información integrada en los contextos y la dependencia paramétrica. Finalmente, para mejorar la visualización de los resultados y agilizar la comprensión del modelo definimos un sistema de recomendaciones para la herramienta SQT (SQT-RS). El análisis del modelo y de la herramienta se realiza empleando dos casos base dentro de escenarios del FI: mecanismos de autenticación en redes de sensores (WSN) y recomendaciones para la composición de mecanismos en escenarios de 5G Green sometidos a eavesdropping y jamming

Intrusion Detection System for detecting internal threats in 6LoWPAN

6LoWPAN (IPv6 over Low-power Wireless Personal Area Network) is a standard developed by the Internet Engineering Task Force group to enable the Wireless Sensor Networks to connect to the IPv6 Internet. This standard is rapidly gaining popularity for its applicability, ranging extensively from health care to environmental monitoring. Security is one of the most crucial issues that need to be considered properly in 6LoWPAN. Common 6LoWPAN security threats can come from external or internal attackers. Cryptographic techniques are helpful in protecting the external attackers from illegally joining the network. However, because the network devices are commonly not tampered-proof, the attackers can break the cryptography codes of such devices and use them to operate like an internal source. These malicious sources can create internal attacks, which may downgrade significantly network performance. Protecting the network from these internal threats has therefore become one of the centre security problems on 6LoWPAN. This thesis investigates the security issues created by the internal threats in 6LoWPAN and proposes the use of Intrusion Detection System (IDS) to deal with such threats. Our main works are to categorise the 6LoWPAN threats into two major types, and to develop two different IDSs to detect each of this type effectively. The major contributions of this thesis are summarised as below. First, we categorise the 6LoWPAN internal threats into two main types, one that focuses on compromising directly the network performance (performance-type) and the other is to manipulate the optimal topology (topology-type), to later downgrade the network service quality indirectly. In each type, we select some typical threats to implement, and assess their particular impacts on network performance as well as identify performance metrics that are sensitive in the attacked situations, in order to form the basis detection knowledge. In addition, on studying the topology-type, we propose several novel attacks towards the Routing Protocol for Low Power and Lossy network (RPL - the underlying routing protocol in 6LoWPAN), including the Rank attack, Local Repair attack and DIS attack. Second, we develop a Bayesian-based IDS to detect the performance-type internal threats by monitoring typical attacking targets such as traffic, channel or neighbour nodes. Unlike other statistical approaches, which have a limited view by just using a single metric to monitor a specific attack, our Bayesian-based IDS can judge an abnormal behaviour with a wiser view by considering of different metrics using the insightful understanding of their relations. Such wiser view helps to increase the IDS’s accuracy significantly. Third, we develop a Specification-based IDS module to detect the topology-type internal threats based on profiling the RPL operation. In detail, we generalise the observed states and transitions of RPL control messages to construct a high-level abstract of node operations through analysing the trace files of the simulations. Our profiling technique can form all of the protocol’s legal states and transitions automatically with corresponding statistic data, which is faster and easier to verify compare with other manual specification techniques. This IDS module can detect the topology-type threats quickly with a low rate of false detection. We also propose a monitoring architecture that uses techniques from modern technologies such as LTE (Long-term Evolution), cloud computing, and multiple interface sensor devices, to expand significantly the capability of the IDS in 6LoWPAN. This architecture can enable the running of both two proposed IDSs without much overhead created, to help the system to deal with most of the typical 6LoWPAN internal threats. Overall, the simulation results in Contiki Cooja prove that our two IDS modules are effective in detecting the 6LoWPAN internal threats, with the detection accuracy is ranging between 86 to 100% depends on the types of attacks, while the False Positive is also satisfactory, with under 5% for most of the attacks. We also show that the additional energy consumptions and the overhead of the solutions are at an acceptable level to be used in the 6LoWPAN environment

Secrecy Energy Efficiency of MIMOME Wiretap Channels with Full-Duplex Jamming

Full-duplex (FD) jamming transceivers are recently shown to enhance the information security of wireless communication systems by simultaneously transmitting artificial noise (AN) while receiving information. In this work, we investigate if FD jamming can also improve the systems secrecy energy efficiency (SEE) in terms of securely communicated bits-per- Joule, when considering the additional power used for jamming and self-interference (SI) cancellation. Moreover, the degrading effect of the residual SI is also taken into account. In this regard, we formulate a set of SEE maximization problems for a FD multiple-input-multiple-output multiple-antenna eavesdropper (MIMOME) wiretap channel, considering both cases where exact or statistical channel state information (CSI) is available. Due to the intractable problem structure, we propose iterative solutions in each case with a proven convergence to a stationary point. Numerical simulations indicate only a marginal SEE gain, through the utilization of FD jamming, for a wide range of system conditions. However, when SI can efficiently be mitigated, the observed gain is considerable for scenarios with a small distance between the FD node and the eavesdropper, a high Signal-to-noise ratio (SNR), or for a bidirectional FD communication setup.Comment: IEEE Transactions on Communication