A Misuse-Based Intrusion Detection System for ITU-T G.9959 Wireless Networks

Wireless Sensor Networks (WSNs) provide low-cost, low-power, and low-complexity systems tightly integrating control and communication. Protocols based on the ITU-T G.9959 recommendation specifying narrow-band sub-GHz communications have significant growth potential. The Z-Wave protocol is the most common implementation. Z-Wave developers are required to sign nondisclosure and confidentiality agreements, limiting the availability of tools to perform open source research. This work discovers vulnerabilities allowing the injection of rogue devices or hiding information in Z-Wave packets as a type of covert channel attack. Given existing vulnerabilities and exploitations, defensive countermeasures are needed. A Misuse-Based Intrusion Detection System (MBIDS) is engineered, capable of monitoring Z-Wave networks. Experiments are designed to test the detection accuracy of the system against attacks. Results from the experiments demonstrate the MBIDS accurately detects intrusions in a Z-Wave network with a mean misuse detection rate of 99%. Overall, this research contributes new Z-Wave exploitations and an MBIDS to detect rogue devices and packet injection attacks, enabling a more secure Z-Wave network

Security threats on wireless sensor network protocols

In this paper, we investigate security issues and challenges facing researchers in wireless sensor networks and countermeasures to resolve them. The broadcast nature of wireless communication makes Wireless Sensor Networks prone to various attacks. Due to resources limitation constraint in terms of limited energy, computation power and memory, security in wireless sensor networks creates different challenges than wired network security. We will discuss several attempts at addressing the issues of security in wireless sensor networks in an attempt to encourage more research into this area

A survey on network security and attack defense mechanism for wireless sensor networks.

Abstract: The severe constraints and demanding deployment environments of wireless sensor networks make security for these systems more challenging than for conventional networks. However, several properties of sensor networks may help address the challenge of building secure networks. The unique aspects of sensor networks may allow novel defenses not available in conventional networks. In this paper, we investigate the security related issues and challenges in wireless sensor networks. We identify the security threats, review proposed security mechanisms for wireless sensor networks

An Extensive Validation of a SIR Epidemic Model to Study the Propagation of Jamming Attacks against IoT Wireless Networks.

This paper describes the utilization of an epidemic approach to study the propagation of jamming attacks, which can affect to different communication layers of all nodes in a variety of Internet of Things (IoT) wireless networks, regardless of the complexity and computing power of the devices. The jamming term considers both the more classical approach of interfering signals focusing on the physical level of the systems, and the cybersecurity approach that includes the attacks generated in upper layers like Medium Access Control (MAC), producing the same effect on the communication channel. In order to study the accuracy of the proposed epidemic model to estimate the propagation of jamming attacks, this paper uses the results of public simulations and experiments. It is of special interest the data obtained from experiments based on protocols such as Multi-Parent Hierarchical Protocol (MPH), Ad-hoc On-demand Distance Vector (AODV), and Dynamic Source Routing (DSR), working over the IEEE 802.15.4 standard. Then, using the formulation of the deterministic epidemiological model Susceptible–Infected–Recovered (SIR), together the abovementioned simulation, it has been seen that the proposed epidemic model could be used to estimate in that kind of IoT networks, the impact of the jamming attack in terms of attack severity and attack persistenceThis research has been partially supported by Ministerio de Economía, Industria y Competitividad (MINECO), Agencia Estatal de Investigación (AEI), and Fondo Europeo de Desarrollo Regional (FEDER, UE) under projects TIN2017-84844-C2-1-R and PGC2018-098813-B-C32

Security techniques for sensor systems and the Internet of Things

Sensor systems are becoming pervasive in many domains, and are recently being generalized by the Internet of Things (IoT). This wide deployment, however, presents significant security issues. We develop security techniques for sensor systems and IoT, addressing all security management phases. Prior to deployment, the nodes need to be hardened. We develop nesCheck, a novel approach that combines static analysis and dynamic checking to efficiently enforce memory safety on TinyOS applications. As security guarantees come at a cost, determining which resources to protect becomes important. Our solution, OptAll, leverages game-theoretic techniques to determine the optimal allocation of security resources in IoT networks, taking into account fixed and variable costs, criticality of different portions of the network, and risk metrics related to a specified security goal. Monitoring IoT devices and sensors during operation is necessary to detect incidents. We design Kalis, a knowledge-driven intrusion detection technique for IoT that does not target a single protocol or application, and adapts the detection strategy to the network features. As the scale of IoT makes the devices good targets for botnets, we design Heimdall, a whitelist-based anomaly detection technique for detecting and protecting against IoT-based denial of service attacks. Once our monitoring tools detect an attack, determining its actual cause is crucial to an effective reaction. We design a fine-grained analysis tool for sensor networks that leverages resident packet parameters to determine whether a packet loss attack is node- or link-related and, in the second case, locate the attack source. Moreover, we design a statistical model for determining optimal system thresholds by exploiting packet parameters variances. With our techniques\u27 diagnosis information, we develop Kinesis, a security incident response system for sensor networks designed to recover from attacks without significant interruption, dynamically selecting response actions while being lightweight in communication and energy overhead

Malware propagation model of fractional order, optimal control strategy and simulations

In this paper, an improved SEIR model of fractional order is investigated to describe the behavior of malware propagation in the wireless sensor network. Firstly, the malware propagation model of fractional order is established based on the classical SEIR epidemic theory, the basic reproductive number is obtained by the next-generation method and the stability condition of the model is also analyzed. Then, the inverse approach for the uncertainty propagation based on the discrete element method and least square algorithm is presented to determine the unknown parameters of the propagation process. Finally, the optimal control strategy is also discussed based on the adaptive model. Simulation results show the proposed model works better than the propagation model of integer order. The error of proposed model is smaller than integer order models

Intrusion detection in IPv6-enabled sensor networks.

In this research, we study efficient and lightweight Intrusion Detection Systems (IDS) for ad-hoc networks through the lens of IPv6-enabled Wireless Sensor Actuator Networks. These networks consist of highly constrained devices able to communicate wirelessly in an ad-hoc fashion, thus following the architecture of ad-hoc networks. Current state of the art IDS in IoT and WSNs have been developed considering the architecture of conventional computer networks, and as such they do not efficiently address the paradigm of ad-hoc networks, which is highly relevant in emerging network paradigms, such as the Internet of Things (IoT). In this context, the network properties of resilience and redundancy have not been extensively studied. In this thesis, we first identify a trade-off between the communication and energy overheads of an IDS (as captured by the number of active IDS agents in the network) and the performance of the system in terms of successfully identifying attacks. In order to fine-tune this trade-off, we model networks as Random Geometric Graphs; these are a rigorous approach that allows us to capture underlying structural properties of the network. We then introduce a novel IDS architectural approach that consists of a central IDS agent and set of distributed IDS agents deployed uniformly at random over the network area. These nodes are able to efficiently detect attacks at the networking layer in a collaborative manner by monitoring locally available network information provided by IoT routing protocols, such as RPL. The detailed experimental evaluation conducted in this research demonstrates significant performance gains in terms of communication overhead and energy dissipation while maintaining high detection rates. We also show that the performance of our IDS in ad-hoc networks does not rely on the size of the network but on fundamental underling network properties, such as the network topology and the average degree of the nodes. The experiments show that our proposed IDS architecture is resilient against frequent topology changes due to node failures