Mitigating Malicious Packets Attack via Vulnerability-aware Heterogeneous Network Devices Assignment

Due to high homogeneity of current network devices, a network is compromised if one node in the network is compromised by exploiting its vulnerability (e.g., malicious packets attack). Many existing works adopt heterogeneity philosophy to improve network survivability. For example, “diverse variants” are assigned to nodes in the network. However, these works assume that diverse variants do not have common vulnerabilities, which deem an invalid assumption in real networks. Therefore, existing diverse variants deployment schemes could not achieve optimal performance. This paper considers that some variants have common vulnerabilities, and proposes a novel solution called Vulnerability-aware Heterogeneous Network Devices Assignment (VHNDA). Firstly, we introduce a new metric named Expected Infected Ratio (EIR) to measure the impact of malicious packets’ attacks spread on the network. Secondly, we use EIR to model the vulnerability-aware diverse variants deployment problem as an integer-programming optimization problem with NP-hard complexity. Considering NP-hardness, we then design a heuristic algorithm named Simulated Annealing Vulnerability-aware Diverse Variants Deployment (SA-VDVD) to address the problem. Finally, we present a low complexity algorithm named Graph Segmentation-based Simulated Annealing Vulnerability-aware Diverse Variants Deployment (GSSA-VDVD) for large-scale networks named graph segmentation-based simulated annealing. The experimental results demonstrate that the proposed algorithms restrain effectively the spread of malicious packets attack with a reasonable computation cost when compared with baseline algorithms

Strategies and challenges for interconnecting wireless mesh and wireless sensor networks

Wireless sensor networks and wireless mesh networks are popular research subjects. The interconnection of both network types enables next-generation applications and creates new optimization opportunities. However, current single-gateway solutions are suboptimal, as they do not allow advanced interactions between sensor networks (WSNs) and mesh networks (WMNs). Therefore, in this article, challenges and opportunities for optimizing the WSN-WMN interconnection are determined. In addition, several alternative existing and new interconnection approaches are presented and compared. Furthermore, the interconnection of WSNs and WMNs is used to study challenges and solutions for future heterogeneous network environments. Finally, it is argued that the use of convergence layers and the development of adaptive network protocols is a promising approach to enable low end devices to participate in heterogeneous network architectures

Analysis of Low Energy Adaptive Clustering Hierarchy (LEACH) protocol

Sensor network consists of tiny sensors and actuators with general purpose computing elements to cooperatively monitor physical or environmental conditions, such as temperature, pressure, etc. Wireless Sensor Networks are uniquely characterized by properties like limited power they can harvest or store, dynamic network topology, large scale of deployment. Sensor networks have a huge application in fields which includes habitat monitoring, object tracking, fire detection, land slide detection and traffic monitoring. Based on the network topology, routing protocols in sensor networks can be classified as flat-based routing, hierarchical-based routing and location-based routing. These protocols are quite simple and hence are very susceptible to attacks like Sinkhole attack, Selective forwarding, Sybil attack, Wormholes, HELLO flood attack, Acknowledgement spoofing or altering, replaying routing information. Low Energy Adaptive Clustering Hierarchy (LEACH) is an energy-efficient hierarchical-based routing protocol. Our prime focus was on the analysis of LEACH based upon certain parameters like network lifetime, stability period, etc. and also the effect of selective forwarding attack and degree of heterogeneity on LEACH protocol. After a number of simulations, it was found that the stability region’s length is considerably increased by choosing an optimal value of heterogeneity; energy is not properly utilized and throughput is decreased in networks compromised by selective forwarding attack but the number of cluster-heads per round remains unaffected in such networks

Distributed Detection of Sensor Worms Using Sequential Analysis and Remote Software Attestations

Recent work has demonstrated that self-propagating worms are a real threat to sensor networks. Since worms can enable an adversary to quickly compromise an entire sensor network, they must be detected and stopped as quickly as possible. To meet this need, we propose a worm propagation detection scheme for sensor networks. The proposed scheme applies a sequential analysis to detect worm propagation by leveraging the intuition that a worm’s communication pattern is different from benign traffic. In particular, a worm in a sensor network requires a long sequence of packets propagating hop-by-hop to each new infected node in turn. We thus have detectors that observe communication patterns in the network, a worm spreading hop-by-hop will quickly create chains of connections that would not be seen in normal traffic. Once detector nodes identify the worm propagation pattern, they initiate remote software attestations to detect infected nodes. Through analysis and simulation, we demonstrate that the proposed scheme effectively and efficiently detects worm propagation. In particular, it blocks worm propagation while restricting the fraction of infected nodes to at most 13.5% with an overhead of at most 0.63 remote attestations per node per time slot

SGNET: A Worldwide Deployable Framework to Support the Analysis of Malware Threat Models

The dependability community has expressed a growing interest in the recent years for the effects of malicious, ex-ternal, operational faults in computing systems, ie. intru-sions. The term intrusion tolerance has been introduced to emphasize the need to go beyond what classical fault toler-ant systems were able to offer. Unfortunately, as opposed to well understood accidental faults, the domain is still lack-ing sound data sets and models to offer rationales in the design of intrusion tolerant solutions. In this paper, we de-scribe a framework similar in its spirit to so called honey-farms but built in a way that makes its large-scale deploy-ment easily feasible. Furthermore, it offers a very rich level of interaction with the attackers without suffering from the drawbacks of expensive high interaction systems. The sys-tem is described, a prototype is presented as well as some preliminary results that highlight the feasibility as well as the usefulness of the approach.