Visible to the public Insider Threats (2014 Year in Review)

SoS Newsletter- Advanced Book Block

SoS Logo

Insider Threats
(2014 Year in Review)

Insider threats are a difficult problem.  The research cited here looks at both intentional and accidental threats, including the effects of social engineering, and methods of identifying potential threats. These works were presented in 2014.


Kammuller, Florian; Probst, Christian W., "Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis," Security and Privacy Workshops (SPW), 2014 IEEE, pp. 229, 235, 17-18 May 2014. doi: 10.1109/SPW.2014.45 In this paper we revisit the advances made on invalidation policies to explore attack possibilities in organizational models. One aspect that has so far eloped systematic analysis of insider threat is the integration of data into attack scenarios and its exploitation for analyzing the models. We draw from recent insights into generation of insider data to complement a logic based mechanical approach. We show how insider analysis can be traced back to the early days of security verification and the Lowe-attack on NSPK. The invalidation of policies allows model checking organizational structures to detect insider attacks. Integration of higher order logic specification techniques allows the use of data refinement to explore attack possibilities beyond the initial system specification. We illustrate this combined invalidation technique on the classical example of the naughty lottery fairy. Data generation techniques support the automatic generation of insider attack data for research. The data generation is however always based on human generated insider attack scenarios that have to be designed based on domain knowledge of counter-intelligence experts. Introducing data refinement and invalidation techniques here allows the systematic exploration of such scenarios and exploit data centric views into insider threat analysis.
Keywords: Analytical models; Computational modeling; Data models; Internet; Protocols; Public key; Insider threats; policies; formal methods (ID#: 15-5454)


Greitzer, Frank L.; Strozer, Jeremy R.; Cohen, Sholom; Moore, Andrew P.; Mundie, David; Cowley, Jennifer, "Analysis of Unintentional Insider Threats Deriving from Social Engineering Exploits," Security and Privacy Workshops (SPW), 2014 IEEE, pp.236,250, 17-18 May 2014. doi: 10.1109/SPW.2014.39 Organizations often suffer harm from individuals who bear no malice against them but whose actions unintentionally expose the organizations to risk-the unintentional insider threat (UIT). In this paper we examine UIT cases that derive from social engineering exploits. We report on our efforts to collect and analyze data from UIT social engineering incidents to identify possible behavioral and technical patterns and to inform future research and development of UIT mitigation strategies.
Keywords: Computers; Context; Educational institutions; Electronic mail; Organizations; Security; Taxonomy; social engineering; unintentional insider threat  (ID#: 15-5455)


Yi-Lu Wang; Sang-Chin Yang, "A Method of Evaluation for Insider Threat," Computer, Consumer and Control (IS3C), 2014 International Symposium on, pp. 438, 441, 10-12 June 2014. doi: 10.1109/IS3C.2014.121 Due to cyber security is an important issue of the cloud computing. Insider threat becomes more and more important for cyber security, it is also much more complex issue. But till now, there is no equivalent to a vulnerability scanner for insider threat. We survey and discuss the history of research on insider threat analysis to know system dynamics is the best method to mitigate insider threat from people, process, and technology. In the paper, we present a system dynamics method to model insider threat. We suggest some concludes for future research who are interested in insider threat issue The study.
Keywords: cloud computing; security of data; cloud computing; cyber security; insider threat analysis; insider threat evaluation; insider threat mitigation; vulnerability scanner; Analytical models; Computer crime; Computers; Educational institutions; Organizations; Insider threat; System Dynamic  (ID#: 15-5456)


Young, William T.; Memory, Alex; Goldberg, Henry G.; Senator, Ted E., "Detecting Unknown Insider Threat Scenarios," Security and Privacy Workshops (SPW), 2014 IEEE, pp.277,288, 17-18 May 2014. doi: 10.1109/SPW.2014.42 This paper reports results from a set of experiments that evaluate an insider threat detection prototype on its ability to detect scenarios that have not previously been seen or contemplated by the developers of the system. We show the ability to detect a large variety of insider threat scenario instances imbedded in real data with no prior knowledge of what scenarios are present or when they occur. We report results of an ensemble-based, unsupervised technique for detecting potential insider threat instances over eight months of real monitored computer usage activity augmented with independently developed, unknown but realistic, insider threat scenarios that robustly achieves results within 5% of the best individual detectors identified after the fact. We explore factors that contribute to the success of the ensemble method, such as the number and variety of unsupervised detectors and the use of prior knowledge encoded in scenario-based detectors designed for known activity patterns. We report results over the entire period of the ensemble approach and of ablation experiments that remove the scenario-based detectors.
Keywords: Computers; Detectors; Feature extraction; Monitoring; Organizations; Prototypes; Uniform resource locators; anomaly detection; experimental case study; insider threat; unsupervised ensembles  (ID#: 15-5457)


Nurse, Jason R.C.; Buckley, Oliver; Legg, Philip A.; Goldsmith, Michael; Creese, Sadie; Wright, Gordon R.T.; Whitty, Monica, "Understanding Insider Threat: A Framework for Characterising Attacks," Security and Privacy Workshops (SPW), 2014 IEEE, pp. 214, 228, 17-18 May 2014. doi: 10.1109/SPW.2014.38 The threat that insiders pose to businesses, institutions and governmental organisations continues to be of serious concern. Recent industry surveys and academic literature provide unequivocal evidence to support the significance of this threat and its prevalence. Despite this, however, there is still no unifying framework to fully characterise insider attacks and to facilitate an understanding of the problem, its many components and how they all fit together. In this paper, we focus on this challenge and put forward a grounded framework for understanding and reflecting on the threat that insiders pose. Specifically, we propose a novel conceptualisation that is heavily grounded in insider-threat case studies, existing literature and relevant psychological theory. The framework identifies several key elements within the problem space, concentrating not only on noteworthy events and indicators- technical and behavioural- of potential attacks, but also on attackers (e.g., the motivation behind malicious threats and the human factors related to unintentional ones), and on the range of attacks being witnessed. The real value of our framework is in its emphasis on bringing together and defining clearly the various aspects of insider threat, all based on real-world cases and pertinent literature. This can therefore act as a platform for general understanding of the threat, and also for reflection, modelling past attacks and looking for useful patterns.
Keywords: Companies; Context; Educational institutions; Employment; History; Psychology; Security; attack chain; case studies; insider threat; psychological indicators; technical; threat framework  (ID#: 15-5458)


Gritzalis, D.; Stavrou, V.; Kandias, M.; Stergiopoulos, G., "Insider Threat: Enhancing BPM through Social Media," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1,6, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814027 Modern business environments have a constant need to increase their productivity, reduce costs and offer competitive products and services. This can be achieved via modeling their business processes. Yet, even in light of modelling's widespread success, one can argue that it lacks built-in security mechanisms able to detect and fight threats that may manifest throughout the process. Academic research has proposed a variety of different solutions which focus on different kinds of threat. In this paper we focus on insider threat, i.e. insiders participating in an organization's business process, who, depending on their motives, may cause severe harm to the organization. We examine existing security approaches to tackle down the aforementioned threat in enterprise business processes. We discuss their pros and cons and propose a monitoring approach that aims at mitigating the insider threat. This approach enhances business process monitoring tools with information evaluated from Social Media. It exams the online behavior of users and pinpoints potential insiders with critical roles in the organization's processes. We conclude with some observations on the monitoring results (i.e. psychometric evaluations from the social media analysis) concerning privacy violations and argue that deployment of such systems should be only allowed on exceptional cases, such as protecting critical infrastructures.
Keywords: {business data processing; organisational aspects; process monitoring; social networking (online);BPM enhancement; built-in security mechanism; business process monitoring tools; cost reduction; enterprise business processes; insider threat; organization business process management; privacy violations; social media; Media; Monitoring; Organizations; Privacy; Security; Unified modeling language  (ID#: 15-5459)


Bishop, Matt; Conboy, Heather M.; Phan, Huong; Simidchieva, Borislava I.; Avrunin, George S.; Clarke, Lori A.; Osterweil, Leon J.; Peisert, Sean, "Insider Threat Identification by Process Analysis," Security and Privacy Workshops (SPW), 2014 IEEE, pp.251,264, 17-18 May 2014. doi: 10.1109/SPW.2014.40 The insider threat is one of the most pernicious in computer security. Traditional approaches typically instrument systems with decoys or intrusion detection mechanisms to detect individuals who abuse their privileges (the quintessential "insider"). Such an attack requires that these agents have access to resources or data in order to corrupt or disclose them. In this work, we examine the application of process modeling and subsequent analyses to the insider problem. With process modeling, we first describe how a process works in formal terms. We then look at the agents who are carrying out particular tasks, perform different analyses to determine how the process can be compromised, and suggest countermeasures that can be incorporated into the process model to improve its resistance to insider attack.
Keywords: Analytical models; Drugs; Fault trees; Hazards; Logic gates; Nominations and elections; Software; data exfiltration; elections; insider threat; process modeling; sabotage  (ID#: 15-5460)


Greitzer, F.L.; Strozer, J.; Cohen, S.; Bergey, J.; Cowley, J.; Moore, A.; Mundie, D., "Unintentional Insider Threat: Contributing Factors, Observables, and Mitigation Strategies," System Sciences (HICSS), 2014 47th Hawaii International Conference on, pp.2025,2034, 6-9 Jan. 2014. doi: 10.1109/HICSS.2014.256 Organizations often suffer harm from individuals who bear them no malice but whose actions unintentionally expose the organizations to risk in some way. This paper examines initial findings from research on such cases, referred to as unintentional insider threat (UIT). The goal of this paper is to inform government and industry stakeholders about the problem and its possible causes and mitigation strategies. As an initial approach to addressing the problem, we developed an operational definition for UIT, reviewed research relevant to possible causes and contributing factors, and provided examples of UIT cases and their frequencies across several categories. We conclude the paper by discussing initial recommendations on mitigation strategies and countermeasures.
Keywords: organisational aspects; security of data; UIT; contributing factors; government; industry stakeholders; mitigation strategy; organizations; unintentional insider threat;  Electronic mail; Human factors;Law;Organizations;Security;Stress;Contributing;Definition;Ethical;Factors; Feature; Human; Insider;Legal;Mitigation;Model;Organizational;Overservables;Psychosocial;Strategies; Threat; Unintentional; demographic (ID#: 15-5461)


Kajtazi, M.; Bulgurcu, B.; Cavusoglu, H.; Benbasat, I., "Assessing Sunk Cost Effect on Employees' Intentions to Violate Information Security Policies in Organizations," System Sciences (HICSS), 2014 47th Hawaii International Conference on, pp.3169, 3177, 6-9 Jan. 2014. doi: 10.1109/HICSS.2014.393 It has been widely known that employees pose insider threats to the information and technology resources of an organization. In this paper, we develop a model to explain insiders' intentional violation of the requirements of an information security policy. We propose sunk cost as a mediating factor. We test our research model on data collected from three information-intensive organizations in banking and pharmaceutical industries (n=502). Our results show that sunk cost acts as a mediator between the proposed antecedents of sunk cost (i.e., completion effect and goal in congruency) and intentions to violate the ISP. We discuss the implications of our results for developing theory and for re-designing current security agendas that could help improve compliance behavior in the future.
Keywords: organisational aspects; personnel; security of data; ISP; banking; compliance behavior; employees intentions; information security policy; information-intensive organizations; insider intentional violation; mediating factor; pharmaceutical industries; sunk cost effect assessment; technology resources; Educational institutions; Information security; Mathematical model; Organizations; Pharmaceuticals; Reliability; completion effect; goal incongruency; information security violation; insider threats; sunk cost (ID#: 15-5462)


Vartanian, A.; Shabtai, A., "TM-Score: A Misuseability Weight Measure for Textual Content," Information Forensics and Security, IEEE Transactions on, vol.9, no.12, pp.2205, 2219, Dec. 2014. doi: 10.1109/TIFS.2014.2359370 In recent years, data leakage prevention solutions became an inherent component of the organizations' security suite. These solutions focus mainly on the data and its sensitivity level, and on preventing it from reaching an unauthorized entity. They ignore, however, the fact that an insider is gradually exposed to more and more sensitive data to which she is authorized to access. Such data may cause great damage to the organization when leaked or misused. In this research, we propose an extension to the misuseability weight concept. Our main goal is to define a misuseability measure called TM-Score for textual data. Using this measure, the organization can estimate the extent of damage that can be caused by an insider that is continuously and gradually exposed to textual content (e.g., documents and emails). The extent of damage is determined by the amount, type, and quality of information to which the insider was exposed. We present a two-step method for the continuous assignment of a misuseability score to a set of documents and evaluate the proposed method using the Enron email data set.
Keywords: Data security; Document handling; Electronic mail; Fingerprint recognition; Sensitivity; Text analysis; Data misuse; insider threat; misuseability weight; security measures; text analysis(ID#: 15-5463)


Oberle, A.; Larbig, P.; Kuntze, N.; Rudolph, C., "Integrity Based Relationships And Trustworthy Communication Between Network Participants," Communications (ICC), 2014 IEEE International Conference on, pp.610, 615, 10-14 June 2014. doi: 10.1109/ICC.2014.6883386 Establishing trust relationships between network participants by having them prove their operating system's integrity via a Trusted Platform Module (TPM) provides interesting approaches for securing local networks at a higher level. In the introduced approach on OSI layer 2, attacks carried out by already authenticated and participating nodes (insider threats) can be detected and prevented. Forbidden activities and manipulations in hard- and software, such as executing unknown binaries, loading additional kernel modules or even inserting unauthorized USB devices, are detected and result in an autonomous reaction of each network participant. The provided trust establishment and authentication protocol operates independently from upper protocol layers and is optimized for resource constrained machines. Well known concepts of backbone architectures can maintain the chain of trust between different kinds of network types. Each endpoint, forwarding and processing unit monitors the internal network independently and reports misbehaviours autonomously to a central instance in or outside of the trusted network.
Keywords: computer network security; cryptographic protocols; trusted computing; OSI layer 2; authenticated node; authentication protocol; insider threat; integrity based relationship; network participants; operating system integrity; participating node; trust establishment; trusted platform module; trustworthy communication; Authentication; Encryption; Payloads; Protocols; Servers; Unicast; Cyber-physical systems; Security; authentication; industrial networks; integrity; protocol design; trust (ID#: 15-5463)


Shatilov, K.; Boiko, V.; Krendelev, S.; Anisutina, D.; Sumaneev, A., "Solution for Secure Private Data Storage In A Cloud," Computer Science and Information Systems (FedCSIS), 2014 Federated Conference on, pp.885,889, 7-10 Sept. 2014. doi: 10.15439/2014F43 Cloud computing and, more particularly, cloud databases, is a great technology for remote centralized data managing. However, there are some drawbacks including privacy issues, insider threats and potential database thefts. Full encryption of remote database does solve the problem, but disables many operations that can be held on DBMS side; therefore problem requires much more complex solution and specific encryptions. In this paper, we propose a solution for secure private data storage that protects confidentiality of user's data, stored in cloud. Solution uses order preserving and homomorphic proprietary developed encryptions. Proposed approach includes analysis of user's SQL queries, encryption of vulnerable data and decryption of data selection, returned from DBMS. We have validated our approach through the implementation of SQL queries and DBMS replies processor, which will be discussed in this paper. Secure cloud database architecture and used encryptions also will be covered.
Keywords: cloud computing; cryptography; data privacy; distributed databases; DBMS replies processor; SQL queries; cloud computing; cloud databases; data selection; database thefts; encryption; privacy issues; remote centralized data managing; remote database; secure cloud database architecture; secure private data storage; user data; vulnerable data; Encoding; Encryption; Query processing; Vectors (ID#: 15-5464)


Maghrabi, L.A., "The Threats Of Data Security Over The Cloud As Perceived By Experts And University Students," Computer Applications & Research (WSCAR), 2014 World Symposium on, pp. 1, 6, 18-20 Jan. 2014. doi: 10.1109/WSCAR.2014.6916842 This research investigates the privacy, confidentiality and integrity of data over the Cloud. It explores different data security concerns over the Cloud as perceived by experts and university students. This topic is significant because of the increasing demand for Cloud services that attracts many people to use it more frequently. Being aware of data security concerns will undoubtedly help users take precautions from unauthorized access up to data theft. The comparison between the views of experts and users of data threats over the Cloud encourages investigators to conduct further research to increase awareness and maximize security measures. This study is based on the assumption that data over the Cloud are secure. This paper reviews the literature that focuses on the experts' findings and interpretations of data security issues and threats over the Cloud. The Cloud Security Alliance (CSA) [I] points out seven security threats: abuse and nefarious use of Cloud Computing, insecure Application Programming Interfaces (APIs), malicious insiders, shared technology vulnerabilities, data loss or leakage, account or service hijacking, and unknown risk profile. In addition, experts state different attacks that may occur at any time: DoS attacks, Cloud malware injection, side channels attack, authentication attacks, and Man-In-The-Middle (MITM) cryptographic attack. In this study, completed questionnaires were collected from students of the University of the West of England to examine their perception and awareness of data threats over the Cloud. Both perceptions from experts and students were compared and analyzed to derive conclusions about data security over the Cloud. A number of findings are discovered. As experts prove that data might be compromised over the Cloud, the outcome of this research reveals that users are unaware of these threats. Many users are unaware of the issues they face concerning their data's privacy, confidentiality, and integrity. However, the - articipants value their data privacy. The results also show that they utilize the Cloud for different purposes and various benefits. As for further research, many ideas are proposed with regard to research settings in terms of size of sample, type and background of population, and the choice of qualitative methodology.
Keywords: application program interfaces; authorisation; cloud computing; cryptography; data integrity; data privacy; invasive software; risk analysis; API; CSA; DoS attacks; MITM; University of the West of England; account hijacking; authentication attacks; cloud computing; cloud malware injection; cloud security alliance; cloud services; data confidentiality; data integrity; data leakage; data loss; data privacy; data security threats; data theft; insecure application programming interfaces; malicious insiders; man-in-the-middle cryptographic attack; qualitative methodology; service hijacking; shared technology vulnerabilities; side channels attack; unauthorized access; university students; unknown risk profile; Cryptography; Data privacy; Educational institutions; Cloud Computing; data security; data threats; information security; security threats (ID#: 15-5465)


Jana, D.; Bandyopadhyay, D., "Management of Security And Privacy Issues Of Application Development In Mobile Cloud Environment: A survey," Recent Advances and Innovations in Engineering (ICRAIE), 2014, pp.1, 6, 9-11 May 2014. doi: 10.1109/ICRAIE.2014.6909296 The widespread adoption of programmable smart mobile devices like smart phones or Tablet and connecting to public domain of Internet as well as cloud service providers provide newer privacy as well as security challenges across enterprises. Mobile cloud computing has become extremely popular among mobile users and developers who can see a direct benefit albeit resource limitations in mobile devices including battery life, memory space or processing power. Data loss from stolen or decommissioned mobile devices, unsecured information exchange through rouge access points and access of vulnerable network fetch privacy as well as security threats of mobile cloud computing. Data breaches, account hijacking, insecure API exposure, denial of services, malicious insider attacks, loss of encryption key, virtual machine isolation bring forth some of the additional security and privacy threats. In this paper, we have attempted to enumerate several privacy plus security threats and put forth best practices and recommendations as preventive as well counter measures on incidence. We have evaluated the secure coding practices and code offloading frameworks. We have also analyzed the occurrence of software flaws in applications which were developed for payment application domain for last two years and effort put on tokenization to achieve higher level of security using cloud computing.
Keywords: authorisation; cloud computing; computer crime; cryptography; data privacy; mobile computing; mobile radio; telecommunication security; Internet; account hijacking; application development; battery life; cloud service providers; code offloading frameworks; data breaches; data loss; decommissioned mobile devices; denial of services; encryption key loss ;enterprises; insecure API exposure; malicious insider attacks; memory space; mobile cloud computing; mobile cloud environment; payment application domain; privacy threats; processing power; programmable smart mobile devices; resource limitations; rouge access points; secure coding practices; security threats; smart phones; software flaws ;stolen mobile devices; tablet; tokenization; unsecured information exchange; virtual machine isolation; Adaptation models; Computational modeling; Cryptography; Databases; HTML; Mobile communication; AAA Vulnerabilities; Cloud Computing; Mobile Cloud Computing; STRIDE (ID#: 15-5466)


Virvilis, N.; Serrano, O.S.; Vanautgaerden, B., "Changing the Game: The Art Of Deceiving Sophisticated Attackers," Cyber Conflict (CyCon 2014), 2014 6th International Conference On, pp. 87, 97, 3-6 June 2014. doi: 10.1109/CYCON.2014.6916397 The number and complexity of cyber-attacks has been increasing steadily in the last years. Adversaries are targeting the communications and information systems (CIS) of government, military and industrial organizations, as well as critical infrastructures, and are willing to spend large amounts of money, time and expertise on reaching their goals. In addition, recent sophisticated insider attacks resulted in the exfiltration of highly classified information to the public. Traditional security solutions have failed repeatedly to mitigate such threats. In order to defend against such sophisticated adversaries we need to redesign our defences, developing technologies focused more on detection than prevention. In this paper, we address the attack potential of advanced persistent threats (APT) and malicious insiders, highlighting the common characteristics of these two groups. In addition, we propose the use of multiple deception techniques, which can be used to protect both the external and internal resources of an organization and significantly increase the possibility of early detection of sophisticated attackers.
Keywords: computer network security; information filtering; information systems; advanced persistent threats; communication and information systems; critical infrastructures; cyber-attacks; external resources; government organization; highly classified information exfiltration; industrial organization; internal resources; malicious insiders; military organization; multiple deception techniques; sophisticated attacker detection; sophisticated insider attacks; Electronic mail; Monitoring; Organizations; Planning; Security; Servers; Standards organizations; Advanced persistent threat;deception; honey net; honey tokens; honeypot; insiders (ID#: 15-5467)


Goryczka, S.; Li Xiong; Fung, B.C.M., " m-Privacy for Collaborative Data Publishing," Knowledge and Data Engineering, IEEE Transactions on, vol. 26, no. 10, pp.2520, 2533, Oct, 2014. doi: 10.1109/TKDE.2013.18 In this paper, we consider the collaborative data publishing problem for anonymizing horizontally partitioned data at multiple data providers. We consider a new type of “insider attack” by colluding data providers who may use their own data records (a subset of the overall data) to infer the data records contributed by other data providers. The paper addresses this new threat, and makes several contributions. First, we introduce the notion of m-privacy, which guarantees that the anonymized data satisfies a given privacy constraint against any group of up to m colluding data providers. Second, we present heuristic algorithms exploiting the monotonicity of privacy constraints for efficiently checking m-privacy given a group of records. Third, we present a data provider-aware anonymization algorithm with adaptive m-privacy checking strategies to ensure high utility and m-privacy of anonymized data with efficiency. Finally, we propose secure multi-party computation protocols for collaborative data publishing with m-privacy. All protocols are extensively analyzed and their security and efficiency are formally proved. Experiments on real-life datasets suggest that our approach achieves better or comparable utility and efficiency than existing and baseline algorithms while satisfying m-privacy.
Keywords: cryptographic protocols; data privacy; publishing; adaptive m-privacy checking strategy; collaborative data publishing problem; data provider-aware anonymization algorithm; data providers; data records; heuristic algorithms; insider attack; multiple data providers; privacy constraint; privacy constraint monotonicity; secure multiparty computation protocols; Collaboration; Data privacy; Distributed databases; Heuristic algorithms; Privacy; Protocols; Publishing; Computers and Society; Computing Milieux; Database Management; Distributed databases; General; Information Technology and Systems ;Privacy; Public Policy Issues; Security; Systems and protection; distributed databases; integrity; security (ID#: 15-5468)


Cho, Youngho; Qu, Gang, "Enhancing Trust-Aware Routing by False Alarm Detection and Recovery," Military Communications Conference (MILCOM), 2014 IEEE, pp. 52, 59, 6-8 Oct, 2014. doi: 10.1109/MILCOM.2014.18 Insider packet drop attacks have become a serious threat to wireless sensor networks. To distinguish a packet dropped by inside attackers from network failures, each node will use a trust mechanism to evaluate its neighbor node's trustworthiness so it can send packets only to the trustworthy neighbors. One problem associated with such trust-aware routing algorithms is the false alarm which occurs when a good node's trust value goes down and being eliminated from the routing paths. This wastes network's resource and shortens network lifetime as most trust mechanisms seek to aggressively identify attackers at the cost of increasing false alarm rate. We propose a False Alarm Detection and Recovery (FADER) technique to solve this problem. Instead of abandoning a node with low trust value from the network, we put it into an intermediate state between trusted and untrusted, known as suspicious node. We find alternate routing path for packet forwarding to guarantee the network's packet delivery rate. Meanwhile, we continue to send packet to the suspicious node and monitoring its trust value in order to determine whether the node is untrusted or a false alarm. We have conducted extensive OPNET simulations and the results demonstrate that the proposed FADER approach can improve the performance of the trust-aware routing protocol in terms of the network lifetime, the packet delivery rate, and many other routing performance measures. FADER is able to recover at least 60% of the false alarms without recovering any of the real attackers, this results in an average increase of about 40% in network's lifetime and can be as high as 83%.
Keywords: Conferences; Military communication; false alarm recovery; packet drop attacks; trust-aware routing; watchdog (ID#: 15-5469)


Szott, S., "Selfish insider attacks in IEEE 802.11s wireless mesh networks," Communications Magazine, IEEE , vol.52, no.6, pp.227,233, June 2014. doi: 10.1109/MCOM.2014.6829968
Abstract: The IEEE 802.11s amendment for wireless mesh networks does not provide incentives for stations to cooperate and is particularly vulnerable to selfish insider attacks in which a legitimate network participant hopes to increase its QoS at the expense of others. In this tutorial we describe various attacks that can be executed against 802.11s networks and also analyze existing attacks and identify new ones. We also discuss possible countermeasures and detection methods and attempt to quantify the threat of the attacks to determine which of the 802.11s vulnerabilities need to be secured with the highest priority.
Keywords: telecommunication security; wireless LAN; wireless mesh networks; IEEE 802.11s wireless mesh networks; selfish insider attacks; Ad hoc networks; IEEE 802.11 Standards; Logic gates; Protocols; Quality of service; Routing; Wireless mesh networks (ID#: 15-5470)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.