Visible to the public Routing Anomalies 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

Routing Anomalies



The capacity to deal with routing anomalies is a factor in developing resilient systems. The research cited here was presented in 2015.

R. Hiran, N. Carlsson and N. Shahmehri, “Crowd-Based Detection of Routing Anomalies on the Internet,” Communications and Network Security (CNS), 2015 IEEE Conference on, Florence, 2015, pp. 388-396. doi: 10.1109/CNS.2015.7346850
Abstract: The Internet is highly susceptible to routing attacks and there is no universally deployed solution that ensures that traffic is not hijacked by third parties. Individuals or organizations wanting to protect themselves from sustained attacks must therefore typically rely on measurements and traffic monitoring to detect attacks. Motivated by the high overhead costs of continuous active measurements, we argue that passive monitoring combined with collaborative information sharing and statistics can be used to provide alerts about traffic anomalies that may require further investigation. In this paper we present and evaluate a user-centric crowd-based approach in which users passively monitor their network traffic, share information about potential anomalies, and apply combined collaborative statistics to identify potential routing anomalies. The approach uses only passively collected round-trip time (RTT) measurements, is shown to have low overhead, regardless if a central or distributed architecture is used, and provides an attractive tradeoff between attack detection rates (when there is an attack) and false alert rates (needing further investigation) under normal conditions. Our data-driven analysis using longitudinal and distributed RTT measurements also provides insights into detector selection and the relative weight that should be given to candidate detectors at different distances from the potential victim node.
Keywords: Internet; computer network security; telecommunication network routing; telecommunication traffic; attack detection; collaborative information sharing; combined collaborative statistics; data-driven analysis; distributed RTT measurement; longitudinal RTT measurement; round-trip time; routing anomaly crowd-based detection; traffic monitoring; user-centric crowd-based approach; Collaboration; Detectors; Monitoring; Organizations; Routing; Security; Crowd-based detection; Imposture attacks; Interception attacks; Routing anomalies (ID#: 16-9906)


L. Trajkovic, “Communication Networks: Traffic Data, Network Topologies, and Routing Anomalies,” 2015 IEEE 13th International Symposium on Intelligent Systems and Informatics (SISY), Subotica, 2015, pp. 15-15. doi: 10.1109/SISY.2015.7325382
Abstract: Understanding modern data communication networks such as the Internet involves collection and analysis of data collected from deployed networks. It also calls for development of various tools for analysis of such datasets. Collected traffic data are used for characterization and modeling of network traffic, analysis of Internet topologies, and prediction of network anomalies. In this talk, I will describe collection and analysis of realtime traffic data using special purpose hardware and software tools. Analysis of such collected datasets indicates a complex underlying network infrastructure that carries traffic generated by a variety of the Internet applications. Data collected from the Internet routing tables are used to analyze Internet topologies and to illustrate the existence of historical trends in the development of the Internet. The Internet traffic data are also used to classify and detect network anomalies such as Internet worms, which affect performance of routing protocols and may greatly degrade network performance. Various statistical and machine learning techniques are used to classify test datasets, identify the correct traffic anomaly types, and design anomaly detection mechanisms.
Keywords: Internet; computer network security; data analysis; data communication; learning (artificial intelligence); routing protocols; statistical analysis; telecommunication network topology; telecommunication traffic; Internet routing tables; Internet topologies; Internet worms; data communication networks; machine learning techniques; network anomaly prediction; network topologies; network traffic data analysis; routing anomalies; statistical techniques; Communication networks; Informatics; Intelligent systems; Internet topology; Network topology; Routing (ID#: 16-9907)


M. Ćosović, S. Obradović and L. Trajković, “Performance Evaluation of BGP Anomaly Classifiers,” Digital Information, Networking, and Wireless Communications (DINWC), 2015 Third International Conference on, Moscow, 2015, pp. 115-120. doi: 10.1109/DINWC.2015.7054228
Abstract: Changes in the network topology such as large-scale power outages or Internet worm attacks are events that may induce routing information updates. Border Gateway Protocol (BGP) is by Autonomous Systems (ASes) to address these changes. Network reachability information, contained in BGP update messages, is stored in the Routing Information Base (RIB). Recent BGP anomaly detection systems employ machine learning techniques to mine network data. In this paper, we evaluated performance of several machine learning algorithms for detecting Internet anomalies using RIB. Naive Bayes (NB), Support Vector Machine (SVM), and Decision Tree (J48) classifiers are employed to detect network traffic anomalies. We evaluated feature discretization and feature selection using three data sets of known Internet anomalies.
Keywords: Bayes methods; Internet; computer network performance evaluation; computer network security; data mining; decision trees; invasive software; learning (artificial intelligence); routing protocols; support vector machines; telecommunication network topology; telecommunication traffic; AS; BGP anomaly classifiers; Internet anomalies; Internet worm attacks; J48; NB; Naive Bayes; RIB; SVM; autonomous systems; border gateway protocol; decision tree classifiers; feature discretization; feature selection; large-scale power outages; machine learning techniques; network data mining; network traffic anomalies; performance evaluation; routing information base; routing information updates; support vector machine; Accuracy; Classification algorithms; Data models; Machine learning algorithms; Niobium; Support vector machines; BGP; decision tree; machine learning; naive Bayes (ID#: 16-9908)


G. Pallotta and A. L. Jousselme, “Data-Driven Detection and Context-Based Classification of Maritime Anomalies,” Information Fusion (Fusion), 2015 18th International Conference on, Washington, DC, 2015, pp. 1152-1159. doi: (not provided)
Abstract: Discovering anomalies at sea is one of the critical tasks of Maritime Situational Awareness (MSA) activities and an important enabler for maritime security operations. This paper proposes a data-driven approach to anomaly detection, highlighting challenges specific to the maritime domain. This work builds on unsupervised learning techniques which provide models for normal traffic behaviour. A methodology to associate tracks to the derived traffic model is then presented. This is done by the pre-extraction of contextual information as the baseline patterns of life (i.e., routes) in the area under investigation. In addition to a brief description of the approach to derive the routes, their characterization and representation is presented in support of exploitable knowledge to classify anomalies. A hierarchical reasoning is proposed where new tracks are first associated to existing routes based on their positional information only and “off-route” vessels” are detected. Then, for on-route vessels further anomalies are detected such as “speed anomaly” or “heading anomaly”. The algorithm is illustrated and assessed on a real-world dataset supplemented with synthetic abnormal tracks.
Keywords: information retrieval; marine engineering; pattern classification; security of data; traffic engineering computing; unsupervised learning; anomaly detection; context-based classification; contextual information pre-extraction; data driven detection approach; hierarchical reasoning; maritime security operation; maritime situational awareness; normal traffic behaviour; off route vessel; on route vessel; synthetic abnormal track; traffic model; unsupervised learning technique; Data mining; Detectors; Feature extraction; Radar tracking; Sea measurements; Tracking; Trajectory (ID#: 16-9909)


Y. Q. Zhang, B. Yang, Y. L. Lu and G. Z. Yang, “Anomaly Detection of AS-Level Internet Evolution Based on Temporal Distance,” 2015 Fifth International Conference on Instrumentation and Measurement, Computer, Communication and Control (IMCCC), Qinhuangdao, 2015, pp. 631-634. doi: 10.1109/IMCCC.2015.138
Abstract: As the Inter-domain routing security problem becomes increasingly prominent, the detection of AS (Autonomous System)-level Internet evolution has become a research hotspot. This paper introduces AS Reach ability Distance (ASRD) and AS Connectivity Distance (ASCD) based on temporal distance, used to characterize the difference of AS reach ability and connectivity at different time respectively, and based on ASRD and ASCD, an algorithm of continuously detecting AS-level Internet anomalies is proposed. Experiments show that the proposed method can not only detect AS-level Internet anomalous event accurately, but also reveal the evolution laws of AS-level Internet in the long term.
Keywords: Internet; computer network security; telecommunication network routing; AS connectivity distance; AS reach ability distance; AS-level Internet evolution; ASCD; ASRD; anomaly detection; autonomous system; interdomain routing security problem; temporal distance; Feature extraction; IP networks; Mathematical model; Routing; Time measurement; Time series analysis; AS Connectivity Distance; AS Reachability Distance; AS evolution (ID#: 16-9910)


A. S. Bhandare and S. B. Patil, “Securing MANET Against Co-operative Black Hole Attack and Its Performance Analysis — A Case Study,” Computing Communication Control and Automation (ICCUBEA), 2015 International Conference on, Pune, 2015,
pp. 301-305. doi: 10.1109/ICCUBEA.2015.63
Abstract: Mobile Ad-hoc Network (MANET) is an autonomous system of randomly moving nodes where every node acts as host and router to maintain the network functionality. Ad-hoc on demand Distance Vector (AODV) is one of the principal routing protocols which may be get insecure due to malicious nodes present inside the network. Such malicious nodes affect the network performance severely by dropping all the data packets instead of forwarding it to intended receiver. It is called as “Co-Operative Black hole Attack”. In this paper one detection and defense mechanism is proposed to eliminate the intruder that carry out black hole attack by taking decision about safe route on basis of Normal V/S Abnormal (anomaly) activity”. This anti-prevention system checks route reply against fake reply, named as “Malicious Node Detection System for AODV (MDSAODV)”. In this paper we analyze the network performance without, with one and multiple (two) malicious nodes, by varying their location. The network performance for MDSAODV is again analyzed under same scenarios through NS-2 simulation.
Keywords: mobile ad hoc networks; routing protocols; telecommunication security; MANET security; MDSAODV; NS-2 simulation; ad-hoc-on-demand distance vector; anti prevention system; autonomous system; cooperative black hole attack; data packets; defense mechanism; detection mechanism; intruder elimination; malicious node detection system-for-AODV; mobile ad-hoc network; network functionality; performance analysis; principal routing protocols; Mobile ad hoc networks; Mobile computing; Routing; Routing protocols; Wireless communication; AODV; Co-Operative Black Hole Attack; MANET; MDSAOD (ID#: 16-9911)


Y. Haga, A. Saso, T. Mori and S. Goto, “Increasing the Darkness of Darknet Traffic,” 2015 IEEE Global Communications Conference (GLOBECOM), San Diego, CA, 2015, pp. 1-7. doi: 10.1109/GLOCOM.2015.7416973
Abstract: A Darknet is a passive sensor system that monitors traffic routed to unused IP address space. Darknets have been widely used as tools to detect malicious activities such as propagating worms, thanks to the useful feature that most packets observed by a darknet can be assumed to have originated from non-legitimate hosts. Recent commoditization of Internet-scale survey traffic originating from legitimate hosts could overwhelm the traffic that was originally supposed to be monitored with a darknet. Based on this observation, we posed the following research question: “Can the Internet-scale survey traffic become noise when we analyze darknet traffic?” To answer this question, we propose a novel framework, ID2, to increase the darkness of darknet traffic, i.e., ID2 discriminates between Internet-scale survey traffic originating from legitimate hosts and other traffic potentially associated with malicious activities. It leverages two intrinsic characteristics of Internet-scale survey traffic: a network- level property and some form of footprint explicitly indicated by surveyors. When we analyzed darknet traffic using ID2, we saw that Internet-scale traffic can be noise. We also demonstrated that the discrimination of survey traffic exposes hidden traffic anomalies, which are invisible without using our technique.
Keywords: IP networks; Internet; computer network security; telecommunication traffic; ID2 framework; Internet-scale survey traffic; Internet-scale survey traffic commoditization; darknet traffic darkness; malicious activity detection; passive sensor system; traffic route monitoring; unused IP address space; Monitoring; Organizations; Payloads; Protocols; Sensor systems; Standards organizations (ID#: 16-9912)


S. J. Chang, K. H. Yeh, G. D. Peng, S. M. Chang and C. H. Huang, “From Safety to Security: Pattern and Anomaly Detections in Maritime Trajectories,” Security Technology (ICCST), 2015 International Carnahan Conference on, Taipei, 2015, pp. 415-419. doi: 10.1109/CCST.2015.7389720
Abstract: This paper presents recent findings in maritime trajectory pattern and anomaly detection using long-term data collected via a shore-based network of Automatic Identification System (AIS). Since the establishment of the AIS network around Taiwan in 2009, the accumulated massive vessel trajectories have been extensively explored under a series of government research projects. The project themes include safety and efficiency in marine transportation, as well as environment issues. Algorithms and software tools are developed to discover patterns of vessel traffic, routes, and delays, detect various near-miss events, investigate marine casualties, and assist in ship emission inventories. When the massive AIS data are investigated in different aspects and ways, anomalies with security implications emerged.
Keywords: data mining; feature extraction; identification; marine engineering; security of data; software tools; AIS network; anomaly detection; automatic identification system; maritime trajectory mining; pattern detection; security implication; shore-based network; software tool; Grounding; Marine vehicles; Navigation; Safety; Security; Trajectory; Transportation; Automatic Identification System; near miss; trajectory mining (ID#: 16-9913)


D. Tong and V. Prasanna, “High Throughput Sketch Based Online Heavy Change Detection on FPGA,” 2015 International Conference on ReConFigurable Computing and FPGAs (ReConFig), Mexico City, 2015, pp. 1-8. doi: 10.1109/ReConFig.2015.7393320
Abstract: Significant changes in traffic patterns often indicate network anomalies. Detecting these changes rapidly and accurately is a critical task for network security. Due to the large number of network users and the high throughput requirement of today's networks, traditional per-item-state techniques are either too expensive when implemented using fast storage devices (such as SRAM) or too slow when implemented using storage devices with massive capacity (such as DRAM). Sketch, as a highly accurate data stream summarization technique, significantly reduces the memory requirements while supporting a large number of items. Sketch based techniques are attractive for exploiting the fast on-chip storage of state-of-the-art computing platforms to achieve high throughput. In this work, we propose a fully pipelined Sketch based architecture on FPGA for online heavy change detection. Our architecture forecasts the activity of the network entities based on their history, then reports the entities whose difference between their observed activities and the forecast activities exceed a given threshold. The post place-and-route results on a state-of-the-art FPGA show that our architecture sustains high throughput of 96 – 103 Gbps using various configurations of online heavy change detection.
Keywords: computer network security; field programmable gate arrays; pipeline processing; storage management; system-on-chip; telecommunication traffic; DRAM; FPGA; SRAM; Sketch based techniques; data stream summarization technique; fast on-chip storage; field programmable gate array; fully pipelined Sketch based architecture; high throughput Sketch; memory requirements; network anomalies; network entities; network security; online heavy change detection; per-item-state techniques; place-and-route results; storage devices; traffic patterns; Change detection algorithms; Field programmable gate arrays; History; Mathematical model; Memory management; Throughput (ID#: 16-9914)


N. K. Thanigaivelan, E. Nigussie, R. K. Kanth, S. Virtanen and J. Isoaho, “Distributed Internal Anomaly Detection System for Internet-of-Things,” 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, 2016, pp. 319-320. doi: 10.1109/CCNC.2016.7444797
Abstract: We present overview of a distributed internal anomaly detection system for Internet-of-things. In the detection system, each node monitors its neighbors and if abnormal behavior is detected, the monitoring node will block the packets from the abnormally behaving node at the data link layer and reports to its parent node. The reporting propagates from child to parent nodes until it reaches the root. A novel control message, distress propagation object (DPO), is devised to report the anomaly to the subsequent parents and ultimately the edge-router. The DPO message is integrated to routing protocol for low-power and lossy networks (RPL). The system has configurable profile settings and it is able to learn and differentiate the nodes' normal and suspicious activities without a need for prior knowledge. It has different subsystems and operation phases at data link and network layers, which share a common repository in a node. The system uses network fingerprinting to be aware of changes in network topology and nodes' positions without any assistance from a positioning system.
Keywords: Internet of Things; computer network security; routing protocols; DPO message; Internet-of-things; RPL; abnormally behaving node; data link layer; distress propagation object; distributed internal anomaly detection system; edge-router; network fingerprinting; network layers; network topology; parent node; routing protocol; Conferences; Image edge detection; Intrusion detection; Monitoring; Routing protocols; Wireless sensor networks (ID#: 16-9915)


S. V. Shirbhate, S. S. Sherekar and V. M. Thakare, “A Novel Framework of Dynamic Learning Based Intrusion Detection Approach in MANET,” Computing Communication Control and Automation (ICCUBEA), 2015 International Conference on, Pune, 2015, pp. 209-213. doi: 10.1109/ICCUBEA.2015.46
Abstract: With the growth of security and surveillance system, a huge amount of audit or network data is being generated. It is immense challenge for researcher to protect the mobile ad hoc network from the malicious node as topology of the network dynamically changes. A malicious node can easily inject false routes into the network. A traditional method to detect such malicious nodes is to establish a base profile of normal network behavior and then identify a node's behavior to be anomalous if it deviates from the established profile. As the topology of a MANET constantly changes over time, the simple use of a static base profile is not efficient. In this paper, a novel framework is proposed to detect the malicious node in MANET. In proposed method k-means clustering-based anomaly detection approach is used in which the profile is dynamically updated. The approach consists of three main phases: training, testing and updating. In training phase, the K-means clustering algorithm is used in order to establish a normal profile. In testing phase, check whether the current traffic of the node is normal or anomalous. If it is normal then update the normal profile otherwise isolate the malicious node and ignore that node from the network. To update the normal profile periodically, weighted coefficients and a forgetting equation is used.
Keywords: mobile ad hoc networks; telecommunication security; MANET; anomaly detection approach; dynamic learning; intrusion detection approach; k-means clustering; malicious nodes; mobile ad hoc network; network data; novel framework; security system; static base profile; surveillance system; topology node; Heuristic algorithms; Intrusion detection; Mobile ad hoc networks; Network topology; Routing; Testing; Training; Dynamic Intrusion Detection System; K-means clustering (ID#: 16-9916)


A. Al-Mahrouqi, S. Abdalla and T. Kechadi, “Efficiency of Network Event Logs as Admissible Digital Evidence,” 2015 Science and Information Conference (SAI), London, 2015, pp. 1257-1265. doi: 10.1109/SAI.2015.7237305
Abstract: The large number of event logs generated in a typical network is increasingly becoming an obstacle for forensic investigators to analyze and use to detect and verify malicious activities. Research in the area of network forensic is trying to address the challenge of using network logs to reconstruct attack scenarios by proposing event correlation models. In this paper we introduce a new network forensics model that makes network event-logs admissible in the court of law. Our model collects available logs from connected network devices, applies decision tree algorithm in order to filter anomaly intrusion, then re-route the logs to a central repository where event-logs management functions are applied.
Keywords: computer network security; decision trees; digital forensics; admissible digital evidence; anomaly intrusion; decision tree algorithm; event correlation models; event-logs management functions; malicious activity detection; network event logs; network forensics model; Computer crime; Computer science; Computers; Data mining; Forensics; Reliability; Authentication of Evidence; Best Evidence; Evidence Reliability; Network Evidence Admissibility; SVMs (ID#: 16-9917)


V. F. Arguedas, F. Mazzarella and M. Vespe, “Spatio-Temporal Data Mining for Maritime Situational Awareness,” OCEANS 2015 - Genova, Genoa, 2015, pp. 1-8. doi: 10.1109/OCEANS-Genova.2015.7271544
Abstract: Maritime Situational Awareness (MSA) is the capability of understanding events, circumstances and activities within and impacting the maritime environment. Nowadays, the vessel positioning sensors provide a vast amount of data that could enhance the maritime knowledge if analysed and modelled. Vessel positioning data is dynamic and continuous on time and space, requiring spatio-temporal data mining techniques to derive knowledge. In this paper, several spatio-temporal data mining techniques are proposed to enhance the MSA, tackling existing challenges such as automatic maritime route extraction and synthetic representation, mapping vessels activities, anomaly detection or position and track prediction. The aim is to provide a more complete and interactive Maritime Situational Picture (MSP) and, hence, to provide more capabilities to operational authorities and policy-makers to support the decision-making process. The proposed approaches are evaluated on diverse areas of interest from the Dover Strait to the Icelandic coast.
Keywords: data mining; oceanographic techniques; automatic maritime route extraction; mapping vessels activities; maritime situational awareness; maritime situational picture; spatio-temporal data mining; synthetic representation; Data mining; Knowledge discovery; Ports (Computers); Safety; Security; Synthetic aperture radar; Trajectory (ID#: 16-9918)


A. Amouri, L. G. Jaimes, R. Manthena, S. D. Morgera and I. J. Vergara-Laurens, “A Simple Scheme for Pseudo Clustering Algorithm for Cross Layer Intrusion Detection in MANET,” 2015 7th IEEE Latin-American Conference on Communications (LATINCOM), Arequipa, 2015, pp. 1-6. doi: 10.1109/LATINCOM.2015.7430139
Abstract: The Mobile AdHoc Network (MANET) is a type of wireless network that does not require infrastructure for its operation; therefore, MANETs lack a centralized architecture which affects the level of security inside the network and increases vulnerability. Although encryption helps to increase network security level, it is not sufficient to protect against malicious intruders. An intrusion detection scheme is proposed in this paper based on cross layer feature collection from the medium access control (MAC) and network layers. The proposed method employs an hierarchical configuration that avoids using a clustering algorithm and, instead, sequentially activates the promiscuity (ability to sniff all packets transmitted by nodes within radio range) of the node based on its location in the network. The node in this case acts as a pseudo cluster head (PCH) that collects data from its neighboring nodes in each quadrant in the field and then uses this information to calculate an anomaly index (AI) in each quadrant. The mechanism uses a C4.5 decision tree to learn the network behavior under blackhole attack and is able to recognize blackhole attacks with up to 97% accuracy. The presented approach is twofold - it is energy efficient and has a high degree of intrusion detection with low overhead.
Keywords: access protocols; cryptography; mobile ad hoc networks; pattern clustering; telecommunication security; C4.5 decision tree; MANET; anomaly index; blackhole attack; clustering algorithm; cross layer intrusion detection; hierarchical configuration; intrusion detection scheme; medium access control; mobile ad hoc network; network security level; pseudocluster head; pseudoclustering scheme; wireless network; Artificial intelligence; Indexes; Intrusion detection; Mobile ad hoc networks; Routing; Routing protocols (ID#: 16-9919)


B. H. Dang and W. Li, “Impact of Baseline Profile on Intrusion Detection in Mobile Ad Hoc Networks,” SoutheastCon 2015, Fort Lauderdale, FL, 2015, pp. 1-7. doi: 10.1109/SECON.2015.7133013
Abstract: Dynamic topology and limited resources are major limitations that make intrusion detection in mobile ad hoc network (MANET) a difficult task. In recent years, several anomaly detection techniques were proposed to detect malicious nodes using static and dynamic baseline profiles, which depict normal MANET behaviors. In this research, we investigated different baseline profile methods and conducted a set of experiments to evaluate their effectiveness and efficiency for anomaly detection in MANETs using C-means clustering technique. The results indicated that a static baseline profile delivers similar results to other baseline profile methods. However, it requires the least resource usage while a dynamic baseline profile method requires the most resource usage of all the baseline models.
Keywords: mobile ad hoc networks; mobile computing; pattern clustering; security of data; MANET behaviors; c-means clustering technique; dynamic baseline profiles; intrusion detection; malicious nodes; mobile ad hoc networks; resource usage; static baseline profiles; Ad hoc networks; Adaptation models; Computational modeling; Mobile computing; Routing protocols; Mobile ad hoc networks; anomaly detection; baseline profile; clustering technique; unsupervised learning techniques (ID#: 16-9920)


E. Basan and O. Makarevich, “An Energy-Efficient System of Counteraction Against Attacks in the Mobile Wireless Sensor Networks,” Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2015 International Conference on, Xi'an, 2015, pp. 403-410. doi: 10.1109/CyberC.2015.72
Abstract: This paper is to create a model of secure wireless sensor network (WSN), which is able to defend against most of known network attacks and don't significantly reduce the energy power of sensor nodes (SN). We propose clustering as a way of network organization, which allows reducing energy consumption. Network Protection is based on the calculation of the trust level and the establishment of trusted relationships between trusted nodes. Operation of trust management system is based on a centralized method.
Keywords: mobile communication; trusted computing; wireless sensor networks; SN; WSN; centralized method; energy consumption; energy-efficient system; mobile wireless sensor networks; network protection; sensor nodes; trust management system; Base stations; Clustering algorithms; Nickel; Partitioning algorithms; Routing protocols; Wireless sensor networks; algorithms; anomaly detection; attacks; clustering; protocol; security; trust; trust evaluation (ID#: 16-9921)


P. Sarigiannidis, E. Karapistoli and A. A. Economides, “VisIoT: A Threat Visualisation Tool for IoT Systems Security,” 2015 IEEE International Conference on Communication Workshop (ICCW), London, 2015, pp. 2633-2638. doi: 10.1109/ICCW.2015.7247576
Abstract: Without doubt, the Internet of Things (IoT) is changing the way people and technology interact. Fuelled by recent advances in networking, communications, computation, software, and hardware technologies, IoT has stepped out of its infancy and is considered as the next breakthrough technology in transforming the Internet into a fully integrated Future Internet. However, realising a network of physical objects accessed through the Internet brings a potential threat in the shadow of the numerous benefits. The threat is “security”. Given that Wireless Sensor Networks (WSNs) leverage the potential of IoT quite efficiently, this paper faces the challenge of security attention on a particular, yet broad, context of IP-enabled WSNs. In particular, it proposes a novel threat visualisation tool for such networks, called VisIoT. VisIoT is a human-interactive visual-based anomaly detection system that is capable of monitoring and promptly detecting several devastating forms of security attacks, including wormhole attacks, and Sybil attacks. Based on a rigorous, radial visualisation design, VisIoT may expose adversaries conducting one or multiple concurrent attacks against IP-enabled WSNs. The system's visual and anomaly detection efficacy in exposing complex security threats is demonstrated through a number of simulated attack scenarios.
Keywords: Internet of Things; data visualisation; security of data; wireless sensor networks; IP-enabled WSN; IoT systems security; Sybil attacks; VisIoT; complex security threats; concurrent attacks; hardware technologies; human-interactive visual-based anomaly detection system; physical objects; radial visualisation design; security attacks; simulated attack scenarios; software technologies; threat visualisation tool; visual detection efficacy; wormhole attacks; Data visualization; Engines; Monitoring; Routing; Security; Visualization; Wireless sensor networks (ID#: 16-9922)


K. M. A. Alheeti, A. Gruebler and K. D. McDonald-Maier, “On the Detection of Grey Hole and Rushing Attacks in Self-Driving Vehicular Networks,” Computer Science and Electronic Engineering Conference (CEEC), 2015 7th, Colchester, 2015, pp. 231-236. doi: 10.1109/CEEC.2015.7332730
Abstract: Vehicular ad hoc networks play an important role in the success of a new class of vehicles, i.e. self-driving and semi self-driving vehicles. These networks provide safety and comfort to passengers, drivers and vehicles themselves. These vehicles depend heavily on external communication to predicate the surrounding environment through the exchange of cooperative awareness messages (CAMs) and control data. VANETs are exposed to many types of attacks such as black hole, grey hole and rushing attacks. In this paper, we present an intelligent Intrusion Detection System (IDS) which relies on anomaly detection to protect external communications from grey hole and rushing attacks. Many researchers agree that grey hole attacks in VANETs are a substantial challenge due to them having their distinct types of behaviour: normal and abnormal. These attacks try to prevent transmission between vehicles and roadside units and have a direct and negative impact on the wide acceptance of this new class of vehicles. The proposed IDS is based on features that have been extracted from a trace file generated in a network simulator. In our paper, we used a feed-forward neural network and a support vector machine for the design of the intelligent IDS. The proposed system uses only significant features extracted from the trace file. Our research, concludes that a reduction in the number of features leads to a higher detection rate and a decrease in false alarms.
Keywords: cooperative systems; feedforward neural nets; security of data; support vector machines; traffic engineering computing; vehicular ad hoc networks; CAM; IDS; VANET; cooperative awareness messages; feedforward neural network; grey hole; intelligent intrusion detection system; rushing attacks; self-driving vehicular networks; semi self-driving vehicles; support vector machine; Ad hoc networks; Feature extraction; Intrusion detection; Roads; Routing protocols; Vehicles; intrusion detection system; security; self-driving car; semi self-driving car (ID#: 16-9923)


T. Gonnot, W. J. Yi, E. Monsef and J. Saniie, “Robust Framework for 6LoWPAN-Based Body Sensor Network Interfacing with Smartphone,” 2015 IEEE International Conference on Electro/Information Technology (EIT), DeKalb, IL, 2015, pp. 320-323. doi: 10.1109/EIT.2015.7293361
Abstract: This paper presents the design of a robust framework for body sensor network. In this framework, sensor nodes communicate using 6LoWPAN, running on the Contiki operating system, which is designed for energy efficiency and configuration flexibility. Furthermore, an embedded router is implemented using a Raspberry Pi to bridge the information to a Bluetooth capable smartphone. Consequently, the smartphone can process, analyze, compress and send the data to the cloud using its data connection. One of the major application of this framework is home patient monitoring, with 24/7 data collection capability. The collected data can be sent to a doctor at any time, or only when an anomaly is detected.
Keywords: Bluetooth; body sensor networks; computer network security; data analysis; data compression; home networks; operating systems (computers); patient monitoring; smart phones; telecommunication network routing; 6LoWPAN-based body sensor network; Bluetooth capable smartphone; Contiki operating system; Raspberry Pi; anomaly detection; configuration flexibility; data collection capability; data connection; data process; data sending; embedded router; energy efficiency; home patient monitoring; robust framework; sensor nodes; IEEE 802.15 Standard; Reliability; Routing protocols; Servers; Wireless communication (ID#: 16-9924)


K. M. A. Alheeti, A. Gruebler, K. D. McDonald-Maier and A. Fernando, “Prediction of DoS Attacks in External Communication for Self-Driving Vehicles Using a Fuzzy Petri Net Model,” 2016 IEEE International Conference on Consumer Electronics (ICCE), Las Vegas, NV, 2016, pp. 502-503. doi: 10.1109/ICCE.2016.7430705
Abstract: In this paper we propose a security system to protect external communications for self-driving and semi self-driving cars. The proposed system can detect malicious vehicles in an urban mobility scenario. The anomaly detection system is based on fuzzy petri nets (FPN) to detect packet dropping attacks in vehicular ad hoc networks. The experimental results show the proposed FPN-IDS can successfully detect DoS attacks in external communication of self-driving vehicles.
Keywords: Petri nets; automobiles; computer network security; fuzzy systems; vehicular ad hoc networks; DoS attack prediction; anomaly detection system; external communications; fuzzy Petri net model; malicious vehicle detection; packet dropping attack detection; security system; self-driving vehicles; semiself-driving cars; urban mobility scenario; Ad hoc networks; Intrusion detection; Measurement; Petri nets; Routing protocols; Vehicles; FPN; IDS; Security; platoon; self-driving cars (ID#: 16-9925)


K. Limthong, K. Fukuda, Y. Ji and S. Yamada, “Weighting Technique on Multi-Timeline for Machine Learning-Based Anomaly Detection System,” Computing, Communication and Security (ICCCS), 2015 International Conference on, Pamplemousses, 2015, pp. 1-6. doi: 10.1109/CCCS.2015.7374168
Abstract: Anomaly detection is one of the crucial issues of network security. Many techniques have been developed for certain application domains, and recent studies show that machine learning technique contains several advantages to detect anomalies in network traffic. One of the issues applying this technique to real network is to understand how the learning algorithm contains more bias on new traffic than old traffic. In this paper, we investigate the dependency of the time period for learning on the performance of anomaly detection in Internet traffic. For this, we introduce a weighting technique that controls influence of recent and past traffic data in an anomaly detection system. Experimental results show that the weighting technique improves detection performance between
2.7–112% for several learning algorithms, such as multivariate normal distribution, knearest neighbor, and one-class support vector machine.
Keywords: learning (artificial intelligence); security of data; support vector machines; Internet traffic; k-nearest neighbor; machine learning-based anomaly detection system; multivariate normal distribution; network security; network traffic; support vector machine; weighting technique; Delays; Routing; Routing protocols; Throughput; Vehicular ad hoc networks; anomaly detection; machine learning; multiple timeline; weighting technique (ID#: 16-9926)


S. Banerjee, R. Nandi, R. Dey and H. N. Saha, “A Review on Different Intrusion Detection Systems for MANET and Its Vulnerabilities,” Computing and Communication (IEMCON), 2015 International Conference and Workshop on, Vancouver, BC, 2015, pp. 1-7. doi: 10.1109/IEMCON.2015.7344466
Abstract: In recent years, Mobile Ad hoc NETwork (MANET) have become a very popular research topic. By providing communications in the absence of a fixed infrastructure MANET are an attractive technology for many applications such as resource app, military app, environmental monitoring and conferences. However, this flexibility introduces new security threats due to the vulnerable nature of MANET, there will be the necessity of protecting the data, information from the attackers as it is an infrastructure-less network. Thus, securing such demanding network is a big challenge. At this point, IDS came into existence to secure MANET in detecting at what point they are getting weak. In this review paper, we will discuss, MANET and its vulnerabilities, and how we can tackle it using different techniques of IDS (Intrusion Detection System).
Keywords: data protection; mobile ad hoc networks; security of data; IDS; fixed infrastructure MANET vulnerability; information protection; infrastructure-less network; intrusion detection system; mobile ad hoc network security; security threat; Intrusion detection; Mobile ad hoc networks; Monitoring; Protocols; Routing; Anomaly Detection; EAACK; MANET (ID#: 16-9927)


M. Azghani and S. Sun, “Low-Rank Block Sparse Decomposition Algorithm for Anomaly Detection in Networks,” 2015 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA), Hong Kong, 2015, pp. 807-810. doi: 10.1109/APSIPA.2015.7415384
Abstract: In this paper, a method is suggested for the anomaly detection in wireless networks. The main problem that is addressed is to detect the malfunctioning sub-graphs in the network which bring about anomalies with block sparse structure. The proposed algorithm is detecting the anomalies considering the low-rank property of the data matrix and the block-sparsity of the outlier. Hence, the problem boils down to a compressed block sparse plus low rank decomposition that is solved with the aid of the ADMM technique. The simulation results indicate that the suggested method surpasses the other technique especially for higher block-sparsity rates.
Keywords: graph theory; matrix decomposition; matrix multiplication; network theory (graphs); radio networks; signal processing; telecommunication security; ADMM technique; alternating direction method of multipliers; block sparsity; compressed block sparse plus low rank decomposition; data matrix; low rank block sparse decomposition algorithm; low-rank property; malfunctioning subgraphs; network anomaly detection; wireless network; Cost function; Matrix decomposition; Routing; Simulation; Sparse matrices; Wireless networks; Anomaly detection; Compressed Sensing; Low rank minimization (ID#: 16-9928)


M. Abdelhaq, R. Alsaqour, M. Ismail and S. Abdelhaq, “Dendritic Cell Fuzzy Logic Algorithm over Mobile Ad Hoc Networks,” 2015 6th International Conference on Intelligent Systems, Modelling and Simulation, Kuala Lumpur, 2015, pp. 64-69. doi: 10.1109/ISMS.2015.36
Abstract: A mobile ad hoc network (MANET) is an open wireless network of mobile, decentralized, and self-organized nodes with limited energy and bandwidth resources. The MANET environment is vulnerable to dangerous attacks, such as flooding-based attacks, which paralyze the functionality of the whole network. This paper introduces a hybrid intelligent algorithm, which can meet the challenge of protecting MANET with effective security and network performance. This objective is fulfilled by inspiring the abstract anomaly detection of dendritic cells (DCs) in the human immune system and the accurate decision-making functionality of fuzzy logic theory to introduce a dendritic Cell Fuzzy Algorithm (DCFA). DCFA combines the relevant features of danger theory-based AISs and fuzzy logic theory-based systems. DCFA is verified using QualNet v5.0.2 to detect resource consumption attack. The results show the efficient capability of DCFA to perform the detection operation with high network and security performance.
Keywords: decision making; fuzzy logic; mobile ad hoc networks; DCFA; MANET; QualNet v5.0.2; danger theory-based AIS; decision-making functionality; dendritic cell fuzzy logic algorithm; open wireless network; Context; Fuzzy logic; Immune system; Mobile ad hoc networks; Radiation detectors; Routing protocols; Security; artificial immune system; danger theory; fuzzy logic theory; mobile ad hoc network; resource consumption attack (ID#: 16-9929)


S. Merat and W. Almuhtadi, “Artificial Intelligence Application for Improving Cyber-Security Acquirement,” Electrical and Computer Engineering (CCECE), 2015 IEEE 28th Canadian Conference on, Halifax, NS, 2015, pp. 1445-1450. doi: 10.1109/CCECE.2015.7129493
Abstract: The main focus of this paper is the improvement of machine learning where a number of different types of computer processes can be mapped in multitasking environment. A software mapping and modelling paradigm named SHOWAN is developed to learn and characterize the cyber awareness behaviour of a computer process against multiple concurrent threads. The examined process start to outperform, and tended to manage numerous tasks poorly, but it gradually learned to acquire and control tasks, in the context of anomaly detection. Finally, SHOWAN plots the abnormal activities of manually projected task and compare with loading trends of other tasks within the group.
Keywords: learning (artificial intelligence); security of data; SHOWAN; anomaly detection; artificial intelligence application; computer process; concurrent threads; cyber awareness behaviour; cyber-security acquirement; machine learning; modelling paradigm; multitasking environment; software mapping; Artificial intelligence; Indexes; Instruction sets; Message systems; Routing; Security; Cyber Multitasking Performance; Cyber-Attack; Cyber-Security; Intrinsically locked; Non-maskable task; Normative Model; Queuing Management; Task Prioritization; synchronized thread (ID#: 16-9930)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.