Visible to the public Biblio

Found 418 results

Filters: Keyword is Monitoring  [Clear All Filters]
2015-05-04
Manjula, R., Datta, R..  2014.  An energy-efficient routing technique for privacy preservation of assets monitored with WSN. Students' Technology Symposium (TechSym), 2014 IEEE. :325-330.

Wireless Sensor Networks (WSNs) are deployed to monitor the assets (endangered species) and report the locations of these assets to the Base Station (BS) also known as Sink. The hunter (adversary) attacks the network at one or two hops away from the Sink, eavesdrops the wireless communication links and traces back to the location of the asset to capture them. The existing solutions proposed to preserve the privacy of the assets lack in energy efficiency as they rely on random walk routing technique and fake packet injection technique so as to obfuscate the hunter from locating the assets. In this paper we present an energy efficient privacy preserved routing algorithm where the event (i.e., asset) detected nodes called as source nodes report the events' location information to the Base Station using phantom source (also known as phantom node) concept and a-angle anonymity concept. Routing is done using existing greedy routing protocol. Comparison through simulations shows that our solution reduces the energy consumption and delay while maintaining the same level of privacy as that of two existing popular techniques.
 

2015-05-01
Arieta, F., Barabasz, L.T., Santos, A., Nogueira, M..  2014.  Mitigating Flooding Attacks on Mobility in Infrastructure-Based Vehicular Networks. Latin America Transactions, IEEE (Revista IEEE America Latina). 12:475-483.

Infrastructure-based Vehicular Networks can be applied in different social contexts, such as health care, transportation and entertainment. They can easily take advantage of the benefices provided by wireless mesh networks (WMNs) to mobility, since WMNs essentially support technological convergence and resilience, required for the effective operation of services and applications. However, infrastructure-based vehicular networks are prone to attacks such as ARP packets flooding that compromise mobility management and users' network access. Hence, this work proposes MIRF, a secure mobility scheme based on reputation and filtering to mitigate flooding attacks on mobility management. The efficiency of the MIRF scheme has been evaluated by simulations considering urban scenarios with and without attacks. Analyses show that it significantly improves the packet delivery ratio in scenarios with attacks, mitigating their intentional negative effects, as the reduction of malicious ARP requests. Furthermore, improvements have been observed in the number of handoffs on scenarios under attacks, being faster than scenarios without the scheme.

Ghatak, S., Bose, S., Roy, S..  2014.  Intelligent wall mounted wireless fencing system using wireless sensor actuator network. Computer Communication and Informatics (ICCCI), 2014 International Conference on. :1-5.

This paper presents the relative merits of IR and microwave sensor technology and their combination with wireless camera for the development of a wall mounted wireless intrusion detection system and explain the phases by which the intrusion information are collected and sent to the central control station using wireless mesh network for analysis and processing the collected data. These days every protected zone is facing numerous security threats like trespassing or damaging of important equipments and a lot more. Unwanted intrusion has turned out to be a growing problem which has paved the way for a newer technology which detects intrusion accurately. Almost all organizations have their own conventional arrangement of protecting their zones by constructing high wall, wire fencing, power fencing or employing guard for manual observation. In case of large areas, manually observing the perimeter is not a viable option. To solve this type of problem we have developed a wall-mounted wireless fencing system. In this project I took the responsibility of studying how the different units could be collaborated and how the data collected from them could be further processed with the help of software, which was developed by me. The Intrusion detection system constitutes an important field of application for IR and microwave based wireless sensor network. A state of the art wall-mounted wireless intrusion detection system will detect intrusion automatically, through multi-level detection mechanism (IR, microwave, active RFID & camera) and will generate multi-level alert (buzzer, images, segment illumination, SMS, E-Mail) to notify security officers, owners and also illuminate the particular segment where the intrusion has happened. This system will enable the authority to quickly handle the emergency through identification of the area of incident at once and to take action quickly. IR based perimeter protection is a proven technology. However IR-based intrusion detection system is not a full-proof solution since (1) IR may fail in foggy or dusty weather condition & hence it may generate false alarm. Therefore we amalgamate this technology with Microwave based intrusion detection which can work satisfactorily in foggy weather. Also another significant arena of our proposed system is the Camera-based intrusion detection. Some industries require this feature to capture the snap-shots of the affected location instantly as the intrusion happens. The Intrusion information data are transmitted wirelessly to the control station via multi hop routing (using active RFID or IEEE 802.15.4 protocol). The Control station will receive intrusion information at real time and analyze the data with the help of the Intrusion software. It then sends SMS to the predefined numbers of the respective authority through GSM modem attached with the control station engine.

Rezvani, M., Ignjatovic, A., Bertino, E., Jha, S..  2014.  Provenance-aware security risk analysis for hosts and network flows. Network Operations and Management Symposium (NOMS), 2014 IEEE. :1-8.

Detection of high risk network flows and high risk hosts is becoming ever more important and more challenging. In order to selectively apply deep packet inspection (DPI) one has to isolate in real time high risk network activities within a huge number of monitored network flows. To help address this problem, we propose an iterative methodology for a simultaneous assessment of risk scores for both hosts and network flows. The proposed approach measures the risk scores of hosts and flows in an interdependent manner; thus, the risk score of a flow influences the risk score of its source and destination hosts, and also the risk score of a host is evaluated by taking into account the risk scores of flows initiated by or terminated at the host. Our experimental results show that such an approach not only effective in detecting high risk hosts and flows but, when deployed in high throughput networks, is also more efficient than PageRank based algorithms.

Mohagheghi, S..  2014.  Integrity Assessment Scheme for Situational Awareness in Utility Automation Systems. Smart Grid, IEEE Transactions on. 5:592-601.

Today's more reliable communication technology, together with the availability of higher computational power, have paved the way for introduction of more advanced automation systems based on distributed intelligence and multi-agent technology. However, abundance of data, while making these systems more powerful, can at the same time act as their biggest vulnerability. In a web of interconnected devices and components functioning within an automation framework, potential impact of malfunction in a single device, either through internal failure or external damage/intrusion, may lead to detrimental side-effects spread across the whole underlying system. The potentially large number of devices, along with their inherent interrelations and interdependencies, may hinder the ability of human operators to interpret events, identify their scope of impact and take remedial actions if necessary. Through utilization of the concepts of graph-theoretic fuzzy cognitive maps (FCM) and expert systems, this paper puts forth a solution that is able to reveal weak links and vulnerabilities of an automation system, should it become exposed to partial internal failure or external damage. A case study has been performed on the IEEE 34-bus test distribution system to show the efficiency of the proposed scheme.

2015-04-30
Kirsch, J., Goose, S., Amir, Y., Dong Wei, Skare, P..  2014.  Survivable SCADA Via Intrusion-Tolerant Replication. Smart Grid, IEEE Transactions on. 5:60-70.

Providers of critical infrastructure services strive to maintain the high availability of their SCADA systems. This paper reports on our experience designing, architecting, and evaluating the first survivable SCADA system-one that is able to ensure correct behavior with minimal performance degradation even during cyber attacks that compromise part of the system. We describe the challenges we faced when integrating modern intrusion-tolerant protocols with a conventional SCADA architecture and present the techniques we developed to overcome these challenges. The results illustrate that our survivable SCADA system not only functions correctly in the face of a cyber attack, but that it also processes in excess of 20 000 messages per second with a latency of less than 30 ms, making it suitable for even large-scale deployments managing thousands of remote terminal units.

Wei Min, Keecheon Kim.  2014.  Intrusion tolerance mechanisms using redundant nodes for wireless sensor networks. Information Networking (ICOIN), 2014 International Conference on. :131-135.

Wireless sensor networks extend people's ability to explore, monitor, and control the physical world. Wireless sensor networks are susceptible to certain types of attacks because they are deployed in open and unprotected environments. Novel intrusion tolerance architecture is proposed in this paper. An expert intrusion detection analysis system and an all-channel analyzer are introduced. A proposed intrusion tolerance scheme is implemented. Results show that this scheme can detect data traffic and re-route it to a redundant node in the wireless network, prolong the lifetime of the network, and isolate malicious traffic introduced through compromised nodes or illegal intrusions.

Han, Lansheng, Qian, Mengxiao, Xu, Xingbo, Fu, Cai, Kwisaba, Hamza.  2014.  Malicious code detection model based on behavior association. Tsinghua Science and Technology. 19:508-515.

Malicious applications can be introduced to attack users and services so as to gain financial rewards, individuals' sensitive information, company and government intellectual property, and to gain remote control of systems. However, traditional methods of malicious code detection, such as signature detection, behavior detection, virtual machine detection, and heuristic detection, have various weaknesses which make them unreliable. This paper presents the existing technologies of malicious code detection and a malicious code detection model is proposed based on behavior association. The behavior points of malicious code are first extracted through API monitoring technology and integrated into the behavior; then a relation between behaviors is established according to data dependence. Next, a behavior association model is built up and a discrimination method is put forth using pushdown automation. Finally, the exact malicious code is taken as a sample to carry out an experiment on the behavior's capture, association, and discrimination, thus proving that the theoretical model is viable.

Shropshire, J..  2014.  Analysis of Monolithic and Microkernel Architectures: Towards Secure Hypervisor Design. System Sciences (HICSS), 2014 47th Hawaii International Conference on. :5008-5017.

This research focuses on hyper visor security from holistic perspective. It centers on hyper visor architecture - the organization of the various subsystems which collectively compromise a virtualization platform. It holds that the path to a secure hyper visor begins with a big-picture focus on architecture. Unfortunately, little research has been conducted with this perspective. This study investigates the impact of monolithic and micro kernel hyper visor architectures on the size and scope of the attack surface. Six architectural features are compared: management API, monitoring interface, hyper calls, interrupts, networking, and I/O. These subsystems are core hyper visor components which could be used as attack vectors. Specific examples and three leading hyper visor platforms are referenced (ESXi for monolithic architecture; Xen and Hyper-V for micro architecture). The results describe the relative strengths and vulnerabilities of both types of architectures. It is concluded that neither design is more secure, since both incorporate security tradeoffs in core processes.

Montague, E., Jie Xu, Chiou, E..  2014.  Shared Experiences of Technology and Trust: An Experimental Study of Physiological Compliance Between Active and Passive Users in Technology-Mediated Collaborative Encounters. Human-Machine Systems, IEEE Transactions on. 44:614-624.

The aim of this study is to examine the utility of physiological compliance (PC) to understand shared experience in a multiuser technological environment involving active and passive users. Common ground is critical for effective collaboration and important for multiuser technological systems that include passive users since this kind of user typically does not have control over the technology being used. An experiment was conducted with 48 participants who worked in two-person groups in a multitask environment under varied task and technology conditions. Indicators of PC were measured from participants' cardiovascular and electrodermal activities. The relationship between these PC indicators and collaboration outcomes, such as performance and subjective perception of the system, was explored. Results indicate that PC is related to group performance after controlling for task/technology conditions. PC is also correlated with shared perceptions of trust in technology among group members. PC is a useful tool for monitoring group processes and, thus, can be valuable for the design of collaborative systems. This study has implications for understanding effective collaboration.

Howser, G., McMillin, B..  2014.  A Modal Model of Stuxnet Attacks on Cyber-physical Systems: A Matter of Trust. Software Security and Reliability (SERE), 2014 Eighth International Conference on. :225-234.

Multiple Security Domains Nondeducibility, MSDND, yields results even when the attack hides important information from electronic monitors and human operators. Because MSDND is based upon modal frames, it is able to analyze the event system as it progresses rather than relying on traces of the system. Not only does it provide results as the system evolves, MSDND can point out attacks designed to be missed in other security models. This work examines information flow disruption attacks such as Stuxnet and formally explains the role that implicit trust in the cyber security of a cyber physical system (CPS) plays in the success of the attack. The fact that the attack hides behind MSDND can be used to help secure the system by modifications to break MSDND and leave the attack nowhere to hide. Modal operators are defined to allow the manipulation of belief and trust states within the model. We show how the attack hides and uses the operator's trust to remain undetected. In fact, trust in the CPS is key to the success of the attack.

Salman, A., Elhajj, I.H., Chehab, A., Kayssi, A..  2014.  DAIDS: An Architecture for Modular Mobile IDS. Advanced Information Networking and Applications Workshops (WAINA), 2014 28th International Conference on. :328-333.

The popularity of mobile devices and the enormous number of third party mobile applications in the market have naturally lead to several vulnerabilities being identified and abused. This is coupled with the immaturity of intrusion detection system (IDS) technology targeting mobile devices. In this paper we propose a modular host-based IDS framework for mobile devices that uses behavior analysis to profile applications on the Android platform. Anomaly detection can then be used to categorize malicious behavior and alert users. The proposed system accommodates different detection algorithms, and is being tested at a major telecom operator in North America. This paper highlights the architecture, findings, and lessons learned.

Hammi, B., Khatoun, R., Doyen, G..  2014.  A Factorial Space for a System-Based Detection of Botcloud Activity. New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on. :1-5.

Today, beyond a legitimate usage, the numerous advantages of cloud computing are exploited by attackers, and Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use. Such a phenomena is a major issue since it strongly increases the power of distributed massive attacks while involving the responsibility of cloud service providers that do not own appropriate solutions. In this paper, we present an original approach that enables a source-based de- tection of UDP-flood DDoS attacks based on a distributed system behavior analysis. Based on a principal component analysis, our contribution consists in: (1) defining the involvement of system metrics in a botcoud's behavior, (2) showing the invariability of the factorial space that defines a botcloud activity and (3) among several legitimate activities, using this factorial space to enable a botcloud detection.

Fachkha, C., Bou-Harb, E., Debbabi, M..  2014.  Fingerprinting Internet DNS Amplification DDoS Activities. New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on. :1-5.

This work proposes a novel approach to infer and characterize Internet-scale DNS amplification DDoS attacks by leveraging the darknet space. Complementary to the pioneer work on inferring Distributed Denial of Service (DDoS) using darknet, this work shows that we can extract DDoS activities without relying on backscattered analysis. The aim of this work is to extract cyber security intelligence related to DNS Amplification DDoS activities such as detection period, attack duration, intensity, packet size, rate and geo- location in addition to various network-layer and flow-based insights. To achieve this task, the proposed approach exploits certain DDoS parameters to detect the attacks. We empirically evaluate the proposed approach using 720 GB of real darknet data collected from a /13 address space during a recent three months period. Our analysis reveals that the approach was successful in inferring significant DNS amplification DDoS activities including the recent prominent attack that targeted one of the largest anti-spam organizations. Moreover, the analysis disclosed the mechanism of such DNS amplification DDoS attacks. Further, the results uncover high-speed and stealthy attempts that were never previously documented. The case study of the largest DDoS attack in history lead to a better understanding of the nature and scale of this threat and can generate inferences that could contribute in detecting, preventing, assessing, mitigating and even attributing of DNS amplification DDoS activities.

Anwar, Z., Malik, A.W..  2014.  Can a DDoS Attack Meltdown My Data Center? A Simulation Study and Defense Strategies Communications Letters, IEEE. 18:1175-1178.

The goal of this letter is to explore the extent to which the vulnerabilities plaguing the Internet, particularly susceptibility to distributed denial-of-service (DDoS) attacks, impact the Cloud. DDoS has been known to disrupt Cloud services, but could it do worse by permanently damaging server and switch hardware? Services are hosted in data centers with thousands of servers generating large amounts of heat. Heating, ventilation, and air-conditioning (HVAC) systems prevent server downtime due to overheating. These are remotely managed using network management protocols that are susceptible to network attacks. Recently, Cloud providers have experienced outages due to HVAC malfunctions. Our contributions include a network simulation to study the feasibility of such an attack motivated by our experiences of such a security incident in a real data center. It demonstrates how a network simulator can study the interplay of the communication and thermal properties of a network and help prevent the Cloud provider's worst nightmare: meltdown of the data center as a result of a DDoS attack.

Grilo, A.M., Chen, J., Diaz, M., Garrido, D., Casaca, A..  2014.  An Integrated WSAN and SCADA System for Monitoring a Critical Infrastructure. Industrial Informatics, IEEE Transactions on. 10:1755-1764.

Wireless sensor and actuator networks (WSAN) constitute an emerging technology with multiple applications in many different fields. Due to the features of WSAN (dynamism, redundancy, fault tolerance, and self-organization), this technology can be used as a supporting technology for the monitoring of critical infrastructures (CIs). For decades, the monitoring of CIs has centered on supervisory control and data acquisition (SCADA) systems, where operators can monitor and control the behavior of the system. The reach of the SCADA system has been hampered by the lack of deployment flexibility of the sensors that feed it with monitoring data. The integration of a multihop WSAN with SCADA for CI monitoring constitutes a novel approach to extend the SCADA reach in a cost-effective way, eliminating this handicap. However, the integration of WSAN and SCADA presents some challenges which have to be addressed in order to comprehensively take advantage of the WSAN features. This paper presents a solution for this joint integration. The solution uses a gateway and a Web services approach together with a Web-based SCADA, which provides an integrated platform accessible from the Internet. A real scenario where this solution has been successfully applied to monitor an electrical power grid is presented.

Mitchell, R., Ing-Ray Chen.  2014.  Adaptive Intrusion Detection of Malicious Unmanned Air Vehicles Using Behavior Rule Specifications. Systems, Man, and Cybernetics: Systems, IEEE Transactions on. 44:593-604.


In this paper, we propose an adaptive specification-based intrusion detection system (IDS) for detecting malicious unmanned air vehicles (UAVs) in an airborne system in which continuity of operation is of the utmost importance. An IDS audits UAVs in a distributed system to determine if the UAVs are functioning normally or are operating under malicious attacks. We investigate the impact of reckless, random, and opportunistic attacker behaviors (modes which many historical cyber attacks have used) on the effectiveness of our behavior rule-based UAV IDS (BRUIDS) which bases its audit on behavior rules to quickly assess the survivability of the UAV facing malicious attacks. Through a comparative analysis with the multiagent system/ant-colony clustering model, we demonstrate a high detection accuracy of BRUIDS for compliant performance. By adjusting the detection strength, BRUIDS can effectively trade higher false positives for lower false negatives to cope with more sophisticated random and opportunistic attackers to support ultrasafe and secure UAV applications.
 

2015-03-03
Abbas, W., Koutsoukos, X..  2015.  Efficient Complete Coverage Through Heterogeneous Sensing Nodes. Wireless Communications Letters, IEEE. 4:14-17.

We investigate the coverage efficiency of a sensor network consisting of sensors with circular sensing footprints of different radii. The objective is to completely cover a region in an efficient manner through a controlled (or deterministic) deployment of such sensors. In particular, it is shown that when sensing nodes of two different radii are used for complete coverage, the coverage density is increased, and the sensing cost is significantly reduced as compared to the homogeneous case, in which all nodes have the same sensing radius. Configurations of heterogeneous disks of multiple radii to achieve efficient circle coverings are presented and analyzed.