SlideShare a Scribd company logo

Bp24447451

IJERA Editor
IJERA Editor
1 of 5
Download to read offline
J.Emi Karmichael / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 4, July-August 2012, pp.447-451 Study And Implementation Of Self Healing Mechanism For The Control Flow Attack For Wireless Sensor Networks J.Emi Karmichael Centre For Information Technology And Engineering, M S University, Tirunelveli ABSTRACT Nowadays wireless sensor networks have control flow of a sensor application. To protect the found their way into a wide variety of applications control flow, this paper proposes access control and systems with vastly varying requirements and scheme that can detect attacks attempting to alter the characteristics, but all of them have a common control flow and then recover sensor data. Sensors use element: faults are a normal fact and not isolated very simple embedded systems due to cost, efficiency, events as in traditional networks. Thus, in order to quality and resource limitations, sensors do not have guarantee the network quality of service, it is sophisticated operating systems (OSs) to manage code essential for the sensor network to be able to detect for safety. Simple Os have been developed for and heal failures. The presented approach aims to embedded systems. However, they do not distinguish employ self-healing services, allowing them to kernel mode or user mode when executing an discover, examine, diagnose and react to instruction, and application data is adjacent to system malfunctions. In sensor application, a malicious data. Hence, one application routine can easily access code can change the flow of sensor to achieve the the data of the system or other application routines. attacks. The downloaded malicious code will steal Furthermore, high-level programming languages have or modify the sensor data. To protect the control become popular in developing sensor applications flow of sensor, this paper proposes self healing because of their convenience for coding and scheme that can detect the attack or the attempt to maintenance over assembly languages. Open source alter the control flow and recover the sensor based sensor applications have been developed as application to the normal operation In additional, well. Consequently, applications share more and more the original data which is altered by attackers is common code as they use similar development recovered from the private memory of sensor. Here environments. Memory fault attacks based on the same the private memory is used for storing sensor data principle in regular computers become threats to as reference, which is used during self optimization sensor networks[1]. First, sensors do not have time, thus strong security is obtained. In architecture to effectively enforce access control in additional, the original data which is altered by program memory. A few schemes have been proposed attackers is recovered from the private memory of to enforce access control in a sensor’s data memory by sensor. the selfhealing scheme directly processes using software-based memory management. These application code at the machine instruction level, approaches do not prevent exploiting packets from instead of performing control or data analysis on accessing other code segments in the same program source code. The implementation show that the memory. Second, sensors do not have an effective self-healing scheme is lightweight in protecting recovery mechanism. Illegally accessing instructions sensor applications. in program memory normally causes the crash of the running sensor applications and results in a long 1.INTRODUCTION restart period[2].The access control code effectively Applications in sensor networks have been enforces access control in program memory such that researched and developed for years. However, most the control flow cannot be maliciously altered. The security work focused on threats to networking and access control code itself is designed to be resilient to communication protocols. Lessons learned from worm control flow attacks that attempt to evade the access attacks that exploit memory vulnerabilities show that control. The scheme provides a self-healing recovery attackers can compromise an entire network without routine to quickly remove a compromised task from hacking legitimate accounts or breaking protocols. is the application and restore the sensor to a normal state. to protect the control flow of sensor and from the The routine cleans up sabotaged data in data memory memory fault.[2] In a sensor’s simple memory and releases the resources taken by the compromised architecture, injected code can alter task. The scheme works at the machine instruction 447 | P a g e
J.Emi Karmichael / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 4, July-August 2012, pp.447-451 level and directly processes an application’s machine This paper focuses on control flow attacks that alter code instead of the application’s source code. The control flow to execute an unexpected scheme diversifies the protected code images or sequence of instructions. different sensors. 3.OVERVIEW OF POSSIBLE ATTACKS 2.RELATED WORK Wireless sensor network security is many- Various journals are referred to know the sensor and fold, there are various ways to attack them. It is its attacking methodologies from the given references commonly assumed that wireless sensor networks are papers at below . Attacks on the data collected without based on non tamper resistant devices, i.e. an attacker appropriate authentication of the nodes an attacker can can easily collect a few nodes to analyze or modify impersonate a node to send fake data. An attacker not them. However, as the network is large, possibly made part of the network can tamper with the data. While of hundreds or thousands of devices, an attacker there exists many Data authentication is a difficult cannot tamper with all the devices. This is a basic problem in WSN, therefore data tempering by a assumption in security protocols designed for wireless malicious node is a difficult problem. Secure data sensor networks. An attacker can chose to attack the aggregation protocols have been proposed to solve network, the data or directly the nodes that are those issues. In a physical intrusion detection alarm described in paper [5]. system, the authority using the system would be willing that the alarms reported are secret, i.e. the 3.1 MEMORY FAULT ATTACK messages passing would not to acknowledge the Many computer attacks exploit detection of the intruder. This for example would vulnerabilities due to memory fault in current allow the authority to catch the intruder in the act. . At computer systems. Such attacks can be categorized as mean while, it runs protection code to enforce access control flow attacks. Attackers can overwrite control control in program memory. This will match the data to alter control flow via exploiting vulnerabilities public memory and private memory and recover the of format string error, double-free error, heap data if fault occurs. Like wise it will self optimist the overflow, return-to-lib, etc is given in paper [1] sensor node and recover its original data. Many Attackers can alter control flow to execute injected computer attacks exploit memory vulnerabilities in malicious code or to bypass conditional branches or current computer systems. Various vulnerabilities have invoke indirect jumps. been identified in software, such as stack overflow, format string error, double-free error, heap overflow, 3.2 CONTROL FLOW ATTACK return-to-libc, etc. These vulnerabilities are exploited Attackers can alter the control flow via many to overwrite critical data in memory to launch control well known buffer overflow techniques. In sensor flow attacks [3] and data flow attacks [4]. Control flow nodes, attackers could find more approaches as the attacks manipulate control data to change the flow of sensor’s architecture is very simple. Attackers can code execution. Return addresses and function directly overwrite kernel data or registers that are pointers are two major types of control data that memory-mapped. The program memory of the attackers are interested in altering and exploiting. In a processor is write-protected such that the application typical “stack smashing” attack, return address in stack code can reliably work in the field. One of the attacks is overwritten to the address where injected codes are targeting this architecture is to alter the control flow of executed when the function (corresponding to the a sensor application that as been refered in paper [1]. current stack frame) returns. When target program’s control data are modified, attackers can execute 4.ATTACK MODEL injected malicious code or out-of context library code In this paper, we do not consider attacks that at the memory address pointed by the altered control simply capture nearby sensors. Instead, we examine data. Data flow attacks do not alter the control flow, attacks that send malicious packets to exploit but rather manipulate non control data to cause vulnerability in remote sensors. Such attacks help security breach in software. Many real-world software attackers obtain more control over remote sensors that applications are susceptible to data flow attacks [4]. In are not in their nearby areas. Such attacks can such attacks, attackers examine the software to find effectively threaten a network of tens or hundreds of out “which data within a target application are critical sensors. We assume attackers can obtain source code to security other than control data, whether the or binary image of sensor applications, find vulnerabilities exist at appropriate stages of execution exploitable coding errors, and develop exploiting that can lead to eventual security compromises, and packets offline, ahead of launching attacks. whether the severity of security compromises is Researchers have found techniques that use non equivalent to that of traditional control data attacks. 448 | P a g e
J.Emi Karmichael / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 4, July-August 2012, pp.447-451 executable data carried in exploiting packets to vulnerability of the running task in fact allows the redirect the control flow to achieve certain attacks. exploiting. Then, the access control code hands over First, a malicious packet is injected into a vulnerable the compromised task to the recovery routine that sensor. Since the sensor is not aware if the packet is cleans the compromised task and returns the execution malicious or not, it will put the packet in a buffer in to the task scheduler for the next pending task. Both data memory. Then, when the packet is being the task scheduler and the recovery routine are processed in the sensor, the packet exploits protected with access control code to prevent attackers vulnerability in code. The exploitable vulnerability from exploiting them. The intuitive arrangement of varies, but leads to altering the control flow so that the interactive graphical elements (windows, toolbars, data carried in the packet can misuse the application menus, etc.) makes it easy to view and access the code. The misuse of the application code is carried in a many powerful capabilities of ModelSim. VHDL chain of operations. Each unit in the chain consists of includes facilities for describing logical structure and two steps and uses a part of data in the injected packet function of digital systems at a number of levels of to accomplish a part of the attack. As the injected abstraction, from system level down to the gate level. packet does not carry any code, each unit in the chain It is intended, among other things, as a modeling must use a part of the application code, and also language for specification and simulation. We can also ensure that, when it finishes, the control flow is altered use it for hardware synthesis if we restrict ourselves to to the next address of application code that can be used a subset that can be automatically translated into by the next unit in the chain. The first step in a unit of hardware. Easy-to-use wizards step you through the misuse chain loads some data in the injected creation of more complex HDL blocks. The wizards packet into registers. Because registers are used for show how to create parameterizable logic blocks, test passing parameters to functions in sensors, the loaded bench stimuli, and design objects. The source window data will be used as the parameters in the second step. templates and wizards benefit both novice and Then, the second step invokes a function in the advanced HDL developers with time-saving shortcuts. application code with the loaded parameters to Control flow analysis component. It identifies accomplish a specific part of attack. Finally, after the CNs that includes the code of interrupt routines, and chain of misused operations completes, the attack application routines. It also identifies and restructures exits. The attacking packet could simply alter the the data memory layout with task related memory and control flow to the RESET interrupt to restart the non-task-related memory. Recovery code insertion sensor, or release the control flow to let the sensor component. It appends the recovery routine to the regain the control. original application code. It also fills NOPs to all empty addresses in the code memory. Access control 5..IMPLEMENTATION code insertion component. It assigns a random mark to Self-healing scheme is to handle control flow each CN and inserts the access control code to enforce attacks. It has two modules (a) access control module access control in code memory. The safety of the that enforces the control flow of a running task, and access control code is based on the fact that both (b) recovery module with additional memory that marks and code are stored in the write protected code recovers the control flow of the sensor application memory and cannot be modified. from a compromised task. The execution of a sensor application is managed by the task scheduler of the 6.OVERVIEW OF SELF-HEALING sensor’s OS. When a sensor receives a packet, a task ARCHITECTURE will be dispatched by the task scheduler to process the The recovery first releases resources allocated to the packet. Once the task finishes, the execution of the compromised task, then releases the compromised task application will return to the task scheduler so that the from the kernel, and finally guides the kernel to next pending task can be dispatched. The self-healing execute the next pending task. As kernel routines are scheme embeds small blocks of access control code in very crucial in a system, restarting the whole system is all code segments in the program memory. the ideal, safe and straightforward response to In a normal situation, all code segments being eliminate kernel attacks in sensors. Hence, in this accessed by a task are in fact determined by the sensor paper, we focus on recovering the system when application. Hence, each task has a pre-determined application tasks are being exploited. Because it is control flow. A non-compromised task should not possible that an exploited function may affect other have any abnormal access to a code segment that is not functions of the same task, the recovery is task-based. in its control flow. Thus, the access control code will In this section, we first discuss the idea of the recovery allow the execution of any regular task. If packet approach normally used in preemptive OSs and then exploits vulnerability in the code of the running task, the recovery approach for the non-Preemptive OS in we consider the task to be compromised. The 449 | P a g e
J.Emi Karmichael / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 4, July-August 2012, pp.447-451 sensors. Attackers can overwrite control data to alter develop the malicious code and then alter the control control flow via exploiting vulnerabilities of format flow. After that recovery module will recover the string error, double-free error, heap over flow, return- sensor module and sensor data. If a packet exploits to-libc, etc. Attackers can alter control flow to execute vulnerability in the code of the Running task, we injected malicious code or to bypass conditional consider the task to be compromise. The redirection branches or invoke indirect jumps. Control flow will be captured by the access control code at the end analysis component. It identifies CNs that include the of the destination code segment, because the execution code of interrupt routines, TinyOS routines, and of the code segments deviates the normal. In the block application routines. It also identifies and restructures diagram, the sensor node will sense the input data and the data memory layout with task related memory and the sensed data will store in the public and private non-taskrelated memory. The recovery code insertion memory. Here the access code will control the access component generates the recovery routine and attaches and it will check whether fault is occurred or not. If it to the original code. It appends the recovery routine any memory fault occurs then the private memory will to the original application code. Italso fills NOPs to all recover the data. empty addresses in the code memory. Finally, the access control code insertion competent safeguards the 7.RECOVERY OF A SENSOR NODE DATA unprotected code and also diversifies the protection The recovery, it first releases resources code to ensure releases the compromised task from the allocated to the compromised sensor data, then kernel, and finally guides the kernel to execute the releases the data from the kernel, and finally guides next pending task. Each individual sensor obtains a the kernel to execute the next sensor data to original unique protected position. In this section, we first discuss the idea of the recovery approach normally used in recovery OSs and then the recovery approach for the Tiny OS in sensors has been developed. Attackers can overwrite control data to alter sensor data via exploiting vulnerabilities of format string error, double-free error, heap over Attackers can alter control flow to execute injected malicious code or to bypass conditional branches or invoke indirect jumps. The recovery code insertion component generates the recovery routine and attaches it to the original code. Finally, the access control code insertion component safeguards the unprotected that done in [1] and additionally the protection code to FIG 1 Self Optimization Of Sensor Node that each ensure the original data that each individual sensor . individual sensor obtains a unique protected code image. 8.CONCLUSION AND FUTURE SCOPES Code image. The two memory areas that are public The overhead of the self-healing scheme in and private are used. If public get attack then private program memory and how much it affect the execution can be used to recover the sensor data which is altered of normal routines will be examined. That enforces by malicious code. Here for sample develop the access control in the control flow of sensor malicious code and then alter the control flow. After applications and recovers the sensor data using the that recovery module will recover the sensor module additive memory, when a control flow attack and and sensor data. If a packet exploits vulnerability in memory fault attacks are captured. The security the code of the Running task, we consider the task to analysis shows that the scheme self- optimizes the be compromise. The redirection will be captured by sensor node and its data from various attack. Finally the access control code at the end of the destination restore the sensor to a normal state. In the future, the code segment, because the execution of the code study of preventing the attackers to intrude inside the segments deviates the normal control flow of the task. sensor application is derived on new trends. The The recovery first releases resources allocated to the current self-healing scheme simply releases memory compromised task, then releases the compromised task and recover the data from private memory taken by a from the kernel, and finally guides the kernel to compromised task. On next step the memory execute the next pending task. The two memory areas protection scheme can be implemented for more that are public and private are used. If public get attack confidential areas. then private can be used to recover the sensor data which is altered by malicious code. Here for sample 450 | P a g e
J.Emi Karmichael / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 4, July-August 2012, pp.447-451 REFERENCES [1] Christopher Ferguson, Qijun Gu, Hongchi Shi “Self-healing Control Flow Protection in Sensor Applications”, March 16 2009, Zurich, Switzerland. [2] Harald Vogt, Matthias Ringwald, Mario Straser , “Intrusion Detection and Failure Recovery in Sensor Nodes” , at ETH Zurich, Switzerland. [3] A. Smirnov and T. Chiueh, “DIRA: Automatic Detection, Identification and Repair of Control- Data Attacks,” Proc. Ann. Network and Distributed System Security Symp., 2005. [4] C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna, “Automating Mimicry Attacks Using Static Binary Analysis,” Proc. USENIX Security Symp., 2005. [5] “Self-Healing Methodology in Ubiquitous Sensor Network”, Giljong Yoo, and Eunseok Lee, p.p 3, February, at School of Information and Communication Engineering Sungkyunkwan University. [6] A. One, “Smashing the Stack for Fun and Profit,” Phrack Magazine, http://www.phrack.com/issues.html?issue=49&i d= 14#article, 1996. 451 | P a g e

Recommended

Kx3419591964
Kx3419591964Kx3419591964
Kx3419591964IJERA Editor
 
Kb2417221726
Kb2417221726Kb2417221726
Kb2417221726IJERA Editor
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
 
Ijnsa050214
Ijnsa050214Ijnsa050214
Ijnsa050214IJNSA Journal
 
1776 1779
1776 17791776 1779
1776 1779Editor IJARCET
 
Alert Analysis using Fuzzy Clustering and Artificial Neural Network
Alert Analysis using Fuzzy Clustering and Artificial Neural NetworkAlert Analysis using Fuzzy Clustering and Artificial Neural Network
Alert Analysis using Fuzzy Clustering and Artificial Neural NetworkIJRES Journal
 
Intrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIntrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIDES Editor
 
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesA Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesIJERA Editor
 

Recommended

Kx3419591964
Kx3419591964Kx3419591964
Kx3419591964IJERA Editor
 
Kb2417221726
Kb2417221726Kb2417221726
Kb2417221726IJERA Editor
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
 
Ijnsa050214
Ijnsa050214Ijnsa050214
Ijnsa050214IJNSA Journal
 
1776 1779
1776 17791776 1779
1776 1779Editor IJARCET
 
Alert Analysis using Fuzzy Clustering and Artificial Neural Network
Alert Analysis using Fuzzy Clustering and Artificial Neural NetworkAlert Analysis using Fuzzy Clustering and Artificial Neural Network
Alert Analysis using Fuzzy Clustering and Artificial Neural NetworkIJRES Journal
 
Intrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIntrusion Detection System - False Positive Alert Reduction Technique
Intrusion Detection System - False Positive Alert Reduction TechniqueIDES Editor
 
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesA Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesIJERA Editor
 
A technical review and comparative analysis of machine learning techniques fo...
A technical review and comparative analysis of machine learning techniques fo...A technical review and comparative analysis of machine learning techniques fo...
A technical review and comparative analysis of machine learning techniques fo...IJECEIAES
 
Self Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemSelf Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemIJRES Journal
 
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEYSECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEYJournal For Research
 
NSAS: NETWORK SECURITY AWARENESS SYSTEM
NSAS: NETWORK SECURITY AWARENESS SYSTEMNSAS: NETWORK SECURITY AWARENESS SYSTEM
NSAS: NETWORK SECURITY AWARENESS SYSTEMInternational Journal of Technical Research & Application
 
Novel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data StructureNovel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data Structureiosrjce
 
Mobile slide
Mobile slideMobile slide
Mobile slideAman singh
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Editor IJARCET
 
Machine learning in network security using knime analytics
Machine learning in network security using knime analyticsMachine learning in network security using knime analytics
Machine learning in network security using knime analyticsIJNSA Journal
 
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICS
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSMACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICS
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSIJNSA Journal
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
 
Detecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data AnalysisDetecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data AnalysisEditor IJMTER
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET Journal
 
Wireless Communiction Security
Wireless Communiction SecurityWireless Communiction Security
Wireless Communiction SecurityMeet Soni
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemAvinash Kumar
 
Euro mGov Securing Mobile Services
Euro mGov Securing Mobile ServicesEuro mGov Securing Mobile Services
Euro mGov Securing Mobile ServicesMiguel Ponce de Leon @ TSSG / Waterford Institute of Technology
 
Ab24190203
Ab24190203Ab24190203
Ab24190203IJERA Editor
 
Cd24534538
Cd24534538Cd24534538
Cd24534538IJERA Editor
 
Bg24375379
Bg24375379Bg24375379
Bg24375379IJERA Editor
 
Bv24486493
Bv24486493Bv24486493
Bv24486493IJERA Editor
 
Ax24329333
Ax24329333Ax24329333
Ax24329333IJERA Editor
 

More Related Content

What's hot

A technical review and comparative analysis of machine learning techniques fo...
A technical review and comparative analysis of machine learning techniques fo...A technical review and comparative analysis of machine learning techniques fo...
A technical review and comparative analysis of machine learning techniques fo...IJECEIAES
 
Self Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemSelf Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemIJRES Journal
 
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEYSECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEYJournal For Research
 
Novel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data StructureNovel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data Structureiosrjce
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networksantoniomorancardenas
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Editor IJARCET
 
Machine learning in network security using knime analytics
Machine learning in network security using knime analyticsMachine learning in network security using knime analytics
Machine learning in network security using knime analyticsIJNSA Journal
 
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICS
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSMACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICS
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSIJNSA Journal
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
 
Detecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data AnalysisDetecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data AnalysisEditor IJMTER
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET Journal
 
Wireless Communiction Security
Wireless Communiction SecurityWireless Communiction Security
Wireless Communiction SecurityMeet Soni
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemAvinash Kumar
 

What's hot (17)

A technical review and comparative analysis of machine learning techniques fo...
A technical review and comparative analysis of machine learning techniques fo...A technical review and comparative analysis of machine learning techniques fo...
A technical review and comparative analysis of machine learning techniques fo...
 
Self Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemSelf Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference System
 
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEYSECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
SECURITY THREATS IN SENSOR NETWORK IN IOT: A SURVEY
 
NSAS: NETWORK SECURITY AWARENESS SYSTEM
NSAS: NETWORK SECURITY AWARENESS SYSTEMNSAS: NETWORK SECURITY AWARENESS SYSTEM
NSAS: NETWORK SECURITY AWARENESS SYSTEM
 
Novel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data StructureNovel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data Structure
 
Mobile slide
Mobile slideMobile slide
Mobile slide
 
Intrusion Detection with Neural Networks
Intrusion Detection with Neural NetworksIntrusion Detection with Neural Networks
Intrusion Detection with Neural Networks
 
Optimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning AlgorithmOptimized Intrusion Detection System using Deep Learning Algorithm
Optimized Intrusion Detection System using Deep Learning Algorithm
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194
 
Machine learning in network security using knime analytics
Machine learning in network security using knime analyticsMachine learning in network security using knime analytics
Machine learning in network security using knime analytics
 
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICS
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSMACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICS
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICS
 
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...
 
Detecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data AnalysisDetecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data Analysis
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
 
Wireless Communiction Security
Wireless Communiction SecurityWireless Communiction Security
Wireless Communiction Security
 
Deep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection systemDeep learning approach for network intrusion detection system
Deep learning approach for network intrusion detection system
 
Euro mGov Securing Mobile Services
Euro mGov Securing Mobile ServicesEuro mGov Securing Mobile Services
Euro mGov Securing Mobile Services
 

Viewers also liked

Ejercicio1 powerpoint xp javier gil
Ejercicio1 powerpoint xp javier gilEjercicio1 powerpoint xp javier gil
Ejercicio1 powerpoint xp javier gilyanosoynadie
 
Ppt 1
Ppt 1Ppt 1
Ppt 1INFOD
 
Especializacion 18 12 (2)
Especializacion 18 12 (2)Especializacion 18 12 (2)
Especializacion 18 12 (2)INFOD
 
V8 a-segundo video a insertar-evaluacion
V8 a-segundo video a insertar-evaluacionV8 a-segundo video a insertar-evaluacion
V8 a-segundo video a insertar-evaluacionINFOD
 
Plano de Marketing BBOM Março 2013
Plano de Marketing BBOM Março 2013Plano de Marketing BBOM Março 2013
Plano de Marketing BBOM Março 2013Rodolfo Medeiros
 
Presentation1
Presentation1Presentation1
Presentation1deadmk
 
marka identitate proiektua: Wartermal
marka identitate proiektua: Wartermalmarka identitate proiektua: Wartermal
marka identitate proiektua: WartermalNagore Garcia
 

Viewers also liked (20)

Ab24190203
Ab24190203Ab24190203
Ab24190203
 
Cd24534538
Cd24534538Cd24534538
Cd24534538
 
Bg24375379
Bg24375379Bg24375379
Bg24375379
 
Bv24486493
Bv24486493Bv24486493
Bv24486493
 
Ax24329333
Ax24329333Ax24329333
Ax24329333
 
Az24339344
Az24339344Az24339344
Az24339344
 
Bl24409420
Bl24409420Bl24409420
Bl24409420
 
Ad24210214
Ad24210214Ad24210214
Ad24210214
 
Ao24271274
Ao24271274Ao24271274
Ao24271274
 
Corre, perro, corre
Corre, perro, correCorre, perro, corre
Corre, perro, corre
 
Google in China
Google in ChinaGoogle in China
Google in China
 
Ejercicio1 powerpoint xp javier gil
Ejercicio1 powerpoint xp javier gilEjercicio1 powerpoint xp javier gil
Ejercicio1 powerpoint xp javier gil
 
Ppt 1
Ppt 1Ppt 1
Ppt 1
 
Especializacion 18 12 (2)
Especializacion 18 12 (2)Especializacion 18 12 (2)
Especializacion 18 12 (2)
 
V8 a-segundo video a insertar-evaluacion
V8 a-segundo video a insertar-evaluacionV8 a-segundo video a insertar-evaluacion
V8 a-segundo video a insertar-evaluacion
 
Moebius 101
Moebius 101Moebius 101
Moebius 101
 
Plano de Marketing BBOM Março 2013
Plano de Marketing BBOM Março 2013Plano de Marketing BBOM Março 2013
Plano de Marketing BBOM Março 2013
 
Presentation1
Presentation1Presentation1
Presentation1
 
marka identitate proiektua: Wartermal
marka identitate proiektua: Wartermalmarka identitate proiektua: Wartermal
marka identitate proiektua: Wartermal
 
Assessment
Assessment Assessment
Assessment
 

Similar to Bp24447451

A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques IJERA Editor
 
A method for detecting abnormal program behavior on embedded devices
A method for detecting abnormal program behavior on embedded devicesA method for detecting abnormal program behavior on embedded devices
A method for detecting abnormal program behavior on embedded devicesRaja Ram
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD) International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
ENHANCED THREE TIER SECURITY ARCHITECTURE FOR WSN AGAINST MOBILE SINK REPLI...
ENHANCED THREE TIER SECURITY ARCHITECTURE FOR WSN AGAINST MOBILE SINK REPLI...ENHANCED THREE TIER SECURITY ARCHITECTURE FOR WSN AGAINST MOBILE SINK REPLI...
ENHANCED THREE TIER SECURITY ARCHITECTURE FOR WSN AGAINST MOBILE SINK REPLI...ijwmn
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Editor IJARCET
 
Efficient Data Aggregation in Wireless Sensor Networks
Efficient Data Aggregation in Wireless Sensor NetworksEfficient Data Aggregation in Wireless Sensor Networks
Efficient Data Aggregation in Wireless Sensor NetworksIJAEMSJORNAL
 
IRJET- Security from Threats of Computer System
IRJET- Security from Threats of Computer SystemIRJET- Security from Threats of Computer System
IRJET- Security from Threats of Computer SystemIRJET Journal
 
Modification data attack inside computer systems: A critical review
Modification data attack inside computer systems: A critical reviewModification data attack inside computer systems: A critical review
Modification data attack inside computer systems: A critical reviewCSITiaesprime
 
IRJET- Sandbox Technology
IRJET- Sandbox TechnologyIRJET- Sandbox Technology
IRJET- Sandbox TechnologyIRJET Journal
 
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET Journal
 
A PROJECT REPORT ON SECURED FUZZY BASED ROUTING FRAMEWORK FOR DYNAMIC WIRELES...
A PROJECT REPORT ON SECURED FUZZY BASED ROUTING FRAMEWORK FOR DYNAMIC WIRELES...A PROJECT REPORT ON SECURED FUZZY BASED ROUTING FRAMEWORK FOR DYNAMIC WIRELES...
A PROJECT REPORT ON SECURED FUZZY BASED ROUTING FRAMEWORK FOR DYNAMIC WIRELES...DMV SAI
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
 
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingOnline Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingIJMER
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
 

Similar to Bp24447451 (20)

A05510105
A05510105A05510105
A05510105
 
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques
 
A method for detecting abnormal program behavior on embedded devices
A method for detecting abnormal program behavior on embedded devicesA method for detecting abnormal program behavior on embedded devices
A method for detecting abnormal program behavior on embedded devices
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD) International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
ENHANCED THREE TIER SECURITY ARCHITECTURE FOR WSN AGAINST MOBILE SINK REPLI...
ENHANCED THREE TIER SECURITY ARCHITECTURE FOR WSN AGAINST MOBILE SINK REPLI...ENHANCED THREE TIER SECURITY ARCHITECTURE FOR WSN AGAINST MOBILE SINK REPLI...
ENHANCED THREE TIER SECURITY ARCHITECTURE FOR WSN AGAINST MOBILE SINK REPLI...
 
43 automatic
43 automatic43 automatic
43 automatic
 
Ijetr012045
Ijetr012045Ijetr012045
Ijetr012045
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194
 
Efficient Data Aggregation in Wireless Sensor Networks
Efficient Data Aggregation in Wireless Sensor NetworksEfficient Data Aggregation in Wireless Sensor Networks
Efficient Data Aggregation in Wireless Sensor Networks
 
IRJET- Security from Threats of Computer System
IRJET- Security from Threats of Computer SystemIRJET- Security from Threats of Computer System
IRJET- Security from Threats of Computer System
 
A035401010
A035401010A035401010
A035401010
 
Modification data attack inside computer systems: A critical review
Modification data attack inside computer systems: A critical reviewModification data attack inside computer systems: A critical review
Modification data attack inside computer systems: A critical review
 
IRJET- Sandbox Technology
IRJET- Sandbox TechnologyIRJET- Sandbox Technology
IRJET- Sandbox Technology
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
 
J1802056063
J1802056063J1802056063
J1802056063
 
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
IRJET- An Intrusion Detection Framework based on Binary Classifiers Optimized...
 
A PROJECT REPORT ON SECURED FUZZY BASED ROUTING FRAMEWORK FOR DYNAMIC WIRELES...
A PROJECT REPORT ON SECURED FUZZY BASED ROUTING FRAMEWORK FOR DYNAMIC WIRELES...A PROJECT REPORT ON SECURED FUZZY BASED ROUTING FRAMEWORK FOR DYNAMIC WIRELES...
A PROJECT REPORT ON SECURED FUZZY BASED ROUTING FRAMEWORK FOR DYNAMIC WIRELES...
 
Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...Secure intrusion detection and countermeasure selection in virtual system usi...
Secure intrusion detection and countermeasure selection in virtual system usi...
 
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream ModelingOnline Intrusion Alert Aggregation with Generative Data Stream Modeling
Online Intrusion Alert Aggregation with Generative Data Stream Modeling
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
 

Bp24447451

  • 1. J.Emi Karmichael / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 4, July-August 2012, pp.447-451 Study And Implementation Of Self Healing Mechanism For The Control Flow Attack For Wireless Sensor Networks J.Emi Karmichael Centre For Information Technology And Engineering, M S University, Tirunelveli ABSTRACT Nowadays wireless sensor networks have control flow of a sensor application. To protect the found their way into a wide variety of applications control flow, this paper proposes access control and systems with vastly varying requirements and scheme that can detect attacks attempting to alter the characteristics, but all of them have a common control flow and then recover sensor data. Sensors use element: faults are a normal fact and not isolated very simple embedded systems due to cost, efficiency, events as in traditional networks. Thus, in order to quality and resource limitations, sensors do not have guarantee the network quality of service, it is sophisticated operating systems (OSs) to manage code essential for the sensor network to be able to detect for safety. Simple Os have been developed for and heal failures. The presented approach aims to embedded systems. However, they do not distinguish employ self-healing services, allowing them to kernel mode or user mode when executing an discover, examine, diagnose and react to instruction, and application data is adjacent to system malfunctions. In sensor application, a malicious data. Hence, one application routine can easily access code can change the flow of sensor to achieve the the data of the system or other application routines. attacks. The downloaded malicious code will steal Furthermore, high-level programming languages have or modify the sensor data. To protect the control become popular in developing sensor applications flow of sensor, this paper proposes self healing because of their convenience for coding and scheme that can detect the attack or the attempt to maintenance over assembly languages. Open source alter the control flow and recover the sensor based sensor applications have been developed as application to the normal operation In additional, well. Consequently, applications share more and more the original data which is altered by attackers is common code as they use similar development recovered from the private memory of sensor. Here environments. Memory fault attacks based on the same the private memory is used for storing sensor data principle in regular computers become threats to as reference, which is used during self optimization sensor networks[1]. First, sensors do not have time, thus strong security is obtained. In architecture to effectively enforce access control in additional, the original data which is altered by program memory. A few schemes have been proposed attackers is recovered from the private memory of to enforce access control in a sensor’s data memory by sensor. the selfhealing scheme directly processes using software-based memory management. These application code at the machine instruction level, approaches do not prevent exploiting packets from instead of performing control or data analysis on accessing other code segments in the same program source code. The implementation show that the memory. Second, sensors do not have an effective self-healing scheme is lightweight in protecting recovery mechanism. Illegally accessing instructions sensor applications. in program memory normally causes the crash of the running sensor applications and results in a long 1.INTRODUCTION restart period[2].The access control code effectively Applications in sensor networks have been enforces access control in program memory such that researched and developed for years. However, most the control flow cannot be maliciously altered. The security work focused on threats to networking and access control code itself is designed to be resilient to communication protocols. Lessons learned from worm control flow attacks that attempt to evade the access attacks that exploit memory vulnerabilities show that control. The scheme provides a self-healing recovery attackers can compromise an entire network without routine to quickly remove a compromised task from hacking legitimate accounts or breaking protocols. is the application and restore the sensor to a normal state. to protect the control flow of sensor and from the The routine cleans up sabotaged data in data memory memory fault.[2] In a sensor’s simple memory and releases the resources taken by the compromised architecture, injected code can alter task. The scheme works at the machine instruction 447 | P a g e
  • 2. J.Emi Karmichael / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 4, July-August 2012, pp.447-451 level and directly processes an application’s machine This paper focuses on control flow attacks that alter code instead of the application’s source code. The control flow to execute an unexpected scheme diversifies the protected code images or sequence of instructions. different sensors. 3.OVERVIEW OF POSSIBLE ATTACKS 2.RELATED WORK Wireless sensor network security is many- Various journals are referred to know the sensor and fold, there are various ways to attack them. It is its attacking methodologies from the given references commonly assumed that wireless sensor networks are papers at below . Attacks on the data collected without based on non tamper resistant devices, i.e. an attacker appropriate authentication of the nodes an attacker can can easily collect a few nodes to analyze or modify impersonate a node to send fake data. An attacker not them. However, as the network is large, possibly made part of the network can tamper with the data. While of hundreds or thousands of devices, an attacker there exists many Data authentication is a difficult cannot tamper with all the devices. This is a basic problem in WSN, therefore data tempering by a assumption in security protocols designed for wireless malicious node is a difficult problem. Secure data sensor networks. An attacker can chose to attack the aggregation protocols have been proposed to solve network, the data or directly the nodes that are those issues. In a physical intrusion detection alarm described in paper [5]. system, the authority using the system would be willing that the alarms reported are secret, i.e. the 3.1 MEMORY FAULT ATTACK messages passing would not to acknowledge the Many computer attacks exploit detection of the intruder. This for example would vulnerabilities due to memory fault in current allow the authority to catch the intruder in the act. . At computer systems. Such attacks can be categorized as mean while, it runs protection code to enforce access control flow attacks. Attackers can overwrite control control in program memory. This will match the data to alter control flow via exploiting vulnerabilities public memory and private memory and recover the of format string error, double-free error, heap data if fault occurs. Like wise it will self optimist the overflow, return-to-lib, etc is given in paper [1] sensor node and recover its original data. Many Attackers can alter control flow to execute injected computer attacks exploit memory vulnerabilities in malicious code or to bypass conditional branches or current computer systems. Various vulnerabilities have invoke indirect jumps. been identified in software, such as stack overflow, format string error, double-free error, heap overflow, 3.2 CONTROL FLOW ATTACK return-to-libc, etc. These vulnerabilities are exploited Attackers can alter the control flow via many to overwrite critical data in memory to launch control well known buffer overflow techniques. In sensor flow attacks [3] and data flow attacks [4]. Control flow nodes, attackers could find more approaches as the attacks manipulate control data to change the flow of sensor’s architecture is very simple. Attackers can code execution. Return addresses and function directly overwrite kernel data or registers that are pointers are two major types of control data that memory-mapped. The program memory of the attackers are interested in altering and exploiting. In a processor is write-protected such that the application typical “stack smashing” attack, return address in stack code can reliably work in the field. One of the attacks is overwritten to the address where injected codes are targeting this architecture is to alter the control flow of executed when the function (corresponding to the a sensor application that as been refered in paper [1]. current stack frame) returns. When target program’s control data are modified, attackers can execute 4.ATTACK MODEL injected malicious code or out-of context library code In this paper, we do not consider attacks that at the memory address pointed by the altered control simply capture nearby sensors. Instead, we examine data. Data flow attacks do not alter the control flow, attacks that send malicious packets to exploit but rather manipulate non control data to cause vulnerability in remote sensors. Such attacks help security breach in software. Many real-world software attackers obtain more control over remote sensors that applications are susceptible to data flow attacks [4]. In are not in their nearby areas. Such attacks can such attacks, attackers examine the software to find effectively threaten a network of tens or hundreds of out “which data within a target application are critical sensors. We assume attackers can obtain source code to security other than control data, whether the or binary image of sensor applications, find vulnerabilities exist at appropriate stages of execution exploitable coding errors, and develop exploiting that can lead to eventual security compromises, and packets offline, ahead of launching attacks. whether the severity of security compromises is Researchers have found techniques that use non equivalent to that of traditional control data attacks. 448 | P a g e
  • 3. J.Emi Karmichael / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 4, July-August 2012, pp.447-451 executable data carried in exploiting packets to vulnerability of the running task in fact allows the redirect the control flow to achieve certain attacks. exploiting. Then, the access control code hands over First, a malicious packet is injected into a vulnerable the compromised task to the recovery routine that sensor. Since the sensor is not aware if the packet is cleans the compromised task and returns the execution malicious or not, it will put the packet in a buffer in to the task scheduler for the next pending task. Both data memory. Then, when the packet is being the task scheduler and the recovery routine are processed in the sensor, the packet exploits protected with access control code to prevent attackers vulnerability in code. The exploitable vulnerability from exploiting them. The intuitive arrangement of varies, but leads to altering the control flow so that the interactive graphical elements (windows, toolbars, data carried in the packet can misuse the application menus, etc.) makes it easy to view and access the code. The misuse of the application code is carried in a many powerful capabilities of ModelSim. VHDL chain of operations. Each unit in the chain consists of includes facilities for describing logical structure and two steps and uses a part of data in the injected packet function of digital systems at a number of levels of to accomplish a part of the attack. As the injected abstraction, from system level down to the gate level. packet does not carry any code, each unit in the chain It is intended, among other things, as a modeling must use a part of the application code, and also language for specification and simulation. We can also ensure that, when it finishes, the control flow is altered use it for hardware synthesis if we restrict ourselves to to the next address of application code that can be used a subset that can be automatically translated into by the next unit in the chain. The first step in a unit of hardware. Easy-to-use wizards step you through the misuse chain loads some data in the injected creation of more complex HDL blocks. The wizards packet into registers. Because registers are used for show how to create parameterizable logic blocks, test passing parameters to functions in sensors, the loaded bench stimuli, and design objects. The source window data will be used as the parameters in the second step. templates and wizards benefit both novice and Then, the second step invokes a function in the advanced HDL developers with time-saving shortcuts. application code with the loaded parameters to Control flow analysis component. It identifies accomplish a specific part of attack. Finally, after the CNs that includes the code of interrupt routines, and chain of misused operations completes, the attack application routines. It also identifies and restructures exits. The attacking packet could simply alter the the data memory layout with task related memory and control flow to the RESET interrupt to restart the non-task-related memory. Recovery code insertion sensor, or release the control flow to let the sensor component. It appends the recovery routine to the regain the control. original application code. It also fills NOPs to all empty addresses in the code memory. Access control 5..IMPLEMENTATION code insertion component. It assigns a random mark to Self-healing scheme is to handle control flow each CN and inserts the access control code to enforce attacks. It has two modules (a) access control module access control in code memory. The safety of the that enforces the control flow of a running task, and access control code is based on the fact that both (b) recovery module with additional memory that marks and code are stored in the write protected code recovers the control flow of the sensor application memory and cannot be modified. from a compromised task. The execution of a sensor application is managed by the task scheduler of the 6.OVERVIEW OF SELF-HEALING sensor’s OS. When a sensor receives a packet, a task ARCHITECTURE will be dispatched by the task scheduler to process the The recovery first releases resources allocated to the packet. Once the task finishes, the execution of the compromised task, then releases the compromised task application will return to the task scheduler so that the from the kernel, and finally guides the kernel to next pending task can be dispatched. The self-healing execute the next pending task. As kernel routines are scheme embeds small blocks of access control code in very crucial in a system, restarting the whole system is all code segments in the program memory. the ideal, safe and straightforward response to In a normal situation, all code segments being eliminate kernel attacks in sensors. Hence, in this accessed by a task are in fact determined by the sensor paper, we focus on recovering the system when application. Hence, each task has a pre-determined application tasks are being exploited. Because it is control flow. A non-compromised task should not possible that an exploited function may affect other have any abnormal access to a code segment that is not functions of the same task, the recovery is task-based. in its control flow. Thus, the access control code will In this section, we first discuss the idea of the recovery allow the execution of any regular task. If packet approach normally used in preemptive OSs and then exploits vulnerability in the code of the running task, the recovery approach for the non-Preemptive OS in we consider the task to be compromised. The 449 | P a g e
  • 4. J.Emi Karmichael / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 4, July-August 2012, pp.447-451 sensors. Attackers can overwrite control data to alter develop the malicious code and then alter the control control flow via exploiting vulnerabilities of format flow. After that recovery module will recover the string error, double-free error, heap over flow, return- sensor module and sensor data. If a packet exploits to-libc, etc. Attackers can alter control flow to execute vulnerability in the code of the Running task, we injected malicious code or to bypass conditional consider the task to be compromise. The redirection branches or invoke indirect jumps. Control flow will be captured by the access control code at the end analysis component. It identifies CNs that include the of the destination code segment, because the execution code of interrupt routines, TinyOS routines, and of the code segments deviates the normal. In the block application routines. It also identifies and restructures diagram, the sensor node will sense the input data and the data memory layout with task related memory and the sensed data will store in the public and private non-taskrelated memory. The recovery code insertion memory. Here the access code will control the access component generates the recovery routine and attaches and it will check whether fault is occurred or not. If it to the original code. It appends the recovery routine any memory fault occurs then the private memory will to the original application code. Italso fills NOPs to all recover the data. empty addresses in the code memory. Finally, the access control code insertion competent safeguards the 7.RECOVERY OF A SENSOR NODE DATA unprotected code and also diversifies the protection The recovery, it first releases resources code to ensure releases the compromised task from the allocated to the compromised sensor data, then kernel, and finally guides the kernel to execute the releases the data from the kernel, and finally guides next pending task. Each individual sensor obtains a the kernel to execute the next sensor data to original unique protected position. In this section, we first discuss the idea of the recovery approach normally used in recovery OSs and then the recovery approach for the Tiny OS in sensors has been developed. Attackers can overwrite control data to alter sensor data via exploiting vulnerabilities of format string error, double-free error, heap over Attackers can alter control flow to execute injected malicious code or to bypass conditional branches or invoke indirect jumps. The recovery code insertion component generates the recovery routine and attaches it to the original code. Finally, the access control code insertion component safeguards the unprotected that done in [1] and additionally the protection code to FIG 1 Self Optimization Of Sensor Node that each ensure the original data that each individual sensor . individual sensor obtains a unique protected code image. 8.CONCLUSION AND FUTURE SCOPES Code image. The two memory areas that are public The overhead of the self-healing scheme in and private are used. If public get attack then private program memory and how much it affect the execution can be used to recover the sensor data which is altered of normal routines will be examined. That enforces by malicious code. Here for sample develop the access control in the control flow of sensor malicious code and then alter the control flow. After applications and recovers the sensor data using the that recovery module will recover the sensor module additive memory, when a control flow attack and and sensor data. If a packet exploits vulnerability in memory fault attacks are captured. The security the code of the Running task, we consider the task to analysis shows that the scheme self- optimizes the be compromise. The redirection will be captured by sensor node and its data from various attack. Finally the access control code at the end of the destination restore the sensor to a normal state. In the future, the code segment, because the execution of the code study of preventing the attackers to intrude inside the segments deviates the normal control flow of the task. sensor application is derived on new trends. The The recovery first releases resources allocated to the current self-healing scheme simply releases memory compromised task, then releases the compromised task and recover the data from private memory taken by a from the kernel, and finally guides the kernel to compromised task. On next step the memory execute the next pending task. The two memory areas protection scheme can be implemented for more that are public and private are used. If public get attack confidential areas. then private can be used to recover the sensor data which is altered by malicious code. Here for sample 450 | P a g e
  • 5. J.Emi Karmichael / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 4, July-August 2012, pp.447-451 REFERENCES [1] Christopher Ferguson, Qijun Gu, Hongchi Shi “Self-healing Control Flow Protection in Sensor Applications”, March 16 2009, Zurich, Switzerland. [2] Harald Vogt, Matthias Ringwald, Mario Straser , “Intrusion Detection and Failure Recovery in Sensor Nodes” , at ETH Zurich, Switzerland. [3] A. Smirnov and T. Chiueh, “DIRA: Automatic Detection, Identification and Repair of Control- Data Attacks,” Proc. Ann. Network and Distributed System Security Symp., 2005. [4] C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna, “Automating Mimicry Attacks Using Static Binary Analysis,” Proc. USENIX Security Symp., 2005. [5] “Self-Healing Methodology in Ubiquitous Sensor Network”, Giljong Yoo, and Eunseok Lee, p.p 3, February, at School of Information and Communication Engineering Sungkyunkwan University. [6] A. One, “Smashing the Stack for Fun and Profit,” Phrack Magazine, http://www.phrack.com/issues.html?issue=49&i d= 14#article, 1996. 451 | P a g e