6th International Conference on Emerging Ubiquitous Systems and Pervasive Networks, EUSPN-2015
Original Authors:Syed Muhammad Sajjada, Safdar Hussain Boukb, Muhammad Yousafa
Available online at www.sciencedirect.com
This document proposes a lightweight intrusion detection algorithm to detect Sybil attacks in mobile RPL networks for IoT. It discusses RPL and Sybil attacks, proposes an artificial bee colony inspired model for Sybil attacks, and introduces a detection algorithm using nonce IDs, control message counters, and trust factors. The algorithm is evaluated based on accuracy, sensitivity, specificity and other metrics, showing an average 95% accuracy against type-3 Sybil attacks with reduced overhead and energy consumption compared to unsecured mobile RPL.
The document discusses Advanced Persistent Threats (APTs). It begins by defining APTs and noting some common misconceptions about them. It then discusses notable APT attacks from 2003 to 2017. Finally, it outlines the typical lifecycle of an APT attack, including preparation such as researching targets, acquiring tools, and testing for detection, as well as the intrusion deployment phase.
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
A presentation about using Open Source Intelligence for proactive defense delivered at Rootconf 2019 Bangalore, India.
RedHunt Labs
https://redhuntlabs.com/
The document discusses using data mining approaches for intrusion detection. It describes current intrusion detection approaches like misuse detection using signatures of known attacks and anomaly detection using deviations from normal behavior profiles. Data mining can help by providing a systematic framework to select relevant audit data features, build and update detection models, and combine multiple models. Relevant techniques include building classifiers from audit data and mining patterns within audit records.
This document provides an overview and demonstration of Security Onion, an open-source Linux distribution for intrusion detection and network security monitoring. It describes Security Onion's tools like Snort, Sguil, Pulled Pork, Snorby and Daemonlogger. The document demonstrates how to install Security Onion, use its tools to analyze network traffic, view alerts and raw packet captures. It also provides challenges for users to further explore Security Onion's capabilities.
The document discusses creating wireless sensor applications using TinyOS. It provides an overview of the components involved, including sensor code, base station code, and gateway code. It describes the required hardware, including a programming board, mote, sensing board, and PC. It provides examples of typical programming boards, motes, and sensor boards. It introduces TinyOS as an open-source operating system for wireless embedded devices. It discusses installing TinyOS on Ubuntu, including adding TinyOS sources, installing packages, setting environment variables, and checking the installation. It also covers basic TinyOS programming concepts like components, interfaces, modules, and configurations.
This document provides an overview of Word2Vec, a neural network model for learning word embeddings developed by researchers led by Tomas Mikolov at Google in 2013. It describes the goal of reconstructing word contexts, different word embedding techniques like one-hot vectors, and the two main Word2Vec models - Continuous Bag of Words (CBOW) and Skip-Gram. These models map words to vectors in a neural network and are trained to predict words from contexts or predict contexts from words. The document also discusses Word2Vec parameters, implementations, and other applications that build upon its approach to word embeddings.
This document proposes a lightweight intrusion detection algorithm to detect Sybil attacks in mobile RPL networks for IoT. It discusses RPL and Sybil attacks, proposes an artificial bee colony inspired model for Sybil attacks, and introduces a detection algorithm using nonce IDs, control message counters, and trust factors. The algorithm is evaluated based on accuracy, sensitivity, specificity and other metrics, showing an average 95% accuracy against type-3 Sybil attacks with reduced overhead and energy consumption compared to unsecured mobile RPL.
The document discusses Advanced Persistent Threats (APTs). It begins by defining APTs and noting some common misconceptions about them. It then discusses notable APT attacks from 2003 to 2017. Finally, it outlines the typical lifecycle of an APT attack, including preparation such as researching targets, acquiring tools, and testing for detection, as well as the intrusion deployment phase.
OSINT for Proactive Defense - RootConf 2019RedHunt Labs
A presentation about using Open Source Intelligence for proactive defense delivered at Rootconf 2019 Bangalore, India.
RedHunt Labs
https://redhuntlabs.com/
The document discusses using data mining approaches for intrusion detection. It describes current intrusion detection approaches like misuse detection using signatures of known attacks and anomaly detection using deviations from normal behavior profiles. Data mining can help by providing a systematic framework to select relevant audit data features, build and update detection models, and combine multiple models. Relevant techniques include building classifiers from audit data and mining patterns within audit records.
This document provides an overview and demonstration of Security Onion, an open-source Linux distribution for intrusion detection and network security monitoring. It describes Security Onion's tools like Snort, Sguil, Pulled Pork, Snorby and Daemonlogger. The document demonstrates how to install Security Onion, use its tools to analyze network traffic, view alerts and raw packet captures. It also provides challenges for users to further explore Security Onion's capabilities.
The document discusses creating wireless sensor applications using TinyOS. It provides an overview of the components involved, including sensor code, base station code, and gateway code. It describes the required hardware, including a programming board, mote, sensing board, and PC. It provides examples of typical programming boards, motes, and sensor boards. It introduces TinyOS as an open-source operating system for wireless embedded devices. It discusses installing TinyOS on Ubuntu, including adding TinyOS sources, installing packages, setting environment variables, and checking the installation. It also covers basic TinyOS programming concepts like components, interfaces, modules, and configurations.
This document provides an overview of Word2Vec, a neural network model for learning word embeddings developed by researchers led by Tomas Mikolov at Google in 2013. It describes the goal of reconstructing word contexts, different word embedding techniques like one-hot vectors, and the two main Word2Vec models - Continuous Bag of Words (CBOW) and Skip-Gram. These models map words to vectors in a neural network and are trained to predict words from contexts or predict contexts from words. The document also discusses Word2Vec parameters, implementations, and other applications that build upon its approach to word embeddings.
This document summarizes Bumsoo Kim's presentation on deep convolutional generative adversarial networks (DCGANs) for unsupervised representation learning. The presentation introduces generative models, describes the DCGAN model architecture which uses an adversarial process between a generator and discriminator, and discusses evaluating and applying vector arithmetic to generated images.
Anomaly Detection Using Generative Adversarial Network(GAN)Asha Aher
This presentation covers Anomaly Detection using different GAN architectures. Methodology used in order to check efficiency of GAN in anomaly detection.
This document discusses key considerations for choosing a SIEM (security information and event management) solution. It begins with an overview of ManageEngine, a provider of IT management software. It then discusses the importance of log management and security event monitoring. The document outlines 8 critical factors to consider when selecting a SIEM solution: log collection capabilities, user activity monitoring, real-time event correlation, log retention, compliance reporting, file integrity monitoring, log forensics, and dashboards. It presents ManageEngine's SIEM offering and highlights its ease of deployment, cost-effectiveness, customizable dashboards, and universal log collection. The presentation concludes with a Q&A.
This document discusses attention mechanisms in deep learning models. It covers attention in sequence models like recurrent neural networks (RNNs) and neural machine translation. It also discusses attention in convolutional neural network (CNN) based models, including spatial transformer networks which allow spatial transformations of feature maps. The document notes that spatial transformer networks have achieved state-of-the-art results on image classification tasks and fine-grained visual recognition. It provides an overview of the localisation network, parameterised sampling grid, and differentiable image sampling components of spatial transformer networks.
Crafting Recommenders: the Shallow and the Deep of it! Sudeep Das, Ph.D.
Sudeep Das presented on recommender systems and advances in deep learning approaches. Matrix factorization is still the foundational method for collaborative filtering, but deep learning models are now augmenting these approaches. Deep neural networks can learn hierarchical representations of users and items from raw data like images, text, and sequences of user actions. Models like wide and deep networks combine the strengths of memorization and generalization. Sequence models like recurrent neural networks have also been applied to sessions for next item recommendation.
Misp(malware information sharing platform)Nadim Kadiwala
A threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. Discover how MISP is used today in multiple organisations. Not only to store, share, collaborate on cyber security indicators, malware analysis, but also to use the IoCs and information to detect and prevent attacks or threats against ICT infrastructures, organisations or people.
the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
Machine learning on graphs is an important and ubiquitous task with applications ranging from drug design to friendship recommendation in social networks. The primary challenge in this domain is finding a way to represent, or encode, graph structure so that it can be easily exploited by machine learning models. However, traditionally machine learning approaches relied on user-defined heuristics to extract features encoding structural information about a graph. In this talk I will discuss methods that automatically learn to encode graph structure into low-dimensional embeddings, using techniques based on deep learning and nonlinear dimensionality reduction. I will provide a conceptual review of key advancements in this area of representation learning on graphs, including random-walk based algorithms, and graph convolutional networks.
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Recsys 2014 Tutorial - The Recommender Problem RevisitedXavier Amatriain
This document summarizes Xavier Amatriain's presentation on recommender systems. It discusses traditional recommendation methods like collaborative filtering, content-based recommendations, and hybrid approaches. It also covers newer methods that go beyond traditional techniques, such as learning to rank, deep learning, social recommendations, and context-aware recommendations. Throughout the presentation, Amatriain discusses challenges like cold starts, popularity bias, and limitations of different recommendation approaches. He also shares lessons learned from the Netflix Prize competition, including how SVD and RBM models were used.
SIEM systems provide security event monitoring and log management by collecting security data from across an organization's network and systems. The first SIEM was developed in 1996 and major players today include IBM QRadar, HP ArcSight, and McAfee Nitro. SIEMs aggregate logs from various sources, use correlation engines to identify related security events, and generate alerts when multiple events indicate a higher risk threat. They provide visibility across an organization's security infrastructure and help with compliance, operations, and forensic investigations. SIEM is important for threat detection, compliance, and gaining insights from security event data.
This document provides an overview of graph neural networks (GNNs). GNNs are a type of neural network that can operate on graph-structured data like molecules or social networks. GNNs learn representations of nodes by propagating information between connected nodes over many layers. They are useful when relationships between objects are important. Examples of applications include predicting drug properties from molecular graphs and program understanding by modeling code as graphs. The document explains how GNNs differ from RNNs and provides examples of GNN variations, datasets, and frameworks.
Brief introduction on attention mechanism and its application in neural machine translation, especially in transformer, where attention was used to remove RNNs completely from NMT.
This document describes a project to develop an intrusion detection system using data mining techniques. It discusses approaches to intrusion detection including signature-based and anomaly-based methods. For the project, a hybrid network-based and host-based intrusion detection system is proposed. Data preprocessing and mining techniques including clustering, outlier detection, and classification are applied to network packet data and system call logs to detect attacks.
https://telecombcn-dl.github.io/2018-dlai/
Deep learning technologies are at the core of the current revolution in artificial intelligence for multimedia data analysis. The convergence of large-scale annotated datasets and affordable GPU hardware has allowed the training of neural networks for data analysis tasks which were previously addressed with hand-crafted features. Architectures such as convolutional neural networks, recurrent neural networks or Q-nets for reinforcement learning have shaped a brand new scenario in signal processing. This course will cover the basic principles of deep learning from both an algorithmic and computational perspectives.
6 Steps for Operationalizing Threat IntelligenceSirius
The best form of defense against cyber attacks and those who perpetrate them is to know about them. Collaborative defense has become critical to IT security, and sharing threat intelligence is a force multiplier. But for many organizations, good quality intelligence is hard to come by.
Commercial threat intelligence technology and services can help enterprises arm themselves with the strategic, tactical and operational insights they need to identify and respond to global threat activity, and integrate intelligence into their security programs.
Threat intelligence sources have varying levels of relevance and context, and there are concerns about data quality and redundancy, shelf life, public/private data sharing, and threat intelligence standards. However, if processed and applied properly, threat intelligence provides a way for organizations to get the insight they need into attackers’ plans, prioritize and respond to threats, shorten the time between attack and detection, and focus staff efforts and decision-making.
View to learn:
--The difference between threat information and threat intelligence.
--Available sources of intelligence and how to determine if they apply to your business.
--Key steps for preparing to ingest threat information and turn it into intelligence.
--How to derive useful data that helps you achieve your business goals.
--Tools that are available to make collaboration easier.
Black Hole Attack:
A malicious node advertises the wrong paths as good paths to the source node during the pathfinding process.
When the source selects the path including the attacker node, the traffic starts passing through the adversary node and this node starts dropping the packets selectively or in whole.
Black hole region is the entry point to a large number of harmful attacks.
Denial of Service attacks – Definitions, related surveys
Traceback of DDoS Attacks – Proposed method, advantages, future work
Detection methods with Shannon and Renyi cross entropy – Previous works, proposed method, dataset and results
The added value of entropy detection methods
References
This document summarizes Bumsoo Kim's presentation on deep convolutional generative adversarial networks (DCGANs) for unsupervised representation learning. The presentation introduces generative models, describes the DCGAN model architecture which uses an adversarial process between a generator and discriminator, and discusses evaluating and applying vector arithmetic to generated images.
Anomaly Detection Using Generative Adversarial Network(GAN)Asha Aher
This presentation covers Anomaly Detection using different GAN architectures. Methodology used in order to check efficiency of GAN in anomaly detection.
This document discusses key considerations for choosing a SIEM (security information and event management) solution. It begins with an overview of ManageEngine, a provider of IT management software. It then discusses the importance of log management and security event monitoring. The document outlines 8 critical factors to consider when selecting a SIEM solution: log collection capabilities, user activity monitoring, real-time event correlation, log retention, compliance reporting, file integrity monitoring, log forensics, and dashboards. It presents ManageEngine's SIEM offering and highlights its ease of deployment, cost-effectiveness, customizable dashboards, and universal log collection. The presentation concludes with a Q&A.
This document discusses attention mechanisms in deep learning models. It covers attention in sequence models like recurrent neural networks (RNNs) and neural machine translation. It also discusses attention in convolutional neural network (CNN) based models, including spatial transformer networks which allow spatial transformations of feature maps. The document notes that spatial transformer networks have achieved state-of-the-art results on image classification tasks and fine-grained visual recognition. It provides an overview of the localisation network, parameterised sampling grid, and differentiable image sampling components of spatial transformer networks.
Crafting Recommenders: the Shallow and the Deep of it! Sudeep Das, Ph.D.
Sudeep Das presented on recommender systems and advances in deep learning approaches. Matrix factorization is still the foundational method for collaborative filtering, but deep learning models are now augmenting these approaches. Deep neural networks can learn hierarchical representations of users and items from raw data like images, text, and sequences of user actions. Models like wide and deep networks combine the strengths of memorization and generalization. Sequence models like recurrent neural networks have also been applied to sessions for next item recommendation.
Misp(malware information sharing platform)Nadim Kadiwala
A threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. Discover how MISP is used today in multiple organisations. Not only to store, share, collaborate on cyber security indicators, malware analysis, but also to use the IoCs and information to detect and prevent attacks or threats against ICT infrastructures, organisations or people.
the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
Machine learning on graphs is an important and ubiquitous task with applications ranging from drug design to friendship recommendation in social networks. The primary challenge in this domain is finding a way to represent, or encode, graph structure so that it can be easily exploited by machine learning models. However, traditionally machine learning approaches relied on user-defined heuristics to extract features encoding structural information about a graph. In this talk I will discuss methods that automatically learn to encode graph structure into low-dimensional embeddings, using techniques based on deep learning and nonlinear dimensionality reduction. I will provide a conceptual review of key advancements in this area of representation learning on graphs, including random-walk based algorithms, and graph convolutional networks.
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
Recsys 2014 Tutorial - The Recommender Problem RevisitedXavier Amatriain
This document summarizes Xavier Amatriain's presentation on recommender systems. It discusses traditional recommendation methods like collaborative filtering, content-based recommendations, and hybrid approaches. It also covers newer methods that go beyond traditional techniques, such as learning to rank, deep learning, social recommendations, and context-aware recommendations. Throughout the presentation, Amatriain discusses challenges like cold starts, popularity bias, and limitations of different recommendation approaches. He also shares lessons learned from the Netflix Prize competition, including how SVD and RBM models were used.
SIEM systems provide security event monitoring and log management by collecting security data from across an organization's network and systems. The first SIEM was developed in 1996 and major players today include IBM QRadar, HP ArcSight, and McAfee Nitro. SIEMs aggregate logs from various sources, use correlation engines to identify related security events, and generate alerts when multiple events indicate a higher risk threat. They provide visibility across an organization's security infrastructure and help with compliance, operations, and forensic investigations. SIEM is important for threat detection, compliance, and gaining insights from security event data.
This document provides an overview of graph neural networks (GNNs). GNNs are a type of neural network that can operate on graph-structured data like molecules or social networks. GNNs learn representations of nodes by propagating information between connected nodes over many layers. They are useful when relationships between objects are important. Examples of applications include predicting drug properties from molecular graphs and program understanding by modeling code as graphs. The document explains how GNNs differ from RNNs and provides examples of GNN variations, datasets, and frameworks.
Brief introduction on attention mechanism and its application in neural machine translation, especially in transformer, where attention was used to remove RNNs completely from NMT.
This document describes a project to develop an intrusion detection system using data mining techniques. It discusses approaches to intrusion detection including signature-based and anomaly-based methods. For the project, a hybrid network-based and host-based intrusion detection system is proposed. Data preprocessing and mining techniques including clustering, outlier detection, and classification are applied to network packet data and system call logs to detect attacks.
https://telecombcn-dl.github.io/2018-dlai/
Deep learning technologies are at the core of the current revolution in artificial intelligence for multimedia data analysis. The convergence of large-scale annotated datasets and affordable GPU hardware has allowed the training of neural networks for data analysis tasks which were previously addressed with hand-crafted features. Architectures such as convolutional neural networks, recurrent neural networks or Q-nets for reinforcement learning have shaped a brand new scenario in signal processing. This course will cover the basic principles of deep learning from both an algorithmic and computational perspectives.
6 Steps for Operationalizing Threat IntelligenceSirius
The best form of defense against cyber attacks and those who perpetrate them is to know about them. Collaborative defense has become critical to IT security, and sharing threat intelligence is a force multiplier. But for many organizations, good quality intelligence is hard to come by.
Commercial threat intelligence technology and services can help enterprises arm themselves with the strategic, tactical and operational insights they need to identify and respond to global threat activity, and integrate intelligence into their security programs.
Threat intelligence sources have varying levels of relevance and context, and there are concerns about data quality and redundancy, shelf life, public/private data sharing, and threat intelligence standards. However, if processed and applied properly, threat intelligence provides a way for organizations to get the insight they need into attackers’ plans, prioritize and respond to threats, shorten the time between attack and detection, and focus staff efforts and decision-making.
View to learn:
--The difference between threat information and threat intelligence.
--Available sources of intelligence and how to determine if they apply to your business.
--Key steps for preparing to ingest threat information and turn it into intelligence.
--How to derive useful data that helps you achieve your business goals.
--Tools that are available to make collaboration easier.
Black Hole Attack:
A malicious node advertises the wrong paths as good paths to the source node during the pathfinding process.
When the source selects the path including the attacker node, the traffic starts passing through the adversary node and this node starts dropping the packets selectively or in whole.
Black hole region is the entry point to a large number of harmful attacks.
Denial of Service attacks – Definitions, related surveys
Traceback of DDoS Attacks – Proposed method, advantages, future work
Detection methods with Shannon and Renyi cross entropy – Previous works, proposed method, dataset and results
The added value of entropy detection methods
References
This document discusses security issues and proposed mechanisms for wireless sensor networks. It begins by defining wireless sensor networks and describing their applications. It then outlines several security threats specific to these networks, such as denial of service attacks, Sybil attacks, wormhole attacks, and traffic analysis attacks. The document reviews cryptography and steganography techniques for wireless sensors and proposes that a holistic approach is needed to ensure security across all network layers. It concludes that detecting false information from compromised nodes is a major research challenge and developing efficient holistic security is also an important open problem.
The vampire attack is the class of Denial-of-Service attack. Denial-of-Services in the network is caused by consuming the power of the sensor node. It is also called power draining attacks because of this attack consume the power of sensor nodes and disable the network. It creates a protocol-compliant message and sends it into the network so that the energy used by the network is more than if the same message transmitted of identical size to the same destination.
Cryptography based misbehavior detection for opportunistic networkShahana P H
The document proposes a cryptography-based mechanism for detecting misbehavior and controlling trust in opportunistic network systems. It designs a security overlay using cryptography over existing trust-based routing. Spy nodes monitor the network for evidence of malicious nodes. Hop-to-hop authentication uses asymmetric cryptography while end-to-end authentication uses symmetric cryptography. Spy nodes identify suspicious nodes and judges declare them as malicious or normal by decreasing their trust values. The proposed system aims to provide security services like authentication, integrity and confidentiality through cryptography to strengthen security for commercial use of opportunistic networks.
Wireless sensor networks consist of distributed autonomous devices that can monitor various environmental conditions. Securing these networks is challenging due to constraints on sensors' processing, memory, and battery power. Attacks on wireless sensor networks can target security mechanisms or routing mechanisms. Common attacks include denial of service through jamming, spoofing and altering information in transit, replication attacks, and physical node destruction. Effective security schemes must provide data confidentiality, integrity, and freshness given sensors' limitations. Developing efficient detection of compromised nodes reporting false data while ensuring holistic security in wireless sensor networks remains an important research challenge.
Computational intelligence in wireless sensor network KratikaNigam3
Computational intelligence is a sub part of Artificial Intelligence and if we use this Artificial Intelligence and wireless sensor network it will become computational intelligence in wireless sensor network it has many artificial intelligent method such as Fuzzy Logic neural network and run forcement learning.
Secure routing in wsn-attacks and countermeasuresMuqeed Abdul
1) The document discusses security issues in wireless sensor networks, specifically focusing on attacks against routing protocols and potential countermeasures. It outlines common attacks like spoofing, selective forwarding, sinkhole attacks, Sybil attacks, wormholes, and HELLO flood attacks.
2) The document then discusses countermeasures against each type of attack, such as link layer security, identity verification, verification of link bidirectionality, multipath routing, and better protocol design.
3) Finally, the document emphasizes that routing protocols for wireless sensor networks must be designed with security in mind to effectively defend against both insider and outsider adversaries.
1) The document discusses security issues in wireless sensor networks, specifically focusing on attacks against routing protocols and potential countermeasures. It outlines common attacks like spoofing, selective forwarding, sinkhole attacks, Sybil attacks, wormholes, and HELLO flood attacks.
2) The document then provides an overview of potential countermeasures like link layer security, identity verification protocols, verification of link bidirectionality, and multipath routing.
3) Finally, the document emphasizes the importance of secure routing protocol design and highlights the need for protocols to incorporate security features to defend against insider and outsider attacks.
Overview on security and privacy issues in wireless sensor networks-2014Tarek Gaber
Lecture Outlines
Why Security is Important for WSN
WSNs have many applications e.g.:
military, homeland security
assessing disaster zones
Others.
This means that such sensor networks have mission-critical tasks.
Security is crucial for such WSNs deployed in these hostile environments.
Why Security is Important for WSN
Moreover, wireless communication employed by WSN facilitates
eavesdropping and
packet injection by an adversary.
These mentioned factors require security for WSN during the design stage to ensure operation safety, secrecy of sensitive data, and privacy for people in sensor environments.
Algorithms to achieve security services
Symmetric Encryption
Asymmetric Encryption
Hash Function/Algorithm
Digital Signature
Why Security is Complex in WSN
Because of WSNs Characteristics:
Anti-jamming and physical temper proofing are impossible
greater design complexity and energy consumption
Denial-of-service (DoS) attack is difficult
Sensor node constraints
Sensor nodes are susceptible to physical capture
Deploying in hostile environment.
eavesdropping and injecting malicious message are easy
Using wireless communication
Why Security is Complex in WSN
Because of WSNs Characteristics:
maximization of security level is challenging
Resource consumption
asymmetric cryptography is often too expensive
Node constraints
centralized security solutions are big issue
no central control and constraints, e.g. small memory capacity.
Cost Issues
Overall cost of WSN should be as low as possible.
Typical Attacks to WSN
Physical Attacks
Environmental
Permanently destroy the node, e.g., crashing or stealing a node.
Attacks at the Physical Layer
Jamming: transmission of a radio signal to interfere with WSN radio frequencies.
Constant jamming: No message are able to be sent or received.
Intermittent jamming: Nodes are able to exchange messages periodically
Jamming Attack Countermeasure
Physical Attacks
Node Capture Attacks
routing functionalities
Countermeasure
tamper-proof features
Expensive solution
Self-Protection
disable device when attack detected
Attacks on Routing
Sinkhole attack
attacker tries to attract the traffic from a particular region through it
Solution:
Watchdog Nodes can start to trace the source of false routing information
Attacks on Routing
Sybil attack (Identity Spoofing)
attacker claims to have multiple identities or locations
provide wrong information for routing to launch false routing attacks
Solutions:
Misbehavior Detection.
Identity Protection
Privacy Attacks
Attempts to obtain sensitive information collected and communicated in WSNs
Eavesdropping
made easy by broadcast nature of wireless networks
Traffic analysis
used to identify sensor nodes of interest (data of interest),
WSN Privacy Issues Cont.
WSN Privacy Issues Attack
Trust and reputation in WSN
WSN Traditional Security Techniques
Cryptographic primitive
The document discusses security challenges and attacks in mobile ad hoc networks (MANETs) along with solutions. It describes various active and passive attacks at different layers of the network including physical, link, network, transport and application layers. It also discusses secure routing protocols that use routing header information, cryptography, redundancy across routing layers, and trust models. Finally, it covers key management approaches for MANETs including cluster-based, identity-based, certificate chaining, and multicasting-based methods, as well as the use of intrusion detection systems.
Redundancy Management in Heterogeneous Wireless Sensor NetworksSaeid Hossein Pour
Communication security and reliability are two important issues in any network. A typical communication task in a wireless sensor network is for every sensor node to sense its local environment and, upon request, sends data of interest back to a base station (sink). Due to the distributed nature of these networks and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. This problem is more critical if the network is deployed for some mission-critical applications such as a tactical battlefield. Due to resource constraints in the sensor nodes like processing power, memory, bandwidth and power sources, traditional security mechanisms with large overhead of computation and communication are infeasible in WSNs.
Security in sensor networks is, therefore, a particularly challenging task. The main requirements of wireless sensor networks are to extend the network lifetime and energy efficiency as well as provide a secure and reliable connection.
In this project redundancy management of heterogeneous wireless sensor networks (HWSNs) is proposed, to answer user queries in the presence of unreliable and malicious nodes. The objective of the redundancy management is to exploit tradeoff between energy consumption against the gain in quality of service (QoS) such as reliability, timeliness and security to maximize the system lifetime. The presence of heterogeneous nodes in a sensor network is known to increase network reliability and lifetime. Selecting multipath routing can yield a variety of benefits such as fault tolerance, increased bandwidth and improved security. Furthermore, the best redundancy level for path redundancy and source redundancy is analyzed and the best intrusion detection system (IDS) is provided.
Trust Based Routing In wireless sensor NetworkAnjan Mondal
This document discusses trust based routing in wireless sensor networks. It describes the characteristics and applications of sensor networks, and different types of attacks they face including passive attacks like traffic analysis and active attacks that aim to modify or fabricate routing information. It then proposes a trust based routing model for sensor networks that calculates direct trust between neighboring nodes based on their packet forwarding behavior, and propagates this trust information through route requests to enable computation of trust beyond single hops. This model aims to secure routing against active attacks in infrastructure-less sensor networks.
1) The document discusses security attacks in wireless sensor networks (WSNs). It provides an overview of the types of WSNs and their components.
2) It describes the main security challenges in WSNs like remote locations, lack of central control, and resource constraints.
3) The document outlines different security attacks in WSNs including denial of service attacks, traffic analysis, wormhole attacks, and jamming.
4) Defensive measures to secure WSNs like key establishment and intrusion detection are also discussed.
VTU 8TH SEM INFORMATION AND NETWORK SECURITY SOLVED PAPERSvtunotesbysree
The document discusses different generations of firewalls and intrusion detection and prevention systems (IDPS). It describes the key characteristics of five generations of firewalls from static packet filtering to stateful inspection and kernel proxy firewalls. It also discusses the advantages of network-based IDPS (NIDPS) over host-based IDPS, and describes three common detection methods used by IDPS: signature-based, statistical anomaly-based, and stateful packet inspection. Wireless NIDPS and network behavior analysis systems are also introduced as two subtypes of NIDPS.
This document discusses smart home devices and the central coordinator elements that connect various smart home sensors and appliances. It describes sensors like light intensity sensors, motion detectors, temperature/humidity sensors, and cameras. It also mentions appliances like light bulbs, curtains, AC units, and doorbells. The central coordinator uses WiFi and ZigBee protocols to connect these devices and automate home lighting, climate control, security, and energy usage based on sensor readings and user-defined scenarios. Issues around WiFi and ZigBee coexistence are also examined, along with methods to reduce interference between the two wireless protocols.
A Study on Security in Wireless Sensor Networksijtsrd
Wireless Sensor Networks (WSNs) present myriad application opportunities for several applications such as precision agriculture, environmental and habitat monitoring, traffic control, industrial process monitoring and control, home automation and mission-critical surveillance applications such as military surveillance, healthcare (elderly, home monitoring) applications, disaster relief and management, fire detection applications among others. Since WSNs are used in mission-critical tasks, security is an essential requirement. Sensor nodes can easily be compromised by an adversary due to unique constraints inherent in WSNs such as limited sensor node energy, limited computation and communication capabilities and the hostile deployment environments. Shabnam Kumari | Sumit Dalal | Rashmi"A Study on Security in Wireless Sensor Networks" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-4 , June 2018, URL: http://www.ijtsrd.com/papers/ijtsrd12931.pdf http://www.ijtsrd.com/engineering/electronics-and-communication-engineering/12931/a-study-on-security-in-wireless-sensor-networks/shabnam-kumari
Intrusion detection in wireless sensor networkVinayak Raja
• Is a software application that monitors network or system activities for malicious activities policy violations and produces reports to a management station.
• OBJECTIVE: An Intrusion detection system (IDS) is software designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer mainly through a network, such as the Internet.
• PROBLEM SOLVED: Several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and viruses. IDS solved this problem.
Ransomware Attack: Best Practices to proactively prevent contain and respondAlgoSec
One of the biggest concerns for info security professionals and business executives right now is ransomware attacks. It has prompted many organizations urgently assess what they need to do to contain and limit their exposure to this threat.
Presented by renowned industry expert Prof. Avishai Wool, this new technical webinar will provide some best practices and tips to help organizations prevent, contain and respond to a ransomware attack.
In this webinar Professor Wool will discuss:
• The different methods used by cyber criminals to penetrate the network security perimeter
• Best practices for reducing cyber criminals’ lateral movements across the network
• How to augment incident triage with critical business context to assess the severity, risk and potential business impact of an attack
• Prioritizing incident remediation efforts based on business risk, and neutralizing impacted systems through zero-touch automation
• The impact of a ransomware on regulatory compliance
This document summarizes a research paper on defending against replication node attacks in wireless sensor networks. The paper proposes using a "Black Roll" technique to detect and block compromised nodes. It uses Sequential Probability Ratio Testing (SPRT) to detect if a node's speed exceeds the maximum, indicating replication. If detected, the node's IP is added to a blacklist table secured with RSA encryption. A tool called Protowall then blocks the IP address on the blacklist to prevent network access. The paper claims this Black Roll technique improves detection of replication node attacks compared to existing approaches.
Similar to Neighbor Node Trust Based Intrusion Detection System for WSN (20)
Virtualization: A Key to Efficient Cloud ComputingHitesh Mohapatra
The document discusses various types of virtualization used in cloud computing. It describes virtualization as a technique that allows sharing of physical resources among multiple customers. There are two main types of hypervisors - Type 1 hypervisors run directly on hardware while Type 2 hypervisors run on a host operating system. The document also summarizes different types of virtualization including hardware, software, memory, storage, network, and desktop virtualization. Benefits of virtualization include improved efficiency, outsourcing of hardware costs, testing software in isolated environments, and emulating machines beyond physical availability.
Automating the Cloud: A Deep Dive into Virtual Machine ProvisioningHitesh Mohapatra
Virtual machine provisioning allows users to quickly provision new virtual machines through a self-service interface in minutes, rather than the days it previously took to provision physical servers. Virtual machine migration also allows live migration of virtual machines between physical hosts in milliseconds for maintenance or upgrades. Standards like OVF and OCCI help ensure interoperability and portability of virtual machines across platforms. The virtual machine lifecycle includes provisioning, serving requests, and deprovisioning resources when the service is ended.
Harnessing the Power of Google Cloud Platform: Strategies and ApplicationsHitesh Mohapatra
The document discusses Google Cloud Platform (GCP), a suite of cloud computing services provided by Google. It provides infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). GCP allows users to access computing power, storage, databases, and other applications through remote servers on the internet. It offers advantages like scalability, security, redundancy, and cost-effectiveness compared to traditional data centers. Example applications of GCP include enabling collaborative document editing in real-time.
Scheduling refers to allocating computing resources like processor time and memory to processes. In cloud computing, scheduling maps jobs to virtual machines. There are two levels of scheduling - at the host level to distribute VMs, and at the VM level to distribute tasks. Common scheduling algorithms include first-come first-served (FCFS), shortest job first (SJF), round robin, and max-min. FCFS prioritizes older jobs but has high wait times. SJF prioritizes shorter jobs but can starve longer ones. Max-min prioritizes longer jobs to optimize resource use. The choice depends on goals like throughput, latency, and fairness.
This document provides a template for submitting case studies to a case study compendium on cloud computing solutions. The template requests information on the customer organization, industry, location, the cloud solution provider, area of application of the cloud solution, challenges addressed, objectives, timeline of implementation, solution approach, challenges during implementation, benefits to the customer, innovation enabled, partnerships involved, and a customer testimonial. It requests details on the cloud solution type (IaaS, PaaS, or SaaS), quantitative and qualitative benefits realized by the customer, and how the solution helped boost innovation. Contact details of the submitter are also requested. The focus is on how cloud platforms and solutions enabled customer enterprises to innovate and
RAID (Redundant Array of Independent Disks) uses multiple hard disks or solid-state drives to protect data by storing it across the drives in a way that if one drive fails, the data can still be accessed from the other drives. There are different RAID levels that provide varying levels of data protection and performance. A RAID controller manages the drives in an array, presenting them as a single logical drive and improving performance and reliability. Common RAID levels include RAID 0 for performance without redundancy, RAID 1 for disk mirroring, and RAID 5 for striping with parity data distributed across drives. [/SUMMARY]
Cloud load balancing distributes workloads and network traffic across computing resources in a cloud environment to improve performance and availability. It routes incoming traffic to multiple servers or other resources while balancing the load. Load balancing in the cloud is typically software-based and offers benefits like scalability, reliability, reduced costs, and flexibility compared to traditional hardware-based load balancing. Common cloud providers like AWS, Google Cloud, and Microsoft Azure offer multiple load balancing options that vary based on needs and network layers.
ITU-T requirement for cloud and cloud deployment modelHitesh Mohapatra
List and explain the functional requirements for networking as per the ITU-T technical report. List and explain cloud deployment models and list relative strengths and weaknesses of the deployment models with neat diagram.
The document contains descriptions of several LeetCode problems ranging from Medium to Hard difficulty. It provides details about the Maximum Level Sum of a Binary Tree, Jump Game III, Minesweeper, Binary Tree Level Order Traversal, Number of Operations to Make Network Connected, Open the Lock, Sliding Puzzle, and Trapping Rain Water II problems. It also includes pseudocode and explanations for solving the Number of Operations to Make Network Connected and Open the Lock problems.
The document discusses three problems: (1) finding the cheapest flight route between two cities with at most k stops using DFS and pruning; (2) merging k sorted linked lists into one sorted list using a priority queue; (3) using a sequence of acceleration (A) and reversing (R) instructions to reach a target position in the shortest number of steps for a car that can move to negative positions.
Trie Data Structure
LINK: https://leetcode.com/tag/trie/
Easy:
1. Longest Word in Dictionary
Medium:
1. Count Substrings That Differ by One Character
2. Replace Words
3. Top K Frequent Words
4. Maximum XOR of Two Numbers in an Array
5. Map Sum Pairs
Hard:
1. Concatenated Words
2. Word Search II
The document discusses the basics of relational databases. It defines what a database is, the advantages it provides over file-based data storage, and some disadvantages. It also covers relational database concepts like tables, records, fields, keys, and normalization. The document explains how to design a relational database by determining the purpose and entities, modeling relationships with E-R diagrams, and following steps to normalize the data.
The document discusses measures of query cost in database management systems. It explains that query cost can be measured by factors like the number of disk accesses, size of the table, and time taken by the CPU. It further breaks down disk access time into components like seek time, rotational latency, and sequential vs. random I/O. The document then provides an example formula to calculate estimated query cost based on these components.
This document discusses how wireless sensor networks (WSNs) can be used in smart city applications. It first defines WSNs as self-configured, infrastructure-less networks that use sensors to monitor conditions like temperature, sound, and pollution. It then discusses how WSNs can influence lifestyle by enabling applications in areas like healthcare, transportation, the environment and more. Finally, it discusses how WSNs are a primary strength for smart cities by allowing remote and cost-effective monitoring of infrastructure and resources across applications like smart water, smart grid, and smart transportation.
The document provides an overview and syllabus for a course on fundamentals of data structures. It covers topics such as linear and non-linear data structures including arrays, stacks, queues, linked lists, trees and graphs. It describes various data types in C like integers, floating-point numbers, characters and enumerated types. It also discusses operations on different data structures and analyzing algorithm complexity.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
The CBC machine is a common diagnostic tool used by doctors to measure a patient's red blood cell count, white blood cell count and platelet count. The machine uses a small sample of the patient's blood, which is then placed into special tubes and analyzed. The results of the analysis are then displayed on a screen for the doctor to review. The CBC machine is an important tool for diagnosing various conditions, such as anemia, infection and leukemia. It can also help to monitor a patient's response to treatment.
Introduction- e - waste – definition - sources of e-waste– hazardous substances in e-waste - effects of e-waste on environment and human health- need for e-waste management– e-waste handling rules - waste minimization techniques for managing e-waste – recycling of e-waste - disposal treatment methods of e- waste – mechanism of extraction of precious metal from leaching solution-global Scenario of E-waste – E-waste in India- case studies.
artificial intelligence and data science contents.pptxGauravCar
What is artificial intelligence? Artificial intelligence is the ability of a computer or computer-controlled robot to perform tasks that are commonly associated with the intellectual processes characteristic of humans, such as the ability to reason.
› ...
Artificial intelligence (AI) | Definitio
Null Bangalore | Pentesters Approach to AWS IAMDivyanshu
#Abstract:
- Learn more about the real-world methods for auditing AWS IAM (Identity and Access Management) as a pentester. So let us proceed with a brief discussion of IAM as well as some typical misconfigurations and their potential exploits in order to reinforce the understanding of IAM security best practices.
- Gain actionable insights into AWS IAM policies and roles, using hands on approach.
#Prerequisites:
- Basic understanding of AWS services and architecture
- Familiarity with cloud security concepts
- Experience using the AWS Management Console or AWS CLI.
- For hands on lab create account on [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
# Scenario Covered:
- Basics of IAM in AWS
- Implementing IAM Policies with Least Privilege to Manage S3 Bucket
- Objective: Create an S3 bucket with least privilege IAM policy and validate access.
- Steps:
- Create S3 bucket.
- Attach least privilege policy to IAM user.
- Validate access.
- Exploiting IAM PassRole Misconfiguration
-Allows a user to pass a specific IAM role to an AWS service (ec2), typically used for service access delegation. Then exploit PassRole Misconfiguration granting unauthorized access to sensitive resources.
- Objective: Demonstrate how a PassRole misconfiguration can grant unauthorized access.
- Steps:
- Allow user to pass IAM role to EC2.
- Exploit misconfiguration for unauthorized access.
- Access sensitive resources.
- Exploiting IAM AssumeRole Misconfiguration with Overly Permissive Role
- An overly permissive IAM role configuration can lead to privilege escalation by creating a role with administrative privileges and allow a user to assume this role.
- Objective: Show how overly permissive IAM roles can lead to privilege escalation.
- Steps:
- Create role with administrative privileges.
- Allow user to assume the role.
- Perform administrative actions.
- Differentiation between PassRole vs AssumeRole
Try at [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
Neighbor Node Trust Based Intrusion Detection System for WSN
1. Neighbour Node Trust Based
Intrusion Detection System for
WSN
Class Seminar
Nov 17
Presented by Hitesh Mohapatra (Ph.D Scholar)
Subject In-Charge Dr.S.Panigrahi
3. Abstract
• This seminar presents an intrusion detection technique
based on the calculation of trust of the neighbouring node.
In the proposed IDS, each node observes the trust level of
its neighbour nodes.
• Based on these trust values , neighbour nodes may be
declared as trust worthy, risky or malicious.
• The proposed scheme successfully detects Hello flood
attack, jamming attack and selective forwarding attack by
analysing the network statistics and malicious node
behaviour.
4. Introduction
Wireless sensor networks
• Wireless sensor node
• power supply
• sensors
• embedded processor
• wireless link
• Many, cheap sensors
• wireless easy to install
• intelligent collaboration
• low-power long lifetime
5. Possible applications
• Military
• Asset monitoring and management, battlefield
surveillance, biological attack detection
• Ecological
• fire detection, flood detection, agricultural uses
• Health related
• Medical sensing, microsurgery
• General engineering
• car theft detection, inventory control, residential
security
6. Security in WSN
• Main security threats in WSN are:
• Radio links are insecure – eavesdropping /
injecting faulty information is possible
• Sensor nodes are not temper resistant – if it is
compromised the attacker obtains all security
information
• Protecting confidentiality, integrity, and
availability of the communications and
computations
7. Why security is different?
•Sensor Node Constraint
•Battery
•CPU power
•Memory
•Networking Constraints and Features
•Wireless
•Ad hoc
•Unattended
9. What is intrusion detection?
• Intrusion detection is the process of
discovering, analyzing, and reporting
unauthorized or damaging network or
computer activities
• Intrusion detection discovers violations of
confidentiality, integrity, and availability of
information and resources
10. • Intrusion detection demands:
• As much information as the computing
resources can possibly collect and store
• Experienced personnel who can interpret
network traffic and computer processes
• Constant improvement of technologies and
processes to match pace of Internet
innovation
What is intrusion detection?
11. How useful is intrusion
detection?
• Provide digital forensic data to support post-
compromise law enforcement actions
• Identify host and network misconfigurations
• Improve management and customer
understanding of the Internet's inherent
hostility
• Learn how hosts and networks operate at the
operating system and protocol levels
12. Intrusion detection models
• All computer activity and network traffic
falls in one of three categories:
• Normal
• Abnormal but not malicious
• Malicious
• Properly classifying these events are the
single most difficult problem -- even more
difficult than evidence collection
13. Intrusion detection models
• Two primary intrusion detection models
• Network-based intrusion detection monitors
network traffic for signs of misuse
• Host-based intrusion detection monitors
computer processes for signs of misuse
• So-called "hybrid" systems may do both
• A hybrid IDS on a host may examine network
traffic to or from the host, as well as
processes on that host
14. IDS paradigms
• Anomaly Detection – look for abnormal
• Misuse Detection – pattern matching
• Burglar Alarms - policy based detection
• Honey Pots - lure the hackers in
• Hybrids - a bit of this and that
15. Anomaly detection(cont)
• Typical anomaly detection approaches:
• Neural networks - probability-based pattern
recognition
• Statistical analysis - modeling behavior of
users and looking for deviations from the
norm
• State change analysis - modeling system’s
state and looking for deviations from the norm
17. The proposed intrusion
detection
1. The system has a trust manager, which manage the direct and indirect trust
(reputation) of a node.
2. The behaviour classifier classifies the behaviour of the node as attacker,
trustworthy and risky based on the trust values and calculation obtained from
the trust manager.
3. In case of the trustworthy behaviour, the observed node is recommended to
the forwarding engine for packet forwarding.
4. When behaviour of the observed node is identified as risky, its risk factor is
evaluated and updated. If the observing node is willing to take risk, it
recommends the observed node having risky behaviour to the forwarding
engine for forwarding.
5. If the observing node does not want to take risk, it stores the risk factor of the
observed node in recommendation data base.
6. In case of attack behaviour, the attack classifier distinguishes attack pattern
based on the calculation described in the following subsections.
7. The observed node is declined for forwarding purpose. The status of the
observed nodes is saved in the recommendation data base.
19. System Model and nodes
Initial Observation
• In the proposed IDS, a node y0 calculates the level of trust of its
neighbouring nodes.
• The neighbours of y0 is a set of nodes having one hop contact with
node y0 and are represented as
• Any node yi possesses set of attributes denoted as
• The activity of the node yi is observed by the sensor node y0 by
observing its individual attributes.
• The observed attributes of node yi are stored by the vector
with ever element explaining the node’s activities
• If node yi observes its neighbouring nodes
it stores the set of the corresponding attribute vectors
20. Attributes of WS-Nodes:
• Received Signal Strength
• Packet Sending Rate
• Control Packet Generating Rate
• Packets Delivery Ratio
• Packet Dropping Rate
• Packet Forwarding Rate
• Packet Acknowledgment Rate
21. Jamming attack
• The amount of power in any radio signal received is
termed as Received Signal Strength.
• The Received Signal Strength of the node y observed by
the node y0 is represented as Ps(y).
• A node is considered malicious if it has high received
signal strength than the vector of received signal
strength of its neighbours Nb(y0)={y1......yn}.
• In this case the node is considered to have undergone a
Jamming attack.
22. Hello Flood attack
• Packet Generation Rate is the number of control
packets generated in a specific interval of time.
• Pg(y) is the Packet Generation Rate of node y
monitored by the node y0.
• A node is considered malicious if it generates high
number of control packets than the vector of control
packets generated by its neighbours Nb(y0)={y1......yn}.
• In this case, the node is considered to have undergone
a Hello Flood attack.
23. Selective Forwarding Attack
• In a multi-hop scenario, a node forwards packets of its
neighbours. The rate of packet received by a node and
its subsequent forwarding to its destination node is
termed as Packet Forwarding Rate.
• PFrR(y) is the Packet Forwarding Rate of node y
monitored by the node y0.
• A node is said to be suffering selective forwarding attack
if its packets forwarding rate is much less than the
packets forwarding rate of its neighbour
Nb(y0)={y1......yn}.
24. Trust
Trust is calculated by taking average of the
direct trust A(y) and indirect trust i.e.
reputation B(y).
Mathematically :
25. Detection of Jamming Attack
The total Received Signal Strength of node y observed by node y0 during time interval
T0 = Ps0(y)
During time interval T1 = Ps1(y)
Total packet sending rate of node y observed by node y0 during time interval Tz = Psz(y)
Total Received Signal Strength of node y observed by node y0 during time interval Ti =
Psi(y)
Average Received Signal Strength is calculated as
Now at any interval ’i’ if the Received Signal Strength is greater then the summation of
average Received Signal Strength and the Received Signal Strength values of the
sensor specified in its data sheets, node is suffering from jamming Attack.
Mathematically,
{Where Psi(y) is the Received Signal Strength of node y at any given interval i observed
by node y0. C is the Received Signal Strength values of the sensor specified in its data
sheets. Node for which equation 1 does not not hold true, are malicious.}
27. Detection of HELLO Flood
Attack
Let Pg0(y) is the control packets generating rate of node y observed by node y0 during
time interval T0. Pg1(y) is the packets generating rate of node y observed by node y0
during time interval T1 and Pgz(y) is the control packets generating rate of node y
observed by node y0 during time interval Tz. Let Pgi(y) ) is the control packets
generating rate of node y observed by node y0 during time interval Ti. Then the average
control packets generating rate is given :
Now at any interval ’i’ if the control packets generating rate of any node is greater then
the summation of average control packets generating rate and the control packets
generating rate values of the sensor specified in the standard protocol, node is suffering
from Hello Flood Attack. Mathematically :
Where Pgi(y) is the control packets generating rate of node y at any given interval i
observed by node y0 . C is the control packets generating rate values of the sensor
specified in the standard protocol it follow. Node for which equation 3 does not hold true,
are malicious and higher control packets generating rate is the identification of hello flood
attack.
28. • Detection of Trustworthy
(Good) Nodes
A node is said to be trustworthy or Good if its current Direct
Trust value Ac(y) is greater or equal to the required trust
value RTv , meaning that it satisfies the condition :
29. Detection of Risky Nodes
There are two possibilities about the risky nature of a node.
In the first case, there is no prior recommendation
about the node , that is B(y)=0 and its current direct trust
value Ac(y) is less that the Required Trust Value RTv.
Mathematically: Ac(y) < RTv. In this case, the total trust is
given as and as B(y)=0 so
Then the value of risk is given as :
30. Detection of Risky Nodes
In the second case, the recommendation value of the node
is less than the value of Required Trust Value that is
B(y) < RTv and its current direct trust value Ac(y) is less
that the Required Trust Value RTv.
Mathematically Ac(y) < RTv. In this case, the total trust is
given as :
Then the value of risk is given by the following equation.
31. Storage of Node Status for future use
(Reputation) and subsequent Forwarding
Decision
Recommendation Data Base stores the status of the node.
On the bases of calculation, a node may be found
malicious, trustworthy or risky. These statistics are used in
the future interaction of the nodes. A trustworthy node is
recommended for interaction, a malicious node is declined,
while decision about packet forwarding through risky node
is made, if the node intending to send data is willing to take
risk. After the successful determination of the node status
as malicious, trustworthy or risky, decision about the
packet forwarding through any neighbour node is taken by
the packet sending node. The criteria for packet forwarding
is the selection of safest path rather than selecting shortest
path.
33. Conclusion
We propose an intrusion detection technique based on the
principle that nodes in each other neighbourhood behave
in a similar way. The proposed NeTMids detects hello
flood, jamming and selective forwarding attack. It can be
further extended by including other attacks as well.
Simulation results shows that network perform better when
the proposed NeTMids is deployed.
Thank You to original authors and Dr.S.Panigrahi
Contact:
hiteshmahapatra@gmail.com
Mob:9436992299
34. Reference
6th International Conference on
Emerging Ubiquitous Systems
and Pervasive Networks,EUSPN-
2015
Neighbour Node Trust Based
Intrusion Detection System for
WSN
Syed Muhammad Sajjada, Safdar
Hussain Boukb, Muhammad
Yousafa
Riphah Institute of Systems
Engineering, Riphah International
University, Islamabad, Pakistan
Department of Electrical
Engineering, Comsats Institute of
Information Technology,
Islamabad, Pakistan