SRGH: A secure and robust group‐based handover AKA protocol for MTC in LTE‐A networks

Machine‐type communication (MTC) is defined as an automatic aggregation, processing, and exchange of information among intelligent devices without humans intervention. With the development of immense embedded devices, MTC is emerging as the leading communication technology for a wide range of applications and services in the Internet of Things (IoT). For achieving the reliability and to fulfill the security requirements of IoT‐based applications, researchers have proposed some group‐based handover authentication and key agreement (AKA) protocols for mass MTCDs in LTE‐A networks. However, the realization of secure handover authentication for the group of MTCDs in IoT enabled LTE‐A network is an imminent issue. Whenever mass MTCDs enter into the coverage area of target base‐station simultaneously, the protocols incur high signaling congestion. In addition, the existing group‐based handover protocols suffer from the huge network overhead and numerous identified problems such as lack of key forward/backward secrecy, privacy‐preservation. Moreover, the protocols fail to avoid the key escrow problem and vulnerable to malicious attacks. To overcome these issues, we propose a secure and robust group‐based handover (SRGH) AKA protocol for mass MTCDs in LTE‐A network. The protocol establishes the group key update mechanism with forward/backward secrecy. The formal security proof demonstrates that the protocol achieves all the security properties including session key secrecy and data integrity. Furthermore, the formal verification using the AVISPA tool shows the correctness and informal analysis discusses the resistance from various security problems. The performance evaluation illustrates that the proposed protocol obtains substantial efficiency compared with the existing group‐based handover AKA protocols.     

A new ontology‐based multi agent framework for intrusion detection

Ontologies play an essential role in knowledge sharing and exploration, especially in multiagent systems. Intrusion is an unauthorized activity in a network, which is achieved by either active manner (information gathering) or passive manner (harmful packet forwarding). Most of the existing intrusion detection system (IDS) suffers from the following issues: it is usually adjusted to detect known service level network attacks and leaves from vulnerable to original and novel malicious attacks. Thus, it provides low accuracy and detection rate, which are the important problems of existing IDS. To overwhelm these drawbacks, an ontology‐based multiagent IDS framework is developed in this work for intrusion detection. The main intention of this work is to detect the network attacks with the help of multiple detection agents. In this analysis, there are 3 different types of agents, ie, IDS broker, deputy commander, and response agent, which are used to prevent and detect the attacks in a network. The novel concept of this work is based on the concept of signature matching; it identifies and detects the attackers with the help of multiple agents.     

An incremental intrusion detection system using a new semi‐supervised stream classification method

In recent years, the utilization of machine learning and data mining techniques for intrusion detection has received great attention by both security research communities and intrusion detection system (IDS) developers. In intrusion detection, the most important constraints are the imbalanced class distribution, the scarcity of the labeled data, and the massive amounts of network flows. Moreover, because of the dynamic nature of the network flows, applying static learned models degrades the detection performance significantly over time. In this article, we propose a new semi‐supervised stream classification method for intrusion detection, which is capable of incremental updating using limited labeled data. The proposed method, called the incremental semi‐supervised flow network‐based IDS (ISF‐NIDS), relies on an incremental mixed‐data clustering, a new supervised cluster adjustment method, and an instance‐based learning. The ISF‐NIDS operates in real time and learns new intrusions quickly using limited storage and processing power. The experimental results on the KDD99, Moore, and Sperotto benchmark datasets indicate the superiority of the proposed method compared with the existing state‐of‐the‐art incremental IDSs.     

定量和定性相结合的物联网漏洞分类方法研究

为解决物联网漏洞数量规模巨大、分类方法欠缺问题,针对已有漏洞分类方法应用于物联网漏洞存在覆盖不完全、交叉重叠现象严重的现状,提出从物联网设备、同源跨平台漏洞以及漏洞的影响效果和漏洞利用复杂度3个维度对物联网漏洞进行科学分类的方法——VCECI。首先研究传统漏洞分类方法的特点和物联网产品研发固有特点,分析物联网漏洞分类不完善的原因。其次,对VCECI方法定量和定性相结合的分类过程进行深入论述。最后,结合实验分析该方法的应用效果。实验结果表明,VCECI方法对物联网漏洞具有较好的标识和去重能力,能够有效表示物联网漏洞的异构多样性特点。     

FuzMet: a fuzzy‐logic based alert prioritization engine for intrusion detection systems

Intrusion detection systems (IDSs) are designed to monitor a networked environment and generate alerts whenever abnormal activities are detected. The number of these alerts can be very large, making their evaluation by security analysts a difficult task. Management is complicated by the need to configure the different components of alert evaluation systems. In addition, IDS alert management techniques, such as clustering and correlation, suffer from involving unrelated alerts in their processes and consequently provide results that are inaccurate and difficult to manage. Thus the tuning of an IDS alert management system in order to provide optimal results remains a major challenge, which is further complicated by the large spectrum of potential attacks the system can be subject to. This paper considers the specification and configuration issues of FuzMet, a novel IDS alert management system which employs several metrics and a fuzzy‐logic based approach for scoring and prioritizing alerts. In addition, it features an alert rescoring technique that leads to a further reduction in the number of alerts. Comparative results between SNORT scores and FuzMet alert prioritization onto a real attack dataset are presented, along with a simulation‐based investigation of the optimal configuration of FuzMet. The results prove the enhanced intrusion detection accuracy brought by our system. Copyright © 2011 John Wiley & Sons, Ltd.     

基于入侵检测技术的MANET安全研究

入侵检测系统可显著提高移动自组网络的安全水平。文中分析了MANET的IDS的特点,并对IDS一些典型安全方案的研究现状进行分类阐述,分析了各种方案的优点和缺点。阐明目前研究存在的问题,并提出了相应的改进方法,且讨论了后续的研究方向。     

Intrusion detection techniques in mobile ad hoc and wireless sensor networks

Mobile ad hoc networks and wireless sensor networks have promised a wide variety of applications. However, they are often deployed in potentially adverse or even hostile environments. Therefore, they cannot be readily deployed without first addressing security challenges. Intrusion detection systems provide a necessary layer of in-depth protection for wired networks. However, relatively little research has been performed about intrusion detection in the areas of mobile ad hoc networks and wireless sensor networks. In this article, first we briefly introduce mobile ad hoc networks and wireless sensor networks and their security concerns. Then, we focus on their intrusion detection capabilities. Specifically, we present the challenge of constructing intrusion detection systems for mobile ad hoc networks and wireless sensor networks, survey the existing intrusion detection techniques, and indicate important future research directions.     

入侵检测技术研究现状与未来发展

入侵检测技术是一种主动防御型安全技术,可以弥补传统安全技术的不足.文章对入侵检测技术进行了归类,介绍了两种通用的入侵检测方法:一种是根据采集点的不同,将IDS分为基于主机的IDS和基于网络的IDS;另外一种是根据检测所基于的原则不同,将入侵检测系统划分为异常检测IDS和误用检测IDS.文章还对入侵检测技术的未来发展方向进行了讨论.     

Health care service delivery based on the Internet of things: A systematic and comprehensive study

Today, the Internet of Things (IoT) becomes a heterogeneous and highly distributed structure which can respond to the daily needs of people and different organizations. With the fast development of IT‐based technologies such as IoT and cloud computing, low‐cost health services and their support, efficient supervision of the centralized management, and monitoring of public health can be realized. Therefore, there has been increasing attention in the integration of IoT and health care both in academic and the business world. However, while the health care service industry fully holds the welfares of information systems for its personnel and patients, there is a need for an improved understanding of the issues and opportunities related to IoT‐based health care systems. But, as far as we know, the detailed review and deep discussion in this field are very rare. Hence, in this paper, we presented a literature review on the IoT‐based health care services from papers published until 2018. Moreover, the drawbacks and benefits of the reviewed mechanisms have been discussed, and the main challenges of these mechanisms are highlighted for developing more efficient IoT techniques over health care services in the future. The results of this paper will be valuable for both practitioners and academicians, and it can provide visions into future research areas in this domain. By providing comparative information and analyzing the current developments in this area, this paper will directly support academics and working professionals for better knowing the progress in IoT mechanisms. As a general result, we found that IoT could help the governments to improve health services in society and commercial interactions.     

入侵检测技术及其发展趋势

入侵检测是一个主动的和重要的网络安全研究领域，首先介绍了入侵检测系统的发展过程；阐述了入侵检测系统的功能、通用模型夏分类，并重点分析了入侵检测系统的各种入侵检测技术；最后指出了目前入侵检测系统面临的主要挑战，并提出了入侵检测技术的未来发展趋势。     

浅谈网络入侵检测技术

介绍了网络入侵检测系统的概念及分类，阐述了IDS的工作原理及技术，对IDS的发展方向提出了建议。     

Survey on recent advances in IoT application layer protocols and machine learning scope for research directions

The Internet of Things (IoT) has been growing over the past few years due to its flexibility and ease of use in real-time applications. The IoT's foremost task is ensuring that there is proper communication among different types of applications and devices, and that the application layer protocols fulfill this necessity. However, as the number of applications grows, it is necessary to modify or enhance the application layer protocols according to specific IoT applications, allowing specific issues to be addressed, such as dynamic adaption to network conditions and interoperability. Recently, several IoT application layer protocols have been enhanced and modified according to application requirements. However, no existing survey articles focus on these protocols. In this article, we survey traditional and recent advances in IoT application layer protocols, as well as relevant real-time applications and their adapted application layer protocols for improving performance. As changing the nature of protocols for each application is unrealistic, machine learning offers means of making protocols intelligent and is able to adapt dynamically. In this context, we focus on providing open challenges to drive IoT application layer protocols in such a direction.     

Control and Communication Challenges in Networked Real-Time Systems

A current survey of the emerging field of networked control systems is provided. The aim is to introduce the fundamental issues involved in designing successful networked control systems, to provide a snapshot assessment of the current state of research in the field, to suggest useful future research directions, and to provide a broad perspective on recent fundamental results. Reflecting the goals of the Special Issue itself, this paper surveys relevant work from the areas of systems and control, signal processing, detection and estimation, data fusion, and distributed systems. We discuss appropriate network architectures, topics such as coding for robustly stable control in the presence of time-varying channel capacity, channels with fixed versus adaptively variable data width, issues in data rate problems in nonlinear feedback problems, and problems in routing for stability and performance. In surveying current research on networked control systems, we find that recent theoretical advances and target applications are intimately intertwined. The common goal of papers in the Special Issue which follows is to describe key aspects of this relationship. We also aim to provide a bridge between networked control systems and closely related contemporary work dealing with sensor networks and wireless communication protocols     

A Game Theory Based Multi Layered Intrusion Detection Framework for Wireless Sensor Networks

Most of the existing intrusion detection frameworks proposed for wireless sensor networks (WSNs) are computation and energy intensive, which adversely affect the overall lifetime of the WSNs. In addition, some of these frameworks generate a significant volume of IDS traffic, which can cause congestion in bandwidth constrained WSNs. In this paper, we aim to address these issues by proposing a game theory based multi layered intrusion detection framework for WSNs. The proposed framework uses a combination of specification rules and a lightweight neural network based anomaly detection module to identify the malicious sensor nodes. Additionally, the framework models the interaction between the IDS and the sensor node being monitored as a two player non-cooperative Bayesian game. This allows the IDS to adopt probabilistic monitoring strategies based on the Bayesian Nash Equilibrium of the game and thereby, reduce the volume of IDS traffic introduced into the sensor network. The framework also proposes two different reputation update and expulsion mechanisms to enforce cooperation and discourage malicious behavior among monitoring nodes. These mechanisms are based on two different methodologies namely, Shapley Value and Vickery–Clark–Grooves (VCG) mechanism. The complexity analysis of the proposed reputation update and expulsion mechanisms have been carried out and are shown to be linear in terms of the input sizes of the mechanisms. Simulation results show that the proposed framework achieves higher accuracy and detection rate across wide range of attacks, while at the same time minimizes the overall energy consumption and volume of IDS traffic in the WSN.     

IDNet: Beyond All‐IP Network

Recently, new network systems have begun to emerge (for instance, 5G, IoT, and ICN) that require capabilities beyond that provided by existing IP networking. To fulfill the requirements, some new networking technologies are being proposed. The promising approach of the new networking technology is to try to overcome the architectural limitations of IP networking by adopting an identifier (ID)‐based networking concept in which communication objects are identified independently from a specific location and mechanism. However, we note that existing ID‐based networking proposals only partially meet the requirements of emerging and future networks. This paper proposes a new ID‐based networking architecture and mechanisms, named IDNet, to meet all of the requirements of emerging and future networks. IDNet is designed with four major functional blocks — routing, forwarding, mapping system, and application interface. For the proof of concept, we develop numeric models for IDNet and implement a prototype of IDNet.     

RAD‐EI: A routing attack detection scheme for edge‐based Internet of Things environment

Internet of Things (IoT) offers various types of application services in different domains, such as “smart infrastructure, health‐care, critical infrastructure, and intelligent transportation system.” The name edge computing signifies a corner or edge in a network at which traffic enters or exits from the network. In edge computing, the data analysis task happens very close to the IoT smart sensors and devices. Edge computing can also speed up the analysis process, which allows decision makers to take action within a short duration of time. However, edge‐based IoT environment has several security and privacy issues similar to those for the cloud‐based IoT environment. Various types of attacks, such as “replay, man‐in‐the middle, impersonation, password guessing, routing attack, and other denial of service attacks” may be possible in edge‐based IoT environment. The routing attacker nodes have the capability to deviate and disrupt the normal flow of traffic. These malicious nodes do not send packets (messages) to the edge node and only send packets to its neighbor collaborator attacker nodes. Therefore, in the presence of such kind of routing attack, edge node does not get the information or sometimes it gets the partial information. This further affects the overall performance of communication of edge‐based IoT environment. In the presence of such an attack, the “throughput of the network” decreases, “end‐to‐end delay” increases, “packet delivery ratio” decreases, and other parameters also get affected. Consequently, it is important to provide solution for such kind of attack. In this paper, we design an intrusion detection scheme for the detection of routing attack in edge‐based IoT environment called as RAD‐EI. We simulate RAD‐EI using the widely used “NS2 simulator” to measure different network parameters. Furthermore, we provide the security analysis of RAD‐EI to prove its resilience against routing attacks. RAD‐EI accomplishes around 95.0% “detection rate” and 1.23% “false positive rate” that are notably better than other related existing schemes. In addition, RAD‐EI is efficient in terms of computation and communication costs. As a result, RAD‐EI is a good match for some critical and sensitive applications, such as smart security and surveillance system.     

Optimized deep learning-based intrusion detection for wireless sensor networks

The technological innovations and wide use of Wireless Sensor Network (WSN) applications need to handle diverse data. These huge data possess network security issues as intrusions that cannot be neglected or ignored. An effective strategy to counteract security issues in WSN can be achieved through the Intrusion Detection System (IDS). IDS ensures network integrity, availability, and confidentiality by detecting different attacks. Regardless of efforts by various researchers, the domain is still open to obtain an IDS with improved detection accuracy with minimum false alarms to detect intrusions. Machine learning models are deployed as IDS, but their potential solutions need to be improved in terms of detection accuracy. The neural network performance depends on feature selection, and hence, it is essential to bring an efficient feature selection model for better performance. An optimized deep learning model has been presented to detect different types of attacks in WSN. Instead of the conventional parameter selection procedure for Convolutional Neural Network (CNN) architecture, a nature-inspired whale optimization algorithm is included to optimize the CNN parameters such as kernel size, feature map count, padding, and pooling type. These optimized features greatly improved the intrusion detection accuracy compared to Deep Neural network (DNN), Random Forest (RF), and Decision Tree (DT) models.     

面向集群计算机的入侵检测系统设计

随着网络技术的飞速发展,高速网络不断涌现,这对入侵检测技术提出了更高的要求.而传统的网络入侵检测系统一般只能处理百兆以下的网络流量.为了应对高速网下的入侵检测,文中通过调研和分析,建立面向集群系统的入侵检测系统理论框架和系统结构,详尽介绍了该系统的总体结构,并着重讨论了它的实现及关键技术.     

两阶段二进制物联网固件漏洞检测方法研究

物联网(internet of things, IoT )设备漏洞带来的安全问题引发了研究人员的广泛关注,出于系统稳定性的考虑,设备厂商往往不会及时更新IoT固件中的补丁,导致漏洞对设备安全性影响时间更长;同时,大部分IoT固件文件源码未知,对其进行漏洞检测的难度更大。基于机器学习的代码比较技术可以有效应用于IoT设备的漏洞检测,但是这些技术存在因代码特征提取粒度粗、提取的语义特征不充分和代码比较范围未进行约束而导致的高误报问题。针对这些问题,提出一种基于神经网络的两阶段IoT固件漏洞检测方法。基于代码的多维特征缩小代码比较范围,提高比较的效率和精确度;再基于代码特征,用神经网络模型对代码相似程度进行学习,从而判断二进制IoT固件的代码与漏洞代码的相似程度,以检测IoT固件中是否存在漏洞,最后实验证明了所提方法在IoT固件检测中的有效性。     

The IoT Architectural Framework,Design Issues and Application Domains

The challenge raised by the introduction of Internet of Things (IoT) concept will permanently shape the networking and communications landscape and will therefore have a significant social impact. The ongoing IoT research activities are directed towards the definition and design of open architectures and standards, but there are still many issues requiring a global consensus before the final deployment. The paper presents and discusses the IoT architectural frameworks proposed under the ongoing standardization efforts, design issues in terms of IoT hardware and software components, as well as the IoT application domain representatives, such as smart cities, healthcare, agriculture, and nano-scale applications (addressed within the concept of Internet of Nano-Things). In order to obtain the performances related to recently proposed protocols for emerging Industrial Internet of Things applications, the preliminary results for Message Queuing Telemetry Transport and Time-Slotted Channel Hopping protocols are provided. The testing was performed on OpenMote hardware platform and two IoT operating systems: Contiki and OpenWSN.