An efficient weighted trust‐based malicious node detection scheme for wireless sensor networks

The aim of wireless sensor networks (WSNs) is to gather sensor data from a monitored environment. However, the collected or reported information might be falsified by faults or malicious nodes. Hence, identifying malicious nodes in an effective and timely manner is essential for the network to function properly and reliably. Maliciously behaving nodes are usually detected and isolated by reputation and trust‐based schemes before they can damage the network. In this paper, we propose an efficient weighted trust‐based malicious node detection (WT‐MND) scheme that can detect malicious nodes in a clustered WSN. The node behaviors are realistically treated by accounting for false‐positive and false‐negative instances. The simulation results confirm the timely identification and isolation of maliciously behaving nodes by the WT‐MND scheme. The effectiveness of the proposed scheme is afforded by the adaptive trust‐update process, which implicitly performs trust recovery of temporarily malfunctioning nodes and computes a different trust‐update factor for each node depending on its behavior. The proposed scheme is more effective and scalable than the related schemes in the literature, as evidenced by its higher detection ratio (DR) and lower misdetection ratio (MDR), which only slightly vary with the network's size. Moreover, the scheme sustains its efficient characteristics without significant power consumption overheads.     

Distributed detection of mobile malicious node attacks in wireless sensor networks

In wireless sensor networks, sensor nodes are usually fixed to their locations after deployment. However, an attacker who compromises a subset of the nodes does not need to abide by the same limitation. If the attacker moves his compromised nodes to multiple locations in the network, such as by employing simple robotic platforms or moving the nodes by hand, he can evade schemes that attempt to use location to find the source of attacks. In performing DDoS and false data injection attacks, he takes advantage of diversifying the attack paths with mobile malicious nodes to prevent network-level defenses. For attacks that disrupt or undermine network protocols like routing and clustering, moving the misbehaving nodes prevents them from being easily identified and blocked. Thus, mobile malicious node attacks are very dangerous and need to be detected as soon as possible to minimize the damage they can cause. In this paper, we are the first to identify the problem of mobile malicious node attacks, and we describe the limitations of various naive measures that might be used to stop them. To overcome these limitations, we propose a scheme for distributed detection of mobile malicious node attacks in static sensor networks. The key idea of this scheme is to apply sequential hypothesis testing to discover nodes that are silent for unusually many time periods—such nodes are likely to be moving—and block them from communicating. By performing all detection and blocking locally, we keep energy consumption overhead to a minimum and keep the cost of false positives low. Through analysis and simulation, we show that our proposed scheme achieves fast, effective, and robust mobile malicious node detection capability with reasonable overhead.     

A novel approach for mitigating gray hole attack in MANET

Mobile ad hoc network (MANET) is defined as the category of wireless network that is capable of operating without any fixed infrastructure. The main assumption considered in this network is that all nodes are trusted nodes but in real scenario, some nodes can be malicious node and therefore can perform selective dropping of data packets instead of forwarding the data packets to the destination node. These malicious nodes behave normally during route discovery phase and afterwards drop fractions of the data packets routed through them. Such type of attack is known as smart gray hole attack which is variation of sequence number based gray hole attack. In this paper, we have launched smart gray hole attack and proposed a new mechanism for mitigating the impact of smart gray hole attack. Mitigating Gray hole Attack Mechanism (MGAM) uses several special nodes called as G-IDS (gray hole-intrusion detection system) nodes which are deployed in MANETs for detecting and preventing smart gray hole attack. G-IDS nodes overhear the transmission of its neighbouring nodes and when it detects that the node is dropping the data packets which are greater than threshold value then it broadcast the ALERT message in the network notifying about the identity of malicious node. The identified malicious is then blocked from further its participation by dropping the request and reply packet. In order to validate the effectiveness of our proposed mechanism, NS-2.35 simulator is used. The simulation results show that the proposed mechanism performs slightly well as compared with the existing scheme under smart gray hole attack.     

Exploiting the control power of SDN during the transition from IP to SDN networks

The emerging software‐defined networking (SDN) paradigm introduces new opportunities to improve network performance due to the flexibility and programmability provided by a logically centralized element named controller. However, a rapid adoption of the full SDN architecture is difficult in the short term due to economic and technical reasons. This paper faces the SDN nodes replacement problem during the transition from traditional IP networks to fully deployed SDN networks. Six different replacement methods are proposed to select the most appropriate set of traditional IP nodes to be upgraded to SDN‐enabled switches at a particular transition stage. To show the effectiveness of the proposed methods, they have been applied on an optimization problem currently studied by the research community: the power consumption problem. An integer linear programming formulation is presented to solve it and a genetic algorithm is evaluated through simulations on realistic network topologies. Results highlight that energy‐efficiency in hybrid IP/SDN networks can be significantly improved by only replacing a reduced number of IP nodes.     

一种基于Viterbi算法的虚拟网络功能自适应部署方法

为了应对移动数据流量的爆炸性增长,5G移动通信网将引入新型的架构设计。软件定义网络和网络功能虚拟化是网络转型的关键技术,将驱动移动通信网络架构的创新,服务链虚拟网络功能的部署是网络虚拟化研究中亟待解决的问题。该文针对已有部署方法未考虑服务链中虚拟网络功能间顺序约束和移动业务特点的问题,提出一种基于Viterbi算法的虚拟网络功能自适应部署方法。该方法实时感知底层节点的资源变化并动态调整拓扑结构,采用隐马尔科夫模型描述满足资源约束的可用的底层网络节点拓扑信息,基于Viterbi算法在候选节点中选择时延最短的服务路径。实验表明,与其它的虚拟网络功能部署方法相比,该方法降低了服务链的服务处理时间,并提高了服务链的请求接受率和底层资源的成本效率。     

基于加权信任优化的传感器网络安全实现

In this paper, an optimized malicious nodes detection algorithm, based on Weighted Confidence Filter (WCF), is proposed to protect sensor networks from attacks. In this algorithm, each cluster head in a cluster-based hierarchical network figures out an average confidence degree by means of messages from its child nodes. The cluster head only accepts a message from the child node whose confidence degree is higher than the average. Meanwhile, it updates the confidence degrees for each of its child nodes by comparing the aggregation value and the received messages, and regards them as the weight of exactness of messages from nodes. A sensor node is judged to be malicious if its weight value is lower than the predefined threshold. Comparative simulation results verify that the proposed WCF algorithm is better than the Weighted Trust Evaluation (WTE) in terms of the detection ratio and the false alarm ratio. More specifically, with the WCF, the detection ratio is significantly improved and the false alarm ratio is observably reduced, especially when the malicious node ratio is 0.25 or greater. When 40% of 100 sensors are malicious, the detection accuracy is above 90% and the false alarm ratio is nearly only 1.8% .     

Secure access of resources in software‐defined networks using dynamic access control list

Software‐defined networking (SDN) creates a platform to dynamically configure the networks for on‐demand services. SDN can easily control the data plane and the control plane by implementing the decoupling concept. SDN controller will regulate the traffic flow and creates the new flow label based on the packet dump received from the OpenFlow virtual switches. SDN governs both data information and control information toward the destination based on flow label, but it does not contain security measure to restrict the malicious traffic. The malicious denial‐of‐service (DoS) attack traffic is generated inside the SDN environment; it leads to the service unavailability. This paper is mainly focused on the detection of DoS attacks and also mitigates the malicious traffic by dynamically configuring the firewall. The SDN with dynamic access control list properties is emulated by mininet, and the experimental results exemplify the service unavailable gap between acceptance and rejection ratio of the packets.     

On the Detection of Clones in Sensor Networks Using Random Key Predistribution

Random key predistribution security schemes are well suited for use in sensor networks due to their low overhead. However, the security of a network using predistributed keys can be compromised by cloning attacks. In this attack, an adversary breaks into a sensor node, reprograms it, and inserts several copies of the node back into the sensor network. Cloning gives the adversary an easy way to build an army of malicious nodes that can cripple the sensor network. In this paper, we propose an algorithm that a sensor network can use to detect the presence of clones. Keys that are present on the cloned nodes are detected by looking at how often they are used to authenticate nodes in the network. Simulations verify that the proposed method accurately detects the presence of clones in the system and supports their removal. We quantify the extent of false positives and false negatives in the clone detection process.     

An EDRI-based approach for detecting and eliminating cooperative black hole nodes in MANET

Mobile Ad hoc Network (MANET) is a self-configurable, self-maintenance network with wireless, mobile nodes. Special features of MANET like dynamic topology, hop-by-hop communications and open network boundary, made security highly challengeable in this network. From security aspect, routing protocols are highly vulnerable against a wide range of attacks like black hole. In black hole attack malicious node injects fault routing information to the network and leads all data packets toward it-self. In this paper, we proposed an approach to detect and eliminate cooperative malicious nodes in MANET with AODV routing protocol. A data control packet is used in order to check the nodes in selected path; also, by using an Extended Data Routing Information table, all malicious nodes in selected path are detected, then, eliminated from network. For evaluation, our approach and a previous work have been implemented using Opnet 14 in different scenarios. Referring to simulation results, the proposed approach decreases packet overhead and delay of security mechanism with no false positive detection. In addition, network throughput is improved by using the proposed approach.     

泛洪攻击对Epidemic机制下机会网络生命期的影响

机会网络应用中存在能量无法补充的场景,泛洪是机会网络中容易发生的攻击行为。从理论上分析了在Epidemic路由机制下,泛洪攻击导致的节点能量消耗以及对网络生命期的影响。分析表明恶意节点数量的增加会对网络生命期产生显著影响,而恶意节点注入的数据分组的数量仅能在特定的场景下产生影响,且影响轻微。使用ONE仿真平台对泛洪攻击进行了仿真实验,仿真结果与理论分析的结论一致。     

恶意节点容忍的间断连接无线网络消息转发策略

间断连接无线网络中的节点以协作方式完成消息投递,恶意节点将严重影响网络性能。利用节点历史行为信息,该文提出一种恶意节点容忍的消息转发策略,节点结合直接观察信息与邻居节点的推荐信息,通过动态推荐声誉阈值感知节点恶意行为,进而利用证据理论量化节点信任度,从而检测网络中串谋及独立的恶意节点,为消息选择最优的转发节点。结果表明,在带有串谋的恶意攻击下,所提出的消息转发策略能准确检测出恶意节点,并显著提高消息投递率,改善平均时延。     

基于FSM检测的移动自组网攻击分类研究

在移动自组网环境下,由于移动节点可能被攻击截获,导致攻击从内部产生,传统的网络安全措施难以应用,只有通过入侵检测才能发现攻击者。通过分析移动自组网的攻击类型,并构造从恶意节点发起的攻击树,采用有限状态机的思想,设计一个基于FSM的入侵检测算法。采用该算法的入侵检测系统可通过邻居节点的监视,实时地检测到节点的各种攻击行为。     

一种基于数据平面可编程的软件定义网络报文转发验证机制

针对软件定义网络(SDN)中OpenFlow协议匹配字段固定且数量有限,数据流转发缺少有效的转发验证机制等问题,该文提出一种基于数据平面可编程的软件定义网络报文转发验证机制。通过为数据报文添加自定义密码标识,将P4转发设备加入基于OpenFlow的软件定义网络,在不影响数据流正常转发的基础上,对网络业务流精确控制和采样。控制器验证采样业务报文完整性,并针对异常报文下发流规则至OpenFlow转发设备,对恶意篡改、伪造等异常数据流进行转发控制。最后,构建基于开源BMv2的P4转发设备和基于OpenFlow的Open vSwitch转发设备的转发验证原型,并构建仿真网络进行实验。实验结果表明,该机制能够有效检测业务报文篡改、伪造等转发异常行为,与同类验证机制相比,在安全验证处理开销保持不变的情况下,能够实现更细粒度的业务流精确控制采样和更低的转发时延。     

Emulating Software Defined Network using Mininet-ns3-WIFI Integration for Wireless Networks

SDN enables a new networking paradigm probable to improve system efficiency where complex networks are easily managed and controlled. SDN allows network virtualization and advance programmability for customizing the behaviour of networking devices with user defined features even at run time. SDN separates network control and data planes. Intelligently controlled network management and operation, such that routing is eliminated from forwarding elements (switches) while shifting the routing logic in a centralized module named SDN Controller. Mininet is Linux based network emulator which is cost effective for implementing SDN having in built support of OpenFlow switches. This paper presents practical implementation of Mininet with ns-3 using Wi-Fi. Previous results reported in literature were limited upto 512 nodes in Mininet. Tests are conducted in Mininet by varying number of nodes in two distinct scenarios based on scalability and resource capabilities of the host system. We presented a low cost and reliable method allowing scalability with authenticity of results in real time environment. Simulation results show a marked improvement in time required for creating a topology designed for 3 nodes with powerful resources i.e. only 0.077 sec and 4.512 sec with limited resources, however with 2047 nodes required time is 1623.547 sec for powerful resources and 4615.115 sec with less capable resources respectively.

     

DDoS攻击恶意行为知识库构建

针对分布式拒绝服务（distributed denial of service,DDoS）网络攻击知识库研究不足的问题,提出了DDoS攻击恶意行为知识库的构建方法。该知识库基于知识图谱构建,包含恶意流量检测库和网络安全知识库两部分：恶意流量检测库对 DDoS 攻击引发的恶意流量进行检测并分类;网络安全知识库从流量特征和攻击框架对DDoS 攻击恶意行为建模,并对恶意行为进行推理、溯源和反馈。在此基础上基于DDoS 开放威胁信号（DDoS open threat signaling,DOTS）协议搭建分布式知识库,实现分布式节点间的数据传输、DDoS攻击防御与恶意流量缓解功能。实验结果表明,DDoS攻击恶意行为知识库能在多个网关处有效检测和缓解DDoS攻击引发的恶意流量,并具备分布式知识库间的知识更新和推理功能,表现出良好的可扩展性。     

Mobile Malicious Node Detection Using Mobile Agent in Cluster-Based Wireless Sensor Networks

Many application domains require that sensor node to be deployed in harsh or hostile environments, such as active volcano area tracking endangered species, etc. making these nodes more prone to failures. The most challenging problem is monitoring the illegal movement within the sensor networks. Attacker prefers mobile malicious node because by making the diversity of path intruder maximize his impact. The emerging technology of sensor network expected Intrusion detection technique for a dynamic environment. In this paper, a defective mechanism based on three-step negotiation is performed for identifying the mobile malicious node using the mobile agent. In many approaches, the multi-mobile agents are used to collect the data from all the sensor nodes after verification. But it is inefficient to verify all the sensor nodes (SNs) in the network, because of mobility, energy consumption, and high delay. In the proposed system this can be solved by grouping sensor nodes into clusters and a single mobile agent performs verification only with all the cluster heads instead of verifying all the SNs. The simulation result shows the proposed system shows a better result than the existing system.

     

An enhanced performance through agent-based secure approach for mobile ad hoc networks

This paper proposes an agent-based secure enhanced performance approach (AB-SEP) for mobile ad hoc network. In this approach, agent nodes are selected through optimal node reliability as a factor. This factor is calculated on the basis of node performance features such as degree difference, normalised distance value, energy level, mobility and optimal hello interval of node. After selection of agent nodes, a procedure of malicious behaviour detection is performed using fuzzy-based secure architecture (FBSA). To evaluate the performance of the proposed approach, comparative analysis is done with conventional schemes using performance parameters such as packet delivery ratio, throughput, total packet forwarding, network overhead, end-to-end delay and percentage of malicious detection.     

Attack-resistant cooperation stimulation in autonomous ad hoc networks

In autonomous ad hoc networks, nodes usually belong to different authorities and pursue different goals. In order to maximize their own performance, nodes in such networks tend to be selfish, and are not willing to forward packets for the benefits of other nodes. Meanwhile, some nodes might behave maliciously and try to disrupt the network and waste other nodes' resources. In this paper, we present an attack-resilient cooperation stimulation (ARCS) system for autonomous ad hoc networks to stimulate cooperation among selfish nodes and defend against malicious attacks. In the ARCS system, the damage that can be caused by malicious nodes can be bounded, the cooperation among selfish nodes can be enforced, and the fairness among nodes can also be achieved. Both theoretical analysis and simulation results have confirmed the effectiveness of the ARCS system. Another key property of the ARCS system lies in that it is completely self-organizing and fully distributed, and does not require any tamper-proof hardware or central management points.     

面向移动网络环境的智能协同蜜网设计与性能分析

在移动网络环境下,因各移动蜜罐资源有限、攻击注入手段灵活多变,需要动态部署蜜网以协同地检测攻击行为特征。然而现有蜜网易遭受特征识别攻击、网内恶意流量肆意传播、不能跨蜜罐迁移连接。为此,基于软件定义网络（software defined networking,SDN）技术,设计了一种智能协同蜜网（intelligent and collaborative Honeynet,ic-Honeynet）系统。它由逆向连接代理模块和蜜网控制器组成,它的优势在于逐一克服了上述3个缺陷。最后,搭建了一个ic-Honeynet实验环境,并验证了该系统的有效性。实验结果表明：该系统吞吐量近乎线速,高达8.23 Gbit/s;响应时延额外增加很小,仅在0.5～1.2 ms区间变化;连接处理能力也很强,可高达1 473个连接/s。     

A virtualized infrastructure to offer network mapping functionality in SDN networks

The separation of control and forwarding planes in software‐defined networking (SDN) networks is a key issue of the SDN technology. This feature and the existence of the SDN controller allow the developing of dynamic, adaptable and manageable networks, networks that require adequate services, and applications. However, the separation of these planes prevents the use of existing powerful tools that were coded considering traditional networks. In this paper, we make use of the potential of network virtualization (NV) technologies to propose the use of a virtualized infrastructure that makes possible the incorporation of these existing services and/or applications to an SDN network, without the need for programming additional and complex software modules in the SDN controller. Thus, in this paper, NV is not employed to develop a network managed by SDN but to broaden and give support to the SDN control layer. As an example, we describe the incorporation of nmap (a versatile and powerful tool widely used by security experts for network exploration) into the SDN framework. It is only necessary to develop a simple control plane service that thanks to the proposed virtualized infrastructure allows the inclusion of this powerful management application. The result offers the complete functionality of the nmap utility to the network administrators, who control the SDN network through the out‐of‐band control plane. In addition, a northbound REST API has been defined to offer the main functionality of the tool (host discovery, port scanning, and operating system detection) to the application layer.