PUE attack detection in CWSNs using anomaly detection techniques
Posted on by jblesa

Title: PUE attack detection in CWSNs using anomaly detection techniques
Authors: Javier Blesa, Elena Romero, Alba Rozas and Alvaro Araujo
Published in: EURASIP Journal on Wireless Communications and Networking 
Date of Publication: September 2013
Digital Object Identifier : 10.1186/1687-1499-2013-215
Web: http://jwcn.eurasipjournals.com/content/2013/1/215

Cognitive wireless sensor network (CWSN) is a new paradigm, integrating cognitive features in traditional wireless sensor networks (WSNs) to mitigate important problems such as spectrum occupancy. Security in cognitive wireless sensor networks is an important problem since these kinds of networks manage critical applications and data. The specific constraints of WSN make the problem even more critical, and effective solutions have not yet been implemented. Primary user emulation (PUE) attack is the most studied specific attack deriving from new cognitive features. This work discusses a new approach, based on anomaly behavior detection and collaboration, to detect the primary user emulation attack in CWSN scenarios. Two non-parametric algorithms, suitable for low-resource networks like CWSNs, have been used in this work: the cumulative sum and data clustering algorithms. The comparison is based on some characteristics such as detection delay, learning time, scalability, resources, and scenario dependency. The algorithms have been tested using a cognitive simulator that provides important results in this area. Both algorithms have shown to be valid in order to detect PUE attacks, reaching a detection rate of 99% and less than 1% of false positives using collaboration.

clusters

 

Improving Security in WMNs with Reputation Systems and Self-Organizing Maps
Posted on by araujo

Title: Improving Security in WMNs with Reputation Systems and Self-Organizing Maps
Authors: Z. Bankovic, D. Fraga, José M. Moya, J.C. Vallejo, P. Malagón, A. Araujo, J.M. de Goyeneche, E. Romero, J. Blesa, D. Villanueva, O. Nieto-Taladriz
Published in: Journal of Network and Computer Applications, Special Issue “Wireless Mesh Networks”ISSN : 1084–8045
Date of Publication: April 2010
Digital Object Identifier : 10.1016/j.jnca.2010.03.023
Web: http://www.sciencedirect.com/science/article/pii/S1084804510000585

One of the most important problems of WMNs, that is even preventing them from being used in many sensitive applications, is the lack of security. To ensure security of WMNs, two strategies need to be adopted: embedding security mechanisms into the network protocols, and developing efficient intrusion detection and reaction systems. To date, many secure protocols have been proposed, but their role of defending attacks is very limited. The cloud vulnerability scanning tool is what is needed to make sure one safeguards their data.

We present a framework for intrusion detection in WMNs that is orthogonal to the network protocols. It is based on a reputation system, that allows to isolate ill-behaved nodes by rating their reputation as low, and distributed agents based on unsupervised learning algorithms (self-organizing maps), that are able to detect deviations from the normal behavior. An additional advantage of this approach is that it is quite independent of the attacks, and therefore it can detect and confine new, previously unknown, attacks. Unlike previous approaches, and due to the inherent insecurity of WMN nodes, we assume that confidentiality and integrity cannot be preserved for any single node.

wsn2

Using Reputation Systems and Non-Deterministic Routing to Secure Wireless Sensor Networks
Posted on by araujo

Title: Using Reputation Systems and Non-Deterministic Routing to Secure Wireless Sensor Networks
Authors: José M. Moya, J.C. Vallejo, D. Fraga, A. Araujo, D. Villanueva,J.M. de Goyeneche
Published in: Sensors, Vol 9
ISSN : 1424–8220
Date of Publication: May 2009
Digital Object Identifier : 10.3390/s90503958
Web: http://www.mdpi.com/1424-8220/9/5/3958

Security in wireless sensor networks is difficult to achieve because of the resource limitations of the sensor nodes. We propose a trust-based decision framework for wireless sensor networks coupled with a non-deterministic routing protocol. Both provide a mechanism to effectively detect and confine common attacks, and, unlike previous approaches, allow bad reputation feedback to the network. This approach has been extensively simulated, obtaining good results, even for unrealistically complex attack scenarios.

amisec-elements

 

Distributed Intrusion Detection System for Wireless Sensor Networks based on a Reputation System coupled with Kernel Self-Organizing Maps
Posted on by araujo

Title: Distributed Intrusion Detection System for Wireless Sensor Networks based on a Reputation System coupled with Kernel Self-Organizing Maps
Authors: Z. Bankovic´, J.M. Moya, A. Araujo, D. Fraga, J.C. Vallejo, J.M. de Goyeneche
Published in: Integrated Computer-Aided Engineering, Vol 17
ISSN : 1069–2509
Date of Publication: April 2010
Digital Object Identifier : 10.3233/ICA-2010-0334
Web: http://iospress.metapress.com/content/67t2t65423226255/

Security of sensor networks is a complicated task, mostly due to the limited resources of sensor units. The first line of defense, i.e. encryption and authentication, is useless if an attacker has entered the system, and it is also vulnerable to side-channel attacks. Thus, a second line of defense, known as Intrusion Detection, must be added in order to detect and eliminate attacks. In the recent past, various solutions for detecting intrusions have been proposed. Most of them are able to detect only a limited number of attacks. Further, the solutions that deploy machine learning techniques exhibit higher level of flexibility and adaptability. Yet, these techniques consume significant power and computational resources. In this work we propose a distributed intrusion detection system organized as a reputation system where the reputation of each node is assigned by self-organizing maps (SOM) trained for detecting intrusions. The response of the system consists in assigning low reputation values to the compromised nodes rendering them isolated from the rest of the network. Further, we propose the implementation of SOM algorithm using the energy-efficient SORU (Stream Oriented Reconfigurable Unit) co-processor developed by our research group. Our solution offers many benefits: scalable solution, fast response to adversarial activities, ability to detect unknown attacks, high adaptability and energy efficiency. The testing results demonstrate its high potential.

somcolor-after

Improving Security for SCADA Sensor Networks with Reputation Systems and Self- Organizing Maps
Posted on by araujo

Title: Improving Security for SCADA Sensor Networks with Reputation Systems and Self- Organizing Maps
Authors: José M. Moya, A. Araujo, Z. Bankovic, J.M. de Goyeneche, J.C. Vallejo, P. Malagón, D. Villanueva, D. Fraga, E. Romero, J. Blesa
Published in: Sensors, Vol 9
ISSN : 1424–8220
Date of Publication: November 2009
Digital Object Identifier : 10.3390/s91109380
Web: http://www.mdpi.com/1424-8220/9/11/9380

The reliable operation of modern infrastructures depends on computerized systems and Supervisory Control and Data Acquisition (SCADA) systems, which are also based on the data obtained from sensor networks. The inherent limitations of the sensor devices make them extremely vulnerable to cyberwarfare/cyberterrorism attacks. In this paper, we propose a reputation system enhanced with distributed agents, based on unsupervised learning algorithms (self-organizing maps), in order to achieve fault tolerance and enhanced resistance to previously unknown attacks. This approach has been extensively simulated and compared with previous proposals.

scada4