Intrusion Detection in Wireless Sensor Networks Group Meeting Spring 2005 Presented by Edith Ngai.

Slides:

Advertisements

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Advertisements

Chris Karlof and David Wagner

Security in Wireless Sensor Networks: Key Management Approaches

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

A Mobile Ad hoc Biosensor Network Muzammil KP S7,ECE Govt. Engg. College, Wayanad.

Application of Bayesian Network in Computer Networks Raza H. Abedi.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Intrusion Detection Techniques in Mobile Ad Hoc and Wireless Sensor Networks - IEEE October 2007 CMSC Advanced Computer Networks Oleg Aulov CMSC.

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

Multicasting in Mobile Ad-Hoc Networks (MANET)

IDS/IPS Definition and Classification

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

Distributed localization in wireless sensor networks

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

Wireless Sensor Network Security Anuj Nagar CS 590.

Introduction (Pendahuluan)  Information Security.

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

Host Intrusion Prevention Systems & Beyond

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Department Of Computer Engineering

Intrusion Detection System Marmagna Desai [ 520 Presentation]

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Optimal Activation of Intrusion Detection Agents for Wireless Sensor Networks Yulia Ponomarchuk and Dae-Wha Seo Kyungpook National University, Republic.

IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.

1 / 18 Fariba alamshahi Secure Routing and Intrusion Detection in Ad Hoc Networks Supervisor: Mr.zaker Translator: fariba alamshahi.

Weaponizing Wireless Networks: An Attack Tool for Launching Attacks against Sensor Networks Thanassis Giannetsos Tassos Dimitriou Neeli R. Prasad.

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

Microcontroller-Based Wireless Sensor Networks

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Security Patterns in Wireless Sensor Networks By Y. Serge Joseph October 8 th, 2009 Part I.

Intrusion Detection for Wireless Sensor Networks Qualifying Exam 28 th April 2005 Presented by Edith Ngai Supervised by Prof. Michael R. Lyu.

Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof David Wagner University of California at Berkeley 1st IEEE International.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Ad Hoc Network.

Security in Wireless Ad Hoc Networks. 2 Outline  wireless ad hoc networks  security challenges  research directions  two selected topics – rational.

Cryptography and Network Security Sixth Edition by William Stallings.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Overview of Wireless Networks: Cellular Mobile Ad hoc Sensor.

Overview of Cellular Networks Mobile Ad hoc Networks Sensor Networks.

1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.

1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.

Wireless Sensor Networks

1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.

Wireless Sensor Network: A Promising Approach for Distributed Sensing Tasks.

Mobile Ad Hoc Networking By Shaena Price. What is it? Autonomous system of routers and hosts connected by wireless links Can work flawlessly in a standalone.

In the name of God.

Overview of Wireless Networks:

Introduction to Wireless Sensor Networks

Presentation transcript:

Intrusion Detection in Wireless Sensor Networks Group Meeting Spring 2005 Presented by Edith Ngai

Outline Wireless sensor networks (WSN) Security in WSN Background on intrusion detection Intrusion detection in WSN Types of attacks Intrusion detection components Required technologies Future directions Conclusion

Technology trend Small integrated devices Smaller, cheaper, more powerful PDAs, mobile phones Many opportunities, and research areas Power management Distributed algorithms

Wireless sensor networks Wireless sensor node power supply sensors embedded processor wireless link Many, cheap sensors wireless  easy to install intelligent  collaboration low-power  long lifetime

Possible applications Military battlefield surveillance, biological attack detection, targeting Ecological fire detection, flood detection, agricultural uses Health related human physiological data monitoring Miscellaneous car theft detection, inventory control, home applications

Required technologies Efficient data routing ad-hoc network one or more ‘datasinks’ In-network data processing large amounts of raw data limited power and bandwidth Node localization

Security in WSN Main security threats in WSN are: Radio links are insecure – eavesdropping / injecting faulty information is possible Sensor nodes are not temper resistant – if it is compromised the attacker obtains all security information Protecting confidentiality, integrity, and availability of the communications and computations

Why security is different? Sensor Node Constraint Battery CPU power Memory Networking Constraints and Features Wireless Ad hoc Unattended

Network defense Protect - Encryption - Firewalls - Authentication - Biometrics Detect - Intrusions - Attacks - Misuse of Resources - Data Correlation - Data Visualization - Malicious Behaviors - Network Status/ Topology R eact - Response - Terminate Connections - Block IP Addresses - Containment - Recovery - Reconstitute

What is intrusion detection? Intrusion detection is the process of discovering, analyzing, and reporting unauthorized or damaging network or computer activities Intrusion detection discovers violations of confidentiality, integrity, and availability of information and resources

Intrusion detection demands: As much information as the computing resources can possibly collect and store Experienced personnel who can interpret network traffic and computer processes Constant improvement of technologies and processes to match pace of Internet innovation What is intrusion detection?

How useful is intrusion detection? Provide digital forensic data to support post- compromise law enforcement actions Identify host and network misconfigurations Improve management and customer understanding of the Internet's inherent hostility Learn how hosts and networks operate at the operating system and protocol levels

Intrusion detection models All computer activity and network traffic falls in one of three categories: Normal Abnormal but not malicious Malicious Properly classifying these events are the single most difficult problem -- even more difficult than evidence collection

Intrusion detection models Two primary intrusion detection models Network-based intrusion detection monitors network traffic for signs of misuse Host-based intrusion detection monitors computer processes for signs of misuse So-called "hybrid" systems may do both A hybrid IDS on a host may examine network traffic to or from the host, as well as processes on that host

IDS paradigms Anomaly Detection - the AI approach Misuse Detection - simple and easy Burglar Alarms - policy based detection Honey Pots - lure the hackers in Hybrids - a bit of this and that

Anomaly detection Goals: Analyze the network or system and infer what is normal Apply statistical or heuristic measures to subsequent events and determine if they match the model/statistic of “normal” If events are outside of a probability window of “normal” then generate an alert

Misuse detection Goals: Know what constitutes an attack Detect it A database of known attack signatures should be maintained

Intrusion Detection in WSN

Network model BS j : base station at location (X j, Y j ) S i : sensor node at location (x i, y i ) R: transmission range of the base station r: transmission range of the sensor node k-coverage: a node covers by k BSs

Definitions Coverage of a base station Number of coverage from base stations p sends data to q successfully (in 1-hop) p sends data to q successfully via k hops p fails in sending data from p to q

Types of intrusions Sinkhole SH(q), HelloFlood HF(q) A region of nodes will forward packets destined for a BS through an adversary Wormhole WH(q) An adversary tunnels messages received in one part of the network over a low latency link and replays them in a different part

Types of intrusions Missing Data MD(p) Missing data from p to BSi Wrong Data WD(p) Inconsistent data Interference Sensor p cannot send packet to its neighboring nodes

Architecture

Intrusion detection components Neighbor monitoring Watchdog Data fusion Local – neighboring nodes Global – overlapping areas Topology discovery Route tracing History

Intrusion classification Components\Attack TypesIIIIIIIVV Neighbor Monitoring BSDominating intermediate node Selective forwarding --- Sensor--- Selective forwarding ---Interference (jamming with neighbors) Data Comparison Global(may have missing or inconsistent data) Missing dataInconsistent data (IVa – malicious sensor or intermediate nodes) Missing data Local(may have missing or inconsistent data) Missing dataInconsistent data (IVb – sensor failure or being compromised) Missing data Routing (with topology info.) BSa region of nodes forward packet through the same adversary An adversary tunnels messages and replays them in a different part --- Attack Types: I - Sinkhole, Hello FloodII – WormholeIII – Missing Data IV – Wrong DataV - Interference

Required technologies Collection of the audit data Localization Data fusion Routing Analysis on the audited data Identify the intrusion characteristics Detect the intrusions Locate the intrusions Intrusion reaction

Future direction Study how to collect the audit data effectively Complete the intrusion detection architecture Investigate the methods to analyze the audit data for intrusion detection Explore how to locate and react to the intrusions Formulate and evaluate our intrusion detection solution

Conclusion We discussed the characteristics of WSN and its security issues We studied traditional intrusion detection technologies We introduced the problem of intrusion detection in WSN We proposed an intrusion detection architecture and analyzed various kinds of intrusions in WSN We showed our future direction