Presentation is loading. Please wait.

Presentation is loading. Please wait.

Name: Patrick Zwane Advisor: Dr. Kai-Wei Ke Date: 14 July 2017

Published byWesley Norris Modified over 6 years ago

Similar presentations

Presentation on theme: "Name: Patrick Zwane Advisor: Dr. Kai-Wei Ke Date: 14 July 2017"— Presentation transcript:

1 Name: Patrick Zwane Advisor: Dr. Kai-Wei Ke Date: 14 July 2017
無線感測網路惡意節點偵測之關聯式特徵模型設計 A Novel Correlated Attributes Model for Malicious Detection in Wireless Sensor Networks Name: Patrick Zwane Advisor: Dr. Kai-Wei Ke Date: 14 July 2017

2 Outline Introduction Background Proposed Method Simulation and Results
WSNs Applications Security Constrains Proposed Method Simulation and Results Conclusions

3 Introduction

4 Introduction A wireless sensor network (WSN) consist of some small, inexpensive, and low-power sensors, which are deployed over a region and communicate with a remote processor over wireless links. Task: monitor, sense and send data Facilitate exchange of information between an application platform and sensor nodes

5 WSN Architecture

6 Sensor Node Basic Components

7 Background

8 Potential Applications
Environmental monitoring of air, water, and soil Structural monitoring for buildings and bridges Industrial machine monitoring Process monitoring Asset tracking Road and Transport Health

9 Challenges Resource constrain: limited assets in terms of processing, power and memory Lack of central control: limited computational capabilities Deployed in remote and hostile environment: easily compromised by physical attack Routing protocol also contributes to attacks: attackers use their weakness to launch attacks

10 Network Security Fundamentals
Confidentiality: security mechanism must ensure that only intended receiver can correctly intercept a message and unauthorized access and usage can not be done. Integrity: an unauthorized individual is not to be able to destroy the information when a message is transferred from source to destination. Availability: an interruption should not occur when a system and its application performs a task.

11 Security attacks in WSN (1/2)
Security Goals for WSN Active Attacks Passive Attacks DOS Attack Physical attack Monitoring and eavesdropping Spoofing attacks Routing attack Traffic analysis Camouflage Adversaries Node replication attack Selective forwarding Wormhole attack Sybil attack Sinkhole attack Blackhole attack Hello flood Acknowledgement spoofing Node outage attack Node malfunctioning attack Passive information gathering False node

12 Research Objective To propose a resource constrain free security model for malicious nodes detection. Traditional security mechanism have very high overheads causing constrains in WSN’s. The model focuses on only four routing attacks detection mainly: Sybil wormhole blackhole and sinkhole

13 Sybil Attack a malicious node will forge multiple entities within the network to mislead genuine nodes into believing that they have many neighbors. It uses forges the node ID and may assume other nodes location.

14 Wormhole Attack In a wormhole attack, the attacker captures packets at one point in the network and selectively tunnels them to another point in the network and then replays the packets. Wormhole nodes fake a route that is shorter than the original one within the network, this can confuse routing mechanisms which rely on the knowledge about distance between nodes.

15 Blackhole Attack Blackhole attacks occur when an intruder captures and reprogram nodes in the network to block the packets they received instead of forwarding them towards the BS. Falsify the RREQ and RREP packets by reducing the hop count and falsely claim best route to destination. Sink Blackhole

16 Sinkhole Attack Sinkhole deceives all nodes through malicious advertising that it is the sink, such that the unsuspected nodes transmit their packets toward the malicious node. Sinkhole will affect the routing per hop and use high energy to advertise itself.

17 Proposed Method

18 Attributes Verification
CAM (1/4) Correlated Attributes Model (CAM) is a proposed model to mitigate malicious nodes in WSN Local Data Collection Node Registration Attributes Verification Matching Attributes

19 CAM (2/4) Node Registration phase:
A trusted central authority (TCA) is used to manage the network, and thus knowing deployed nodes. The TCA disseminate that information securely to the network. To prevent the malicious node, any node could check the list of “known-good” identities to validate another node as legitimate

20 CAM (3/4) Local Data Collection Phase:
a node identity table is constructed and maintained by each node in the network. Each node evaluates the information of overhearing packets to determine whether there is any malicious activity within the network.

21 CAM (4/4) Attributes Verification Phase:
The initial detection node check packet if the inspection attributes are positive, the questionable node is regarded as a normal or else malicious Matching attributes phase: The inspected node packet is checked by matching all attributes values. If found positive, a notification is executed and sent as a warning message to the entire network about malicious node.

22 Key Attributes (1/3) Timestamp:
The node matrix should include at least two timestamps. The first timestamp is the deployment and the second the request to send timestamp. If the node fails to generate the exact node deployment timestamp then it is said to be malicious. Position verification: Each nodes physical position is verified to prevent nodes broadcasting false positioning.

23 Key Attributes (2/3) Malicious node can be detected using this approach because they will appear to be at a different position and sometimes at the same position as the legitimate nodes. Energy: Used to determine the eligibility of the sensor node in a given route. Residual energy (ER) is energy available in the sensor node and calculated by using energy consumed in transmitting, receiving, sleep and switching state respectively. If the energy value is greater or lesser than the residual energy value, those nodes are detected as malicious nodes.

24 Key Attributes (3/3) Path Cost (PCost):
For the node to be able to communicate a path is determined to form the routing table and stored in matrix form. the path cost is determined by hop-count, distance and data rate to facilitate malicious node detection.

25 Proposed Technique CAM Model:
Initializes after the completion of nodes registration and attributes verification through the help of an administrator.

26 CAMs flowchart

27 Matching Algorithm (1/3)
Step 1: the BS will send a broadcast message to each node for their availability and verification Step 2: The nodes will send a reply message for authenticity with their ID, Energy, PCost, location ((X, Y) co-ordinates) and Timestamp. Step 3: After nodes discovery, the matrix table is updated with the routing cost details for eligible routes. Also the nodes energy level threshold is set. EUP: Upper Bound Energy ER: Residual Energy ELO: Lower Bound Energy

28 Matching Algorithm (2/3)
Step 4: The node which want to send the packet will start the detection of malicious nodes before sending it. Step 5: After the node obtains the route reply (RREP) to send message to the base station, it will start by evaluating its route nodes for eligibility. It will begin by comparing the energy values of each node with the route. Step 6: The energy level is compared against residual energy, if energy is greater than the upper bound or less than the lower bound then the node maybe malicious thus will procced for further evaluation. A flag is raised on the node which is suspected to be specious.

29 Matching Algorithm (3/3)
Step 7: The node is checked by matching the ID, PCost, location co-ordinates and timestamp values stored in matrix table. If the values of the node does not match with the attributes in the routing table, the suspicious node is regarded as malicious else legitimate. Step 8: In addition to that if detected as malicious a new route will be selected to send the packet to the base station. The malicious node will be send to “non-good list”

30 Sybil Attack detection

31 Blackhole Attack Detection

32 Wormhole Attack Detection

33 Sinkhole Attack Detection
Table shows Sinkhole attack node ID3 ID Timestamp Current Timestamp Energy coordinates Hop-count 2 10:30:34 12:33:00 16.34, 13.02 1 3 10:30:35 12:33:01 3000 18.67, 45.02 4 10:30.36 12:33:02 10.56, 3.67

34 Simulation and Results

35 Simulation Parameters Network Boundary (sq.m) Initial Energy (Joules)
Simulation Setup Simulation Parameters Values Tool NS2-2.35 Time (s) 500 Network Boundary (sq.m) 1000x1000 Routing Protocol AODV Initial Energy (Joules) 1000 Number of nodes 10,20,30,40,50,60,70 Malicious nodes 20% Packet size 1040byte Traffic FTP Channel Type Wi-Fi Propagation Model TwoRay ground

36 Evaluation parameters
Throughput: data transferred successfully over a period of time expressed in kilobits per second (kbps) or the ratio of the data packets sent to the data packets received End-to-End Delay: time taken by the file to reach from source to destination and comprises of all the various delays experienced by the packets during their journey from sender to receiver Packet Delivery Ratio or Fraction: the ratio of successfully delivered packets at the destination (the BS) to the packets sent by the source (all nodes)

37 Throughput vs number of nodes
WMN: network with malicious nodes Normal: network without malicious nodes CAM: with malicious detection Model CAM improves throughput by 22% compared to WMN

38 End to End Delay vs number of nodes
WMN: network with malicious nodes Normal: network without malicious nodes CAM: with malicious detection Model CAM improves network delay by 40% compared to WMN

39 Packet delivery ratio/fraction vs number of nodes
WMN: network with malicious nodes Normal: network without malicious nodes CAM: with malicious detection Model CAM shows a network improvement of 5% as compared to WMN

40 Malicious nodes effect on throughput vs number of nodes
Blackhole decreases throughput by 22%, Sybil by 34%, wormhole by 27% and sinkhole by 33.8%

41 Malicious nodes effect on End to End Delay vs number of nodes
The delay increased by 36% in blackhole attack, 53% in wormhole attack, sinkhole with 43% and Sybil about 55%

42 Malicious nodes effect on Packet delivery ratio/fraction vs number of nodes
The PDR decreases by 8% in blackhole attack, 10% in wormhole attack, sinkhole by 9% and Sybil by 10%.

43 Conclusions

44 Conclusions CAM was proposed and used in four attacks defense mainly Sybil, sinkhole, wormhole and blackhole attack. CAM was able to detect the different attacks by achieving an efficiency of 91% overall throughput performance against the normal throughput. Moreover, 48% better delay than the compromised network and 94% of packet delivery ratio. Sybil attack is the most influential one when compared with blackhole, sinkhole and wormhole attack because it’s method of creating false identities is hard to avoid during the route discovery process.

45 Thanks for listening

Download ppt "Name: Patrick Zwane Advisor: Dr. Kai-Wei Ke Date: 14 July 2017"

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1.

Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Detecting Phantom Nodes in Wireless Sensor Networks Joengmin Hwang Tian He Yongdae Kim Department of Computer Science, University of Minnesota, Minneapolis.

Detecting Phantom Nodes in Wireless Sensor Networks Joengmin Hwang Tian He Yongdae Kim Department of Computer Science, University of Minnesota, Minneapolis.
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team 2009.07.20.

Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
Transmission Time-based Mechanism to Detect Wormhole in Ad-hoc Networks Tran Van Phuong U-Security Group RTMM Lab, Kyung Hee Uni, Korea 2006.11.10.

Transmission Time-based Mechanism to Detect Wormhole in Ad-hoc Networks Tran Van Phuong U-Security Group RTMM Lab, Kyung Hee Uni, Korea
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
1 Somya Kapoor Jorge Chang Amarnath Kolla. 2 Agenda Introduction and Architecture of WSN –Somya Kapoor Security threats on WSN – Jorge Chang & Amarnath.

1 Somya Kapoor Jorge Chang Amarnath Kolla. 2 Agenda Introduction and Architecture of WSN –Somya Kapoor Security threats on WSN – Jorge Chang & Amarnath.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

Similar presentations

Ads by Google