Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Novel Correlated Attributes Model for Malicious Detection in Wireless Sensor Networks Name: Patrick Zwane University: National Taipei University of.

Published byMarlene Caldwell Modified over 6 years ago

Similar presentations

Presentation on theme: "A Novel Correlated Attributes Model for Malicious Detection in Wireless Sensor Networks Name: Patrick Zwane University: National Taipei University of."— Presentation transcript:

1 A Novel Correlated Attributes Model for Malicious Detection in Wireless Sensor Networks
Name: Patrick Zwane University: National Taipei University of Technology Department Class: Electrical Engineering and Computer Science IMEECS Student ID: Advisor: Dr. Kai-Wei Ke Date: 5/21/2017

2 Outline Motivation Research Objectives Proposed Model
Malicious Attack Detection Conclusion References

3 Motivation (1/1)

4 Motivation (1/4) Task : monitor, sense and send data
Uses: military and civilian applications, agriculture, traffic control, environmental monitoring etc. Why: small, low power sensors inexpensive, robustness and high flexibility

5 Motivation (2/4) Challenges: Resource constrain
Lack of central control Deployed in remote and hostile environment Routing protocol also contribute to attacks

6 Motivation (3/4) Network security fundamentals:
Confidentiality: security mechanism must ensure that only intended receiver can correctly intercept a message and unauthorized access and usage can not be done. Integrity: an unauthorized individual is not to be able to destroy the information when a message is transferred from source to destination Availability: an interruption should not occur when a system and its application performs a task.

7 Motivation (4/4) Security attacks in WSN:

8 Research Objectives (1/4)
Propose a resource constrain free security model for malicious nodes detection: Traditional security mechanism have very high overheads, for this resource constrain WSN’s are not suitable The model focuses on only routing attacks detection mainly: Sybil: Fake multiple identities. A sensor node will behave as if it were a large number of nodes

9 Research Objectives (2/4)
blackhole Attack: A black hole problem means that one malicious node utilizes the routing protocol to claim itself of being the shortest path to the destination node, but drops the routing packets but does not forward packets to its neighbors

10 Research Objectives (3/4)
wormhole attack: create a tunnel to the other end where the packets are replayed. Routing mechanisms which rely on the knowledge about distance between nodes can get confuse because wormhole nodes fake a route that is shorter than the original one within the network.

11 Research Objectives (4/4)
Sinkhole attack: the compromise node try to attract all the traffic from neighbor nodes based on the routing metric that used in routing protocol. An adversary could spoof or replay an advertisement for an extremely high quality route to a BS

12 Attributes Verification
Proposed Model (1/3) Correlated attributes Model Node Registration phase: identity registration is one way of preventing malicious node. In wireless sensor networks, a trusted central authority (TCA) is used to manage the network, and thus knowing deployed nodes. The TCA disseminate that information securely to the network. To prevent the malicious node, any node could check the list of “known-good‟ identities to validate another node as legitimate. Local Data Collection Node Registration Attributes Verification Matching Attributes

13 Proposed Model (2/3) Local Data Collection Phase: In the local data collection phase, a node identity table is constructed and maintained by each node in the network. Each node evaluates the information of packets to determine whether there is any malicious node Attributes Verification Phase: The initial detection node check packet if the inspection attributes are positive, the questionable node is regarded as a normal or else malicious node Matching attributes phase: The inspected node packet is checked by matching all attributes values. If found positive, a notification is executed and send as a warning message to the whole network about malicious node.

14 Proposed Model (3/3) Key Attributes Position verification Energy
Timestamp Path Cost (PCost)

15 Malicious Attack Detection (1/9)
Proposed Technique Node registration and attributes verification When the nodes are deployed, energy, timestamp, PCost and reference points attributes are used determine the node The base station will send a ‘Hello’ broadcast message to the nodes and the nodes will send ‘Res ID’ with all attributes to update the node determinant table (ND) IF (all parameters are available and correct (ID, Energy, PCost, (location (X, Y) co-ordinates) and Timestamp)) then node is added to legitimate node else discarded

16 Malicious Attack Detection (2/9)
Node registration and attributes verification flow chart

17 Malicious Attack Detection (3/9)
Matching method Step 1: start Step 2: the BS will send a message to each node for their availability and verification Step 3: The node will send a reply message for authenticity with their ID, Energy, PCost, location ((X, Y) co-ordinates) and Timestamp. Step 4: After nodes discovery, the matrix table is updated with the routing cost details to identify eligible routes. Step 5: The node which want to send the message will start the detection of malicious node before sending packet. Step 6: After the node obtain the request to send message to the base station, it send the packets in the form of broadcast message. Then the node will compare the energy values of nodes with different routes.

18 Malicious Attack Detection (4/9)
Matching method Step 7: the energy of the node is compared with residual energy, if energy is greater or equal to, then the node maybe considered as original or else can be malicious. Step 8: Furthermore, the node is checked for its malicious state. The malicious node is detected by matching the ID, PCost, location co- ordinates and timestamp values stored in matrix table. If values of the node does not match it is regarded as malicious else legitimate. Step 9: In addition to that if detected as malicious a new route will be selected to send the packet to the base station. The malicious node will be send to “non-good list”

19 Malicious Attack Detection (5/9)
Matching method flow chart

20 Malicious Attack Detection (6/9)
Blackhole detection Example: node ID1 sends message to base station using route (2-3-4) and node ID 2 drops packets by not forwarding to the neighbor node. ID Timestamp Energy coordinates Hop-count 1 10:30:33 11.33, 12.45 2 10:30:34 16.34, 13.02 3 10:30:35 18.67, 45.02 4 10:30:36 10.56, 3.67 ID Timestamp Current Timestamp Energy coordinates Hop-count 2 10:30:34 10:33:00 1300 16.34, 13.02 1 3 10:30:35 10:33:01 18.67, 45.02 4 10:30.36 10:33:02 10.56, 3.67

21 Malicious Attack Detection (7/9)
Sinkhole detection Example: node 1 sends message to base station using route (2-3-4) ID Timestamp Energy coordinates Hop-count 1 10:30:33 11.33, 12.45 2 10:30:34 16.34, 13.02 3 10:30:35 18.67, 45.02 4 10:30:36 10.56, 3.67 ID Timestamp Current Timestamp Energy coordinates Hop-count 2 10:30:34 10:33:00 16.34, 13.02 1 3 10:30:35 10:33:01 2000 18.67, 45.02 4 10:30.36 10:33:02 10.56, 3.67

22 Malicious Attack Detection (8/9)
wormhole detection Example: node 1 sends message to base station using route (2-3-4) ID Timestamp Energy coordinates Hop-count 1 10:30:33 11.33, 12.45 2 10:30:34 16.34, 13.02 3 10:30:35 18.67, 45.02 4 10:30:36 10.56, 3.67 ID Timestamp Current Timestamp Energy coordinates Hop-count 2 10:30:34 10:33:00 1200 16.34, 13.02 1 3 10:30:35 10:33:01 18.67, 45.02 4 10:30.36 10:33:02 10.56, 3.67

23 Malicious Attack Detection (9/9)
Sybil detection Example: node ID4 is the Sybil , acting as node ID2 ID Timestamp Energy coordinates Hop-count 1 10:30:33 11.33, 12.45 2 10:30:34 16.34, 13.02 3 10:30:35 18.67, 45.02 4 10:30:36 10.56, 3.67 ID Timestamp Current Timestamp Energy coordinates Hop-count 1 10:30:33 10:32:59 11.33, 12.45 4 [2] 10:30:34 10:33:00 16.34, 13.02 3 10:30:35 10:33:01 18.67, 45.02 2 4 10:30.36 10:33:02 10.56, 3.67

24 Implementation and Evaluation (1/6)
Software requirements Ns-2.35 Ubuntu (32 bit) Implementation Plan Create 1 sink node , wireless nodes ( including malicious nodes) Use Ad Hoc On-Demand Distance Vector (AODV) routing protocol to perform packet data transmission Perform position verification, energy, timestamp and Path cost Detect the malicious nodes from the network Plot the result as graphs for throughput and packet successful rate (PSR)

25 Implementation and Evaluation (2/6)
Simulation parameters setup Parameter Name Value Number of nodes 70 Simulation area 1000 x 1000 Malicious nodes 6 Initializing Energy 1000 Traffic type Constant Bit rate(CBR) TCP Node placement Random way point Packet size 512 bytes Simulation time 100seconds

26 Implementation and Evaluation (3/6)
Example: Node setup Node definition if [expr $i==69] { set xx($i) 1177 set yy($i) 658 $node_(69) set X_ 1177 $node_(69) set Y_ 658 $node_(69) set Z_ 0.0 } Agents Definition #Setup a TCP connection set tcp1 [new Agent/TCP] $ns attach-agent $n0 $tcp1 set sink94 [new Agent/TCPSink] $ns attach-agent $n53 $sink94 $ns connect $tcp1 $sink94 $tcp1 set packetSize_ 512

27 Implementation and Evaluation (4/6)
Network animator after malicious detection Malicious node definition $ns at 9.0 "[$node_(60) set ragent_] malicious" $ns at 9.0 "[$node_(48) set ragent_] malicious" $ns at 9.0 "[$node_(8) set ragent_] malicious" $ns at 9.0 "[$node_(23) set ragent_] malicious" $ns at 9.0 "[$node_(35) set ragent_] malicious" $ns at 9.0 "[$node_(68) set ragent_] malicious"

28 Implementation and Evaluation (5/6)
Throughput graph Results obtained Normal – Without Malicious Nodes WMN - With Malicious Nodes CAM - Correlated Attributes Model Metric Normal WMN CAM Throughput

29 Implementation and Evaluation (6/6)
Packet delivery ratio (PDR) Results obtained Normal – Without Malicious Nodes WMN - With Malicious Nodes CAM - Correlated Attributes Model Metric Normal WMN CAM Av PDR (%) 97.45 71.2 94.2

30 Conclusion Based on the Correlated Attributes Model, it is evident that malicious attacks can be detected and verified in WSN. CAM can prevent dangerous routing attacks such as Sybil, blackhole, wormhole and sinkhole attacks Throughput improves when the model is initialized to mitigate the malicious nodes. Packet delivery ration also is achieved with 94% to show how effective and lightweight the model it is

31 Reference(s) K.S.Sujatha, V.Dharmar and R.S.Bhuvaneswaran (2012), “Design of Genetic Algorithm based IDS for MANET”, International Conference on Recent Trends in Information Technology (ICRTIT), IEEE, pp.28-33 ZolidahKasiran and Juliza Mohamad (2014), “Throughput Performance Analysis of the Wormhole and Sybil Attack in AODV”, Fourth International Conference on Digital Information and Communication Technology and it's Applications (DICTAP), IEEE, pp.81-84 C. Bettstetter, G. Resta, and P. Santi, “The node distribution of the random waypoint mobility model for wireless ad hoc networks,” IEEETrans. Mobile Comput., vol. 2, no. 3, pp. 257–269, Jul.–Sep

32 Thank You!

Download ppt "A Novel Correlated Attributes Model for Malicious Detection in Wireless Sensor Networks Name: Patrick Zwane University: National Taipei University of."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Multicasting in Mobile Ad-Hoc Networks (MANET)

Multicasting in Mobile Ad-Hoc Networks (MANET)
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
Ad Hoc Wireless Routing COS 461: Computer Networks

Ad Hoc Wireless Routing COS 461: Computer Networks
BLACK HOLE IN MANET SUBMITTED TO:--SUBMITTED BY:-- Dr. SAPNA GAMBHIRINDRAJEET KUMAR CSE DEPTT.MNW/887/2K11.

BLACK HOLE IN MANET SUBMITTED TO:--SUBMITTED BY:-- Dr. SAPNA GAMBHIRINDRAJEET KUMAR CSE DEPTT.MNW/887/2K11.
Secure Localization Algorithms for Wireless Sensor Networks proposed by A. Boukerche, H. Oliveira, E. Nakamura, and A. Loureiro (2008) Maria Berenice Carrasco.

Secure Localization Algorithms for Wireless Sensor Networks proposed by A. Boukerche, H. Oliveira, E. Nakamura, and A. Loureiro (2008) Maria Berenice Carrasco.
Itrat Rasool Quadri ST ID COE-543 Wireless and Mobile Networks

Itrat Rasool Quadri ST ID COE-543 Wireless and Mobile Networks
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE.

Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE.

Similar presentations

Ads by Google