Yanfei Fan,Jiming Chen,Xiaodong Lin,Xuemin Shen

DOI: https://doi.org/10.1109/GLOCOM.2010.5683317

2010-01-01

Abstract:Privacy threat is a very serious issue in multi-hop wireless networks (MWNs) since open wireless channels are vulnerable to malicious attacks. Source unobservability is an attractive and desirable security property for many privacy-sensitive applications, and dummy messages are most commonly used to achieve this property. However, dummy messages may incur severe performance degradation or even service denial due to the explosion of network traffic. In this paper, we propose a novel scheme, called SUNC (Source Unobservability by Network Coding), to prevent traffic explosion while achieving source unobservability. With SUNC, specially designed dummy messages can be absorbed at intermediate nodes, and, thus, traffic explosion can be naturally prevented. In addition, SUNC can offer forwarder blindness, which is an important privacy property for thwarting internal attackers. Security analysis and performance evaluation demonstrate the efficacy and efficiency of the proposed SUNC.

Lv Ya-lin,Wang Cheng,Pang Xi-yu

2009-01-01

Abstract:Compared with traditional wired networks, wireless mobile Ad hoc networks are prone to be threatened by interior attacks, malicious nodes always drop packets deliberately, send redundant packets arbitrarily as well as modify packets illegally. Through the analysis of these malicious behaviors, a trust evaluation model based on Linux Net-filter frame is proposed, which could monitor the illegal operations and evaluate the trust value of nodes, the Trust Dynamic Source Route (TDSR) protocol is implemented finally by this approach, which could improve the performance of the network.

Qin Xin,Jianping Wu,Ke Xu,Shu Yang,Jisheng Pei

2015-01-01

Abstract:Routers must perform packet filtering at high speeds to implement critical functions in todays networked computing systems, i.e., firewalls. With serious security situations, and more and more kinds of validation and filter-ing rules emerging, the routers and firewalls now undertake more burden than ever. In routers for large networks, the filtering table, e.g., access control list, gets larger and larger, which easily exceed the limited capacity and brings high power consumption and financial cost. Therefore we are motivated to seek a kind of effective mechanism to solve these problems, which needs to be very easy for deployment, and has strong and proven ability for security filtering. We propose a distributed and cooperative mechanism of software filtering based on finite state machine in which the filtering tasks are split and shared by all the routers rather than relying only on the ingress routers for computation.

Bingxia Yuan

DOI: https://doi.org/10.1155/2022/5955543

2022-05-30

Wireless Communications and Mobile Computing

Abstract:In order to enhance the ability of wireless sensor networks to resist various security threats and reduce the limitations caused by the characteristics of wireless sensor networks and sensor nodes, this paper proposes a secure routing protocol for wireless sensor networks based on trust management. Combined with the relevant parameters of wireless sensor network, the simulation experiment is carried out with MATLAB. Aiming at the trust management part of the wireless sensor network security protocol proposed in this paper, the malicious attack environment such as sensor node attributes is simulated to verify the resistance of this model to relevant malicious attacks. For the trust management-based wireless sensor network security routing protocol proposed in this paper, the model included in the protocol is compared to the existing security routing model, combining the characteristics of average simulation transmission, network life, and average routing update time. Experiments show that the model has better routing performance and has improved by an average of about 20%. We offer a new solution to solve the problem of wireless routing security.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jun Ye,Weili Jiang

DOI: https://doi.org/10.3390/s24237614

IF: 3.9

2024-11-29

Sensors

Abstract:Underwater wireless sensor networks have a wide range of application prospects in important fields such as ocean exploration and underwater environment monitoring. However, the influence of complex underwater environments makes underwater wireless sensor networks subject to many limitations, such as resource limitation, channel openness, malicious attacks, and other problems. To address the above issues, we propose a routing scheme for underwater wireless networks based on a trust model and Void-Avoided algorithm. The proposed scheme establishes a trust model, evaluates the behavior of underwater nodes through direct trust, indirect trust, and environmental trust, and finds malicious nodes while taking into account evaluation of the channel, which provides support for the next data transmission event. The proposed scheme prioritizes the total cabling distance and introduces a two-hop availability checking model for data transmission, checking the nodes for voids and avoiding the void areas, to find the transmission path with the lowest energy consumption and lowest latency as much as possible. In this study, simulation experiments were conducted on the proposed scheme, and the results showed that the target scheme can effectively detect malicious nodes through anomalous behaviors and outperforms existing work in terms of malicious node detection rate, energy consumption, and end-to-end latency, and network performance.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Bo Wu,Ke Xu,Qi Li,Zhuotao Liu,Yih-Chun Hu,Martin J. Reuel,Meng Shen,Fan Yang

DOI: https://doi.org/10.1109/iwqos.2018.8624169

2018-01-01

Abstract:The Internet lacks verification of source authenticity and path compliance between the planned packet delivery paths and the real delivery paths, which allows attackers to construct attacks like source spoofing and traffic hijacking attacks. Thus, it is essential to enable source and path verification in networks to detect forwarding anomalies and ensure correct packet delivery. However, most of the existing security mechanisms can only capture anomalies but are unable to locate the detected anomalies. Besides, they incur significant computation and communication overhead, which exacerbates the packet delivery performance. In this paper, we propose a high-efficient packet forwarding verification mechanism called PPV for networks, which verifies packet source and their forwarding paths in real time. PPV enables probabilistic packet marking in routers instead of verifying all packets. Thus, it can efficiently identify forwarding anomalies by verifying markings. Moreover, it localizes packet forwarding anomalies, e.g., malicious routers, by reconstructing packet forwarding paths based on the packet markings. We implement PPV prototype in Click routers and commodity servers, and conducts real experiments in a real testbed built upon the prototype. The experimental results demonstrate the efficiency and performance of PPV. In particular, PPV significantly improves the throughput and the goodput of forwarding verification, and achieves around 2 times and 3 times improvement compared with the-state-of-art OPT scheme, respectively.

Xin Kang,Yongdong Wu

DOI: https://doi.org/10.48550/arXiv.1408.0726

2014-07-24

Abstract:Nowadays, peer-to-peer (P2P) streaming systems have become a popular way to deliver multimedia content over the internet due to their low bandwidth requirement, high video streaming quality, and flexibility. However, P2P streaming systems are vulnerable to various attacks, especially pollution attacks, due to their distributed and dynamically changing infrastructure. In this paper, by exploring the features of various pollution attacks, we propose a trust management system tailored for P2P streaming systems. Both direct trust and indirect trust are taken into consideration when designing the trust management system. A new direct trust model is proposed. A dynamic confidence factor that can dynamically adjust the weight of direct and indirect trust in computing the trust is also proposed and studied. A novel double-threshold trust utilization scheme is given. It is shown that the proposed trust management system is effective in identifying polluters and preventing them from further sharing of polluted data chunks.

Networking and Internet Architecture,Computer Science and Game Theory

Lixiang Li,Jürgen Kurths,Yixian Yang,Guole Liu

DOI: https://doi.org/10.1155/2014/189213

IF: 1.43

2014-01-01

Mathematical Problems in Engineering

Abstract:In recent years, the complex network as the frontier of complex system has received more and more attention. Peer-to-peer (P2P) networks with openness, anonymity, and dynamic nature are vulnerable and are easily attacked by peers with malicious behaviors. Building trusted relationships among peers in a large-scale distributed P2P system is a fundamental and challenging research topic. Based on interpersonal relationships among peers of large-scale P2P networks, we present prevention and trust evaluation scheme, called IRTrust. The framework incorporates a strategy of identity authentication and a global trust of peers to improve the ability of resisting the malicious behaviors. It uses the quality of service (QoS), quality of recommendation (QoR), and comprehensive risk factor to evaluate the trustworthiness of a peer, which is applicable for large-scale unstructured P2P networks. The proposed IRTrust can defend against several kinds of malicious attacks, such as simple malicious attacks, collusive attacks, strategic attacks, and sybil attacks. Our simulation results show that the proposed scheme provides greater accuracy and stronger resistance compared with existing global trust schemes. The proposed scheme has potential application in secure P2P network coding.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Bo Hu,H. Vicky Zhao

DOI: https://doi.org/10.1109/icip.2009.5414199

2009-01-01

Abstract:In the emerging peer-to-peer (P2P) live streaming, users cooperate with each other to support efficient delivery of video over networks in live streaming applications. Pollution attack is an effective attack against P2P live streaming, where attackers upload bogus multimedia data to their peers. The polluted data can spread over the entire network, and cause severe quality degradation of the videos. To resist pollution attacks in P2P live streaming, this paper proposes a trust management system that identifies attackers and excludes them from further sharing of multimedia data. We investigate possible attacks against the trust management system and analyze the attack resistance of the proposed system. Our simulation results show that the proposed trust management system can efficiently detect attackers and stimulate user cooperation even under attacks. It helps users receive more clean data and improves the performance of P2P live streaming.

Seyed Ahmad Soleymani,Shidrokh Goudarzi,Mohammad Hossein Anisi,Nazri Kama,Saiful Adli Ismail,Azri Azmi,Mahdi Zareei,Abdul Hanan Abdullah

DOI: https://doi.org/10.3390/sym12040609

2020-04-12

Symmetry

Abstract:Trust, as a key element of security, has a vital role in securing vehicular ad-hoc networks (VANETs). Malicious and selfish nodes by generating inaccurate information, have undesirable impacts on the trustworthiness of the VANET environment. Obstacles also have a negative impact on data trustworthiness by restricting direct communication between nodes. In this study, a trust model based on plausibility, experience, and type of vehicle is presented to cope with inaccurate, incomplete and uncertainty data under both line of sight (LoS) and none-line of sight (NLoS) conditions. In addition, a model using the k-nearest neighbor (kNN) classification algorithm based on feature similarity and symmetry is developed to detect the NLoS condition. Radio signal strength indicator (RSSI), packet reception rate (PDR) and the distance between two vehicle nodes are the features used in the proposed kNN algorithm. Moreover, due to the big data generated in VANET, secure communication between vehicle and edge node is designed using the Cuckoo filter. All obtained results are validated through well-known evaluation measures such as precision, recall, overall accuracy, and communication overhead. The results indicate that the proposed trust model has a better performance as compared to the attack-resistant trust management (ART) scheme and weighted voting (WV) approach. Additionally, the proposed trust model outperforms both ART and WV approaches under different patterns of attack such as a simple attack, opinion tampering attack, and cunning attack. Monte-Carlo simulation results also prove validity of the proposed trust model.

Michael Sirivianos,Xiaowei Yang,Kyungbaek Kim

DOI: https://doi.org/10.48550/arXiv.0908.3930

2009-08-27

Abstract:Spam mitigation can be broadly classified into two main approaches: a) centralized security infrastructures that rely on a limited number of trusted monitors to detect and report malicious traffic; and b) highly distributed systems that leverage the experiences of multiple nodes within distinct trust domains. The first approach offers limited threat coverage and slow response times, and it is often proprietary. The second approach is not widely adopted, partly due to the lack of guarantees regarding the trustworthiness of nodes that comprise the system. Our proposal, SocialFilter, aims to achieve the trustworthiness of centralized security services and the wide coverage, responsiveness and inexpensiveness of large-scale collaborative spam mitigation. We propose a large-scale distributed system that enables clients with no email classification functionality to query the network on the behavior of a host. A SocialFilter node builds trust for its peers by auditing their behavioral reports and by leveraging the social network of SocialFilter administrators. The node combines the confidence its peers have in their own reports and the trust it places on its peers to derive the likelihood that a host is spamming. The simulation-based evaluation of our approach indicates its potential under a real-world deployment: during a simulated spam campaign, SocialFilternodes characterized 92% of spam bot connections with confidence greater than 50%, while yielding no false positives

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Jin Zhao,Jifeng Huang,Naixue Xiong

DOI: https://doi.org/10.1109/access.2019.2904544

IF: 3.9

2019-01-01

IEEE Access

Abstract:Wireless sensor networks (WSNs) are vulnerable to many security threats from compromised nodes, and because the WSNs are resource-constrained, the traditional security methods cannot be used to resist the internal attacks from compromised nodes. The trust and reputation evaluation system is the most effective security mechanisms to protect WSNs from internal attacks. The exponential-based trust and reputation evaluation system (ETRES) is proposed for WSNs' node trust and reputation evaluation. ETRES is used to observe the nodes' behavior, and exponential distribution is applied to represent the distribution of nodes' trust. The trust of the node is used to look for reliable nodes to transmit data and weaken malicious attacks within the wireless sensor networks. More significantly, the entropy theory is used to measure the uncertainty of direct trust values in this paper. Indirect trust is introduced to strengthen interaction information when the uncertainty of direct trust is enough high. It can not only reduce the computing power of nodes but also prolong the lifetime of the network. In addition, the confidence factor is redefined, which can dynamically adjust the node trust value to weaken the harmful effects of the compromised nodes. The simulation results show that the proposed system can more effectively defend the internal attack than the beta-based trust and reputation evaluation system (RFSN) and the binomial-based trust management System (BTMS). The proposed method can be used to strengthen network security by selecting reliable nodes. What is more, the information trust and energy are prone to integrate into ETRES.

Hao Niu,Yao Sun,Kaoru Sezaki

DOI: https://doi.org/10.48550/arXiv.1705.06477

2017-05-18

Abstract:The reliability and transmission distance are generally limited for the wireless communications due to the severe channel fading. As an effective way to resist the channel fading, cooperative relaying is usually adopted in wireless networks where neighbouring nodes act as relays to help the transmission between the source and the destination. Most research works simply regard these cooperative nodes trustworthy, which may be not practical in some cases especially when transmitting confidential information. In this paper, we consider the issue of untrusted relays in cooperative communications and propose an information self-encrypted approach to protect against these relays. Specifically, the original packets of the information are used to encrypt each other as the secret keys such that the information cannot be recovered before all of the encrypted packets have been received. The information is intercepted only when the relays obtain all of these encrypted packets. It is proved that the intercept probability is reduced to zero exponentially with the number of the original packets. However, the security performance is still not satisfactory for a large number of relays. Therefore, the combination of destination-based jamming is further adopted to confuse the relays, which makes the security performance acceptable even for a large number of relays. Finally, the simulation results are provided to confirm the theoretical analysis and the superiority of the proposed scheme.

Information Theory,Cryptography and Security

Heng Chuan Tan,Maode Ma,Houda Labiod,Peter Han Joo Chong,Jun Zhang

DOI: https://doi.org/10.1002/dac.3200

2017-12-28

Abstract:Trust models that rely on recommendation trusts are vulnerable to badmouthing and ballot-stuffing attacks. To cope with these attacks, existing trust models use different trust aggregation techniques to process the recommendation trusts and combine them with the direct trust values to form a combined trust value. However, these trust models are biased as recommendation trusts that deviate too much from one's own opinion are discarded. In this paper, we propose a non-biased trust model that considers every recommendation trusts available regardless they are good or bad. Our trust model is based on a combination of 2 techniques: the dissimilarity test and the Dempster-Shafer Theory. The dissimilarity test determines the amount of conflict between 2 trust records, whereas the Dempster-Shafer Theory assigns belief functions based on the results of the dissimilarity test. Numerical results show that our trust model is robust against reputation-based attacks when compared to trust aggregation techniques such as the linear opinion pooling, subjective logic model, entropy-based probability model, and regression analysis. In addition, our model has been extensively tested using network simulator NS-3 in an Infrastructure-based wireless mesh networks and a Hybrid-based wireless mesh networks to demonstrate that it can mitigate blackhole and grayhole attacks.

Cryptography and Security

BalaAnand Muthu,C. B. Sivaparthipan,R. Lakshmana Kumar,S. Jayanthi,Cheng-Chi Lee

DOI: https://doi.org/10.1007/s11277-024-11641-y

IF: 2.017

2024-11-20

Wireless Personal Communications

Abstract:The significant issue is designing an intrusion detection and prevention system to enhance Mobile Adhoc Network security while considering the detection rate, false positive Rate, energy efficiency, and delay. Most prevailing technologies have struggled to attain accurate detection rates with minimal execution time and energy consumption. This paper proposes an Energy-Efficient packet transmission to overcome this shortcoming by utilizing a Multi-Relational Associative Rule Trained Artificial Neural Network. Primarily, the dynamic trust value is computed and then hashed. After that, by using the confident-based K-Means, the distributed nodes are clustered in which the Cluster Head verified the de-hashed trust value to select relay nodes, while the packets transmitted through the clustered nodes are classified as normal or attacked. Then, the details are updated in the neighbouring table. Afterwards, the Routing is performed and grounded on the neighbouring table by employing a polytree-based temporal ordered routing algorithm, and then the packets are encrypted. Then, the prioritized packet is identified and transmitted utilizing Rayleigh distributed Red Fox Optimization. Lastly, the packet is decrypted at the receiver side. The proposed model's experimental outcomes are compared with the conventional mechanisms, showing the proposed framework's higher efficacy.

telecommunications

Mingming Li,Jianbin Hu,Jiang Du

DOI: https://doi.org/10.1109/DCABES.2010.101

2010-01-01

Abstract:New generation wireless sensor networks are demanding in in-time updating. Traditional trust evaluation is based entities and needs lengthy time to establish. The data security would be neglected in entity-based sensor networks. False data is another problem because it is hard to be filtered in these entity-based trust mechanisms. The propagation of false data and redundant information wastes a lot of system energy. This paper proposes a new notion to address these challenges: data-centric trust evaluation mechanism (DTSN) and a new method: Proof-of-Reputation-Relevance (PoRR) to realize DTSN. This trust evaluation mechanism protects both entities and data via authentic consensus on event reports and aggregate related reports' trust via DST. Then DTSN decision logic makes a decision according to the output of DST. Performance evaluation and security analysis confirm the efficiency and security of the proposed mechanism.

Haiguang Chen,Huafeng Wu,Jinchu Hu,Chuanshan Gao

DOI: https://doi.org/10.1109/MUE.2008.65

2008-01-01

Abstract:In Wireless Sensor Networks (WSNs), these sensor nodes cooperate with each other to form a network without using any infrastructure. WSNs has a wide application. But the security of WSNs is still an issue. Traditionally cryptographic mechanisms such as authentication and encryption only address part of the problem of security in WSNs. Recently, the use of reputation and trust systems has become an important mechanism in WSNs. In this paper, we develop a distributed agent-based trust management scheme. The agent node use watchdog mechanism to observe the behavior of the sensor nodes and computes the trust rating for them. We consider Packet-Dropping and Hello Flood Attack in our simulation, the simulation results and analysis show that our scheme can fast detect the malicious nodes and scale well for wireless sensor networks.

Ju Ren,Yaoxue Zhang,Kuan Zhang,Xuemin Sherman Shen

DOI: https://doi.org/10.1109/GLOCOM.2014.7036829

2014-01-01

Abstract:Wireless sensor networks (WSNs) are vulnerable to selective forwarding attacks that selectively drop a subset of the forwarding packets to degrade network performances. Due to unstable wireless channels, the packet loss rate between sensor nodes might be high, especially in hostile environments. Therefore, it is difficult to distinguish the malicious drop and normal packet loss. In this paper, we propose a Channel-aware deputation System (CRS) to identify selective forwarding misbehaviours from normal packet losses caused by poor channel quality or medium access collision. Specifically, CRS is based on normal packet loss estimation and neighbour monitoring. Each node maintains a reputation table to evaluate forwarding behaviours of its neighbours. Reputation value is determined by the deviation of the monitored packet loss rate and estimated normal loss rate. The nodes with reputation below a threshold are identified as misbehaving nodes and isolated from data forwarding paths. Furthermore, we develop weighted reputation propagation and integration functions to improve detection efficiency. Through theoretical analysis and extensive simulations, we demonstrate that CRS can accurately detect selective forwarding attacks and significantly improve the network throughput.

Jian Wang,Shuai Jiang,Abraham O. Fapojuwo

DOI: https://doi.org/10.3390/s17061227

IF: 3.9

2017-01-01

Sensors

Abstract:This article proposes a protocol layer trust-based intrusion detection scheme for wireless sensor networks. Unlike existing work, the trust value of a sensor node is evaluated according to the deviations of key parameters at each protocol layer considering the attacks initiated at different protocol layers will inevitably have impacts on the parameters of the corresponding protocol layers. For simplicity, the paper mainly considers three aspects of trustworthiness, namely physical layer trust, media access control layer trust and network layer trust. The per-layer trust metrics are then combined to determine the overall trust metric of a sensor node. The performance of the proposed intrusion detection mechanism is then analyzed using the t-distribution to derive analytical results of false positive and false negative probabilities. Numerical analytical results, validated by simulation results, are presented in different attack scenarios. It is shown that the proposed protocol layer trust-based intrusion detection scheme outperforms a state-of-the-art scheme in terms of detection probability and false probability, demonstrating its usefulness for detecting cross-layer attacks.

Xianliang Jiang,Jiangang Yang,Guang Jin,Wei

DOI: https://doi.org/10.1109/lcomm.2013.022713.122652

IF: 3.5529

2013-01-01

IEEE Communications Letters

Abstract:In traditional Active Queue Management algorithms, e.g. RED, each flow, defined with the source and destination IP address of packets, fairly contends for the cache of bottleneck queues. However a malicious flow cannot be identified. And it enables potential network-layer attacks, e.g. the flooding Denial-of-Service (DoS) attack and the low-rate DoS attack. In this letter, we propose a new scheme using the flows trust values to defend against DoS attacks. Different from previous schemes, it employs the flow trust to safeguard legitimate flows. A router monitors network flows and calculates flows trust values, which are used for the relevant queue management. Malicious flows would be with lower trust values while legitimate flows would be with higher ones. Simulation results show that the scheme improves the throughput and delay in DoS attacking scenarios comparing with existing queue management algorithms. We consider the scheme is practical and effective to secure networks.