Hossen A. Mustafa,Wenyuan Xu

DOI: https://doi.org/10.1109/CNS.2014.6997491

2014-01-01

Abstract:Wireless hotspots allow users to use Internet via Wi-Fi interface, and many shops, cafés, parks, and airports provide free wireless hotspot services to attract customers. However, there is no authentication mechanism of Wi-Fi access points (APs) available in such hotspots, which makes them vulnerable to evil twin AP attacks. Such attacks are harmful because they allow to steal sensitive data from users. Today, there is no client-side mechanism that can effectively detect an evil twin AP attack without additional infrastructure supports. In this paper, we propose a mechanism CETAD leveraging public servers to detect such attacks. CETAD only requires installing an app at the client device and does not require to change the hotspot APs. CETAD explores the similarities between the legitimate APs and discrepancies between evil twin APs, and legitimate ones to detect an evil twin AP attack. Through our implementation and evaluation, we show that CETAD can detect evil twin AP attacks in various scenarios effectively.

Yuxiang Lin,Yi Gao,Bingji Li,Wei Dong

DOI: https://doi.org/10.1145/3536423

2022-01-01

ACM Transactions on Sensor Networks

Abstract:The broadcast nature of wireless media makes WLANs easily attacked by rogue Access Points (APs) . Rogue AP attacks can potentially cause severe privacy leakage and financial loss. Hardware fingerprinting is the state-of-the-art technology to detect rogue APs since an attacker would find it difficult to set up a rogue AP with specific hardware fingerprints. However, existing hardware fingerprints not only depend on the AP but also depend on the client, significantly limiting their application scenarios. In this work, we investigate two novel client-agnostic fingerprints, which can be extracted using commercial off-the-shelf WiFi devices, to detect rogue APs. One is the power amplifier non-linearity fingerprint and the other is the frame interval distribution fingerprint . These two fingerprints remain consistent over time and space for the same AP but vary across different APs even with the same brand, model, and firmware. We use the fingerprint similarity between the candidate AP and the authorized AP for device authentication in typical indoor environments. We have also proposed a threshold-improved authentication scheme to improve the robustness of our system in dynamic environments. Our schemes can be implemented without modifying the infrastructural APs and can work well with new clients without rebuilding the fingerprint database. We evaluate our scheme in both in-lab and field scenarios, by analyzing 18 million WiFi packets. Results show that our scheme achieves an overall 96.55% positive detection rate and a 4.31% false alarm rate. Moreover, the threshold-improved authentication scheme can further reduce the false alarm rate by 13.0%-44.8% for dynamic environments.

Yuxiang Lin,Yi Gao,Bingji Li,Wei Dong

DOI: https://doi.org/10.1109/percom45495.2020.9127375

2020-01-01

Abstract:The broadcast nature of wireless medium makes WLANs easily be attacked by rogue Access Points (APs). Rogue AP attacks can potentially cause severe privacy leakage and financial lost. Hardware fingerprinting is the state-of-the-art technology to detect rogue APs, since an attacker would find it difficult to set up a rogue AP with specific hardware fingerprints. However, existing hardware fingerprints not only depend on the AP, but also depend on the client, significantly limiting their applicable scenarios. In this work, we investigate two novel client-agnostic fingerprints, which can be extracted using commercial off-the-shelf WiFi devices, to detect rogue APs. One is the power amplifier non-linearity fingerprint and the other is the frame interval distribution fingerprint. These two fingerprints remain consistent over time and space for the same AP but vary across different APs even with the same brand, model and firmware. We use the fingerprint similarity between the candidate AP and the authorized AP for device authentication. Our scheme can be implemented without modifying the infrastructural APs and can work well with new clients without rebuilding the fingerprint database. We evaluate our scheme in both in-lab and field scenarios, by analyzing 12 million WiFi packets. Results shows that our scheme achieves an overall 96.55% positive detection rate and a 4.31% false alarm rate.

Mahmoud A. Zaher,Nabil M. Eldakhly,,

DOI: https://doi.org/10.54216/ijwac.060202

2023-01-01

International Journal of Wireless and Ad Hoc Communication

Abstract:A wireless sensor network, also known as a WSN, is made up of thousands of minuscule sensor nodes that are connected to one another in order to monitor, track, and organize data collected in an unattended environment in the most prominent location. Due to its one-of-a-kind qualities, it has, the wireless sensor network is gaining traction in a variety of sectors and put to use in a wide range of applications, including surveillance, healthcare, and industry. These networks exposed to a variety of security flaws and major threats because of their dynamic design and deployment in an unsupervised environment. Cybercriminals prey on individuals who utilize the internet as well as organizations in order to get sensitive information. The hackers were able to access critical data on the company's systems, such as login information, credit card details, and bank account numbers. Phishing attacks are a sort of cyberattack in which hackers trick internet users into believing their websites are authentic in order to collect the users' private information. The purpose of these attacks is to steal this information. Malware assaults begin with the covert installation of malicious software on corporate servers or user PCs via the use of the internet. The attackers then continue to steal every piece of information that kept on the targeted server or computer. Malware used in an ever-increasing number of attacks these days. An incursion into a network is a kind of attack in which the perpetrator seeks to take possession of all of the network's resources. Approaches based on heuristic analysis and visual resemblance used, regardless of whether they are blacklisted or whitelisted.

Le Wang,Alexander M. Wyglinski

DOI: https://doi.org/10.1002/wcm.2527

2014-10-01

Wireless Communications and Mobile Computing

Abstract:Abstract Compared with a wired network, a wireless network is not protected by the cable transmission medium. Information is broadcasted over the air and it can be intercepted by anyone within the transmission range. Even though the transmissions could potentially be protected by security authentication mechanisms, malicious users can still intercept the information by mimicking the characteristics of normal user or a legitimate access point. This scenario is referred as a man‐in‐the‐middle (MITM) attack. In the MITM attack, the attackers can bypass the security mechanisms, intercept the unprotected transmission packets, and sniff the information. Because of several vulnerabilities in the IEEE 802.11 protocol, it is difficult to defend against a wireless MITM attack. In this paper, a received signal strength indicator (RSSI)‐based detection mechanism for MITM attacks is proposed. RSSI information is an arbitrary integer that indicates the power level being received by the antenna. The random RSSI values are processed via a sliding window, yielding statistic information about the signal characteristics such as mean and standard deviation profiles. By analyzing those profiles, the detection mechanism can detect if a rogue access point, the key component of an MITM attack, is launched. Our proposed approach has been validated via hardware experimentation using Backtrack 5 tools and MATLAB software suite. Copyright © 2014 John Wiley & Sons, Ltd.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yousri Daldoul

DOI: https://doi.org/10.48550/arXiv.2302.00338

2023-02-01

Abstract:The evil twin attack is a major security threat to WLANs. An evil twin is a rogue AP installed by a malicious user to impersonate legitimate APs. It intends to attract victims in order to intercept their credentials, to steal their sensitive information, to eavesdrop on their data, etc. In this paper, we study the security mechanisms of wireless networks and we introduce the different authentication methods, including 802.1X authentication. We show that 802.1X has improved security through the use of digital certificates but does not define any practical technique for the user to check the network certificate. Therefore, it remains vulnerable to the evil twin attack. To repair this vulnerability, we introduce Robust Certificate Management System (RCMS) which takes advantage of the digital certificates of 802.1X to protect the users against rogue APs. RCMS defines a new verification code to allow the user device to check the network certificate. This practical verification combined with the reliability of digital certificates provides a perfect protection against rogue APs. RCMS requires a small software update on the user terminal and does not need any modification of IEEE 802.11. It has a significant flexibility since trusting a single AP is enough to trust all the APs of the extended network. This allows the administrators to extend their networks easily without the need to update any database of trusted APs on the user devices.

Cryptography and Security,Networking and Internet Architecture

Dawei Yan,Yubo Yan,Panlong Yang,Wen-Zhan Song,Xiang-Yang Li,Pengfei Liu

DOI: https://doi.org/10.1109/jiot.2022.3223682

IF: 10.6

2023-03-25

IEEE Internet of Things Journal

Abstract:WiFi connections are vulnerable to simulated attacks from rogue access points (AP) or devices whose SSID and/or MAC/IP address are the same as legitimate devices. This kind of attack is difficult to counter with traditional network security mechanisms. In this paper, we propose a new security mechanism that uses environment-independent features extracted from channel state information (CSI) to detect and identify rogue WiFi devices or APs, and reject their connections. We find that due to the I/Q imbalance and imperfect oscillator of each WiFi network card (NIC), the nonlinear phase error of different subcarriers will vary with the NIC. Through our experimental verification, this cross-subcarrier phase feature is invariant to the location and the environment. We deploy systems on two platforms that can extract constant phase errors from the constantly changing CSI in less than one second, which is at least 8× faster than that of the state-of-the-art solution. Extensive experiments on commercial routers and end devices in different scenarios show that based on the Industral Platform Computer (IPC) platform, where only non-encrypted rogue connections can be detected, the detection accuracy rate reaches 96%, and the false alarm rate is less than 2%. Based on the ASUS router platform (a commercial WiFi router), WiFi channels and smart device types are not restricted, which greatly improved universality, and the accuracy of device connection detection can even reach more than 99%. We improve a device-type identification method based on the communication traffic features of the device when connected to WiFi. Experiments show that even if there are multiple similar devices from the same manufacturer, the accuracy of device type detection exceeds 99%.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shuai Jiang,Jian Wang

DOI: https://doi.org/10.12783/dtcse/wcne2016/5087

2017-01-01

DEStech Transactions on Computer Science and Engineering

Abstract:Wireless sensor networks have relatively weaker security performance compared to wired ones, and the MAC layer is a key part of their security system. In MAC layer, multiple synergetic attacks are more destructive than single attacks and more difficult to detect. In this paper, we propose a synthetical malicious behavior detection framework to detect when multiple attacks are launched in MAC layer. In this detection framework, we design a hierarchical data collection system to collect the necessary data for detection and propose the notion of behavioral deviation to roundly evaluate multiple aspects of behavior in MAC layer. Furthermore, we design a detection algorithm based on a hypothesis testing model to approximate the identity of malicious nodes. Finally, we prove the superiority of the synthetical detection framework compared with other kinds of single detection methods through simulation.

Zhiping Jiang,Jizhong Zhao,Xiang-Yang Li,Jinsong Han,Wei Xi

DOI: https://doi.org/10.1109/INFCOM.2013.6567061

2013-01-01

Abstract:Comparing to well protected data frames, Wi-Fi management frames (MFs) are extremely vulnerable to various attacks. Since MFs are transmitted without encryption or authentication, attackers can easily launch various attacks by forging the MFs. In a collaborative environment with many Wi-Fi sniffers, such attacks can be easily detected by sensing the anomaly RSS changes. However, it is quite difficult to identify these spoofing attacks without assistance from other nodes. By exploiting some unique characteristics (e.g., rapid spatial decorrelation, independence of Txpower, and much richer dimensions) of 802.11n Channel State Information (CSI), we design and implement CSITE, a prototype system to authenticate the Wi-Fi management frames on PHY layer merely by one station. Our system CSITE, built upon off-the-shelf hardware, achieves precise spoofing detection without collaboration and in-advance fingerprint. Several novel techniques are designed to address the challenges caused by user mobility and channel dynamics. To verify the performances of our solution, we conduct extensive evaluations in various scenarios. Our test results show that our design significantly outperforms the RSS-based method. We observe about 8 times improvement by CSITE over RSS-based method on the falsely accepted attacking frames.

Samir Ifzarne,Hiba Tabbaa,Imad Hafidi,Nidal Lamghari

DOI: https://doi.org/10.1088/1742-6596/1743/1/012021

2021-01-01

Journal of Physics: Conference Series

Abstract:Abstract The number of Wireless sensor network (WSN) deployments have been growing so exponentially over the recent years. Due to their small size and cost-effective, WSN are attracting many industries to use them in various applications. Environmental monitoring, security of buildings and precision agriculture are few example among several other fields. However, WSN faces high security threats considering most of them are deployed in unattended nature and hostile environment. In the aim of providing secure data processing in the WSN, many techniques are proposed to protect the data privacy while being transferred from the sensors to the base station. This work is focusing on attack detection which is an essential task to secure the network and the data. Anomaly detection is a key challenge in order to ensure the security and prevent malicious attacks in wireless sensor networks. Various machine learning techniques have been used by researchers these days to detect anomalies using offline learning algorithms. On the other hand online learning classifiers have not been thoroughly addressed in the literature. Our aim is to provide an intrusion detection model compatible with the characteristics of WSN. This model is built based on information gain ratio and the online Passive aggressive classifier. Firstly, the information gain ratio is used to select the relevant features of the sensor data. Secondly, the online Passive aggressive algorithm is trained to detect and classify different type of Deny of Service attacks. The experiment was conducted on a wireless sensor network-detection system (WSN-DS) dataset. The proposed model ID-GOPA results detection rate of 96% determining whether the network is in its normal mode or exposed to any type of attack. The detection accuracy is 86%, 68%, 63%, and 46% for scheduling, grayhole, flooding and blackhole attacks, respectively, in addition to 99% for normal traffic. These results shows that our model based on offline learning can be providing good anomaly detection to the WSN and replace online learning in some cases.

Manesh Thankappan,Helena Rifà-Pous,Carles Garrigues

DOI: https://doi.org/10.1109/access.2024.3362803

IF: 3.9

2024-02-20

IEEE Access

Abstract:One of the advanced Man-in-the-Middle (MitM) attacks is the Multi-Channel MitM (MC-MitM) attack, which is capable of manipulating encrypted wireless frames between clients and the Access Point (AP) in a Wireless LAN (WLAN). MC-MitM attacks are possible on any client no matter how the client authenticates with the AP. Key reinstallation attacks (KRACK) in 2017-18, and the latest FragAttacks in 2021 are frontline MC-MitM attacks that widely impacted millions of Wi-Fi systems, especially those with Internet of Things (IoT) devices. Although there are security patches against some attacks, they are not applicable to every Wi-Fi or IoT device. In addition, existing defense mechanisms to combat MC-MitM attacks are not feasible for two reasons: they either require severe firmware modifications on all the devices in a system, or they require the use of several advanced hardware and software for deployment. On top of that, high technical overhead is imposed on users in terms of network setup and maintenance. This paper presents the first plug-and-play system to detect MC-MitM attacks. Our solution is a lightweight, signature-based, and centralized online passive intrusion detection system that can be easily integrated into Wi-Fi-based IoT environments without modifying any network settings or existing devices. The evaluation results show that our proposed framework can detect MC-MitM attacks with a maximum detection time of 60 seconds and a minimum TPR (true positive rate) of 90% by short-distance detectors and 84% by long-distance detectors in real Wi-Fi or IoT environments.

computer science, information systems,telecommunications,engineering, electrical & electronic

Pengfei Liu,Panlong Yang,Wen-Zhan Song,Yubo Yan,Xiang-Yang Li

DOI: https://doi.org/10.1109/infocom.2019.8737455

2019-01-01

Abstract:WiFi has become a pervasive communication medium in connecting various devices of WLAN and IoT. However, WiFi connections are vulnerable to the impersonation attack from rogue access points (AP) or devices, whose SSID and/or MAC/IP address are identical to the legitimate devices. This kind of attack is difficult to countermeasure with traditional network security mechanisms. In this paper, we present a novel security mechanism to detect and identify rogue WiFi devices or AP using environment-independent characteristics extracted from channel state information (CSI), and refuse their connections. We find that nonlinear phase errors of different subcarriers change with WiFi network interface cards (NIC), due to the I/Q imbalance and imperfect oscillator of each WiFi NIC. Validated by our experiments, this phase feature across subcarriers is consistent and invariant to location and external environment, and can be extracted to build an essential signature of the NIC itself. Such signature of the transmitter can be calculated in real-time by the receiver and cannot be forged by rogue devices. Extensive experiments with dozens of WiFi devices demonstrate that the proposed mechanism can reliably detect the rogue WiFi connections and prevent impersonation in various scenarios. The speed of identification is 8$\times$ faster than that of the state-of-the-art solution. Moreover, the accuracy of rogue connection detection is up to 96% and false alarm rate is shown below 2%.

Shafiullah Khan,Muhammad Altaf Khan,Noha Alnazzawi

DOI: https://doi.org/10.3390/s24051641

IF: 3.9

2024-03-03

Sensors

Abstract:Wireless sensor networks (WSNs) are essential in many areas, from healthcare to environmental monitoring. However, WSNs are vulnerable to routing attacks that might jeopardize network performance and data integrity due to their inherent vulnerabilities. This work suggests a unique method for enhancing WSN security through the detection of routing threats using feed-forward artificial neural networks (ANNs). The proposed solution makes use of ANNs' learning capabilities to model the network's dynamic behavior and recognize routing attacks like black-hole, gray-hole, and wormhole attacks. CICIDS2017 is a heterogeneous dataset that was used to train and test the proposed system in order to guarantee its robustness and adaptability. The system's ability to recognize both known and novel attack patterns enhances its efficacy in real-world deployment. Experimental assessments using an NS2 simulator show how well the proposed method works to improve routing protocol security. The proposed system's performance was assessed using a confusion matrix. The simulation and analysis demonstrated how much better the proposed system performs compared to the existing methods for routing attack detection. With an average detection rate of 99.21% and a high accuracy of 99.49%, the proposed system minimizes the rate of false positives. The study advances secure communication in WSNs and provides a reliable means of protecting sensitive data in resource-constrained settings.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Md. Ashraf Uddin,Sunil Aryal,Mohamed Reda Bouadjenek,Muna Al-Hawawreh,Md. Alamin Talukder

2024-03-17

Abstract:The rapid expansion of varied network systems, including the Internet of Things (IoT) and Industrial Internet of Things (IIoT), has led to an increasing range of cyber threats. Ensuring robust protection against these threats necessitates the implementation of an effective Intrusion Detection System (IDS). For more than a decade, researchers have delved into supervised machine learning techniques to develop IDS to classify normal and attack traffic. However, building effective IDS models using supervised learning requires a substantial number of benign and attack samples. To collect a sufficient number of attack samples from real-life scenarios is not possible since cyber attacks occur occasionally. Further, IDS trained and tested on known datasets fails in detecting zero-day or unknown attacks due to the swift evolution of attack patterns. To address this challenge, we put forth two strategies for semi-supervised learning based IDS where training samples of attacks are not required: 1) training a supervised machine learning model using randomly and uniformly dispersed synthetic attack samples; 2) building a One Class Classification (OCC) model that is trained exclusively on benign network traffic. We have implemented both approaches and compared their performances using 10 recent benchmark IDS datasets. Our findings demonstrate that the OCC model based on the state-of-art anomaly detection technique called usfAD significantly outperforms conventional supervised classification and other OCC based techniques when trained and tested considering real-life scenarios, particularly to detect previously unseen attacks.

Cryptography and Security,Machine Learning

Amit Kleinmann,Ori Amichay,Avishai Wool,David Tenenbaum,Ofer Bar,Leonid Lev

DOI: https://doi.org/10.48550/arXiv.1706.09303

2017-06-28

Abstract:SCADA protocols for Industrial Control Systems (ICS) are vulnerable to network attacks such as session hijacking. Hence, research focuses on network anomaly detection based on meta--data (message sizes, timing, command sequence), or on the state values of the physical process. In this work we present a class of semantic network-based attacks against SCADA systems that are undetectable by the above mentioned anomaly detection. After hijacking the communication channels between the Human Machine Interface (HMI) and Programmable Logic Controllers (PLCs), our attacks cause the HMI to present a fake view of the industrial process, deceiving the human operator into taking manual actions. Our most advanced attack also manipulates the messages generated by the operator's actions, reversing their semantic meaning while causing the HMI to present a view that is consistent with the attempted human actions. The attacks are totaly stealthy because the message sizes and timing, the command sequences, and the data values of the ICS's state all remain legitimate. We implemented and tested several attack scenarios in the test lab of our local electric company, against a real HMI and real PLCs, separated by a commercial-grade firewall. We developed a real-time security assessment tool, that can simultaneously manipulate the communication to multiple PLCs and cause the HMI to display a coherent system--wide fake view. Our tool is configured with message-manipulating rules written in an ICS Attack Markup Language (IAML) we designed, which may be of independent interest. Our semantic attacks all successfully fooled the operator and brought the system to states of blackout and possible equipment damage.

Cryptography and Security

Dalia Nashat,Sabah M. Morsy

DOI: https://doi.org/10.1109/ACCESS.2022.3172329

IF: 3.9

IEEE Access

Abstract:Nowadays, cyber-attack is a severe criminal violation, and it is one of the most active fields of research. Man-in-the-middle attack (MITM) is a type of cyber-attack in which an unauthorized third party secretly accesses the communication between two hosts in the same network to read=modify the transferred data between them. ARP spoofing-based MITM attack exploits ARP protocol weakness where the attacker associates its MAC address with the IP address of an intended legitimate host. Although there are many defense approaches for ARP spoofing based-MITM attacks, these methods are uncompleted or have a performance overhead since they modify the original ARP protocol. Also, some of these approaches depend on the centralized server which leads to a single point of failure. This paper presents a detection scheme for ARP spoofing-based MITM attack called D-ARP which is compatible with the original ARP protocol. The main idea of D-ARP is to send an ARP packet signed with a key in parallel with the original ARP packets to make a correlation between requests and replies. Each host records the signed ARP packets whether it is a request or a reply in a log file. Based on this correlation, D-ARP matches the injected key to detect ARP spoofing if there is a duplicate or conflict in the MAC address. For more reliability, D-ARP uses the DHCP server and the Nmap feature to detect the MAC addresses of MITM attackers. Moreover, this scheme also offers a module for Admin to create a trusted list of hosts. The experimental results show that D-ARP is very effective to detect and prevent ARP spoofing with zero false positives and zero false negative probabilities without any modifications in the original ARP protocol.

Computer Science

Shaymaa Mahmood Naser,Yossra Hussain Ali,Dhiya Al-Jumeily OBE

DOI: https://doi.org/10.3991/ijoe.v18i11.33563

2022-08-31

International Journal of Online and Biomedical Engineering (iJOE)

Abstract:Nowadays, numerous attacks can be considered high risks in terms of the security of Wireless Sensor Networks (WSN). As a result, different applications are introduced to manage the data and information exchange and related security sides to be save in transmission of data. Recently, most of the security attacks are classified as cyber ones. These attacks interest in the system halting and destroying the data rather than stealing the data. In this paper, a cyber-attacks detection system is proposed based on an intelligent hybrid model that uses deep and machine learning technologies. The proposed model improves the cyber-attack detection speed. In addition, a feature reduction model is proposed using machine learning methods (PCA and SVD) to select the most related features to the adopted classes of attacks. This can positively affect the deep-learning model complexity. The obtained results demonstrate the superiority of the proposed hybrid model-based cyber detection system in comparison to the traditional ones in reaching an accuracy of 99.98%, 100%, 100%, 100% for precision, recall, and F1-measure respectively, and reducing the time to 23s for the datasets of Message Queuing Telemetry Transport-Dataset (MQTT-DS) and Wireless Sensor Networks Dataset (WSN-DS).

Najmun Nisa,Adnan Shahid Khan,Zeeshan Ahmad,Johari Abdullah

DOI: https://doi.org/10.1002/nem.2258

2024-01-14

International Journal of Network Management

Abstract:This research article proposes a novel system called Two‐Phase Authentication for Attack Detection (TPAAD) that aims to enhance the security of software‐defined networking by mitigating denial‐of‐service attacks. The methodology utilized in our study involves the implementation of packet filtration and ML classification techniques, which are subsequently followed by the targeted restriction of malevolent network traffic. Software‐defined networking (SDN) has received considerable attention and adoption owing to its inherent advantages, such as enhanced scalability, increased adaptability, and the ability to exercise centralized control. However, the control plane of the system is vulnerable to denial‐of‐service (DoS) attacks, which are a primary focus for attackers. These attacks have the potential to result in substantial delays and packet loss. In this study, we present a novel system called Two‐Phase Authentication for Attack Detection that aims to enhance the security of SDN by mitigating DoS attacks. The methodology utilized in our study involves the implementation of packet filtration and machine learning classification techniques, which are subsequently followed by the targeted restriction of malevolent network traffic. Instead of completely deactivating the host, the emphasis lies on preventing harmful communication. Support vector machine and K‐nearest neighbours algorithms were utilized for efficient detection on the CICDoS 2017 dataset. The deployed model was utilized within an environment designed for the identification of threats in SDN. Based on the observations of the banned queue, our system allows a host to reconnect when it is no longer contributing to malicious traffic. The experiments were run on a VMware Ubuntu, and an SDN environment was created using Mininet and the RYU controller. The results of the tests demonstrated enhanced performance in various aspects, including the reduction of false positives, the minimization of central processing unit utilization and control channel bandwidth consumption, the improvement of packet delivery ratio, and the decrease in the number of flow requests submitted to the controller. These results confirm that our Two‐Phase Authentication for Attack Detection architecture identifies and mitigates SDN DoS attacks with low overhead.

computer science, information systems,telecommunications

Mariam Elnour,Mohammad Noorizadeh,Mohammad Shakerpour,Nader Meskin,Khaled Khan,Raj Jain

DOI: https://doi.org/10.1109/access.2023.3303015

IF: 3.9

2023-08-22

IEEE Access

Abstract:In light of the advancement of the technologies used in industrial control systems, securing their operation has become crucial, primarily since their activity is consistently associated with integral elements related to the environment, the safety and health of people, the economy, and many others. This work presents a distributed, machine learning based attack detection and mitigation framework for sensor false data injection cyber-physical attacks in industrial control systems. It is developed using the system's standard operational data and validated using a hybrid testbed of a reverse osmosis plant. A MATLAB/Simulink-based simulation model of the process validated with actual data from a local plant is used. The control system is implemented using Siemens S7-1200 programmable logic controllers with 200SP Distributed Input/Output modules. The proposed solution can be adopted in the existing industrial control systems and demonstrated effective performance in real-time detection and mitigation of actual cyber-physical attacks launched by compromising the communication links between the process and the programmable logic controllers.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ali Taghavirashidizadeh,Arash Bahram Zarei,Arman Farsi

DOI: https://doi.org/10.48550/arXiv.2207.08014

2022-07-17

Abstract:Several years ago, wireless sensor networks were used only by the military. These networks, which have many uses and are subject to limitations, the most important of which is the energy constraint, this energy constraint creates the requirement that the number And the length of the messages exchanged between the sensors is low. Sensor networks do not have a stable topology due to their inaccessible environments, and continually changes with the disappearance or addition of a node, support for the topology is performed in three steps before deployment, after deployment and deployment. . The sensor nodes are scattered across the field and transmitted by a multidimensional connection to the sink. The communication protocol of the sensor networks used by all nodes in the network and sink. The protocol consists of five layers and three levels of management. Sensor networks require a kind of security mechanism due to inaccessibility and protection. Conventional security mechanisms are inefficient due to the inherent limitations of sensor nodes in these networks. Sensor nodes, due to energy and resource constraints, require security requirements such as the confidentiality of data integrity data, authentication, synchronization, etc. Currently, many organizations use wireless sensor networks for purposes such as air, Pollution, Traffic Control and Healthcare Security is the main concern of wireless sensor networks. In this article, I will focus on the types of security attacks and their detection. This article outlines security needs and security attacks in wireless sensor networks. Also, the security criteria in wireless sensor networks are mentioned.

Signal Processing