• Journal of Communications and Networks
• /
• 제15권2호
• /
• pp.122-131
• /
• 2013

We address the problem of effective vehicular routing in hostile scenarios where malicious nodes intend to jeopardize the delivery of messages. Compromised vehicles can severely affect the performance of the network by a number of attacks, such as selectively dropping messages, manipulating them on the fly, and the likes. One of the best performing solutions that has been used in static wireless sensor networks to deal with these attacks is based on the concept of watchdog nodes (also known as guard nodes) that collaborate to continue the forwarding of data packets in case a malicious behavior in a neighbor node is detected. In this work, we consider the beacon-less routing algorithm for vehicular environments routing protocol, which has been previously shown to perform very well in vehicular networks, and analyze whether a similar solution would be feasible for vehicular environments. Our simulation results in an urban scenario show that watchdog nodes are able to avoid up to a 50% of packet drops across different network densities and for different number of attackers, without introducing a significant increase in terms of control overhead. However, the overall performance of the routing protocol is still far from optimal. Thus, in the case of vehicular networks, watchdog nodes alone are not able to completely alleviate these security threats.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권7호
• /
• pp.3386-3411
• /
• 2019

Secured and reliable routing is a crucial factor for improving the performance of Wireless Mesh Networks (WMN) since these networks are susceptible to many types of attacks. The existing assumption about the internal nodes in wireless mesh networks is that they cooperate well during the forwarding of packets all the time. However, it is not always true due to the presence of malicious and mistrustful nodes. Hence, it is essential to establish a secure, reliable and stable route between a source node and a destination node in WMN. In this paper, a trust based secure routing algorithm is proposed for enhancing security and reliability of WMN, which contains cross layer and subject logic based reliable reputation scheme with security tag model for providing effective secured routing. This model uses only the trusted nodes with the forwarding reliability of data transmission and it isolates the malicious nodes from the providing path. Moreover, every node in this model is assigned with a security tag that is used for efficient authentication. Thus, by combining authentication, trust and subject logic, the proposed approach is capable of choosing the trusted nodes effectively to participate in forwarding the packets of trustful peer nodes successfully. The simulation results obtained from this work show that the proposed routing protocol provides optimal network performance in terms of security and packet delivery ratio.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권9호
• /
• pp.2370-2387
• /
• 2012

A new security management model based on Rough set and Bayesian learner is proposed in the paper. The model focuses on finding out malicious nodes and getting them under control. The degree of dissatisfaction (DoD) is defined as the probability that a node belongs to the malicious node set. Based on transaction history records local DoD (LDoD) is calculated. And recommended DoD (RDoD) is calculated based on feedbacks on recommendations (FBRs). According to the DoD, nodes are classified and controlled. In order to improve computation accuracy and efficiency of the probability, we employ Rough set combined with Bayesian learner. For the reason that in some cases, the corresponding probability result can be determined according to only one or two attribute values, the Rough set module is used; And in other cases, the probability is computed by Bayesian learner. Compared with the existing trust model, the simulation results demonstrate that the model can obtain higher examination rate of malicious nodes and achieve the higher transaction success rate.

• Journal of Communications and Networks
• /
• 제15권2호
• /
• pp.164-172
• /
• 2013

We consider the problem of secure and robust clustering for quantized target tracking in wireless sensor networks (WSN) where the observed system is assumed to evolve according to a probabilistic state space model. We propose a new method for jointly activating the best group of candidate sensors that participate in data aggregation, detecting the malicious sensors and estimating the target position. Firstly, we select the appropriate group in order to balance the energy dissipation and to provide the required data of the target in the WSN. This selection is also based on the transmission power between a sensor node and a cluster head. Secondly, we detect the malicious sensor nodes based on the information relevance of their measurements. Then, we estimate the target position using quantized variational filtering (QVF) algorithm. The selection of the candidate sensors group is based on multi-criteria function, which is computed by using the predicted target position provided by the QVF algorithm, while the malicious sensor nodes detection is based on Kullback-Leibler distance between the current target position distribution and the predicted sensor observation. The performance of the proposed method is validated by simulation results in target tracking for WSN.

• Journal of information and communication convergence engineering
• /
• 제9권6호
• /
• pp.676-682
• /
• 2011

Sybil attack can disrupt proper operations of wireless sensor network by forging its sensor node to multiple identities. To protect the sensor network from such an attack, a number of countermeasure methods based on RSSI (Received Signal Strength Indicator) and LQI (Link Quality Indicator) have been proposed. However, previous works on the Sybil attack detection do not consider the fact that Sybil nodes can change their RSSI and LQI strength for their malicious purposes. In this paper, we present a Sybil attack detection method based on a transmission power range. Our proposed method initially measures range of RSSI and LQI from sensor nodes, and then set the minimum, maximum and average RSSI and LQI strength value. After initialization, monitoring nodes request that each sensor node transmits data with different transmission power strengths. If the value measured by monitoring node is out of the range in transmission power strengths, the node is considered as a malicious node.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권6호
• /
• pp.1706-1727
• /
• 2023

Under Water Sensor Networks (UWSN) has gained attraction among various communities for its potential applications like acoustic monitoring, 3D mapping, tsunami detection, oil spill monitoring, and target tracking. Unlike terrestrial sensor networks, it performs an acoustic mode of communication to carry out collaborative tasks. Typically, surface sink nodes are deployed for aggregating acoustic phenomena collected from the underwater sensors through the multi-hop path. In this context, UWSN is constrained by factors such as lower bandwidth, high propagation delay, and limited battery power. Also, the vulnerabilities to compromise the aquatic environment are in growing numbers. The paper proposes an Energy-Efficient standalone Intrusion Detection System (EEIDS) to entail the acoustic environment against malicious attacks and improve the network lifetime. In EEIDS, attributes such as node ID, residual energy, and depth value are verified for forwarding the data packets in a secured path and stabilizing the nodes' energy levels. Initially, for each node, three agents are modeled to perform the assigned responsibilities. For instance, ID agent verifies the node's authentication of the node, EN agent checks for the residual energy of the node, and D agent substantiates the depth value of each node. Next, the classification of normal and malevolent nodes is performed by determining the score for each node. Furthermore, the proposed system utilizes the sheep-flock heredity algorithm to validate the input attributes using the optimized probability values stored in the training dataset. This assists in finding out the best-fit motes in the UWSN. Significantly, the proposed system detects and isolates the malicious nodes with tampered credentials and nodes with lower residual energy in minimal time. The parameters such as the time taken for malicious node detection, network lifetime, energy consumption, and delivery ratio are investigated using simulation tools. Comparison results show that the proposed EEIDS outperforms the existing acoustic security systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권11호
• /
• pp.5354-5369
• /
• 2019

Sensor networks are deployed in unheeded environment to monitor the situation. In view of the unheeded environment and by the nature of their communication channel sensor nodes are vulnerable to various attacks most commonly malicious packet dropping attacks namely blackhole, grayhole attack and sinkhole attack. In each of these attacks, the attackers capture the sensor nodes to inject fake details, to deceive other sensor nodes and to interrupt the network traffic by packet dropping. In all such attacks, the compromised node advertises itself with fake routing facts to draw its neighbor traffic and to plunge the data packets. False routing advertisement play vital role in deceiving genuine node in network. In this paper, behavior based routing misbehavior detection (BRMD) is designed in wireless sensor networks to detect false advertiser node in the network. Herein the sensor nodes are monitored by its neighbor. The node which attracts more neighbor traffic by fake routing advertisement and involves the malicious activities such as packet dropping, selective packet dropping and tampering data are detected by its various behaviors and isolated from the network. To estimate the effectiveness of the proposed technique, Network Simulator 2.34 is used. In addition packet delivery ratio, throughput and end-to-end delay of BRMD are compared with other existing routing protocols and as a consequence it is shown that BRMD performs better. The outcome also demonstrates that BRMD yields lesser false positive (less than 6%) and false negative (less than 4%) encountered in various attack detection.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권3호
• /
• pp.1113-1135
• /
• 2018

Existing trust evaluation models for wireless sensor networks can accurately and objectively evaluate trust value of nodes, but the nodes' energy saving problem was ignored. Especially when there are a few malicious nodes in a network, the overall trust value calculation for all nodes would waste lots of energy. Beside that, the network failure caused by nodes death was also not considered. In this paper, we proposed a method for avoiding energy hole which applied trust evaluation models and a trust evaluation method based on information entropy, so as to achieve the purpose of improving nodes utilization. Simulation results show that the proposed method can effectively improve nodes utilization, and it has reasonable detection rate and lower false alert rate compared to other classical methods.

• 한국멀티미디어학회논문지
• /
• 제12권11호
• /
• pp.1593-1608
• /
• 2009

다중 홉 무선 네트워크에서는 일부 중계 단말이 악의적인 목적으로 비협력적이거나 이기적인 행동을 하면 네트워크의 성능이 저하되는 문제점이 발생한다. 무선 단말간의 협력적인 동작을 가정한 기존의 애드혹 라우팅 기법에서는 악의적으로 행동하는 이기적인 무선 단말에 의해 발생되는 성능 감소 문제를 해결할 수 없다. 이에 본 논문에서는 다중 홉 무선 네트워크의 성능을 향상 시킬 수 있는 평판 기반의 협력적 애드혹 라우팅 프로토콜인 CARE (Cooperative Ad hoc routing protocol based REputation) 기법을 제안하였다. 제안한 CARE 기법은 홉 대 홉 기반의 패킷 포워딩 과정에서 악의적으로 행동하거나 무단으로 라우팅 경로에서 이탈하는 이기적인 무선 단말을 우회하도록 라우팅 경로를 설정하는 네트워크 계층간의 수평적 상호 작용을 제공한다. 그리고 CARE 기법은 수직적 상호 작용을 기반으로 하여 MAC 계층으로부터 획득한 무선 채널의 상황 정보를 반영하여 라우팅 경로의 품질 향상시키며, 네트리크 계층에서 획득한 무선 단말의 평판 정보를 전송 계통에 반영하여 TCP의 성능 향상을 제공한다. CARE로 기법의 성능을 평가한 결과, 단말의 빈번한 이동과 악의적인 단말이 존재하는 다중 홉 무선 네트워크 환경에서 패킷 전송의 낮은 실패율과 패킷의 평균 전송 시간의 향상을 제공함과 동시에 종단간 무선 단말의 향상된 TCP 성능을 확인하였다.

• 정보처리학회논문지C
• /
• 제12C권5호
• /
• pp.623-632
• /
• 2005

애드혹 네트워크는 기존의 유무선 네트워크의 고정된 기반시설(infrastructure) 없이 이동 호스트들만으로 구성된 무선 환경의 네트워크이다. 애드혹 네트워크의 기본 특성, 즉, 링크의 불안정성, 각 노드의 물리적 보호의 한계, 노드간 연결의 산재성, 토폴로지의 동적인 변화 뿐 아니라 악의적인 노드의 활동으로 인해 라우팅 보안에 대한 위험성은 매우 높다 따라서 본 논문에서는 애드혹 네트워크에서 경로 탐색이나 설정 과정중 악의적인 노드가 라우팅 메시지를 변조, 위조하거나 다른 노드를 가장하여 잘못된 라우팅 정보를 네트워크에 주입시키는 공격을 방지하기 위하여 일방향 해쉬 함수를 기초로 한 one-time 전자 서명을 이용한 라우팅 보안 메커니즘을 제안한다. 제안하는 메커니즘에서 노드들은 라우팅 메시지를 서명하기 위하여 공개키 요소의 첫 세트를 반복적으로 해쉬 함수에 적용함으로써 해쉬 체인을 생성하고, 생성된 해쉬 체인으로부터 공개키 요소들을 여러 세트 유도하여 해쉬 테이블을 생성한다. 해쉬 테이블 생성 후, 노드들은 자신의 공개키 요소를 다른 노드들에게 공표하고 라우팅 메시지를 전송할 경우 one-time 전자 서명을 포함한다. 이러한 one-time 전자 서명은 라우팅 메시지를 인증하고 메시지에 무결성을 제공한다. 제안하는 라우팅 보안 메커니즘은 이동성이 높은 네트워크 환경에서는 보안을 고려하지 않은 라우팅 메커니즘에 비해 라우팅 오버헤드가 좀더 높아지지만, 경로를 탐색하고 설정하는 과정에서 악의적인 노드의 공격에 대하여 훨씬 높은 안전성을 제공함을 시뮬레이션을 통해서 확인할 수 있다.