Joseph Soryal

IEEE 802.11 Denial of Service attack detection in MANET

Denial of Service (DoS) attack is a simple form of attack that has significant impact on the legitimate network users in terms of available bandwidth. The purpose of this paper is to detect and identify the attacker who is employing Denial of Service attack to disrupt the network in Mobile Ad-hoc Networks (MANET) using IEEE 802.11 DCF protocols [1][2][3]. The detection process will be examined in a mobile environment with multiple PHY layer techniques (FHSS, DSSS, and OFDM) employing different MAC layer protocols (IEEE 802.11, IEEE 802.11b, and IEEE 802.11g) Attackers manipulate the IEEE 802.11 DCF standards on their machines to illegally increase the probability of successful packet transmission on the expense of the legitimate nodes bandwidth. The DoS attacker does not have valid information in the transmitted packets but the attackers goal is to capture the channel to prevent legitimate users from communicating. DoS attack can be performed and targeted to affect any layer of the OSI layers, in this paper we only deal with attacks on the MAC layer. The theoretical network throughput in terms of maximum number of packets transmitted per second will be derived using two dimensional Markov Chain [4] to determine the network capacity. Solutions of the Markov Chain model will be validated by network simulation [5] to determine the baseline for the maximum achievable throughput in the network under normal conditions where the standards are followed properly.

IEEE 802.11 DoS attack detection and mitigation utilizing Cross Layer Design

Denial of Service (DoS) attack is a powerful attack that disrupts the network and deprives the legitimate users from utilizing the network resources. DoS attacks could be implemented to target any layer of the Open Systems Interconnection (OSI) layers, in this paper we are focusing on DoS attacks that target the Medium Access Control (MAC) layer in wireless networks. We present a complete solution using Cross Layer Design techniques to detect and identify the attackers and to mitigate the attack by minimizing the negative impact on the network. DoS attacks could range from plain attacks which do not require any protocol modifications or intelligence during the attack like the signal jamming attack to sophisticated attacks where the attacker is intelligent and aware of its surroundings and constantly modifying its behavior during the attack to appear as a legitimate node to avoid detection. In this paper we are focusing on the sophisticated DoS attack in wireless networks using IEEE 802.11 Distributed Coordination Function (DCF) protocols [1-3], where the attacker is striving to appear as a legitimate member of the network and fully joined the network group and possesses for instance the spread sequence or the channel coding scheme. The algorithm is examined in fixed and mobile environments with multiple Physical (PHY) layer technologies (DSSS, FHSS, and OFDM) using different MAC layer protocols (IEEE 802.11, IEEE 802.11b, and IEEE 802.11g). DoS attackers illegally alter the IEEE 802.11 DCF standards and modify the MAC firmware code in the Network Interface Card (NIC) on their communication equipment to capture the channel by maximizing the packet transmission success rate to a degree where all other legitimate node will have near zero percent success rate for their packet transmissions. This type of DoS attack generally results in bandwidth starvation and extreme power and CPU processing consumption to the legitimate nodes in the network. Two-dimensional Markov Chain is modeled to obtain the maximum throughput to identify the DoS attackers and the rest of the presented algorithm mitigates the impact of the attackers while deceiving the attackers and make them falsely believe that the attacks are still disrupting the network so they do not resort to modifying the attacking techniques. The algorithm is validated using network simulations under different condition using different technologies.

DoS attack detection in Internet-connected vehicles

The paper presents a light weight technique to detect the Denial of Service (DoS) behavior applied by malicious users in Internet-connected vehicles using Wi-Fi to access the Internet via hotspots installed on the roads. Malicious nodes manipulate the IEEE 802.11 DCF standards to illegally gain extra throughput and increase the probability of having a successful packet transmission on the expense of the honest users that follow the protocol standards. The theoretical network throughput is derived using two-dimensional Markov Chain to determine the network capacity. Results obtained by the theoretical computations are validated by network simulation to determine the baseline for the maximum achievable throughput in the network under fair conditions where all nodes follow the IEEE standards. An approach is presented to enable all the nodes in IEEE 802.11 network with a mechanism to detect and identify the malicious nodes in a distributed environment. Results are presented to prove the effectiveness and feasibility of the proposed algorithm.

Byzantine Attack Isolation in IEEE 802.11 Wireless Ad-Hoc Networks

This paper introduces an effective solution against Denial of Service (DoS) implemented by byzantine attack in a fully distributed ad-hoc wireless network employing IEEE 802.11. Byzantine attack is the attack performed by a fully trusted node thats turned rogue and already has passed all the authentication and verification processes. When a trusted node is turned rogue, it can easily perform DoS attack on the media access control (MAC) layer to prevent other nodes from communicating. DoS attack is an easy and effective method to disrupt the communications. The byzantine attacker will alter the implementation of the IEEE 802.11 DCF standards to illegally increase the probability of having a successful packet transmitted into the channel on the expense of the other nodes that follow the protocol standards. The solution presented in this paper depends on three stages. First stage is to identify the attacker using mathematical modeling. The second stage utilizes asymmetric cryptography to allow the good nodes communicate to agree on communicating on another frequency and excluding the byzantine attacker, and finally the third stage where the good nodes change the frequency via controlling their transmitters and receivers. The theoretical throughput will be generated using two dimensional Markov Chain to determine the network capacity. Results obtained by the theoretical computations will be used to constantly monitor the network and identify an attacker if present. A cross layer technique will allow the MAC layer to control the Physical layer to change the frequency of the communication session based on the MACs decision of identifying an attacker.

Countermeasure technique to combat greedy behavior in ad-hoc wireless networks

Greedy users deviate from the IEEE 802.11 Distributed Coordination Function (DCF) standards to unfairly increase their shares of the bandwidth on the expense of other standard-abiding users. The greedy behavior is implemented by modifying the firmware of the network interface card to manipulate the back-off timer. This paper presents a methodology using non cooperative game theory to formulate a countermeasure technique to combat the greedy behavior in ad-hoc networks using proactive routing protocol. The effect of the greedy attack on the Optimized Link State Routing Protocol (OLSR) is evaluated to show the impact of the greedy behavior on the other nodes inside the network. The greedy node attempts to maximize its share of the bandwidth to increase data rate transmitted and to reduce its buffer queues and the need of retransmitting packets due to the unavailability of the bandwidth which will save resources (power and CPU processing) for the greedy node. The algorithm consists of three stages, first is to detect and identify the greedy node, then the greedy node will be temporarily isolated in the second stage. In the third stage, the greedy node will be given a second chance to join the group given that it will follow the standards. The game theory approach will consider all players (nodes) are rationale which will enable each node to review its past decisions and outcomes before making new decision.

Smart Grid DNP3 Vulnerability Analysis and Experimentation

This paper highlights different security threats and vulnerabilities that is being challenged in smart-grid utilizing Distributed Network Protocol (DNP3) as a real time communication protocol. Experimentally, we will demonstrate two scenarios of attacks, unsolicited message attack and data set injection. The experiments were run on a computer virtual environment and then simulated in DETER testbed platform. The use of intrusion detection system will be necessary to identify attackers targeting different part of the smart grid infrastructure. Therefore, mitigation techniques will be used to ensure a healthy check of the network and we will propose the use of host-based intrusion detection agent at each Intelligent Electronic Device (IED) for the purpose of detecting the intrusion and mitigating it. Performing attacks, attack detection, prevention and counter measures will be our primary goal to achieve in this research paper.

DoS detection in IEEE 802.11 with the presence of hidden nodes.

The paper presents a novel technique to detect Denial of Service (DoS) attacks applied by misbehaving nodes in wireless networks with the presence of hidden nodes employing the widely used IEEE 802.11 Distributed Coordination Function (DCF) protocols described in the IEEE standard [1]. Attacker nodes alter the IEEE 802.11 DCF firmware to illicitly capture the channel via elevating the probability of the average number of packets transmitted successfully using up the bandwidth share of the innocent nodes that follow the protocol standards. We obtained the theoretical network throughput by solving two-dimensional Markov Chain model as described by Bianchi [2], and Liu and Saadawi [3] to determine the channel capacity. We validated the results obtained via the theoretical computations with the results obtained by OPNET simulator [4] to define the baseline for the average attainable throughput in the channel under standard conditions where all nodes follow the standards. The main goal of the DoS attacker is to prevent the innocent nodes from accessing the channel and by capturing the channel’s bandwidth. In addition, the attacker strives to appear as an innocent node that follows the standards. The protocol resides in every node to enable each node to police other nodes in its immediate wireless coverage area. All innocent nodes are able to detect and identify the DoS attacker in its wireless coverage area. We applied the protocol to two Physical Layer technologies: Direct Sequence Spread Spectrum (DSSS) and Frequency Hopping Spread Spectrum (FHSS) and the results are presented to validate the algorithm.

Combating Insider Attacks in IEEE 802.11 Wireless Networks with Broadcast Encryption

The IEEE 802.11 protocols are used by millions of smartphone and tablet devices to access the Internet via Wi-Fi wireless networks or communicate with one another directly in a peer-to-peer mode. Insider attacks are those originating from a trusted node that had initially passed all the authentication steps to access the network and then got compromised. A trusted node that has turned rogue can easily perform Denial-of-Service (DoS) attacks on the Media Access Control (MAC) layer by illegally capturing the channel and preventing other legitimate nodes from communicating with one another. Insider attackers can alter the implementation of the IEEE 802.11 Distributed Coordination Function (DCF) protocol residing in the Network Interface Card (NIC) to illegally increase the probability of successful packet transmissions into the channel at the expenses of nodes that follow the protocol standards. The attacker fools the NIC to upgrade its firmware and forces in a version containing the malicious code. In this paper, we present a distributed solution to detect and isolate the attacker in order to minimize the impact of the DoS attacks on the network. Our detection algorithm enhances the DCF firmware to enable honest nodes to monitor each others traffic and compare their observations against honest communication patterns derived from a two-dimensional Markov chain. A channel hopping scheme is then used on the physical layer (PHY) to evade the attacker. To facilitate communication among the honest member stations and minimize network downtime, we introduce two isolation algorithms, one based on identity-based encryption and another based on broadcast encryption. Our simulation results show that the latter enjoys quicker recovery time and faster network convergence.

Power-Aware Architecture to Combat Intelligent Adaptive Attacks in Ad-Hoc Wireless Networks

The paper presents a novel technique to combat smart adaptive attacks in ad-hoc wireless networks where battery power and bandwidth are scarce. Nodes in ad-hoc wireless networks can assume the roles of transmitters, receivers, and/or routers in case they fall geographically between two communicating nodes. Malicious nodes deviate from the standard communications protocols to illegally maximize their share of the bandwidth and save their battery power for their own communication. When the malicious node has data packets to transmit, it increases the power of the transmitted signal to increase the throughput and reduce the delay and retransmission attempts. This behavior adversely affects the rest of the nodes that follow the standard communication protocols. When the malicious node receives a packet that is not destined to it, the malicious node forwards the packet with very low transmission power level to save power and in this case, the packet reaches the next hop without enough signal strength to be decoded correctly. In this type of sophisticated attacks, malicious nodes deal with the control packets according to the standards so it keeps itself visible inside the network in case there are packets destined to it. Our end-to-end algorithm detects and isolates those types of attackers to maintain the resiliency of the network against the malicious behavior.