Rida Khatoun

Towards secure route discovery protocol in MANET

Wireless Mobile ad hoc network (MANET) has become an exciting and important technology in recent years because of a rapid proliferation of wireless devices. MANET is a self-organizing network of wireless links connecting mobile nodes. MANETs technology offers both new challenges and opportunities for many applications. One of the major challenges for ad hoc technology is routing security, due essentially to MANET features (e.g., open medium, lack of centralized management, nodes mobility). In this paper, we propose ASRP, an efficient secure routing protocol to ensure the routing security in ad hoc networks. ASRP provides powerful security extensions to the reactive AODV protocol, based on modified secure remote password protocol and Diffie-Hellman (DH) algorithms. The simulation results show the efficiency of the proposed ASRP protocol, and its cost towards both the users and the network.

Content pollution quantification in large P2P networks : A measurement study on KAD

Content pollution is one of the major issues affecting P2P file sharing networks. However, since early studies on FastTrack and Overnet, no recent investigation has reported its impact on current P2P networks. In this paper, we present a method and the supporting architecture to quantify the pollution of contents in the KAD network. We first collect information on many popular files shared in this network. Then, we propose a new way to detect content pollution by analyzing all filenames linked to a content with a metric based on the Tversky index and which gives very low error rates. By analyzing a large number of popular files, we show that 2/3 of the contents are polluted, one part by index poisoning but the majority by a new, more dangerous, form of pollution that we call index falsification.

Understanding botclouds from a system perspective: A principal component analysis

Cloud computing is gaining ground and becoming one of the fast growing segments of the IT industry. However, if its numerous advantages are mainly used to support a legitimate activity, it is now exploited for a use it was not meant for: malicious users leverage its power and fast provisioning to turn it into an attack support. Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use since they can be setup on demand and at very large scale without requiring a long dissemination phase nor an expensive deployment costs. For cloud service providers, preventing their infrastructure from being turned into an Attack as a Service delivery model is very challenging since it requires detecting threats at the source, in a highly dynamic and heterogeneous environment. In this paper, we present the result of an experiment campaign we performed in order to understand the operational behavior of a botcloud used for a DDoS attack. The originality of our work resides in the consideration of system metrics that, while never considered for state-of-the-art botnets detection, can be leveraged in the context of a cloud to enable a source based detection. Our study considers both attacks based on TCP-flood and UDP-storm and for each of them, we provide statistical results based on a principal component analysis, that highlight the recognizable behavior of a botcloud as compared to other legitimate workloads.

Cybersecurity and Privacy Solutions in Smart Cities

The increasing proliferation and deployment of ICT in the infrastructure of cities has increased interest in smart cities. The long-term objective of a smart city is to enhance the quality of services provided to citizens and ultimately improve their quality of life. However, incorporating ICT opens up various security and privacy issues in smart cities, along with the people living in them. We briefly present the fundamental design concepts of a smart city and review recent smart city initiatives and projects. After identifying several security vulnerabilities and privacy issues within the context of smart cities that must be addressed, we then discuss various privacy and security solutions, recommendations, and standards for smart cities and their services.

A Watchdog extension scheme considering packet loss for a reputation system in wireless mesh network

Most trust and reputation systems in wireless mesh networks are based on the intrusion detection system (IDS) Watchdog. This IDS enables nodes to detect whether their next node on a path flow forwards correctly packets or not by overhearing its transmissions. However, as Watchdog does not consider the packet loss ratio, it can lead to false positives. Indeed, a node can accuse another node of misbehaving whereas in reality it suffers from link loss. In order to overcome this issue, we propose an extension scheme to the Watchdog IDS which enables a node to determine whether it does not overhear its next node due to packet loss issue or due to misbehavior. To reach this goal, we assume that malicious nodes drop both acknowledgements and forwarded packets with different frequencies. Thus, our scheme compares the distribution of a nodes acknowledgment with its distribution of forwarded packets of data to detect misbehaving nodes. Furthermore, we extend our scheme so that it enables a node to monitor both its next node and its previous node on a flow path.

Decentralized Alerts Correlation Approach for DDoS Intrusion Detection

Availability is one of the main characteristics of Internet security and hence attacks against networks increase trying to stop services on servers. Distributed denial of service attacks are very dangerous for computer networks and services availability. Various defense systems were proposed. Unfortunately, until now, there is no efficient solution. This paper presents a decentralized architecture for an intrusion detection approach. The central point of this paper is the alert correlation among Snort intrusion detection systems (IDS). We believe that this approach optimizes the detection performance in a completely distributed fashion by relying on Pastry overlay network as indexing and routing protocol. We propose novel approach that will be improved in the future work.

A First Approach to Detect Suspicious Peers in the KAD P2P Network

Several large scale P2P networks are based on a distributed hash table. They all suffer from a critical issue allowing malicious nodes to be inserted in specific places on the DHT for undesirable purposes (monitoring, DDoS, pollution, etc.). However, no study so far considered the actual deployment of such attacks. We propose a first approach to detect suspicious peers in the KAD P2P network. First, we describe and evaluate our crawler which can get an accurate view of the network. Then, we analyze the distances between the peers and the contents indexed in the DHT to detect suspicious peers. Our results show that hundreds of KAD entries are clearly under attack during our measurements.

Vehicle Driving Pattern Based Sybil Attack Detection

In recent years, vehicular networks have been drawing special attention because of its significant potential role in future smart city regarding traffic efficiency improvement and road safety. Safetys crucial status in vehicular networks is determined by its direct impact on peoples lives. Several security services based on cryptography, PKI and pseudonymous have been standardized in the past few years by IEEE and ETSI. However, vehicular networks are still vulnerable to critical attacks and the Sybil attack is one of them. This paper proposes a Sybil attack detection method based on vehicle driving pattern in urban scenario. In this method, Driving Pattern Matrices (DPMs) are constructed for each vehicle based on the beaconing messages they communicate. Then, a minimum distance classifier is used to evaluate their driving pattern and detect the unusual pattern. The simulation results show that our detection method can reach a high detection rate with a low error rate.

A collaborative approach for a source based detection of botclouds

Since the last years, cloud computing is playing an important role in providing high quality of IT services. However, beyond a legitimate usage, the numerous advantages it presents are now exploited by attackers, and botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use. In this paper, we present an original approach that enables a collaborative egress detection of DDoS attacks leveraged by a botcloud. We provide an early evaluation of our approach using simulations that rely on real workload traces, showing our detection system effectiveness and low overhead, as well as its support for incremental deployment in real cloud infrastructures.

An efficient admission control model based on dynamic link scheduling in wireless mesh networks

BackgroundWireless mesh networks (WMNs) are a very attractive new field of research. They are low cost, easily deployed, and a high-performance solution to last-mile broadband Internet access. In WMNs, admission control (AC) is one of the key traffic management mechanisms that should be deployed to provide quality of service (QoS) support for real-time traffic.ResultsIn this paper, we introduce a novel admission control model, based on bandwidth and delay parameters, which integrates a dynamic link scheduling scheme. The proposed model is built on two different methods to access the medium: on a contention-based channel access method for control packets and on a dynamic time division multiple access (DTDMA) for data packets. Each time a new flow is admitted in the network, the WMN’s link scheduling is modified according to the flows’ requirement and network conditions while respecting the signal-to-interference-plus-noise ratio (SINR); this allows establishing collision-free transmissions.ConclusionsUsing extensive simulations, we demonstrate that our model achieves high resource utilization by improving throughput, establishing collision-free transmission, as well as respecting requirements of admitted flows in terms of delay and bandwidth.