Syed Ali Khayam

Markov-based modeling of wireless local area networks

Errors introduced by a wireless medium are more frequent and profound than contemporary wired media. Some of these errors, which are not corrected by the physical layer, result in Medium Access Control (MAC) layer bit errors and packet losses. Design of wireless protocols and applications can benefit substantially from a thorough understanding of these MAC layer impairments. This paper evaluates and proposes Markov-based stochastic chains to model the 802.11b MAC-to-MAC channel behavior for both bit errors and packet losses. We introduce an Entropy Normalized Kullback-Leibler measure to evaluate the performance of existing and new bit error and packet loss models. Based on the proposed measure, and contrary to recent results for mobile networks, we demonstrate that the traditional two-state Markov chain provides a very suitable model for the 802.11b MAC-to-MAC packet loss process. However, this simple model is not adequate for bit errors observed at the MAC layer of wireless local area networks. Consequently, we evaluate three other Markov-based chains for modeling these errors: full-state, hidden, and hierarchical Markov chains. Among these chains, we illustrate that the full-state Markov bit error model, evaluated under a wide range of order values, renders the best performance.

A Taxonomy of Botnet Behavior, Detection, and Defense

A number of detection and defense mechanisms have emerged in the last decade to tackle the botnet phenomenon. It is important to organize this knowledge to better understand the botnet problem and its solution space. In this paper, we structure existing botnet literature into three comprehensive taxonomies of botnet behavioral features, detection and defenses. This elevated view highlights opportunities for network defense by revealing shortcomings in existing approaches. We introduce the notion of a dimension to denote different criteria which can be used to classify botnet detection techniques. We demonstrate that classification by dimensions is particularly useful for evaluating botnet detection mechanisms through various metrics of interest. We also show how botnet behavioral features from the first taxonomy affect the accuracy of the detection approaches in the second taxonomy. This information can be used to devise integrated detection strategies by combining complementary approaches. To provide real-world context, we liberally augment our discussions with relevant examples from security research and products.

Energy efficient video compression for wireless sensor networks

Wireless video sensor networks are anticipated to be deployed to monitor remote geographical areas. To save energy in bit transmissions/receptions over a video sensor network, the captured video content needs to be encoded before its transmission to the base station. However, video encoding is an inherently complex operation that can cause a major energy drain at battery-constrained sensors. Thus a systematic evaluation of different video encoding options is required to allow a designer to choose the most energy-efficient compression technique for a given video sensing application scenario. In this paper, we empirically evaluate the energy efficiencies of predictive and distributed video coding paradigms for deployment on real-life sensor motes. For predictive video coding, our results show that despite its higher compression efficiency, inter video coding always depletes much more energy than intra coding. Therefore, we propose to use image compression based intra coding to improve energy efficiency in the predictive video coding paradigm. For distributed video coding, our results show that the Wyner-Ziv encoder has consistently better energy efficiency than the PRISM encoder. We propose minor modifications to PRISM and Wyner-Ziv encoders which significantly reduce the energy consumption of these encoders. For all the video encoding configurations evaluated in this paper, our results reveal the counter-intuitive and important finding that the major source of energy drain in WSNs is local computations performed for video compression and not video transmission.

Review: A1: An energy efficient topology control algorithm for connected area coverage in wireless sensor networks

Energy consumption in Wireless Sensor Networks (WSNs) is of paramount importance, which is demonstrated by the large number of algorithms, techniques, and protocols that have been developed to save energy, and thereby extend the lifetime of the network. However, in the context of WSNs routing and dissemination, Connected Dominating Set (CDS) principle has emerged as the most popular method for energy-efficient topology control (TC) in WSNs. In a CDS-based topology control technique, a virtual backbone is formed, which allows communication between any arbitrary pair of nodes in the network. In this paper, we present a CDS based topology control algorithm, A1, which forms an energy efficient virtual backbone. In our simulations, we compare the performance of A1 with three prominent CDS-based algorithms namely energy-efficient CDS (EECDS), CDS Rule K and A3. The results demonstrate that A1 performs better in terms of message overhead and other selected metrics. Moreover, the A1 not only achieves better connectivity under topology maintenance but also provides better sensing coverage when compared with other algorithms.

Breaking e-banking CAPTCHAs

Many financial institutions have deployed CAPTCHAs to protect their services (e.g., e-banking) from automated attacks. In addition to CAPTCHAs for login, CAPTCHAs are also used to prevent malicious manipulation of e-banking transactions by automated Man-in-the-Middle (MitM) attackers. Despite serious financial risks, security of e-banking CAPTCHAs is largely unexplored. In this paper, we report the first comprehensive study on e-banking CAPTCHAs deployed around the world. A new set of image processing and pattern recognition techniques is proposed to break all e-banking CAPTCHA schemes that we found over the Internet, including three e-banking CAPTCHA schemes for transaction verification and 41 schemes for login. These broken e-banking CAPTCHA schemes are used by thousands of financial institutions worldwide, which are serving hundreds of millions of e-banking customers. The success rate of our proposed attacks are either equal to or close to 100%. We also discuss possible improvements to these e-banking CAPTCHA schemes and show essential difficulties of designing e-banking CAPTCHAs that are both secure and usable.

A Comparative Evaluation of Anomaly Detectors under Portscan Attacks

Since the seminal 1998/1999 DARPA evaluations of intrusion detection systems, network attacks have evolved considerably. In particular, after the CodeRed worm of 2001, the volume and sophistication of self-propagating malicious code threats have been increasing at an alarming rate. Many anomaly detectors have been proposed, especially in the past few years, to combat these new and emerging network attacks. At this time, it is important to evaluate existing anomaly detectors to determine and learn from their strengths and shortcomings. In this paper, we evaluate the performance of eight prominent network-based anomaly detectors under malicious portscan attacks. These ADSs are evaluated on four criteria: accuracy (ROC curves), scalability (with respect to varying normal and attack traffic rates, and deployment points), complexity (CPU and memory requirements during training and classification,) and detection delay. These criteria are evaluated using two independently collected datasets with complementary strengths. Our results show that a few of the anomaly detectors provide high accuracy on one of the two datasets, but are unable to scale their accuracy across the datasets. Based on our experiments, we identify promising guidelines to improve the accuracy and scalability of existing and future anomaly detectors.

A topologically-aware worm propagation model for wireless sensor networks

Internet worms have repeatedly revealed the susceptibility of network hosts to malicious intrusions. Recent studies have proposed to employ the underlying principles of worm propagation to disseminate security-critical information in a network. Wireless sensor networks can benefit from a thorough understanding of worm propagation over sensor networks to defend from worms and to efficiently disseminate security-critical information. In this paper, we develop a topologically-aware worm propagation model (TWPM) for wireless sensor networks. In addition to simultaneously capturing both time and space propagation dynamics, the TWPM also incorporates physical, MAC and network layer considerations of practical sensor networks. Simulation results show that the proposed model follows actual propagation dynamics quite closely.

Cross-layer protocol design for real-time multimedia applications over 802.11 b networks

Inherent vulnerability of the wireless medium renders it more susceptible to errors and losses than classical wired media. In this paper, we evaluate the suitability of protocols and strategies across different layers of the stack to provide real-time services over 802.11b wireless LANs. More specifically, within the context of cross-layer design, we compare the performance of UDP with UDP lite - a proposed framework, which improves bandwidth utilization by delivering partially damaged packets to the realtime application. First, we study the high-level end-to-end throughput improvement achieved by making cross-layer modifications to support a UDP lite framework. We compare the quality of perceived media rendered by UDP (dropped packets only) and UDP lite (dropped and corrupted packets). This formulates one of the key findings of this study, that is, although UDP lite improves the overall high-level throughput by relaying corrupted packets to the real-time application, it fails to provide significant enhancement in perceived media quality. This can, in part, be attributed to the bursty nature of errors and losses that we observed at the application layer regardless of the selected transport protocol. Finally, we compare the error-recovery/concealment overhead required by UDP and UDP lite in order to deliver lossless multimedia. We conclude that the overhead required by UDP lite is considerably lower than UDP, since the received corrupted packets that are delivered by UDP lite (but not by UDP) facilitate error-recovery.

Analyzing the spread of active worms over VANET

This paper investigates the parameters governing the spread of active worms over VANET. To this end, we first define the average degree of a VANET node using freeway traffic parameters. The spread of a worm in congested and low-density traffic scenarios is modeled using a stochastic model of infectious disease. Analysis is provided for preemptive and interactive patching scenarios.

A formal performance modeling framework for bio-inspired ad hoc routing protocols

Bio-inspired ad hoc routing is an active area of research. The designers of these algorithms predominantly evaluate the performance of their protocols with the help of simulation studies. Such studies are mostly scenario and simulator specific and their results cannot be generalized to other scenarios and simulators. Therefore, we argue that mathematical tools should be utilized to develop a consistent, provable and compatible formal framework in order to provide an unbiased evaluation of Bio-inspired ad hoc routing protocols. Motivated by this requirement, in this paper, we develop a probabilistic performance evaluation framework that can be used to model the following key performance metrics of an ad hoc routing algorithm: (1) routing overhead, (2) route optimality, and (3) energy consumption. We utilize this framework to model a well known Bee-inspired routing protocol for ad hoc sensor networks, BeeSensor. We also show that the proposed framework is generic enough and can easily be adapted to even model a classical routing protocol, Ad Hoc on Demand Distance Vector (AODV). The modeled metrics of the two algorithms not only allow unbiased performance comparison but also provide interesting insights into the parameters governing the behavior of these routing protocols.