Zorana Bankovic

Improving network security using genetic algorithm approach

With the expansion of Internet and its importance, the types and number of the attacks have also grown making intrusion detection an increasingly important technique. In this work we have realized a misuse detection system based on genetic algorithm (GA) approach. For evolving and testing new rules for intrusion detection the KDD99Cup training and testing dataset were used. To be able to process network data in real time, we have deployed principal component analysis (PCA) to extract the most important features of the data. In that way we were able to keep the high level of detection rates of attacks while speeding up the processing of the data.

Improving Security for SCADA Sensor Networks with Reputation Systems and Self-Organizing Maps.

The reliable operation of modern infrastructures depends on computerized systems and Supervisory Control and Data Acquisition (SCADA) systems, which are also based on the data obtained from sensor networks. The inherent limitations of the sensor devices make them extremely vulnerable to cyberwarfare/cyberterrorism attacks. In this paper, we propose a reputation system enhanced with distributed agents, based on unsupervised learning algorithms (self-organizing maps), in order to achieve fault tolerance and enhanced resistance to previously unknown attacks. This approach has been extensively simulated and compared with previous proposals.

Distributed intrusion detection system for wireless sensor networks based on a reputation system coupled with kernel self-organizing maps

Security of sensor networks is a complicated task, mostly due to the limited resources of sensor units. The first line of defense, i.e. encryption and authentication, is useless if an attacker has entered the system, and it is also vulnerable to side-channel attacks. Thus, a second line of defense, known as Intrusion Detection, must be added in order to detect and eliminate attacks. In the recent past, various solutions for detecting intrusions have been proposed. Most of them are able to detect only a limited number of attacks. Further, the solutions that deploy machine learning techniques exhibit higher level of flexibility and adaptability. Yet, these techniques consume significant power and computational resources. In this work we propose a distributed intrusion detection system organized as a reputation system where the reputation of each node is assigned by self-organizing maps (SOM) trained for detecting intrusions. The response of the system consists in assigning low reputation values to the compromised nodes rendering them isolated from the rest of the network. Further, we propose the implementation of SOM algorithm using the energy-efficient SORU (Stream Oriented Reconfigurable Unit) co-processor developed by our research group. Our solution offers many benefits: scalable solution, fast response to adversarial activities, ability to detect unknown attacks, high adaptability and energy efficiency. The testing results demonstrate its high potential.

Improving security in WMNs with reputation systems and self-organizing maps

One of the most important problems of WMNs, that is even preventing them from being used in many sensitive applications, is the lack of security. To ensure security of WMNs, two strategies need to be adopted: embedding security mechanisms into the network protocols, and developing efficient intrusion detection and reaction systems. To date, many secure protocols have been proposed, but their role of defending attacks is very limited. We present a framework for intrusion detection in WMNs that is orthogonal to the network protocols. It is based on a reputation system, that allows to isolate ill-behaved nodes by rating their reputation as low, and distributed agents based on unsupervised learning algorithms (self-organizing maps), that are able to detect deviations from the normal behavior. An additional advantage of this approach is that it is quite independent of the attacks, and therefore it can detect and confine new, previously unknown, attacks. Unlike previous approaches, and due to the inherent insecurity of WMN nodes, we assume that confidentiality and integrity cannot be preserved for any single node.

FPGA vs. multi-core CPUs vs. GPUs: hands-on experience with a sorting application

Currently there are several interesting alternatives for low-cost high-performance computing. We report here our experiences with an N-gram extraction and sorting problem, originated in the design of a real-time network intrusion detection system. We have considered FPGAs, multi-core CPUs in symmetric multi-CPU machines and GPUs and have created implementations for each of these platforms. After carefully comparing the advantages and disadvantages of each we have decided to go forward with the implementation written for multicore CPUs. Arguments for and against each platform are presented - corresponding to our hands-on experience - that we intend to be useful in helping with the selection of the hardware acceleration solutions for new projects.

Detecting bad-mouthing attacks on reputation systems using self-organizing maps

It has been demonstrated that rating trust and reputation of individual nodes is an effective approach in distributed environments in order to improve security, support decision-making and promote node collaboration. Nevertheless, these systems are vulnerable to deliberate false or unfair testimonies. In one scenario the attackers collude to give negative feedback on the victim in order to lower or destroy its reputation. This attack is known as bad mouthing attack, and it can significantly deteriorate the performances of the network. The existing solutions for coping with bad mouthing are mainly concentrated on prevention techniques. In this work we propose a solution that detects and isolates the abovementioned attackers, impeding them in this way to further spread their malicious activity. The approach is based on detecting outliers using clustering, in this case self-organizing maps. An important advantage of this approach is that we have no restrictions on training data, and thus there is no need for any data pre-processing. Testing results demonstrates the capability of the approach in detecting bad mouthing attack in various scenarios.

Bio-inspired enhancement of reputation systems for intelligent environments

Providing security to the emerging field of ambient intelligence will be difficult if we rely only on existing techniques, given their dynamic and heterogeneous nature. Moreover, security demands of these systems are expected to grow, as many applications will require accurate context modeling. In this work we propose an enhancement to the reputation systems traditionally deployed for securing these systems. Different anomaly detectors are combined using the immunological paradigm to optimize reputation system performance in response to evolving security requirements. As an example, the experiments show how a combination of detectors based on unsupervised techniques (self-organizing maps and genetic algorithms) can help to significantly reduce the global response time of the reputation system. The proposed solution offers many benefits: scalability, fast response to adversarial activities, ability to detect unknown attacks, high adaptability, and high ability in detecting and confining attacks. For these reasons, we believe that our solution is capable of coping with the dynamism of ambient intelligence systems and the growing requirements of security demands.

A Taxonomy of Trust and Reputation System Attacks

Trust and reputation have been suggested as an effective security mechanism for open and distributed environments. However, even though there exists a high number of identified attacks against Trust and Reputation Systems (TRS), a generic security framework to identify all of them in a holistic way has not yet been proposed. This work presents a TRS attack taxonomy based on an TRS architectural model and a set of well-known security topics. Based on this taxonomy, two main deficiencies of the state-of-the-art in TRS security literature are detected: the existence of TRS attacks that have received few attention from the TRS community despite its importance, and potential threats that have not been previously identified. Finally, a real-life TRS scenario is analyzed as a proof-of-concept of the proposed taxonomy.

Stochastic vs. deterministic evolutionary algorithm-based allocation and scheduling for XMOS chips

We present an approach based on multi-objective evolutionary algorithms for the automatic scheduling and allocation of tasks in a multiprocessor multithreaded architecture, together with an assignment of the appropriate voltage and frequency of each processor in a way the overall energy consumed by the execution of the tasks is optimized and all task deadlines are met. We have implemented both a deterministic scheduling algorithm, where the execution time and the energy consumption of different tasks have a known deterministic value, and a stochastic scheduling algorithm, where the execution time and energy are treated as random variables with corresponding probability density functions, given that in reality these values can vary significantly due to numerous reasons. It is assumed that execution time and energy consumption estimations, both for the deterministic and the stochastic case, are obtained by a static analysis process. It has already been proven for the case of makespan optimization that the stochastic scheduling is underestimated by its deterministic counterpart, and that in many real world situations, the stochastic scheduler outperforms the deterministic one. In this work we prove that for the tested scenario the stochastic scheduler for energy optimization outperforms its deterministic counterpart improving energy consumption by 15.4% in the best case.

ENTRA: Whole-systems energy transparency

Abstract Promoting energy efficiency to a first class system design goal is an important research challenge. Although more energy-efficient hardware can be designed, it is software that controls the hardware; for a given system the potential for energy savings is likely to be much greater at the higher levels of abstraction in the system stack. Thus the greatest savings are expected from energy-aware software development, which is the vision of the EU ENTRA project. This article presents the concept of energy transparency as a foundation for energy-aware software development. We show how energy modelling of hardware is combined with static analysis to allow the programmer to understand the energy consumption of a program without executing it, thus enabling exploration of the design space taking energy into consideration. The paper concludes by summarising the current and future challenges identified in the ENTRA project.