An Entropy Based Method to Detect Spoofed Denial of Service (Dos) Attacks

Wireless sensor networks (WSNs) have been widely used for applications in numerous fields. One of the main challenges is the limited energy resources when designing secure routing in such networks. Hierarchical organization of nodes in the network can make efficient use of their resources. In this case, a subset of nodes, the cluster heads (CHs), is entrusted with transmitting messages from cluster nodes to the base station (BS). However, the existence of selfish or pollution attacker nodes in the network causes data transmission failure and damages the network availability and integrity. Mainly, when critical nodes like CH nodes misbehave by refusing to forward data to the BS, by modifying data in transit or by injecting polluted data, the whole network becomes defective. This paper presents a secure protocol against selfish and pollution attacker misbehavior in clustered WSNs, known as (SSP). It aims to thwart both selfish and pollution attacker misbehaviors, the former being a form of a Denial of Service (DoS) attack. In addition, it maintains a level of confidentiality against eavesdroppers. Based on a random linear network coding (NC) technique, the protocol uses pre-loaded matrices within sensor nodes to conceive a larger number of new packets from a set of initial data packets, thus creating data redundancy. Then, it transmits them through separate paths to the BS. Furthermore, it detects misbehaving nodes among CHs and executes a punishment mechanism using a control counter. The security analysis and simulation results demonstrate that the proposed solution is not only capable of preventing and detecting DoS attacks as well as pollution attacks, but can also maintain scalable and stable routing for large networks. The protocol means 100% of messages are successfully recovered and received at the BS when the percentage of lost packets is around 20%. Moreover, when the number of misbehaving nodes executing pollution attacks reaches a certain threshold, SSP scores a reception rate of correctly reconstructed messages equal to 100%. If the SSP protocol is not applied, the rate of reception of correctly reconstructed messages is reduced by 90% at the same case.

Download Full-text

Secure and DoS-Resilient Fragment Authentication in CCN-Based Vehicular Networks

Wireless Communications and Mobile Computing ◽

10.1155/2018/8071267 ◽

2018 ◽

Vol 2018 ◽

pp. 1-12

Author(s):

Sangwon Hyun ◽

Hyoungshick Kim

Keyword(s):

Vehicular Networks ◽

Denial Of Service ◽

Content Delivery ◽

Dos Attacks ◽

Promising Alternative ◽

Content Centric Networking ◽

Transmission Unit ◽

Communication Environments ◽

Maximum Transmission

Content-Centric Networking (CCN) is considered as a promising alternative to traditional IP-based networking for vehicle-to-everything communication environments. In general, CCN packets must be fragmented and reassembled based on the Maximum Transmission Unit (MTU) size of the content delivery path. It is thus challenging to securely protect fragmented packets against attackers who intentionally inject malicious fragments to disrupt normal services on CCN-based vehicular networks. This paper presents a new secure content fragmentation method that is resistant to Denial-of-Service (DoS) attacks in CCN-based vehicular networks. Our approach guarantees the authenticity of each fragment through the immediate fragment verification at interim nodes on the routing path. Our experiment results demonstrate that the proposed approach provides much stronger security than the existing approach named FIGOA, without imposing a significant overhead in the process. The proposed method achieves a high immediate verification probability of 98.2% on average, which is 52% higher than that of FIGOA, while requiring only 14% more fragments than FIGOA.

Download Full-text

MANETs performance analysis with dos attack at different routing protocols

International Journal of Engineering & Technology ◽

10.14419/ijet.v4i2.4609 ◽

2015 ◽

Vol 4 (2) ◽

pp. 390 ◽

Cited By ~ 3

Author(s):

Alaa Zain ◽

Heba El-khobby ◽

Hatem M. Abd Elkader ◽

Mostafa Abdelnaby

Keyword(s):

Routing Protocol ◽

Routing Protocols ◽

Ad Hoc ◽

Denial Of Service ◽

Geographic Routing ◽

Security Threat ◽

Dos Attacks ◽

Reactive Routing ◽

Hoc Networks ◽

The Impact

A Mobile Ad-Hoc Networks (MANET) is widely used in many industrial and people's life applications, such as earth monitoring, natural disaster prevention, agriculture biomedical related applications, and many other areas. Security threat is one of the major aspects of MANET, as it is one of the basic requirements of wireless sensor network, yet this problem has not been sufficiently explored. The main purpose of this paper is to study different MANETs routing protocols with three scenarios of Denial of Service (DoS) attacks on network layer using proactive routing protocol i.e. Optimized Link State Routing (OLSR) and Reactive routing protocols like Ad hoc On-Demand Distance Vector (AODV), Hybrid routing protocols like Geographic Routing Protocol (GRP). Moreover, a comparative analysis of DoS attacks for throughput, Data loss, delay and network load is taken into account. The performance of MANET under the attack is studied to find out which protocol is more vulnerable to the attack and how much is the impact of the attack on both protocols. The simulation is done using OPNET 17.

Download Full-text

Peningkatan Keamanan Router Mikrotik Terhadap Serangan Denial of Service (DoS)

Jurnal Sistim Informasi dan Teknologi ◽

10.37034/jsisfotek.v2i4.32 ◽

2020 ◽

pp. 115-123

Author(s):

Budi Jaya ◽

Y Yuhandri ◽

S Sumijan

Keyword(s):

Denial Of Service ◽

Digital Evidence ◽

Dos Attack ◽

Dos Attacks ◽

Research Results ◽

Security Enhancement ◽

Software And Hardware ◽

Operational Activities ◽

Network Router ◽

Live Forensics

Denial of Service (DoS) attacks are one of the most common attacks on website, networks, routers and servers, including on router mikrotik. A DoS attack aims to render a network router unable to service requests from authorized users. The result will disrupt the operational activities of the organization and cause material and non-material losses. In this study, a simulation and analysis of DoS attacks using the Live Forensics method were carried out and the router security enhancement from rectangular software and hardware. From the research results obtained digital evidence of DoS attacks in the form of IP addresses and attacker activity logs. In addition, the increase in router security in terms of software by using Firewall Filter and Firewall Raw has proven effective in preventing attacks. While improving router security in terms of hardware by setting a reset button on the router and firewall devices is also very necessary so that the router can avoid physical attacks by irresponsible persons

Download Full-text

DoS Attacks at Cooperative MAC

10.31224/osf.io/h5rtc ◽

2018 ◽

Author(s):

Kiramat

Keyword(s):

Wireless Networks ◽

Performance Improvement ◽

Wireless Lan ◽

Denial Of Service ◽

Channel Access ◽

Cooperative Network ◽

Mac Layer ◽

Dos Attacks ◽

Cooperative Protocols ◽

Cooperative Mac

—Cooperative networking brings performance improvement to most of theissues in wireless networks, such as fading or delay due to slow stations. However, due tocooperation when data is relayed via other nodes, there network is more prone to attacks.Since, channel access is very important for cooperation, most of the attacks happens at MAC.One of the most critical attack is denial of service, which is reason of cooperation failure.Therefore, the cooperative network as well as simple wireless LAN must be defensive againstDOS attacks.In this article we analyzed all possible of DoS attacks that can happen at MAC layer ofWLAN. The cooperative protocols must consider defense against these attacks. This articlealso provided survey of available solutions to these attacks. At the end it described itsdamages and cost as well as how to handle these attacks while devising cooperative MAC.

Download Full-text

Output Feedback NCS of DoS Attacks Triggered by Double-Ended Events

Security and Communication Networks ◽

10.1155/2021/6643034 ◽

2021 ◽

Vol 2021 ◽

pp. 1-14

Author(s):

Xinzhi Feng ◽

Yang Yang ◽

Xiaozhong Qi ◽

Chunming Xu ◽

Ze Ji

Keyword(s):

Control System ◽

Denial Of Service ◽

Network Control ◽

Control Performance ◽

Network Control System ◽

Dos Attack ◽

Dos Attacks ◽

Network Attacks ◽

Elastic Event ◽

Event Triggering

In recent years, the research of the network control system under the event triggering mechanism subjected to network attacks has attracted foreign and domestic scholars’ wide attention. Among all kinds of network attacks, denial-of-service (DoS) attack is considered the most likely to impact the performance of NCS significantly. The existing results on event triggering do not assess the occurrence of DoS attacks and controller changes, which will reduce the control performance of the addressed system. Aiming at the network control system attacked by DoS, this paper combines double-ended elastic event trigger control, DoS attack, and quantitative feedback control to study the stability of NCS with quantitative feedback of DoS attack triggered by a double-ended elastic event. Simulation examples show that this method can meet the requirements of control performance and counteract the known periodic DoS attacks, which save limited resources and improve the system’s antijamming ability.

Download Full-text

Intrusion Detection System for AES Encripted Low-Power IoT Networks

10.14210/cotb.v12.p392-399 ◽

2021 ◽

Author(s):

Eduardo De Oliveira Burger Monteiro Luiz ◽

Alessandro Copetti ◽

Luciano Bertini ◽

Juliano Fontoura Kazienko

Keyword(s):

Low Power ◽

Detection System ◽

Denial Of Service ◽

Security Requirements ◽

Power Devices ◽

Dos Attacks ◽

Reflection Attack ◽

Ipv6 Protocol ◽

Iot Devices ◽

High Level

The introduction of the IPv6 protocol solved the problem of providingaddresses to network devices. With the emergence of the Internetof Things (IoT), there was also the need to develop a protocolthat would assist in connecting low-power devices. The 6LoWPANprotocols were created for this purpose. However, such protocolsinherited the vulnerabilities and threats related to Denial of Service(DoS) attacks from the IPv4 and IPv6 protocols. In this paper, weprepare a network environment for low-power IoT devices usingCOOJA simulator and Contiki operating system to analyze theenergy consumption of devices. Besides, we propose an IntrusionDetection System (IDS) associated with the AES symmetric encryptionalgorithm for the detection of reflection DoS attacks. Thesymmetric encryption has proven to be an appropriate methoddue to low implementation overhead, not incurring in large powerconsumption, and keeping a high level of system security. The maincontributions of this paper are: (i) implementation of a reflectionattack algorithm for IoT devices; (ii) implementation of an intrusiondetection system using AES encryption; (iii) comparison ofthe power consumption in three distinct scenarios: normal messageexchange, the occurrence of a reflection attack, and runningIDS algorithm. Finally, the results presented show that the IDSwith symmetric cryptography meets the security requirements andrespects the energy limits of low-power sensors.

Download Full-text

Multi-level authentication protocol for enabling secure communication in IoT

10.21203/rs.3.rs-382412/v1 ◽

2021 ◽

Author(s):

Khushal Singh ◽

Nanhay Singh

Keyword(s):

Secure Communication ◽

Denial Of Service ◽

Authentication Protocol ◽

Communication Overhead ◽

Simulation Environment ◽

Dos Attacks ◽

Multi Level ◽

Two Phases ◽

Hashing Function ◽

Registration Phase

Abstract Internet of Things (IoT) is the domain of interest for the researchers at the present with the exponential growth in technology. Security in IoT is a prime factor, which highlights the need for authentication to tackle various attackers and hackers. Authentication is the process that uniquely identifies the incoming user and this paper develops an authentication protocol based on the chebyshev polynomial, hashing function, session password, and Encryption. The proposed authentication protocol is named as, proposed Elliptic, chebyshev, Session password, and Hash function (ECSH)-based multilevel authentication. For authenticating the incoming user, there are two phases, registration and authentication. In the registration phase, the user is registered with the server and Authentication center (AC), and the authentication follows, which is an eight-step criterion. The authentication is duly based on the scale factor of the user and server, session password, and verification messages. The authentication at the eight levels assures the security against various types of attacks and renders secure communication in IoT with minimal communication overhead and packet-loss. The performance of the method is analyzed using black-hole and Denial-of-service (DOS) attacks with 50 and 100 nodes in the simulation environment. The proposed ECSH-based multilevel authentication acquired the maximal detection rate, PDR, and QOS of 15.2%, 35.7895%, and 26.4623%, respectively in the presence of 50 nodes and DOS attacks, whereas the minimal delay of 135.922 ms is acquired in the presence of 100 nodes and DOS attacks.

Download Full-text

DOS Attacks on TCP/IP Layers in WSN

International Journal of Computer Networks and Communications Security ◽

10.47277/ijcncs/1(2)1 ◽

2013 ◽

Vol 1 (2013) ◽

pp. 40-45

Keyword(s):

Wireless Sensor Network ◽

Sensor Networks ◽

Sensor Network ◽

Low Cost ◽

Denial Of Service ◽

Sensor Nodes ◽

Wireless Sensor ◽

Renewable Energy Resources ◽

Dos Attack ◽

Dos Attacks

The emergence of sensor networks as one of the dominant technology trends in the coming decades has posed numerous unique challenges on their security to researchers. These networks are likely to be composed of thousands of tiny sensor nodes, which are low-cost devices equipped with limited memory, processing, radio, and in many cases, without access to renewable energy resources. While the set of challenges in sensor networks are diverse, we focus on security of Wireless Sensor Network in this paper. First, we propose some of the security goal for Wireless Sensor Network. To perform any task in WSN, the goal is to ensure the best possible utilization of sensor resources so that the network could be kept functional as long as possible. In contrast to this crucial objective of sensor network management, a Denial of Service (DoS) attack targets to degrade the efficient use of network resources and disrupts the essential services in the network. DoS attack could be considered as one of th

Download Full-text

Overview of DOS attacks on wireless sensor networks and experimental results for simulation of interference attacks

Ingeniería e Investigación ◽

10.15446/ing.investig.v38n1.65453 ◽

2018 ◽

Vol 38 (1) ◽

pp. 130-138 ◽

Cited By ~ 4

Author(s):

Željko Gavrić ◽

Dejan Simić

Keyword(s):

Wireless Sensor Networks ◽

Sensor Networks ◽

Denial Of Service ◽

Wireless Sensor ◽

Dos Attacks ◽

Security Issue ◽

Simulation Scenario ◽

Simulation Results ◽

Potential Methods

Wireless sensor networks are now used in various fields. The information transmitted in the wireless sensor networks is very sensitive, so the security issue is very important. DOS (denial of service) attacks are a fundamental threat to the functioning of wireless sensor networks. This paper describes some of the most common DOS attacks and potential methods of protection against them. The case study shows one of the most frequent attacks on wireless sensor networks – the interference attack. In the introduction of this paper authors assume that the attack interference can cause significant obstruction of wireless sensor networks. This assumption has been proved in the case study through simulation scenario and simulation results.

Download Full-text