scholarly journals Security Analysis of the TSN Backbone Architecture and Anomaly Detection System Design Based on IEEE 802.1Qci

2021 ◽  
Vol 2021 ◽  
pp. 1-17
Author(s):  
Feng Luo ◽  
Bowen Wang ◽  
Zihao Fang ◽  
Zhenyu Yang ◽  
Yifan Jiang
Keyword(s):  
Anomaly Detection ◽  
Detection System ◽  
Denial Of Service ◽  
Security Analysis ◽  
Security Protocol ◽  
Abnormal Behavior ◽  
Network Architectures ◽  
Security Mechanism ◽  
Protection Technology ◽  
Anomaly Detection System

With the development of intelligent and connected vehicles, onboard Ethernet will play an important role in the next generation of vehicle network architectures. It is well established that accurate timing and guaranteed data delivery are critical in the automotive environment. The time-sensitive network (TSN) protocol can precisely guarantee the time certainty of the key signals of automotive Ethernet. With the time-sensitive network based on automotive Ethernet being standardized by the TSN working group, the TSN has already entered the vision of the automotive network. However, the security mechanism of the TSN protocol is rarely discussed. First, the security of the TSN automotive Ethernet as a backbone E/E (electrical/electronic) architecture is analyzed in this paper through the Microsoft STRIDE threat model, and possible countermeasures for the security of automotive TSNs are listed, including the security protocol defined in the TSN, so that the TSN security protocol and the traditional protection technology can form a complete automotive Ethernet protection system. Then, the security mechanism per-stream filtering and policing (PSFP) defined in IEEE 802.1Qci is analyzed in detail, and an anomaly detection system based on PSFP is proposed in this paper. Finally, OMNeT++ is used to simulate a real TSN topology to evaluate the performance of the proposed anomaly detection system (ADS). As a result, the protection strategy based on 802.1Qci not only ensures the real-time performance of the TSN but can also isolate individuals with abnormal behavior and block DoS (denial of service) attacks, thus attaining the security protection of the TSN vehicle-based network.

scholarly journals Hybrid Internal Anomaly Detection System for IoT: Reactive Nodes with Cross-Layer Operation

2018 ◽  
Vol 2018 ◽  
pp. 1-15 ◽  
Author(s):  
Nanda Kumar Thanigaivelan ◽  
Ethiopia Nigussie ◽  
Seppo Virtanen ◽  
Jouni Isoaho
Keyword(s):  
Anomaly Detection ◽  
False Positive ◽  
Detection System ◽  
False Positive Rate ◽  
Security Analysis ◽  
Abnormal Behavior ◽  
Test Bed ◽  
Positive Rate ◽  
Parent Node ◽  
Anomaly Detection System

We present a hybrid internal anomaly detection system that shares detection tasks between router and nodes. It allows nodes to react instinctively against the anomaly node by enforcing temporary communication ban on it. Each node monitors its own neighbors and if abnormal behavior is detected, the node blocks the packets of the anomaly node at link layer and reports the incident to its parent node. A novel RPL control message, Distress Propagation Object (DPO), is formulated and used for reporting the anomaly and network activities to the parent node and subsequently to the router. The system has configurable profile settings and is able to learn and differentiate between the nodes normal and suspicious activities without a need for prior knowledge. It has different subsystems and operation phases that are distributed in both the nodes and router, which act on data link and network layers. The system uses network fingerprinting to be aware of changes in network topology and approximate threat locations without any assistance from a positioning subsystem. The developed system was evaluated using test-bed consisting of Zolertia nodes and in-house developed PandaBoard based gateway as well as emulation environment of Cooja. The evaluation revealed that the system has low energy consumption overhead and fast response. The system occupies 3.3 KB of ROM and 0.86 KB of RAM for its operations. Security analysis confirms nodes reaction against abnormal nodes and successful detection of packet flooding, selective forwarding, and clone attacks. The system’s false positive rate evaluation demonstrates that the proposed system exhibited 5% to 10% lower false positive rate compared to simple detection system.

scholarly journals Network Anomaly Detection System with Optimized DS Evidence Theory

2014 ◽  
Vol 2014 ◽  
pp. 1-13 ◽  
Author(s):  
Yuan Liu ◽  
Xiaofeng Wang ◽  
Kaiyu Liu
Keyword(s):  
Anomaly Detection ◽  
Detection Rate ◽  
Computer Network ◽  
Detection System ◽  
Evidence Theory ◽  
Optimization Methods ◽  
High Detection Rate ◽  
Detection Model ◽  
Network Anomaly Detection ◽  
Anomaly Detection System

Network anomaly detection has been focused on by more people with the fast development of computer network. Some researchers utilized fusion method and DS evidence theory to do network anomaly detection but with low performance, and they did not consider features of network—complicated and varied. To achieve high detection rate, we present a novel network anomaly detection system with optimized Dempster-Shafer evidence theory (ODS) and regression basic probability assignment (RBPA) function. In this model, we add weights for each senor to optimize DS evidence theory according to its previous predict accuracy. And RBPA employs sensor’s regression ability to address complex network. By four kinds of experiments, we find that our novel network anomaly detection model has a better detection rate, and RBPA as well as ODS optimization methods can improve system performance significantly.

Sign in / Sign up

Export Citation Format

Share Document