Description:
Broadcast authentication is a critical security service in sensor networks; it allows a sender to broadcast messages to multiple nodes in an authenticated way. mTESLA and multi-level mTESLA have been proposed to provide such services for sensor networks. However, none of these techniques are scalable in terms of the number of senders.Though multi-level mTESLA schemes can scale up to large sensor networks (in terms of receivers), they either use substantial bandwidth and storage at sensor nodes,require significant resources at senders to deal with DOS attacks. This paper presents efficient techniques to support a potentially large number of broadcast senders using mTESLA instances as building blocks. The proposed techniques are immune to the DOS attacks. This paper also provides two approaches, a revocation tree based scheme and a proactive distribution based scheme, to revoke the broadcast authentication capability from compromised senders.The proposed techniques are implemented, and evaluated through simulation on TinyOS. The analysis and experiment show that these techniques are efficient and practical,and can achieve better performance than the previous approaches.

Description:
Sensors locations play a critical role in many sensor network applications. A number of techniques have been proposed recently to discover the locations of regular ensors based on a few special nodes called beacon nodes, which are assumed to know their locations (e.g., through GPS receivers or manual configuration). However, none of these techniques can work properly when there are malicious attacks, especially when some of the beacon nodes are compromised. This paper introduces a suite of techniques to detect and remove compromised beacon nodes that supply misleading location information to the regular sensors, aiming at providing secure location discovery services in wireless sensor networks. These techniques start with a simple but effective method to detect malicious beacon signals. To identify malicious beacon nodes and avoid false detection, this paper also presents several techniques to detect replayed beacon signals. This paper then roposes a method to reason about the suspiciousness of each beacon node at the base station based on the detection results collected from beacon nodes, and then revoke malicious beacon nodes accordingly. Finally, this paper provides detailed analysis and simulation to evaluate the proposed techniques. The results show that our techniques are practical and effective in detecting malicious beacon nodes.

Description:
Broadcast authentication is an important application in sensor networks.Public Key Cryptography (PKC) is desirable for this application,but due to the resource constraints on sensor nodes, these operations are expensive, which means sensor networks using PKC are susceptible to Denial of Service (DoS) attacks: attackers keep broadcasting bogus messages, which will incur extra costs, thus exhaust the energy of the honest nodes. In addition, the long time to verify each message using PKC increases the response time of the nodes; it is impractical for the nodes to validate each incoming message before forwarding it.In this paper we discuss this type of DoS attacks, in which the goal of the adversary is to exhaust the energy of the sensor nodes and to increase their response time to broadcast messages. We then present a dynamic window scheme, where sensor nodes determine whether first to verify a message or first to forward the message by themselves. This is made possible with the information such as how far this node is away from the malicious attacker, and how many hops the incoming message has passed. We compare the performance of the proposed scheme with other schemes, and show that it can contain the damage of DoS attacks to only a small portion of the sensor nodes.

Description:
Anonymity is increasingly important for network applications concerning about censorship and privacy. The ex isting anonymous communication protocols generally system from mixnet and DC net. They either cannot provide provable anonymity or suer from transmission collision. In this paper, we introduce a novel approach which takes advantage of hierarchical ring structure and mix technique. This proposed protocol is collision free and provides provable k
anonymity for both the sender and the recipient, even if a polynomial time adversary can eavesdrop all network trafic and control a fraction of participants. Furthermore, it can hide the sender and the recipient from each other and thus can be used for anonymous ¯le sharing. The analysis shows the proposed protocol is secure against various at tacks. Measurements further demonstrate it is practical.

Description:
Remotely launched software exploits are a common way for attackers to intrude into vulnerable computer systems. As detection techniques improve, remote exploitation techniques are also evolving. Recent techniques for evasion f exploit detection include polymorphism (code encryption) and metamorphism (code obfuscation). This paper addresses the problem of detecting in network traffic polymorphic remote exploits that are encrypted, and that self decrypt before launching the intrusion. Such exploits pose a great challenge to existing malware detection techniques, partly due to the non obvious starting location of the exploit code in the network payload.We describe a new method for detecting self decrypting exploit codes. This method scans network traffic for the presence of a decryption routine, which is characteristic of such exploits. The proposed method uses static analysis and emulated instruction execution techniques. This improves the accuracy of determining the starting location and instructions of the decryption routine, even if self modifying code is used. The method outperforms approaches that have been previously proposed, both in terms of detection capabilities, and in detection accuracy. The proposed method has been implemented and tested on current polymorphic exploits, including ones generated by state of the art polymorphic engines. All exploits have been detected (i.e., a 100% detection rate), including those for which the decryption routine is dynamically coded, or self modifying. The false positive rate is close to 0%. Runningtime is approximately linear in the size of the network payload being analyzed.

Description:
This paper presents a systematic analysis of insider attacks against mobile ad hoc routing protocols, using the Ad hoc On Demand Distance Vector (AODV) proto col as an example. It identifies a number of attack goals, and then studies how to achieve these goals through misuses of the routing messages. To facilitate the anal ysis, it classifies insider attacks into two categories: atomic misuses and compound misuses. Atomic misuses are performed by manipulating a single routing message,which cannot be further divided; compound misuses are composed of combinations of atomic misuses and possibly normal uses of the routing protocol. The analy sis results in this paper reveal several classes of insider attacks, including route disruption, route invasion, node isolation, and resource consumption. Finally, this paper presents simulation results that validate and demonstrate the impact of these attacks.

Description:
In wireless sensor networks, clustering sensor nodes into small groups is an effective technique to achieve scalability, self organization, power saving, channel access, routing, etc. A number of cluster formation protocols have been proposed recently. However, most existing protocols assume benign environments, and are vulnerable to attacks from malicious nodes. In this paper, we propose a secure distributed cluster formation protocol to organize sensor networks into mutually disjoint cliques. Our protocol has the following properties: (1) normal nodes are divided into mutually disjoint cliques; (2) all the normal nodes in each clique agree on the same clique memberships; (3) while external attackers can be prevented from participating in the cluster formation process, inside attackers that do not follow the protocol semantics can be identified and removed from the network; (4) the communication overhead is moderate; (5) the protocol is fully distributed.

Description:
In this paper, we present an efficient Hierarchical Parallel Genetic Algorithm frame work using Grid computing (GEHPGA). The framework is developed using stan dard Grid technologies and has two distinctive features, 1) an extended GridRPC API to conceal the high complexity of Grid environment, and 2) a metascheduler for seamless resource discovery and selection. To assess the practicality of the frame work, theoretical analysis on the possible speed up o®ered is presented. Empirical study on GEHPGA using a benchmark problem and a realistic aerodynamic airfoil shape optimization problem for diverse Grid environments having di®erent com munication protocols, cluster sizes, processing nodes, at geographically disparate locations also indicates that the proposed GE HPGA using Grid computing oers a credible framework for providing significant speed up to evolutionary design optimization in science and engineering.

Description:
Information retrieval using probabilistic techniques has attracted significant attention on the part of researchers in information and computer science over the past few decades. In the 198Os, knowledge based techniques also made an impressive contribution to “intelligent” information retrieval and indexing. More recently, information science researchers have turned to other newer artificial intelligence based inductive learning techniques including neural networks, symbolic learning, and genetic algorithms. These newer techniques, which are grounded on diverse paradigms, have provided great opportunities for researchers to enhance the information processing and retrieval capabilities of current information storage and retrieval systems. In this article, we first provide an overview of these newer techniques and their use in information science research. To familiarize readers with these techniques,we present three popular methods: the connectionist Hopfield network; the symbolic ID3/ID5R and evolution based genetic algorithms. We discuss their knowledge representations and algorithms in the context of information retrieval. Sample implementation and testing results from our own research are also provided for each technique. We believe these techniques are promising in their ability to analyze user queries, identify users information needs, and suggest alternatives for search. With proper user system interactions, these methods can greatly complement the prevailing full-text, keywordbased,probabilistic, and knowledge based techniques.

Description:
Distribution of resources within case based reasoning (CBR) architectures is beneficial in a variety of application contexts. This article briefly discusses some of the approaches that fall under the heading of distributed CBR, and their general impact.