880 likes | 1.88k Views
Research Progress Report. Advisor: Professor Frank Y.S. Lin Present by Hubert J.W. Wang. Effective Network Planning and Defending Strategies to Maximize System Survivability of Wireless Mesh Networks under Malicious and Jamming Attacks. 無線網狀網路中考量惡意與多重干擾器攻擊下最大化系統存活度之高效網路規劃與防禦策略. Outline.
E N D
Research Progress Report Advisor: Professor Frank Y.S. Lin Present by Hubert J.W. Wang
Effective Network Planning and Defending Strategies to Maximize System Survivability of Wireless Mesh Networks under Malicious and Jamming Attacks 無線網狀網路中考量惡意與多重干擾器攻擊下最大化系統存活度之高效網路規劃與防禦策略
Outline • Problem Description
Problem Description • Problem • Topology information gathering • Jamming attack • Environment • Infrastructure/Backbone WMNs • Role • Attacker • Defender(Service provider)
Scenario – Network Architecture Base Station Mesh router
Scenario – Defender’s Planning Phase • Why didn’t the defender protect all the nodes with high population? • Budget limited. • The effectiveness of doing so may not be the best. • There are other ways to deploy resources. Base Station Mesh router Nodes with more defense resource Honeynode Attacker F G E D A B C
Scenario – Attacker’s Preparing Phase • Initially, the attacker has following info: • (Communication channel) • Defense Resource • Signal Strength • Traffic Amount F D A C E Traffic amount Defense strength B G 20 90 20 20 90 20 90 Signal Strength Signal Strength
Scenario – Attacker’s Preparing Phase(cont’) The honeynode: If the real channel is compromised, the attacker will be able to identify this target in Attacking Phase F D A C E B G 20 90 20 20 90 20 90 Signal Strength
Scenario – Attacker’s Preparing Phase(cont’) The attacker’s goal: Maximize attack effectiveness. Maximize jammed range F D The node with the strongest signal power (Easiest fo find) The next hop selecting criteria would be.. A C E The node with highest defense resource(Aggressive) B G 90 20 20 20 20 90 90 Signal Strength
Scenario – Attacker’s Preparing Phase(cont’) I E • After compromise a mesh router, the attacker has following info: • (Communication channel) • Defense Resource • Signal Strength • Traffic Amount • And… K J Being compromised, and obtained: (Routing channel) Traffic Source Traffic Amount User number H L B F G D 90 90 90 20 90 20 90 90 20 20 20 A Signal Strength
Scenario –Population Re-allocation Reallocate population on D’s neighbor E Intrusion detected Q O D P R C G 2 3 B 22 6 4 8 15 5 20 8 Re-allocation strategy might be: 90 90 90 20 20 20 20 90 90 20 A Signal Strength
Scenario –Population Re-allocation(cont’) Reallocate population on D’s neighbor E • Re-allocation strategy: • Average Population Capable of attack detection Q P O D R C G 10 10 B 9 9 9 9 9 10 9 9 Average the QoS impact caused by jamming 90 90 20 20 20 20 90 90 90 20 A Signal Strength
Scenario –Population Re-allocation(cont’) Real population on D’s neighbor E • Re-allocation strategy: • Average Traffic Capable of attack detection Q P O R G C 3 6 4 8 22 8 20 15 5 D Minimize the QoS impact caused by jamming 90 B 2 20 90 90 20 20 20 90 20 A 90 Signal Strength
Scenario – Fake Traffic Generation Fake Traffic Generation E Relatively low traffic sources on important nodes. N L D M K G C 30 24 18 B 28 90 21 27 112 25 6 90 90 90 High traffic sources on unimportant nodes. Select node C as next hop 90 90 20 90 20 90 20 A Signal Strength
Scenario – Attacker’s Preparing Phase(cont’) Base Station Mesh router Nodes with more defense resource Compromised mesh router Honeynode Attacker I H T U V S F W G J Succeed X Failed K L E R D A M N B P Q C O
Scenario – Attacker’s Attacking Phase 2) Jammed node V with high population Base Station 4) Jammed normal node F Mesh router Nodes with more defense resource 5) Jammed honeynode U Compromised mesh router Jammed mesh router Honeynode I H T U V S Jammer F W G J 1) Jammed honeynode B X Attacker 3) Jammed node P(not fake channel) K L E R D A M N B P Q C O
Scenario – Defender’s Defending Phase - Channel Surfing • The function of channel surfing function: • Mitigate the impact of jamming • Time • Effectiveness • Reduce difficulty to remove jammer Base Station Mesh router Range overlapped. If the mesh router switch to other channel: Jammed time shotened. Jammers are not able to know which channel is the origin channel unless it’s compromised. Nodes with more defense resource Compromised mesh router Jammed mesh router Honeynode I H T U V S Jammer F W G J X Attacker K L E R D A M N B P Q C O
Scenario – Defender’s Defending Phase - Localization Mobile locator Reference point 2 Static locator Mobile locator Jammer Multiple jammers Reference point 3 Reference point 1 (useless) Reference point 4 One of the jammers removed
Defender • Nodes • Base Station • Mesh router(with 2 NICs) • Routing channel • Communication channel • Honeynode(with 3 NICs)[1] • Routing channel • Communication channel • Fake communication channel • Locator [1] S. Misra, et al., "Using honeynodes for defense against jamming attacks in wireless infrastructure-based networks," Computers & Electrical Engineering, vol. 36, pp. 367-382, 2010.
Defender(cont’) • Planning phase • Build Topology • Deploy non-deception based defense resources • General defense resource (ex. Firewall, Antivirus, etc.) • Localization resource (routers with minimum capability) • Deploy deception based defense resources • Honeynode • Defending phase • Jamming mitigation • Jammer localization
Defender(cont’) • Defense Mechanisms • False target (Honeynodes) • Fake traffic generation (Honeynodes) • Channel surfing (BSs、Mesh Routers、Honeynodes) • Population re-allocation (BSs、Mesh Routers、Honeynodes) • Jammer localization (BSs、Mesh Routers、Honeynodes、Locators)
Defender(cont’) • Honeynode[1] as false target • Effect: • Preparing Phase • Act as a false target to attract attack and consume attacker’s budget. • Provide fake routing table information when compromised. • Attacking Phase • Prevent true channel from being jammed. • Tradeoff • Occupying available communication channels. (indirectly affects QoS)
Defender(cont’) • Honeynode[1] as fake traffic generator • Effect: • Send fake traffic to neighbors to deceive attackers into believing that this node is important. • Tradeoff • Channel capacity • Triggers when node compromising actions are detected by the nodes in the topology and the defender think it helps to turn on this function.
Defender(cont’) • Channel Surfing[1] • Effect: • Change frequency to another free channel to prevent from being jammed(with the help of honeynode) or reduce jamming effect. • Tradeoff • Availability • Triggers when jamming attacks are detected by the nodes in the topology. • Population re-allocation • Effect: • Reduce jamming effectiveness by re-allocating users. • Strategies • Average population • Average traffic • Tradeoff • QoS • Triggers when node compromising actions are detected by the nodes in the topology and the defender think it helps to turn on this function.
Defender(cont’) • Jammer localization[2] • Effect: • Localize jammer by exploiting hearing ranges of boundary nodes to permanently remove jammer from the topology. • Strategies • Importance oriented • Difficulty oriented • Tradeoff • Budget • QoS • Triggers QoS constraints has not been met. [2] Z. Liu, et al., "Wireless Jamming Localization by Exploiting Nodes’ Hearing Ranges," in Distributed Computing in Sensor Systems. vol. 6131, R. Rajaraman, et al., Eds., ed: Springer Berlin / Heidelberg, 2010, pp. 348-361.
[3] F. Cohen. Managing Network Security: Attack and Defense Strategies. Available: http://www.blacksheepnetworks.com/security/info/misc/9907.html Total Attackers
Preferences Next Hop Selecting Criteria of Strategies PS: ↑: Prefer when certain factor has high value ○: Purely prefer high - : No preference ↓: Prefer when certain factor has low value X : Purely prefer low
Attacker’s Attributes • Budget • General Distribution • Preparing phase • Node compromising • Defending phase • Buy jammers (Quality of jammer will affect the effectiveness of jamming.) • Effects: • Goal of attacker • Capability • General Distribution • Effects: • Goal of attacker • Probability of: • compromising nodes • seeing through false target • seeing through fake routing table information
Attacker’s Attributes(cont’) • Mentality • General Distribution • Effects: • Next hop criteria selection • Preference of success probability of compromising nodes • Preference of using fake routing table information
Attacker’s Goal and Corresponding Strategies • Maximize effectiveness • Aggressive • Easiest to find • Random • Maximize jammed range • Least resistance • Stealthy • Topology extending • Random
Attacker’s Next Hop Selecting Criteria • From Surface Information (communication channel) • Defense Resource • Signal Strength • Traffic Amount • From Depth Information (routing channel) • Traffic Source • Traffic Amount
Attacker’s Strategy transition rule • Probability to choose strategy i: • Strategyi’s success rate:
Attacker’s Next Hop Selecting Criteria Transition Rule • Probability of strategy i to choose criteria j: • Criteraj’ssuccess rate:
Attacker’s Next Hop Selecting Criteria Transition Rule(cont’) PS: ↑: Prefer when certain factor has high value ○: Purely prefer high - : No preference ↓: Prefer when certain factor has low value X : Purely prefer low
Contest Success Function • Determine the success probability of the attacker. • Attackers will set a probability of success according to its mentality. • : Function of attacker’s attack effectiveness. • :Function of defender’s defense effectiveness.
Risk Level • For fake traffic generator • Vijcomputes when node i compromising action are detected. • Vijis the risk level of honeynodej with fake traffic generating function. • Vij determines whether to turn on fake traffic generating function or not. • Factor of defense strength of path from nodes being attacked to nodes equipped with the function: • Factor of link degree of nodes equipped with the function: • Factor of distance between nodes being attacked and nodes equipped with the function: • Factor of distance between nodes equipped with the function and nearest BS:
Risk Level(cont’) • For population re-allocation • Vijcomputes when node i compromising action are detected. • Vijis the risk level of node j with population re-allocation function. • Vij determines whether to turn on population re-allocation function or not. • Factor of user numbers of nodes being attacked and its neighbor • Factor of defense strength of path from nodes being attacked to nodes equipped with the function: • Factor of link degree of nodes equipped with the function: • Factor of distance between nodes being attacked and nodes equipped with the function:
The End • Thanks for your attention.
Assumptions • The communications between mesh routers and between mesh routers and mesh clients use different communication protocol. • All the packets are encrypted. Thus, the attacker can’t directly obtain information in the communication channels. • The defender has complete information of the network which is attacked by a single attacker with different strategies. • The attacker is not aware of the topology of the network. Namely, it doesn’t know that there are honeynodes in the network and which nodes are important, i.e., the attacker only has incomplete information of the network.
Assumptions(cont’) • There are two kinds of defense resources, the non-deception based resources and the deception based resources. • There are multiple jammers in the network, and their jamming ranges might overlap. • There is only constructive interference between jamming signals.
Objective function (IP 1)
Constraints • Defender’s budget constraints (IP 1.1) (IP 1.2)