Research Progress Report Advisor: Professor Frank Y.S. Lin Present by Hubert J.W. Wang Effective Network Planning and Defending Strategies to Maximize System Survivability of Wireless Mesh Networks under Malicious and Jamming Attacks 無線網狀網路中考量惡意與多重干擾器攻擊下最大化系統 存活度之高效網路規劃與防禦策略 2011/5/16 Outline • Problem Description Problem Description 2011/5/16 Problem Description • Problem ▫ Topology information gathering ▫ Jamming attack • Environment ▫ Infrastructure/Backbone WMNs • Role ▫ Attacker ▫ Defender(Service provider) 2011/5/16 Problem Description(cont’) 2011/5/16 Scenario – Network Architecture Base Station Mesh router 2011/5/16 Scenario – Defender’s Planning Phase Why didn’t the defender protect all the nodes with high population? Base Station Mesh router 1. 2. Nodes with more defense resource Honeynode 3. Attacker F G E A D B C Budget limited. The effectiveness of doing so may not be the best. There are other ways to deploy resources. 2011/5/16 Scenario – Attacker’s Preparing Phase Initially, the attacker has following info: (Communication channel) F D 20 1. 2. 3. Defense Resource Signal Strength Traffic Amount 20 A C E 90 20 90 B G Traffic amount 20 Signal Strength 90 Defense strength Signal Strength 2011/5/16 Scenario – Attacker’s Preparing Phase(cont’) The honeynode: F If the real channel is compromised, the attacker will be able to identify this target in Attacking Phase D 20 20 A C E 90 20 90 B G 20 90 Signal Strength 2011/5/16 Scenario – Attacker’s Preparing Phase(cont’) The attacker’s goal: Maximize attack effectiveness. Maximize jammed range F D 20 The node with the strongest signal power (Easiest fo find) 20 The next hop selecting criteria would be.. A C E 90 20 90 The node with highest defense resource(Aggressive) B G 20 90 Signal Strength 2011/5/16 Scenario – Attacker’s Preparing Phase(cont’) I E After compromise a mesh router, the attacker has following info: (Communication channel) 20 K J Being compromised, and obtained: (Routing channel) 1. Traffic Source20 2. Traffic Amount 3. User number H 90 1. 2. 3. 90 Defense Resource Signal Strength Traffic Amount And… L 90 G 90 B F D 20 20 90 20 A 90 Signal Strength 2011/5/16 Scenario –Population Re-allocation Reallocate population on D’s neighbor 6 G 22 P 20 Intrusion detected E 90 8 O 20 20 C 8 20 Re-allocation strategy might be: 90 15 90 20 90 B 4 R 5 A 20 D 3 Q 2 90 Signal Strength 2011/5/16 Scenario –Population Re-allocation(cont’) Reallocate population on D’s neighbor 9 G 9 P 20 Capable of attack detection E 90 9 O 20 Average the QoS impact caused by jamming 90 9 90 R 9 A C 9 10 Q 20 9 20 D Re-allocation strategy: Average Population 20 90 B 10 10 90 Signal Strength 2011/5/16 Scenario –Population Re-allocation(cont’) Real population on D’s neighbor 6 G 22 P 20 Capable of attack detection E 90 8 O 20 Minimize the QoS impact caused by jamming 90 15 90 20 90 B 4 R 5 A C 8 3 Q 20 20 20 D Re-allocation strategy: Average Traffic 2 90 Signal Strength 2011/5/16 Scenario – Fake Traffic Generation Fake Traffic Generation L 28 E Relatively low traffic sources on important nodes. 24 27 K 20 D 90 90 90 18 N M 25 G 20 B 90 90 30 20 C 90 6 A 21 90 High traffic sources on unimportant nodes. 112 90 Select node C as next hop Signal Strength 2011/5/16 Scenario – Attacker’s Preparing Phase(cont’) Base Station Mesh router Nodes with more defense resource Compromised mesh router Honeynode Attacker H I V Succeed Failed W X T U S F G J K L E R MN A D B C PQ O 2011/5/16 Scenario – Attacker’s Attacking Phase Base Station 4) Jammed normal node F Mesh router Nodes with more defense resource 2) Jammed node V with high population 5) Jammed honeynode U Compromised mesh router Jammed mesh router Honeynode H I V Jammer Attacker1) Jammed honeynode B W X T U S F G J K L E R MN A D B C PQ O 3) Jammed node P(not fake channel) 2011/5/16 Scenario – Defender’s Defending Phase - Channel Surfing The function of channel surfing function: Base Station 1. 2. Mesh router Range overlapped. If the mesh Nodes with router switch to other channel: more defense 1. Jammed time shotened. resource Compromised mesh router Jammed mesh router Honeynode 2. Jammers are not able to know which channel is the origin channel unless it’s compromised. H I V Jammer Attacker Mitigate the impact of jamming Time Effectiveness Reduce difficulty to remove jammer W X T U S F G J K L E R MN A D B C PQ O 2011/5/16 Scenario – Defender’s Defending Phase - Localization Mobile locator Static locator Mobile locator 300 Jammer Reference point 1 (useless) Multiple jammers 200 Reference point 2 100 0 One of the jammers 0 removed 100 200 meter Reference point 4 300 Reference point 3 2011/5/16 Defender • Nodes ▫ Base Station ▫ Mesh router(with 2 NICs) Routing channel Communication channel ▫ Honeynode(with 3 NICs)[1] Routing channel Communication channel Fake communication channel ▫ Locator [1] S. Misra, et al., "Using honeynodes for defense against jamming attacks in wireless infrastructure-based networks," Computers & Electrical Engineering, vol. 36, pp. 367-382, 2010. 2011/5/16 Defender(cont’) • Planning phase ▫ Build Topology ▫ Deploy non-deception based defense resources General defense resource (ex. Firewall, Antivirus, etc.) Localization resource (routers with minimum capability) ▫ Deploy deception based defense resources Honeynode • Defending phase ▫ Jamming mitigation ▫ Jammer localization 2011/5/16 Defender(cont’) • Defense Mechanisms ▫ ▫ ▫ ▫ ▫ False target (Honeynodes) Fake traffic generation (Honeynodes) Channel surfing (BSs、Mesh Routers、Honeynodes) Population re-allocation (BSs、Mesh Routers、Honeynodes) Jammer localization (BSs、Mesh Routers、Honeynodes、Locators) 2011/5/16 Defender(cont’) • Honeynode[1] as false target ▫ Effect: Preparing Phase Act as a false target to attract attack and consume attacker’s budget. Provide fake routing table information when compromised. Attacking Phase Prevent true channel from being jammed. ▫ Tradeoff Occupying available communication channels. (indirectly affects QoS) 2011/5/16 Defender(cont’) • Honeynode[1] as fake traffic generator ▫ Effect: Send fake traffic to neighbors to deceive attackers into believing that this node is important. ▫ Tradeoff Channel capacity ▫ Triggers when node compromising actions are detected by the nodes in the topology and the defender think it helps to turn on this function. 2011/5/16 Defender(cont’) • Channel Surfing[1] ▫ Effect: Change frequency to another free channel to prevent from being jammed(with the help of honeynode) or reduce jamming effect. ▫ Tradeoff Availability ▫ Triggers when jamming attacks are detected by the nodes in the topology. • Population re-allocation ▫ Effect: Reduce jamming effectiveness by re-allocating users. ▫ Strategies Average population Average traffic ▫ Tradeoff QoS ▫ Triggers when node compromising actions are detected by the nodes in the topology and the defender think it helps to turn on this function. 2011/5/16 Defender(cont’) • Jammer localization[2] ▫ Effect: Localize jammer by exploiting hearing ranges of boundary nodes to permanently remove jammer from the topology. ▫ Strategies Importance oriented Difficulty oriented ▫ Tradeoff Budget QoS ▫ Triggers QoS constraints has not been met. [2] Z. Liu, et al., "Wireless Jamming Localization by Exploiting Nodes’ Hearing Ranges," in Distributed Computing in Sensor Systems. vol. 6131, R. Rajaraman, et al., Eds., ed: Springer Berlin / Heidelberg, 2010, pp. 348-361. 2011/5/16 [3] Total Attackers F. Cohen. Managing Network Security: Attack and Defense Strategies. Available: http://www.blacksheepnetworks.com/security/info/misc/9907 .html 2011/5/16 Attacker’s Next Hop Selecting Criteria 2011/5/16 Preferences Next Hop Selecting Criteria of Strategies Aggressive Least resistance High ↑ ↓ Low ↓ High Easiest to find Stealthy Topology extending - X - ↑ - ○ - - - ○ X - Low - - X ○ - High - - ○ - X Low - - X - ○ Defense Resource Traffic Amount Signal Strength PS: ↑: Prefer when certain factor has high value ↓: Prefer when certain factor has low value ○: Purely prefer high X : Purely prefer low - : No preference Random 2011/5/16 Attacker’s Attributes • Budget ▫ General Distribution ▫ Preparing phase Node compromising ▫ Defending phase Buy jammers (Quality of jammer will affect the effectiveness of jamming.) ▫ Effects: Goal of attacker • Capability ▫ General Distribution ▫ Effects: Goal of attacker Probability of: compromising nodes seeing through false target seeing through fake routing table information 2011/5/16 Attacker’s Attributes(cont’) • Mentality ▫ General Distribution ▫ Effects: Next hop criteria selection Preference of success probability of compromising nodes Preference of using fake routing table information 2011/5/16 Attacker’s Goal and Corresponding Strategies • Maximize effectiveness ▫ Aggressive ▫ Easiest to find ▫ Random • Maximize jammed range ▫ ▫ ▫ ▫ Least resistance Stealthy Topology extending Random 2011/5/16 Attacker’s Next Hop Selecting Criteria • From Surface Information (communication channel) ▫ Defense Resource ▫ Signal Strength ▫ Traffic Amount • From Depth Information (routing channel) ▫ Traffic Source ▫ Traffic Amount 2011/5/16 Attacker’s Strategy transition rule n vi BaseValueConstFactori TotalSuccessTimes ij j 1 n TotalAttackTimes ij j 1 ContFactori ci k ci is the continus success times for strategy i k is the level of risk avoidance for attacker k • Probability to choose strategy i : n • Strategyi’s success rate: vi n v i 1 i TotalSuccessTimes ij j 1 n TotalAttackTimes j 1 ij 1 1 1 1 2011/5/16 Attacker’s Next Hop Selecting Criteria Transition Rule v j BaseValue ConstFactor j TotalSuccessTimes j 1 TotalAttackTimes j 1 pref (i, j ) diff ( j ) ContFactorj c j k MaxOfCriteria j MinOfCriteria j 1 , when the criteria is from deep information MaxOfCriteria j diff ( j ) 0 , otherwise ci is the continus success times for next hop selecting criteria j k is the level of risk avoidance for attacker k pref (i, j ) is the preference of strategy i of criteria j vj n • Probability of strategy i to choose criteria j : v j j 1 • Criteraj’s success rate: TotalSuccessTimes j 1 TotalAttackTimes j 1 2011/5/16 Attacker’s Next Hop Selecting Criteria Transition Rule(cont’) Value of pref(i,j) Least resistance Aggressive High Defense Resource CurrentBudget TotalBudget 1.5 k Easiest to find Stealthy Topology extending 1 0.5 1 CurrentBudget TotalBudget 1 1.5 1 0.5 1 CurrentBudget TotalBudget k k k Low 0.5 1 CurrentBudget TotalBudget k k 1.5 k k High 1 1 1.5 0.5 1 Low 1 1 0.5 1.5 1 High 1 1 1.5 1 0.5 Low 1 1 0.5 1 1.5 Traffic Amount Signal Strength PS: ↑: Prefer when certain factor has high value ↓: Prefer when certain factor has low value ○: Purely prefer high X : Purely prefer low - : No preference Random 2011/5/16 Contest Success Function WAm (T ) WAm (T ) WDm (t ) WAm (T ) T (1 Capability ) m WDm (t ) t m • • • • Determine the success probability of the attacker. Attackers will set a probability of success according to its mentality. WAm (T ) : Function of attacker’s attack effectiveness. WDm (t ) : Function of defender’s defense effectiveness. 2011/5/16 Risk Level • For fake traffic generator pathDefenseResourceij maxLinkDegree linkDegree j pathToNode j pathToCoreNode j w2 w3 +w4 , when i w1 Vij maxPathDefenseResource maxLinkDegree maxPathToNode maxPathToCoreNode 1, otherwise • Vij computes when node i compromising action are detected. • Vij is the risk level of honeynode j with fake traffic generating function. • Vij determines whether to turn on fake traffic generating function or not. • Factor of defense strength of path from nodes being attacked to nodes equipped with the function: pathDefenseResourceij maxPathDefenseResource • Factor of link degree of nodes equipped with the function: maxLinkDegree linkDegree j maxLinkDegree pathToNode j • Factor of distance between nodes being attacked and nodes equipped with the function:maxPathToNode • Factor of distance between nodes equipped with the function and nearest BS: maxPathToCoreNode pathToCoreNode j j 2011/5/16 Risk Level(cont’) • For population re-allocation pathDefenseResourceij maxLinkDegree linkDegree j pathToNode j maxUserNum maxNeighborUserNumi w2 w3 w4 , when i w1 Vij maxUserNum maxPathDefenseResource maxLinkDegree maxPathToNode 0, otherwise j • Vij computes when node i compromising action are detected. • Vij is the risk level of node j with population re-allocation function. • Vij determines whether to turn on population re-allocation function or not. • • Factor of user numbers of nodes being attacked and its neighbor Factor of defense strength of path from nodes being attacked to nodes equipped with the function: maxLinkDegree linkDegree j maxLinkDegree • Factor of link degree of nodes equipped with the function: pathToNode j maxPathToNode pathToCoreNode j • Factor of distance between nodes being attacked and nodes equipped with the function:maxPathToCoreNode 2011/5/16 The End • Thanks for your attention. Mathematical Formulation 2011/5/16 Assumptions 1. The communications between mesh routers and between mesh routers and mesh clients use different communication protocol. 2. All the packets are encrypted. Thus, the attacker can’t directly obtain information in the communication channels. 3. The defender has complete information of the network which is attacked by a single attacker with different strategies. 4. The attacker is not aware of the topology of the network. Namely, it doesn’t know that there are honeynodes in the network and which nodes are important, i.e., the attacker only has incomplete information of the network. 2011/5/16 Assumptions(cont’) 5. There are two kinds of defense resources, the non-deception based resources and the deception based resources. 6. There are multiple jammers in the network, and their jamming ranges might overlap. 7. There is only constructive interference between jamming signals. 2011/5/16 Given parameters Notation Description N The index set of all nodes H The index set of all honeynodes P The index set of the nodes with channel surfing technique Q The index set of the nodes with precise localization technique R The index set of the nodes with detection technique 2011/5/16 Given parameters Notation Description B The defender’s total budget Z All possible attack configuration, including attacker’s attributes and corresponding strategies. E All possible defense configuration, including defense resources allocation and defending strategies F Total attacking times of all attackers Ai An attack configuration, including the attributes and corresponding strategies , where 1≤ i ≤ F 1 if the attacker can achieve his goal successfully, and 0 otherwise, Ti ( D, Ai ) where 1≤ i ≤ F 2011/5/16 Given parameters Notation Description m(ρi) The cost of constructing a node with the quality with quality ρi, where i∈N ni The non-deception based defense resources allocated to node i, where i∈N h(εi) The cost of constructing a honeynode with the interactive capability εi, where i∈H a(φ) The cost of constructing static locators with the density φ b The cost of constructing a channel surfing function to one node c The cost of constructing a precise localization technique to one node d The cost of constructing a detection technique to one node t(ρi) The maximum traffic of node i with quality ρi, where i∈N 2011/5/16 Decision variables Notation Description D The information regarding resources allocating and defending wi 1 if node i is equipped with honeynode function, and 0 otherwise, where i∈N xi 1 if node i is equipped with channel surfing function, and 0 otherwise, where i∈N yi 1 if node i is implemented with precise localization technique , and 0 otherwise, where i∈N zi 1 if node i is implemented with the detection technique, and 0 otherwise, where i∈N εi The interactive capability of honeypot i, where i∈N ρi The quality of node i, where i∈N φ The density of static locator 2011/5/16 Objective function F T ( D, A ) min D i 1 i i F (IP 1) 2011/5/16 Constraints • Defender’s budget constraints DE Ai Z (IP 1.1) (IP 1.2) 2011/5/16 Constraints • Defender’s budget constraints N N H P m( ) n w h( ) a( ) x b i 1 i i 1 Q R i 1 i 1 i i 1 i yi c zi d B i i 1 i (IP 1.3) 2011/5/16 Constraints • Defender’s budget constraints N m( ) B (IP 1.4) i i 1 N ni B (IP 1.5) i 1 H w h( ) B (IP 1.6) a( ) B (IP 1.7) i 1 i i 2011/5/16 Constraints • Defender’s budget constraints P x b B i 1 (IP 1.8) i Q yi c B (IP 1.9) i 1 R zi d B i 1 (IP 1.10) 2011/5/16 Constraints • QoS constraints ▫ QoS is a function of: 1. 2. 3. 4. 5. 6. 7. BS loading Utilization of mesh routers on the path to BS Hops to core node Fake traffic effect, Population re-allocation effect Channel surfing effect Jammer removal Y y 1 Q( LBS , U link , H tocore , Feffect , Peffect , I effect , J effect )dy Y Qthreshold (IP 1.11) 2011/5/16 Constraints • QoS constraints ▫ QoS after population re-allocation Qthreshold (IP 1.12) ▫ The performance reduction cause by the jammed node should not violate IP1.11. (IP 1.13) ▫ The performance reduction cause by the channel surfing should (IP 1.14) not violate IP1.11. 2011/5/16 Constraints • Channel surfing constraints ▫ The mesh router must equipped with channel surfing technique.(IP 1.15) ▫ The next channel to be selected must not be in use. (IP 1.16) ▫ Channel surfing function triggers only if the jammed channel is(IP 1.17) not a fake channel. • Population re-allocation constraints ▫ The mesh clients to be re-allocated must be in the transmission (IP 1.18) range of the mesh routers other than current mesh router. ▫ The total traffic of the mesh router i after re-allocation must not (IP 1.19) exceed the maximum traffic limit t(ρi), where i∈N. 2011/5/16 Constraints • Approximate localization ▫ There must be at least three available reference points which is (IP 1.20) under the effect of jamming attack in the jammed channel. • Precise localization ▫ There must be at least one mobile locator in the network. (IP 1.21) • Fake traffic ▫ The fake traffic sent to mesh router i from the honeynodes must not make it exceed the maximum traffic limit t(ρi), where i∈N (IP 1.22) 2011/5/16 Constraints • Integer constraints wi 0 or 1 i N (IP 1.23) xi 0 or 1 yi 0 or 1 zi 0 or 1 i N (IP 1.24) i N (IP 1.25) i N (IP 1.26)
© Copyright 2025 Paperzz