research progress report

Research Progress Report

Advisor: Professor Frank Y.S. LinPresent by Hubert J.W. Wang

Effective Network Planning and Defending Strategies to Maximize System Survivability of Wireless Mesh Networks under Malicious and Jamming Attacks

無線網狀網路中考量惡意與多重干擾器攻擊下最大化系統存活度之高效網路規劃與防禦策略

Outline•Problem Description

2011/5/16

Problem Description

Problem Description• Problem

▫ Topology information gathering▫ Jamming attack

• Environment▫ Infrastructure/Backbone WMNs

• Role▫ Attacker▫ Defender(Service provider)

2011/5/16

Problem Description(cont’)

2011/5/16

Scenario – Network Architecture2011/5/16

Base Station

Mesh router

Scenario – Defender’s Planning Phase2011/5/16

AB

C

D

E

FG

Base Station

Mesh router

HoneynodeAttacker

Nodes with more defense resource

Why didn’t the defender protect all the nodes with high population?1. Budget limited.2. The effectiveness of doing so

may not be the best.3. There are other ways to deploy

resources.

Scenario – Attacker’s Preparing Phase2011/5/16

Signal Strength

20

20

90

20

90

Initially, the attacker has following info:(Communication channel)1. Defense Resource2. Signal Strength3. Traffic Amount

20

90

A

B

C

D

E

F

G

Defense strength

Traffic amount

Signal Strength

Scenario – Attacker’s Preparing Phase(cont’)2011/5/16

Signal Strength

20

20

90

20

90

The honeynode: If the real channel is compromised, the attacker will be able to identify this target in Attacking Phase

20

90

A

B

C

D

E

F

G


Signal Strength

90

20

The attacker’s goal:Maximize attack effectiveness.Maximize jammed range

The next hop selecting criteria would be..

90

A

B

90

C

20

D

E

20

F

20

G

The node with the strongest signal power

(Easiest fo find)

The node with highest defense

resource(Aggressive)


Signal Strength

After compromise a mesh router, the attacker has following info:(Communication channel)1. Defense Resource2. Signal Strength3. Traffic AmountAnd…

90

9020

9020

20

90

20

90

90

20

G

L

B

I

D

E

A

H

K

F

JBeing compromised, and obtained:(Routing channel)1. Traffic Source2. Traffic Amount3. User number

Scenario –Population Re-allocation2011/5/16

Signal Strength90

2B

90

5A

20

6G

20

20E20

8O

20

4R

90

3Q

90

15C

20

8D

90

22P

Intrusion detected

Reallocate population on D’s neighbor

Re-allocation strategy might be:

Scenario –Population Re-allocation(cont’)2011/5/16

Signal Strength90

10B

90

9A

20

9G

20

9E20

9O

20

10R

90

10Q

90

9C

20

9D

90

9P

Capable of attack detection

Reallocate population on D’s neighbor

Re-allocation strategy: Average Population

Average the QoS impact caused by jamming

Scenario –Population Re-allocation(cont’)2011/5/16

Signal Strength90

2B

90

5A

20

6G

20

20E20

8O

20

4R

90

3Q

90

15C

20

8D

90

22P

Capable of attack detection

Real population on D’s neighbor

Re-allocation strategy: Average Traffic

Minimize the QoS impact caused by jamming

Scenario – Fake Traffic Generation2011/5/16

Signal Strength

90

30B

90

21A

20

6G

90

112C

20

28E

20

90D

90

27K

90

24L

90

25M

90

18N

Relatively low traffic sources on important nodes.

High traffic sources on unimportant nodes.

Select node C as next hop

Fake Traffic Generation


Base Station

Mesh router

Honeynode

Compromised mesh router

Attacker


AB

C

D

E

FG

H I

J

K L

M N

OP Q

R

ST UV

WXSucceed

Failed

Scenario – Attacker’s Attacking Phase2011/5/16

AB

C

D

E

FG

H I

J

K L

M N

OP Q

R

ST UV

WX

Base Station

Mesh router

Honeynode

Compromised mesh routerJammed mesh router

Jammer

Attacker


1) Jammed honeynode B

2) Jammed node V with high population

3) Jammed node P(not fake channel)

4) Jammed normal node F

5) Jammed honeynode U

Scenario – Defender’s Defending Phase - Channel Surfing2011/5/16

AB

C

D

E

FG

H I

J

K L

M N

OP Q

R

ST UV

WX

Base Station

Mesh router

Honeynode

Compromised mesh routerJammed mesh router

Jammer

Attacker


The function of channel surfing function:1. Mitigate the impact of jamming Time Effectiveness2. Reduce difficulty to remove

jammer

Range overlapped. If the mesh router switch to other channel:1. Jammed time shotened.2. Jammers are not able to know

which channel is the origin channel unless it’s compromised.

Scenario – Defender’s Defending Phase - Localization2011/5/16

Mobile locator

0 100 200 3000

100

200

300

meter

Reference point 1(useless)

Reference point 2

Multiple jammers

Reference point 3

Reference point 4

One of the jammers removed

Static locator

Mobile locator

Jammer

Defender• Nodes

▫ Base Station▫ Mesh router(with 2 NICs) Routing channel Communication channel

▫ Honeynode(with 3 NICs)[1] Routing channel Communication channel Fake communication channel

▫ Locator

2011/5/16

[1] S. Misra, et al., "Using honeynodes for defense against jamming attacks in wireless infrastructure-based networks," Computers & Electrical Engineering, vol. 36, pp. 367-382, 2010.

Defender(cont’)• Planning phase

▫ Build Topology▫ Deploy non-deception based defense resources General defense resource (ex. Firewall, Antivirus, etc.) Localization resource (routers with minimum capability)

▫ Deploy deception based defense resources Honeynode

• Defending phase▫ Jamming mitigation▫ Jammer localization

2011/5/16

Defender(cont’)• Defense Mechanisms

▫ False target (Honeynodes)▫ Fake traffic generation (Honeynodes)▫ Channel surfing (BSs 、 Mesh Routers 、 Honeynodes)▫ Population re-allocation (BSs 、 Mesh Routers 、 Honeynodes)▫ Jammer localization (BSs 、 Mesh

Routers 、 Honeynodes 、 Locators)

2011/5/16

Defender(cont’)• Honeynode[1] as false target

▫ Effect: Preparing Phase Act as a false target to attract attack

and consume attacker’s budget. Provide fake routing table information

when compromised. Attacking Phase Prevent true channel from being

jammed.

▫ Tradeoff Occupying available communication

channels. (indirectly affects QoS)

2011/5/16

Defender(cont’)• Honeynode[1] as fake traffic generator

▫ Effect: Send fake traffic to neighbors to deceive

attackers into believing that this node is important.

▫ Tradeoff Channel capacity

▫ Triggers when node compromising actions are detected by the nodes in the topology and the defender think it helps to turn on this function.

2011/5/16

Defender(cont’)• Channel Surfing[1]

▫ Effect: Change frequency to another free channel to prevent from being jammed(with the help of

honeynode) or reduce jamming effect.▫ Tradeoff Availability

▫ Triggers when jamming attacks are detected by the nodes in the topology.• Population re-allocation

▫ Effect: Reduce jamming effectiveness by re-allocating users.

▫ Strategies Average population Average traffic

▫ Tradeoff QoS

▫ Triggers when node compromising actions are detected by the nodes in the topology and the defender think it helps to turn on this function.

2011/5/16

Defender(cont’)• Jammer localization[2]

▫ Effect: Localize jammer by exploiting hearing

ranges of boundary nodes to permanently remove jammer from the topology.

▫ Strategies Importance oriented Difficulty oriented

▫ Tradeoff Budget QoS

▫ Triggers QoS constraints has not been met.

2011/5/16

[2] Z. Liu, et al., "Wireless Jamming Localization by Exploiting Nodes’ Hearing Ranges," in Distributed Computing in Sensor Systems. vol. 6131, R. Rajaraman, et al., Eds., ed: Springer Berlin / Heidelberg, 2010, pp. 348-361.

Total Attackers

2011/5/16

[3] F. Cohen. Managing Network Security: Attack and Defense Strategies. Available: http

://www.blacksheepnetworks.com/security/info/misc/9907.html

http://www.blacksheepnetworks.com/security/info/misc/9907.html



Attacker’s Next Hop Selecting Criteria

2011/5/16

Preferences Next Hop Selecting Criteria of Strategies

Aggressive Least resistance

Easiest to find Stealthy Topology

extending Random

Defense ResourceHigh ↑ ↓ - X -

Low ↓ ↑ - ○ -

Traffic AmountHigh - - ○ X -

Low - - X ○ -

Signal StrengthHigh - - ○ - X

Low - - X - ○

2011/5/16

PS: ↑: Prefer when certain factor has high value ○: Purely prefer high - : No preference↓: Prefer when certain factor has low value X : Purely prefer low

Attacker’s Attributes• Budget

▫ General Distribution▫ Preparing phase

Node compromising▫ Defending phase

Buy jammers(Quality of jammer will affect the effectiveness of jamming.)

▫ Effects: Goal of attacker

• Capability▫ General Distribution▫ Effects:

Goal of attacker Probability of:

compromising nodes seeing through false target seeing through fake routing table information

2011/5/16

Attacker’s Attributes(cont’)• Mentality

▫ General Distribution▫ Effects: Next hop criteria selection Preference of success probability of compromising nodes Preference of using fake routing table information

2011/5/16

Attacker’s Goal and Corresponding Strategies

• Maximize effectiveness▫ Aggressive▫ Easiest to find▫ Random

• Maximize jammed range▫ Least resistance▫ Stealthy▫ Topology extending▫ Random

2011/5/16

Attacker’s Next Hop Selecting Criteria• From Surface Information (communication channel)

▫ Defense Resource▫ Signal Strength▫ Traffic Amount

• From Depth Information (routing channel)▫ Traffic Source▫ Traffic Amount

2011/5/16

Attacker’s Strategy transition rule

• Probability to choose strategy i :

• Strategyi’s success rate:

2011/5/16

1

1

1

1

is the continus success times for strategy is the level of risk avoidance for attacker

i

i

n

ijjConstFactor

n

ijj

i i k

i

k

TotalSuccessTimesv BaseValue

TotalAttackTimes

ContFactor cc i

k

1

in

ii

v

v

1

1

1

1

n

ijj

n

ijj

TotalSuccessTimes

TotalAttackTimes

Attacker’s Next Hop Selecting Criteria Transition Rule

• Probability of strategy i to choose criteria j :

• Criteraj’s success rate:

2011/5/16

1( , ) ( )

1

1 , when the criteria is from deep information( )

0

j

j

ConstFactor j

j

j j k

j j

j

TotalSuccessTimesv BaseValue pref i j diff j

TotalAttackTimes

ContFactor c

MaxOfCriteria MinOfCriteriaMaxOfCriteriadiff j

, otherwise is the continus success times for next hop selecting criteria is the level of risk avoidance for attacker

( , ) is the preferen

i

k

c jk

pref i j

ce of strategy of criteria i j

1

jn

jj

v

v

11

j

j

TotalSuccessTimesTotalAttackTimes

Attacker’s Next Hop Selecting Criteria Transition Rule(cont’)

2011/5/16

Value of pref(i,j) Aggressive Least resistance

Easiest to find Stealthy Topology

extending Random

Defense ResourceHigh 1 0.5 1

Low 1 1.5 1

Traffic AmountHigh 1 1 1.5 0.5 1

Low 1 1 0.5 1.5 1

Signal StrengthHigh 1 1 1.5 1 0.5

Low 1 1 0.5 1 1.5

PS: ↑: Prefer when certain factor has high value ○: Purely prefer high - : No preference↓: Prefer when certain factor has low value X : Purely prefer low

1.5 k

k

CurrentBudget

TotalBudget

0.5 1 k

k

CurrentBudget

TotalBudget

0.5 1 k

k

CurrentBudget

TotalBudget

1.5 k

k

CurrentBudget

TotalBudget

Contest Success Function

• Determine the success probability of the attacker.• Attackers will set a probability of success according to its mentality.• : Function of attacker’s attack effectiveness.• : Function of defender’s defense effectiveness.

2011/5/16

( )mAW T

( )mDW t

( )( ) ( )

( ) (1 )

( )

mA

m mA D

mmA

m mD

W TW T W t

W T T Capability

W t t

Risk Level• For fake traffic generator

• Vij computes when node i compromising action are detected.• Vij is the risk level of honeynode j with fake traffic generating function.• Vij determines whether to turn on fake traffic generating function or not.• Factor of defense strength of path from nodes being attacked to nodes equipped with the function ：

• Factor of link degree of nodes equipped with the function ：• Factor of distance between nodes being attacked and nodes equipped with the function ： • Factor of distance between nodes equipped with the function and nearest BS ：

2011/5/16

1 2 3 4+ , when

1, otherwise

ij j j j

ij

pathDefenseResource maxLinkDegree linkDegree pathToNode pathToCoreNodew w w w i j

V maxPathDefenseResource maxLinkDegree maxPathToNode maxPathToCoreNode

jmaxLinkDegree linkDegreemaxLinkDegree

ijpathDefenseResourcemaxPathDefenseResource

jpathToNodemaxPathToNode

jpathToCoreNodemaxPathToCoreNode

Risk Level(cont’)• For population re-allocation

• Vij computes when node i compromising action are detected.• Vij is the risk level of node j with population re-allocation function.• Vij determines whether to turn on population re-allocation function or not.• Factor of user numbers of nodes being attacked and its neighbor• Factor of defense strength of path from nodes being attacked to nodes equipped with the function ：

• Factor of link degree of nodes equipped with the function ：• Factor of distance between nodes being attacked and nodes equipped with the function ：

2011/5/16

1 2 3 4 , when

0, otherwise

ij j ji

ij

pathDefenseResource maxLinkDegree linkDegree pathToNodemaxUserNum maxNeighborUserNumw w w w i j

V maxUserNum maxPathDefenseResource maxLinkDegree maxPathToNode

jpathToCoreNodemaxPathToCoreNode

jpathToNodemaxPathToNode

jmaxLinkDegree linkDegreemaxLinkDegree

The End•Thanks for your attention.

2011/5/16

Mathematical Formulation

Assumptions

1. The communications between mesh routers and between mesh routers and

mesh clients use different communication protocol.

2. All the packets are encrypted. Thus, the attacker can’t directly obtain

information in the communication channels.

3. The defender has complete information of the network which is attacked by

a single attacker with different strategies.

4. The attacker is not aware of the topology of the network. Namely, it doesn’t

know that there are honeynodes in the network and which nodes are

important, i.e., the attacker only has incomplete information of the network.

2011/5/16

Assumptions(cont’)

5. There are two kinds of defense resources, the non-deception based resources

and the deception based resources.

6. There are multiple jammers in the network, and their jamming ranges might

overlap.

7. There is only constructive interference between jamming signals.

2011/5/16

Given parameters

2011/5/16

Notation DescriptionN The index set of all nodesH The index set of all honeynodesP The index set of the nodes with channel surfing techniqueQ The index set of the nodes with precise localization techniqueR The index set of the nodes with detection technique

Given parameters

2011/5/16

Notation DescriptionB The defender’s total budget

Z All possible attack configuration, including attacker’s attributes and corresponding strategies.

E All possible defense configuration, including defense resources allocation and defending strategies

F Total attacking times of all attackersAn attack configuration, including the attributes and corresponding strategies , where 1≤ i ≤ F1 if the attacker can achieve his goal successfully, and 0 otherwise, where 1≤ i ≤ F( , )i iT D A

iA

Given parameters

2011/5/16

Notation Description

m(ρi)The cost of constructing a node with the quality with quality ρi, where i∈N

ni

The non-deception based defense resources allocated to node i, where i∈N

h(εi)The cost of constructing a honeynode with the interactive capability εi, where i∈H

a(φ) The cost of constructing static locators with the density φ

b The cost of constructing a channel surfing function to one node

c The cost of constructing a precise localization technique to one node

d The cost of constructing a detection technique to one nodet(ρi) The maximum traffic of node i with quality ρi, where i∈N

Decision variables

2011/5/16

Notation DescriptionThe information regarding resources allocating and defending

wi1 if node i is equipped with honeynode function, and 0 otherwise, where i∈N

xi1 if node i is equipped with channel surfing function, and 0 otherwise, where i∈N

yi1 if node i is implemented with precise localization technique, and 0 otherwise, where i∈N

zi1 if node i is implemented with the detection technique, and 0 otherwise, where i∈N

εi The interactive capability of honeypot i, where i∈N

ρi The quality of node i, where i∈N

φ The density of static locator

D

Objective function

2011/5/16

1

( , )F

i ii

D

T D Amin

F

(IP 1)

Constraints•Defender’s budget constraints

2011/5/16

(IP 1.1)

D E

(IP 1.2)iA Z


2011/5/16

1 1 1 1

1 1

( ) ( ) ( )N N H P

i i i i ii i i i

Q R

i ii i

m n w h a x b

y c z d B

(IP 1.3)


2011/5/16

1

( )N

ii

m B

1

N

ii

n B

1

( )H

i ii

w h B

( )a B

(IP 1.6)

(IP 1.7)

(IP 1.5)

(IP 1.4)


2011/5/16

1

R

ii

z d B

(IP 1.10)

(IP 1.9)

1

Q

ii

y c B

1

P

ii

x b B

(IP 1.8)

Constraints• QoS constraints

▫ QoS is a function of:1. BS loading2. Utilization of mesh routers on the path to BS3. Hops to core node4. Fake traffic effect, 5. Population re-allocation effect6. Channel surfing effect7. Jammer removal

2011/5/16

(IP 1.11)

1 ( , , , , , , )threshold

Yy BS link tocore effect effect effect effectQ L U H F P I J dy

QY

Constraints• QoS constraints

▫ ▫ The performance reduction cause by the jammed node should not

violate IP1.11.▫ The performance reduction cause by the channel surfing should

not violate IP1.11.

2011/5/16

(IP 1.12)

(IP 1.13)

QoS after population re-allocationthreshold

Q

(IP 1.14)

Constraints• Channel surfing constraints

▫ The mesh router must equipped with channel surfing technique.▫ The next channel to be selected must not be in use.▫ Channel surfing function triggers only if the jammed channel is

not a fake channel.• Population re-allocation constraints

▫ The mesh clients to be re-allocated must be in the transmission range of the mesh routers other than current mesh router.

▫ The total traffic of the mesh router i after re-allocation must not exceed the maximum traffic limit t(ρi), where i∈N.

2011/5/16

(IP 1.15)(IP 1.16)(IP 1.17)

(IP 1.18)

(IP 1.19)

Constraints• Approximate localization

▫ There must be at least three available reference points which is under the effect of jamming attack in the jammed channel.

• Precise localization▫ There must be at least one mobile locator in the network.

• Fake traffic▫ The fake traffic sent to mesh router i from the honeynodes must not

make it exceed the maximum traffic limit t(ρi), where i∈N

2011/5/16

(IP 1.21)

(IP 1.22)

(IP 1.20)

Constraints

2011/5/16

(IP 1.25)

(IP 1.24)

i N (IP 1.23)

(IP 1.26)

i N

i N

i N

0 1iw or

0 1ix or0 1iy or0 1iz or

• Integer constraints

research progress report

Documents