Cross Layer Techniques for Intrusion Tolerant Networks

Lead Research Organisation: Loughborough University
Department Name: Electronic, Electrical & Systems Enginee

Abstract

The proliferation of wireless networks over the past decade has made security a major concern for these networks and the applications that have to use them. Wireless networks have fundamental characteristics that make them significantly different from traditional wired networks, particularly with regard to security and reliability. Moreover there is an increasing trend for access to services residing on fixed (e.g. enterprise) networks via wireless access. Therefore the design of secure and reliable wireless networks presents a major challenge to the designers of next generation networks with general public wireless access. It is also expected that many future networks will have to live under the threat of attacks as a matter of course. Current research attempts to secure networks against all types of attack, at all times and generally irrespective of the cost to the performance of the network. This research proposal aims to investigate a new type of integrated, flexible, and intelligent security architecture for providing tolerance to intrusion attacks against next generation networks with wireless access. Thus our goal is not to prevent intrusions but to enable network architectures to withstand them. Central to the work will be the design of a distributed Intrusion tolerance system that is based on a cross layer detection and mitigation approach. As such, intrusion detection and mitigation will be integrated within the layered architecture of the network so that the network has an intelligent view of the overall level of threat(s) posed at any time throughout the network. This approach brings a number of significant advantages over existing intrusion detection systems (IDS) particularly when applied to wireless access networks that have to withstand some level of attacks over prolonged periods.

Publications

10 25 50
 
Description The work is aimed at providing or improving network resilience against attack. The idea, as generally presented by others, is that attacks against a communication network are managed in such a way that some continued operation of the network continues, possibly in a reduced state of ability. Our approach to provide such resilience is to identify potential attacks and classify them with high accuracy and efficiency, and mitigate their effects by utilising cross and mixed layer techniques. This infers that an attack or dangerous situation may manifest itself at some, but not all, layers of a communication network and, once identified, the optimal response may be performed at other layers.

The project has pursued an anomaly based approach to the identification of attacks. Cross-layer detection has been performed via a data fusion and current work is investigating how basic beliefs in attack can be assigned at low cost.

The approach has been evaluated extensively on a WiFi (IEEE 802.11) network and demonstrated on a WiMAX (IEEE 802.16) testbed. Current work is investigating how the approach would work on LTE networks via simulation.

The project has developed fully functional code for WiFi operation which identifies and blocks Man-in-the-Middle and Rogue Access Point attacks carried out by direct frame injection to PC based Windows or Linux machines. A data set representing live traffic traces for these attacks has also been collected.
Exploitation Route The approach and software will provide protection and resilience to users on wireless networks and, potentially, LTE networks. The approach could be incorporated into security products for user machines on wireless networks.



The current implementation could be made available for use on such machines in a stand alone manner.



The data set would be used by others researching Direct Frame Injection type attacks.
Sectors Digital/Communication/Information Technologies (including Software),Security and Diplomacy

URL http://www.lboro.ac.uk/departments/el/research/communications/networks/cross-layer.html#tab=abstract
 
Description 1. Via publications in conferences and journals. 2. Via presentations and demonstrations to industry. 3. As executable software to protect a WiFi node 4. Via a commercial licensing agreement 5. As examples in lecture material
First Year Of Impact 2011
Sector Digital/Communication/Information Technologies (including Software),Education,Electronics,Security and Diplomacy
Impact Types Economic,Policy & public services

 
Title WiFi attack dataset 
Description A packet capture dataset from a WiFi network when subjected to different low attacks which are difficult to detect using traditional approaches 
Type Of Material Database/Collection of data 
Year Produced 2012 
Provided To Others? Yes  
Impact Used to develop and verify a multi-layer fusion based attack detection algorithm. 
URL http://homepages.lboro.ac.uk/~elkk/Site/Testbed_data.html
 
Description Rohde?hwarz 
Organisation Rohde and Schwarz
Country Germany 
Sector Private 
PI Contribution To show how wireless net equipment can be used to help in identifying network attacks.
Collaborator Contribution Provision of advanced WiMAX emulation equipment for verification of algorithms on different network types.
Impact Performance of the detector in WiMAX networks
Start Year 2009
 
Title Software for the detection of wireless network attacks using cross-layer data fusion 
Description Software which fuses beliefs in attack developed from network frame data, 
IP Reference  
Protection Protection not required
Year Protection Granted 2012
Licensed Yes
Impact Software license was sold commercially to third party company,
 
Title Automatic belief genaration for Dempster-Schaffer fusion. 
Description Software to automatically generate Beliefs in Normal, Anomaly and Uncertainty for Dempster-Schaffer combinaion of predictors of netwark attack. 
Type Of Technology Software 
Year Produced 2012 
Impact Believed to be the only simple, adaptive approach. 
 
Description Exchange visits with Universities in Naples 
Form Of Engagement Activity Participation in an open day or visit at my research institution
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Participants in your research and patient groups
Results and Impact Papers.
Membership of Conference organisation committees
Exchange of Ph.D students


More positive industry interest in working with partnership
Year(s) Of Engagement Activity 2010,2012,2013,2014