Techniques for Detection of Malicious Packet Drops in Networks

Desai, Vikram R

01 January 2012

The introduction of programmability and dynamic protocol deployment in routers, there would be an increase in the potential vulnerabilities and attacks . The next- generation Internet promises to provide a fundamental shift in the underlying architecture to support dynamic deployment of network protocols. In this thesis, we consider the problem of detecting malicious packet drops in routers. Specifically, we focus on an attack scenario, where a router selectively drops packets destined for another node. Detecting such an attack is challenging since it requires differentiating malicious packet drops from congestion-based packet losses. We propose a controller- based malicious packet detection technique that effectively detects malicious routers using delayed sampling technique and verification of the evidence. The verification involves periodically determining congestion losses in the network and comparing the forwarding behaviors of the adjoining routers to affirm the state of a router in the network. We provide a performance analysis of the detection accuracy and quantify the communication overhead of our system. Our results show that our technique provides accurate detection with low performance overhead.

Internet

Packet Drop

Distributed Detection

Controller

Security

Security Model

Digital Communications and Networking

Sur la conception sûre des systèmes contrôlés en réseau. / On the safe design of networked control systems.

Naoui, Adel

19 December 2016

De nos jours, les systèmes de contrôle-commande temps-réel distribués à travers un réseau de communication sont de plus en plus utilisés dans les secteurs de l’automobile, de l’avionique, de la robotique mobile, de la télécommunication et plus généralement de la conduite de procédés industriels. En comparaison avec les systèmes de contrôle point-à-point conventionnel, un système contrôlé en réseau (SCR) permet non seulement de réduire le câblage et les coûts d’installation, mais offre aussi plus de flexibilité pour faire évoluer une installation existante et favorise les actions de diagnostic et de maintenance. Comme le réseau est partagé par plusieurs boucles de contrôle et par d’autres applications, la conséquence est que le trafic de communication est difficilement maîtrisable, ce qui peut conduire à des pertes de messages et engendre des délais aléatoires. Par ailleurs, le diagnostic et la tolérance aux défauts sont des enjeux importants pour les SCR, particulièrement dans le cas ou le domaine d’utilisation exige une grande sécurité. Il est évident que la théorie et l’application des approches classiques de diagnostic et de tolérance aux défauts doivent être révisées lorsqu’il s’agit de SCR.L’étude des SCR, reposant sur des compétences en automatique, en informatique et en réseau propose naturellement des solutions propres à chaque domaine. La problématique du diagnostic des SCR consiste non seulement à détecter et localiser des défauts affectant l’ensemble du système mais aussi à distinguer, les perturbations et défaillances affectant le réseau de communication de celles du système contrôle. L’objectif de nos travaux de thèse est de proposer des modèles intégrés permettant de représenter le comportement des SCR et de contribuer à leurs diagnostics. / Real-time control systems distributed across communication networks are increasingly used in automotive, avionics, mobile robotics, and telecommunications and more generally in the conduct of industrial processes. Compared with point- to-point conventional control systems, a networked control system (NCS) can not only reduce wiring and installation costs, but also offer more flexibility to expand an existing facility and promote actions of diagnosis and maintenance. As the network is shared by multiple control loops and other applications, the result is that the communication traffic is difficult to control, which can lead to loss of messages and generate random delays.Diagnosis and fault tolerance are important issues for NCS, especially in the case where the area of application requires security. It’s obvious that the theory and application of conventional approaches to diagnosis and fault tolerance need to be revised when it comes to NCS.The study of the NCS, based on automatic skills, computer science and network competences naturally provides adequate solutions to each area. The problem of NCS diagnosis is the one hand to detect and locate faults affecting the whole system and on the other hand to distinguish, disturbances and malfunctions affecting the communication network of the control system.Our work aims is to propose integrated models to represent the behavior of NCS and contribute to its diagnosis.

Co-Design

Systèmes contrôlés en réseau

Perte de paquets

Retard

Diagnostic

Co-Design

Networked control system

Packet drop out

Truetime

Network

Residuals

Fair Medium Access Control Mechanism Reducing Throughput Degradation in IEEE 802.11s Wireless Mesh Networks

Ghasemi, Saeed, El-hajj Moussa, Haisam

January 2016

Denna rapport behandlar prestandaproblem i den nyligen standardiserade Mesh kommunikationsstandarden (IEEE 802.11s). I denna rapport, undersöker och förbättra vi ett förhållande som resulterar i reduktion av genomströmningen i en kedja av noder topologi. IEEE802.11s är mycket lovande med många fördelar för både IoT-systemen och trådlösa nätverk i båda hemmet och arbete.Vi arbetar med frågan om orättvisa när CSMA/CA tillämpas, vilket orsakar genomströmningsreduktion på grund av paketförluster och indikerar svältning. Vi analyserar konsekvenserna av Collision Avoidance (CA) mekanism och föreslår en ersättning för CA som är både rättvist och samtidigt kan upprätthålla undvikande av kollisioner. Vi implementera detta i en simulator och resultatet visar på betydligt högre end-to-end-genomströmning än standard CSMA/CA och inga paketförluster på grund av buffertspill. / This thesis rapport deals with the performance issues of the newly standardized Wireless mesh protocol (IEEE 802.11s). In this thesis, we work on improving the conditions that results in throughput degradation in a chain of nodes topology. The mesh standard is very promising with many advantages for both IoT systems and home wireless networks.We work on the issue of unfairness when CSMA/CA is applied, which causes throughput degradation due to packet loss and indicates starvation. We analyze the implication of the Collision Avoidance (CA) mechanism and propose a replacement for the CA that is both fair and able to maintain collision avoidance. We implement this in a simulator and the result shows significantly higher end-to-end throughput compared to the original CSMA/CA and no packet loss due to buffer overflow.

Multihop

IEEE 802.11s

Wifi

Medium access control

MAC

CSMA

Collision Avoidance

CA

Packet drop

Fairness

Buffer overflow

Unfairness

Mesh

Wireless

Network

WMN

throughput

throughput degradation

contention

two-hop interference

greedy sender

distributed

Engineering and Technology

Teknik och teknologier