| dc.description.abstract | Wireless sensor networks are known to be vulnerable to a variety ofattacks that could undermine normal sensor network operations. Manyschemes have been developed to defend the wireless sensor networksagainst various attacks. Most of them focus on making the networkand service protocols be attack-resilient rather than rooting outthe source of attacks. Although the attack-resiliency approachmitigates the threats on sensor network protocols, it requiressubstantial time and effort for continuously enhancing therobustness of the protocols in line with the emergence of newtypes of attacks. Accordingly, if we are able to detect and removethe sources of attacks as soon as possible, we could save the largeamount of time and effort incurred from employing theattack-resiliency approach. In wireless sensor networks, theprinciple sources of various attacks are compromised nodes.Specifically, since sensor nodes are deployed in an unattendedmanner, an adversary can physically capture and compromise sensornodes, and mount a variety of attacks with the compromised nodes. He canalso move the compromised nodes to multiple locations to evade the detection.Moreover, he can create wide-spread influence by generating manyreplica nodes of a few compromised nodes or propagating maliciousworm into the network. Our works are designed for rooting outthe sources of possible threats by quickly detecting and removingcompromised nodes and preventing wide-spread node compromise throughreplica node and worm propagation attacks.To meet this challenge, we propose a framework for robust detectionand revocation of wide-spread node compromise in wireless sensornetworks. In the framework, we first propose a reputation-based trustmanagement scheme to facilitate static node compromise detection, and then propose a distributed detection scheme to achieve fast mobile node compromise detection, and finally propose replica node detection and worm propagation detectionschemes to prevent wide-spread node compromise.Specifically, the framework is composed of five components. In thefirst component, we quickly detect the suspected regions in whichcompromised nodes are likely placed and perform software attestationagainst the nodes in the suspected regions, leading to the detectionand revocation of the compromised nodes. However, ifthe attacker moves the compromised nodes to multiple locations in thenetwork, such as by employing simple robotic platforms or moving thenodes by hand, he can evade the detection scheme in the first component. To resolve this limitation, we propose the second component in which we quickly detect these mobile malicious nodes that are silent forunusually many time periods---such nodes are likely to be moving---andblock them from communicating in fully distributed manner. To reduce the time and effort incurred from directly compromising many benign nodes,attacker may launch replica node attacks in which he generates manyreplica nodes of a few compromised nodes and widely spread them overthe network. To thwart wide-spread node compromise by replica nodeattacks, we propose two complementary schemes for replica detectionas the third and fourth components. In the third component, wedetect static replica nodes by leveraging theintuition that static replica nodes are placed in more than one location.In the fourth component, we quickly detect mobile replicas byleveraging the intuition that mobile replicas are in two or morelocations at once and thus appear to move much faster than benignnodes, leading to highly likely exceed the predefined maximum speed.However, the attacker needs to prepare as many sensor nodes as thenumber of replicas that he wants to generate in replica nodeattacks. Thus, the attack costs will increase in proportion to thenumber of deployed replicas. To reduce these costs, the attacker mayattempt to widely spread node compromise by capturing a few nodesand having the captured nodes propagate malicious worm through thenetwork, leading to the fast compromise of many benign nodes. To fight against this type of attack, we propose the fifth component in which we quickly detect worm propagation in fully distributed fashion by leveraging the intuition that a worm's communication pattern is different from benign traffic.Through analysis and experimental study, we show that thesecomponents achieve robust and effective detection and revocationcapability of node compromise, replica node, worm propagation with reasonableoverhead. | en_US |
