Secure localization with attack detection in wireless sensor networks

Rapid technological advances have enabled the development of low-cost sensor networks for various monitoring tasks, where it is important to estimate the positions of a number of regular sensor nodes whose locations cannot be known apriori. We address the problem of localizing the regular nodes with range-based location references obtained from certain anchor nodes referred to as beacons, particularly in an adverse environment where some of the beacons may be compromised. We propose an innovative modular solution featuring two lightweight modules that are for dedicated functionalities, respectively, but can also be closely integrated. First, we harness simple geometric triangular rules and an efficient voting technique to enable the attack detection module, which identifies and filters out malicious location references. We then develop a secure localization module that computes and clusters certain reference points, and the position of the concerned regular node is estimated with the centroid of the most valuable reference points identified. Extensive simulations show that our attack detection module can detect compromised beacons effectively, and the secure localization module can subsequently provide a dependable localization service in terms of bounded estimation error. The integrated system turns out to be tolerant of malicious attacks even in highly challenging scenarios.

Modeling worms propagation on probability

There are the two common means for propagating worms: scanning vulnerable computers in the network and sending out malicious email attachments. Modeling the propagation of worms can help us understand how worms spread and devise effective defence strategies. Most traditional models simulate the overall scale of infected network in each time tick, making them invalid for examining deep inside the propagation procedure among individual nodes. For this reason, this paper proposes a novel probability matrix to model the propagation mechanism of the two main classes of worms (scanning and email worms) by concentrating on the propagation probability. The objective of this paper is to access the spreading and work out an effective scheme against the worms. In order to evaluate the effects of each major component in our probability model, we implement a series of experiments for both worms. From the results, the network administrators can make decision on how to reduce the number of vulnerable nodes to a certain threshold for scanning worms, and how to immunize the highly-connected node for preventing worm's propagation for email worms.

Detecting unknown anomalous program behavior using API system calls

This paper presents the detection techniques of anomalous programs based on the analysis of their system call traces. We collect the API calls for the tested executable programs from Microsoft detour system and extract the features for our classification task using the previously established n-gram technique. We propose three different feature extraction approaches in this paper. These are frequency-based, time-based and a hybrid approach which actually combines the first two approaches. We use the well-known classifier algorithms in our experiments using WEKA interface to classify the malicious programs from the benign programs. Our empirical evidence demonstrates that the proposed feature extraction approaches can detect malicious programs over 88% which is quite promising for the contemporary similar research.

Security framework for mobile agents-based applications

Mobile agents have been proposed for key applications such as forensics analysis, intrusion detection, e-commerce, and resource management. Yet, they are vulnerable to various security threats by malicious hosts or intruders. Conversely, genuine platforms may run malicious agents. It is essential to establish a truly secure framework for mobile agents to gain trust of clients in the system. Failure to accomplish a trustworthy secured framework for Mobile Agent System (MAS) will limit their deployment into the key applications. This chapter presents a comprehensive taxonomy of various security threats to Mobile Agent System and the existing implemented security mechanisms. Different mechanisms are discussed, and the related security deficiencies are highlighted. The various security properties of the agent and the agent platform are described. The chapter also introduces the properties, advantages, and roles of agents in various applications. It describes the infrastructure of the system and discusses several mobile agent frameworks and the accomplished security level.

Locating defense positions for thwarting the propagation of topological worms

A common view for the preferable positions of thwarting worm propagation is at the highly connected nodes. However, in certain conditions, such as when some popular users (highly connected nodes in the network) have more vigilance on the malicious codes, this may not always be the truth. In this letter, we propose a measure of betweenness and closeness to locate the most suitable positions for slowing down the worm propagation. This work provides practical values to the defense of topological worms.

Polymorphic malware detection using Hierarchical Hidden Markov Model

Binary signatures have been widely used to detect malicious software on the current Internet. However, this approach is unable to achieve the accurate identification of polymorphic malware variants, which can be easily generated by the malware authors using code generation engines. Code generation engines randomly produce varying code sequences but perform the same desired malicious functions. Previous research used flow graph and signature tree to identify polymorphic malware families. The key difficulty of previous research is the generation of precisely defined state machine models from polymorphic variants. This paper proposes a novel approach, using Hierarchical Hidden Markov Model (HHMM), to provide accurate inductive inference of the malware family. This model can capture the features of self-similar and hierarchical structure of polymorphic malware family signature sequences. To demonstrate the effectiveness and efficiency of this approach, we evaluate it with real malware samples. Using more than 15,000 real malware, we find our approach can achieve high true positives, low false positives, and low computational cost.

Zero-day malware detection based on supervised learning algorithms of API call signatures

Zero-day or unknown malware are created using code obfuscation techniques that can modify the parent code to produce offspring copies which have the same functionality but with different signatures. Current techniques reported in literature lack the capability of detecting zero-day malware with the required accuracy and efficiency. In this paper, we have proposed and evaluated a novel method of employing several data mining techniques to detect and classify zero-day malware with high levels of accuracy and efficiency based on the frequency of Windows API calls. This paper describes the methodology employed for the collection of large data sets to train the classifiers, and analyses the performance results of the various data mining algorithms adopted for the study using a fully automated tool developed in this research to conduct the various experimental investigations and evaluation. Through the performance results of these algorithms from our experimental analysis, we are able to evaluate and discuss the advantages of one data mining algorithm over the other for accurately detecting zero-day malware successfully. The data mining framework employed in this research learns through analysing the behavior of existing malicious and benign codes in large datasets. We have employed robust classifiers, namely Naïve Bayes (NB) Algorithm, k−Nearest Neighbor (kNN) Algorithm, Sequential Minimal Optimization (SMO) Algorithm with 4 differents kernels (SMO - Normalized PolyKernel, SMO – PolyKernel, SMO – Puk, and SMO- Radial Basis Function (RBF)), Backpropagation Neural Networks Algorithm, and J48 decision tree and have evaluated their performance. Overall, the automated data mining system implemented for this study has achieved high true positive (TP) rate of more than 98.5%, and low false positive (FP) rate of less than 0.025, which has not been achieved in literature so far. This is much higher than the required commercial acceptance level indicating that our novel technique is a major leap forward in detecting zero-day malware. This paper also offers future directions for researchers in exploring different aspects of obfuscations that are affecting the IT world today.

Recovery mechanism on sensor networks

On the completion of project, we propose novel recovery mechanisms which recovers limited-resource wireless sensor networks quickly from an malicious attack. The research outcomes include re-clustering algorithms, reprogramming techniques and authentications protocols developed and tested on both hardware and simulation platforms. The work is also well compared with other researchers.

Security risks/vulnerability in a RFID system and possible defenses

Remote technologies are changing our way of life. The radio frequency identification (RFJD) system is a new technology which uses the open air to transmit information. This information transmission needs to be protected to provide user safety and privacy. Business will look for a 5ystem that hasfraud resilience to prevent the misuse of information to take dishonest advantage. The business and the user need to be assured that the transmitted information has no content which is capable of undertaking malicious activities. Public awareness of RFID security will help users and organizations to understand the need for security protection. Publishing a security guideline from the regulating body and monitoring implementation of that guideline in RFID 5ystems will ensure that businesses and users are protected. This chapter explains the importance of security in a RFID system and will outline the protective measures. It also points out the research direction of RFID 5ystems.

E-commerce trust management system reliability

Various solutions have been proposed in managing trust relationship between trading partners in eCommerce environment. Determine the reliability of trust management systems in eCommerce is most difficult issue due to highly dynamic nature of eCommerce environments. As trust management systems depend on the feedback ratings provided by the trading partners, they are fallible to strategic manipulation of the feedback ratings attacks. This paper addressed the challenges of trust management systems. The requirements of a reliable trust management are also discussed. In particular, we introduce an adaptive credibility model that distinguishes between credible feedback ratings and malicious feedback ratings by considering transaction size, frequency of ratings and majority vote to form a feedback ratings verification metric. The approach has been validated by simulation result.

Securing recommendations in grouped P2P e-commerce trust model

In dynamic peer to peer (P2P) e-commerce, it is an important and difficult problem to promote online businesses without sacrificing the desired trust to secure transactions. In this paper, we address malicious threats in order to guarantee secrecy and integrity of recommendations exchanged among peers in P2P e-commerce. In addition to trust, secret keys are required to be established between each peer and its neighbors. Further, we propose a key management approach gkeying to generate six types of keys. Our work mainly focuses on key generation for securing recommendations, and ensuring the integrity of recommendations. The proposed approach presented with a security and performance analysis, is more secure and more efficient in terms of communication cost, computation cost, storage cost, and feasibility. © 2012 IEEE.

Towards an understanding of the impact of advertising on data leaks

Recent investigations have determined that many Android applications in both official and non-official online markets expose details of the user's mobile phone without user consent. In this paper, for the first time in the research literature, we provide a full investigation of why such applications leak, how they leak and where the data is leaked to. In order to achieve this, we employ a combination of static and dynamic analysis based on examination of Java classes and application behaviour for a data set of 123 samples, all pre-determined as being free from malicious software. Despite the fact that anti-virus vendor software did not flag any of these samples as malware, approximately 10% of them are shown to leak data about the mobile phone to a third-party; applications from the official market appear to be just as susceptible to such leaks as applications from the non-official markets.

Crime toolkits : the productisation of cybercrime

The productisation of crime toolkits is happening at an ever-increasing rate. Previous attacks that required indepth knowledge of computer systems can now be purchased online. Large scale attacks previously requiring months to setup a botnet can now be scheduled for a small fee. Criminals are leveraging this opportunity of commercialization, by compromising web applications and user's browser, to gain advantages such as using the computer's resources for launching further attacks, or stealing data such as identifying information. Crime toolkits are being developed to attack an increasing number of applications and can now be deployed by attackers with little technical knowledge. This paper surveys the current trends in crime toolkits, with a case study on the Zeus botnet. We profile the types of exploits that malicious writers prefer, with a view to predicting future attack trends. We find that the scope for damage is increasing, particularly as specialisation and scale increase in cybercrime.

Information security governance: the art of detecting hidden malware

Detecting malicious software or malware is one of the major concerns in information security governance as malware authors pose a major challenge to digital forensics by using a variety of highly sophisticated stealth techniques to hide malicious code in computing systems, including smartphones. The current detection techniques are futile, as forensic analysis of infected devices is unable to identify all the hidden malware, thereby resulting in zero day attacks. This chapter takes a key step forward to address this issue and lays foundation for deeper investigations in digital forensics. The goal of this chapter is, firstly, to unearth the recent obfuscation strategies employed to hide malware. Secondly, this chapter proposes innovative techniques that are implemented as a fully-automated tool, and experimentally tested to exhaustively detect hidden malware that leverage on system vulnerabilities. Based on these research investigations, the chapter also arrives at an information security governance plan that would aid in addressing the current and future cybercrime situations.

Web malware that targets web applications

Web applications have steadily increased, making them very important in areas, such as financial sectors, e-commerce, e-government, social media network, medical data, e-business, academic an activities, e-banking, e-shopping, e-mail. However, web application pages support users interacting with the data stored in their website to insert, delete and modify content by making a web site their own space. Unfortunately, these activities attracted writers of malicious software for financial gain, and to take advantage of such activities to perform their malicious objectives. This chapter focuses on severe threats to web applications specifically on Structure Query Language Injection Attack (SQLIA) and Zeus threats. These threats could adopt new obfuscation techniques to evade and thwart countermeasures Intrusion Detection Systems (IDS). Furthermore, this work explores and discusses the techniques to detect and prevent web application malwar.