Event Stream Processing for Intrusion Detection in ZigBee Home Area Networks Sandra Pogarcic, Samujjwal Bhandari, Kedar Hippalgaonkar, and Susan Urban.

Slides:

Advertisements

Similar presentations

Network II.5 simulator ..

Advertisements

Security in Mobile Ad Hoc Networks

Oliver Pankiewicz EEL 6935 Embedded Systems

Energy Demand and Energy Networks Energy Academy, School of Energy, Geosciences, Infrastructure and Society 9th September 2014 Dr David Jenkins and Dr.

1 Programa de Engenharia Elétrica - PEE/COPPE/UFRJ Universidade Federal do Rio de Janeiro A Review of Anomalies Detection Schemes for Smart Grids Andrés.

Magnus Almgren, Marina Papatriantafilou. Support Team Examiners – Magnus Almgren – Vincenzo Gulisano – Olaf Landsiedel – Marina Papatriantafilou Course.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Smart Grid Projects Andrew Bui.

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

FIT5037 Advanced Network Security --- Modern Computing and Security --- Lecture 1.

A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,

Computer Science, Software Engineering & Robotics Workshop, FGCU, April 27-28, 2012 Bayesian Belief Networks in Anomaly Detection, Fault Diagnosis & Failure.

Course Instructor: Aisha Azeem

Distributed System Concepts and Architectures Summary By Srujana Gorge.

Advanced Metering Infrastructure

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—1-1 Building a Simple Network Understanding the Host-to-Host Communications Model.

Greenbench: A Benchmark for Observing Power Grid Vulnerability Under Data-Centric Threats Mingkui Wei, Wenye Wang Department of Electrical and Computer.

Mark W. Propst Scientific Research Corporation.  Attack Motivations  Vulnerability Classification  Traffic Pattern Analysis  Testing Barriers  Concluding.

LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.

Energy Saving In Sensor Network Using Specialized Nodes Shahab Salehi EE 695.

CS252: Systems Programming Ninghui Li Final Exam Review.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

EXPLOITING SECURITY VULNERABILITIES IN A SMART GRID HOME AREA NETWORK USING HARDWARE SIMULATION Tyler Flack, Samujjwal Bhandari, and Susan Urban TEXAS.

Approach Overview Using Dorothy, an enhanced version of the Alice 2.0 source code, and a Scribbler robot, it is our aim to increase interest in computer.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.

Presentation title SUB TITLE HERE Intelligent 21st Century Strategies for Broadband and Cyber Infrastructures Security By Dr. Emmanuel Hooper, PhD, PhD,

Abstract A software development life cycle can be divided into requirements elicitation, specification, design, implementation, testing, and maintenance.

Chapter 14: Artificial Intelligence Invitation to Computer Science, C++ Version, Third Edition.

Protocol Layering Chapter 10. Looked at: Architectural foundations of internetworking Architectural foundations of internetworking Forwarding of datagrams.

Tufts Wireless Laboratory School Of Engineering Tufts University “Network QoS Management in Cyber-Physical Systems” Nicole Ng 9/16/20151 by Feng Xia, Longhua.

Performance analysis and prediction of physically mobile systems Point view: Computational devices including Mobile phones are expanding. Different infrastructure.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Smart Grid Security Challenges Ahmad Alqasim 1. Agenda Problem Statement Power system vs. smart grid Background Information Focus Point Privacy Attack.

Security Evaluation of Pattern Classifiers under Attack.

Low-Power Wireless Sensor Networks

Computer Networks. Introduction Computer Network2 A History Lesson of Networking 1969 – ARPANET, first packet switched network consist of UCLA, Stanford,

ICST 2011 Interconnecting ZigBee and 6LoWPAN Wireless Sensor Networks for Smart Grid Applications Advisor: Quincy Wu Speaker: Chia-Wen Lu National Chi.

CREATING A ZIGBEE HOME AREA NETWORK SIMULATOR FOR SMART GRID SECURITY RESEARCH Gabriel Garza, Samujjwal Bhandari, & Susan Urban Texas Tech University 2012.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

Dorothy Communication Dorothy Interface Robot Sensors Scribbler Robot(IPRE, 2010) Handler connection Background Dorothy, is a 3D/robotics programming environment.

Communication with Handler Approach Overview Alice 2.0 source code was modified to release event information to a robot handler component using sockets.

Major Disciplines in Computer Science Ken Nguyen Department of Information Technology Clayton State University.

Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.

A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence Shane Singh | COMPSCI 726.

National Chi Nan University

Chapter 4 Decision Support System & Artificial Intelligence.

Workpackage 3 New security algorithm design ICS-FORTH Ipswich 19 th December 2007.

National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE

Advanced Science and Technology Letters Vol.74 (ASEA 2014), pp Prototyping of Web-based Solar Monitoring.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

Smart Home Technologies

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.

Towards Self-Healing Smart Grid via Intelligent Local Controller Switching under Jamming Hongbo Liu, Yingying Chen Department of ECE Stevens Institute.

Smart Grid Schneider Electric Javier Orellana

What Utilities can learn from Telcos (and vice-versa, really) Arjun Roychowdhury Assistant Vice President, Smart Energy Co-chair, SIP Forum SmartGrid Group.

CONTENTS: 1.Abstract. 2.Objective. 3.Block diagram. 4.Methodology. 5.Advantages and Disadvantages. 6.Applications. 7.Conclusion.

TRACE ANALYSIS AND MINING FOR SMART CITIES By G. Pan Zhejiang Univ., Hangzhou, China G. Qi ; W. Zhang ; S. Li ; Z. Wu ; L. T. Yang.

VIEWS b.ppt-1 Managing Intelligent Decision Support Networks in Biosurveillance PHIN 2008, Session G1, August 27, 2008 Mohammad Hashemian, MS, Zaruhi.

Myongji University HMCL

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

To validate the proposed average models, our system was simulated with Matlab Simulink in near-real- time. The wireless communication architecture was.

 The contribution of this work has been the application of formal methods for secure operations of cyber- physical systems  External observer in above.

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

Computer Networks.

Optical Networks & Smart Grid Lab.

Comparison to existing state of security experimentation

Autonomous Network Alerting Systems and Programmable Networks

Presentation transcript:

Event Stream Processing for Intrusion Detection in ZigBee Home Area Networks Sandra Pogarcic, Samujjwal Bhandari, Kedar Hippalgaonkar, and Susan Urban Motivation  Because the ZigBee Protocol was designed for efficiency rather than security, it has an easily exploited communication protocol  Use artificial intelligence to make a self healing system, which dynamically discovers new cyber attacks based off of similar attacks References: [1] Urban S.D. and Sridharan M CSR: Small: Adaptive Event Stream Processing. [NSF Grant No.: CNS , proposal for Software Engineering Research]. [2] Anderson, R Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, New York. [3] Intelligent Event Processor (IEP) User's Guide. Sun Microsystems, Inc. Santa Clara, CA [4] Ploeg, J. ZigBee Taken from: This research is supported by NSF Grant No. CNS & ECCS Opinions, findings, conclusions, or recommendations expressed in this paper are those of the author(s) and do not necessarily reflect the views of NSF. TTU 2012 NSF Research Experiences for Undergraduates Site Projec t Figure 2: ZigBee Packet and architecture [4] Objectives:  Detect attacks in a ZigBee environment  Understand and exploit the vulnerabilities in the ZigBee stack protocol  Flood Attack  Back-Off Manipulation  Analyze ZigBee packets from the hardware simulation to develop static rules for detection of attack scenarios  Experiment with the use of event processing technology to detect attack scenarios Intelligent Event Processing  A graphical opensource software, which performs functions on events provided in streams and relational data tables  IEP uses message binding to import external data such as text files for processing  IEP has several graphical operators that can perform functions on micro events  The operators pass on data to different operators if the stream meets the querry’s condition  Input and Ouput operators are mandatory, but more complex rules can be made by refining the conditions of what can be the output  If something falls into the output based upon the rules that you set, it means that that particular sequence of events has occurred Event Stream Processing  The detection of patterns from a data set or a data stream, which signify that an event has occurred  Can be used to create patterns or rules from pre- existing data, which can be refined to predict similar event behavior  Used here to create meta data, or domain specific rules, which will be combined with probability to dynamically define emerging attack patterns Smart Grid  The Smart Grid is the next step in modernizing the electrical system to fit the rising demand for energy.  It has an interconnected, two-way communication system, built into its infrastructure.  Data and energy can dynamically be transferred through multiple pathways  Home Area Network (HAN) ZigBee  Wireless technology that is built on and expands the IEEE standard  Has a unanimous data standard  Low cost and low power consumption  Compatible with intrusion detection technologies  Supports large network communication infrastructure  ZigBee network parallels Smart Grid infrastructure My Research  Apply event stream processing technology to flood attack and back-off time manipulation intrusion scenarios  Identify static rules from ZigBee packets  Ex: Flood Attack Pattern  If Source Addressing Mode = 11, then there is an Association protocol in place  If the Intra Pan field = 0, then the Association Protocol is an Association Request (a device is trying to join the network)  If this behavior happens approximately 4 times within a minute, then there is a likely chance of a flood attack Figure 4: Parsed Zigbee Packet Figure 5: Corresponding Packet in Wireshark, a packet analyzer Figure 6: Basic input and output stream in IEPFigure 7: Graphical representation of a Flood Attack Pattern Figure 3: IEP Architecture [3] Future Directions  Integrate event stream processing with the intrusion simulation  From simple patterns, dynamic intrusion detection rules or algorithms can be made using can be made using probability  Expand the JADE simulation to generate ZigBee packets for Event Stream Processing  Expand general rules into IEP rules Figure 1: Smart Grid Security Challenges  Less tested than other wireless technologies  New attacks will continuously be developed  Communication protocol manipulation to prevent message transmission  Network jamming  Physical layer attacks  New attacks will continuously be developed, which are unknown to be able to address  Same network key for multiple devices