Distributed Detection of Sensor Worms Using Sequential Analysis and Remote Software Attestations
Recent work has demonstrated that self-propagating worms are a real threat to sensor networks. Since worms can enable an adversary to quickly compromise an entire sensor network, they must be detected and stopped as quickly as possible. To meet this need, we propose a worm propagation detection sche...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2017-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/7807270/ |
| _version_ | 1819163183172026368 |
|---|---|
| author | Jun-Won Ho Matthew Wright |
| author_facet | Jun-Won Ho Matthew Wright |
| author_sort | Jun-Won Ho |
| collection | DOAJ |
| description | Recent work has demonstrated that self-propagating worms are a real threat to sensor networks. Since worms can enable an adversary to quickly compromise an entire sensor network, they must be detected and stopped as quickly as possible. To meet this need, we propose a worm propagation detection scheme for sensor networks. The proposed scheme applies a sequential analysis to detect worm propagation by leveraging the intuition that a worm's communication pattern is different from benign traffic. In particular, a worm in a sensor network requires a long sequence of packets propagating hop-by-hop to each new infected node in turn. We thus have detectors that observe communication patterns in the network, a worm spreading hop-by-hop will quickly create chains of connections that would not be seen in normal traffic. Once detector nodes identify the worm propagation pattern, they initiate remote software attestations to detect infected nodes. Through analysis and simulation, we demonstrate that the proposed scheme effectively and efficiently detects worm propagation. In particular, it blocks worm propagation while restricting the fraction of infected nodes to at most 13.5% with an overhead of at most 0.63 remote attestations per node per time slot. |
| first_indexed | 2024-12-22T17:40:05Z |
| format | Article |
| id | doaj.art-50656c6284514a2692756ba30def98c5 |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-22T17:40:05Z |
| publishDate | 2017-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-50656c6284514a2692756ba30def98c52022-12-21T18:18:25ZengIEEEIEEE Access2169-35362017-01-01568069510.1109/ACCESS.2017.26488537807270Distributed Detection of Sensor Worms Using Sequential Analysis and Remote Software AttestationsJun-Won Ho0https://orcid.org/0000-0003-2070-9861Matthew Wright1Department of Information Security, Seoul Womenx’s University, SeoulSouth KoreaDepartment of Computing Security, Rochester Institute of Technology, Rochester, NY, USARecent work has demonstrated that self-propagating worms are a real threat to sensor networks. Since worms can enable an adversary to quickly compromise an entire sensor network, they must be detected and stopped as quickly as possible. To meet this need, we propose a worm propagation detection scheme for sensor networks. The proposed scheme applies a sequential analysis to detect worm propagation by leveraging the intuition that a worm's communication pattern is different from benign traffic. In particular, a worm in a sensor network requires a long sequence of packets propagating hop-by-hop to each new infected node in turn. We thus have detectors that observe communication patterns in the network, a worm spreading hop-by-hop will quickly create chains of connections that would not be seen in normal traffic. Once detector nodes identify the worm propagation pattern, they initiate remote software attestations to detect infected nodes. Through analysis and simulation, we demonstrate that the proposed scheme effectively and efficiently detects worm propagation. In particular, it blocks worm propagation while restricting the fraction of infected nodes to at most 13.5% with an overhead of at most 0.63 remote attestations per node per time slot.https://ieeexplore.ieee.org/document/7807270/Wireless sensor networkssequential analysisworm detection |
| spellingShingle | Jun-Won Ho Matthew Wright Distributed Detection of Sensor Worms Using Sequential Analysis and Remote Software Attestations IEEE Access Wireless sensor networks sequential analysis worm detection |
| title | Distributed Detection of Sensor Worms Using Sequential Analysis and Remote Software Attestations |
| title_full | Distributed Detection of Sensor Worms Using Sequential Analysis and Remote Software Attestations |
| title_fullStr | Distributed Detection of Sensor Worms Using Sequential Analysis and Remote Software Attestations |
| title_full_unstemmed | Distributed Detection of Sensor Worms Using Sequential Analysis and Remote Software Attestations |
| title_short | Distributed Detection of Sensor Worms Using Sequential Analysis and Remote Software Attestations |
| title_sort | distributed detection of sensor worms using sequential analysis and remote software attestations |
| topic | Wireless sensor networks sequential analysis worm detection |
| url | https://ieeexplore.ieee.org/document/7807270/ |
| work_keys_str_mv | AT junwonho distributeddetectionofsensorwormsusingsequentialanalysisandremotesoftwareattestations AT matthewwright distributeddetectionofsensorwormsusingsequentialanalysisandremotesoftwareattestations |