Computer Science Project Topics

Real-Time Intrusion and Wormhole Attack Detection in the Internet of Things

Real-Time Intrusion and Wormhole Attack Detection in the Internet of Things

Real-Time Intrusion and Wormhole Attack Detection in the Internet of Things

Chapter One

AIMS AND OBJECTIVES OF THE STUDY

The aims and objectives of this study include;

  1. To discover unauthorized access to a computer network
  2. To analyze traffic on a computer network to obtain signs of malicious activity
  3. To build a predictive model through machine learning which is capable of distinguishing between intrusions, attacks or normal network connections and activities.
  4. In addition to the above, detecting and repelling wormhole attack

CHAPTER TWO

REVIEW OF LITERATURE

This chapter examines in detail, the history and developments made in the network industry sector of the industry, previous research work on this subject, the characteristics, models, architectures and limitations as pointed out by various scholars and researchers. This will provide the ground work for figuring out an efficient way to collect and analyze data sets for machine learning process and  network security platforms.

OVERVIEW OF WORMHOLE ATTACKS

Wormhole attack is a grave attack during which two attackers locate themselves strategically within the network. Then the attackers keep on listening to the network, and record the wireless information.

In a wormhole attack, an attacker receives packets at one point in the network, “tunnels” them to another point in the network, and then replays them into the network from that point. For tunneled distances longer than the normal wireless transmission range of a single hop, it is simple for the attacker to make the tunneled packet arrive with better metric than a traditional multihop route, for instance through use of one long-range directional wireless link or through an immediate wired link to a colluding attacker. It is also possible for the attacker to forward each bit over the wormhole directly, without waiting for an entire packet to be received before beginning to tunnel the bits of the packet, in order to minimize delay introduced by the wormhole. Due to the nature of wireless transmission, the attacker can create a wormhole even for packets not addressed to itself, since it can overhear them in wireless transmission and tunnel them to the colluding attacker at the opposite end of the wormhole. If the attacker performs this tunneling honestly and reliably, no harm is done; the attacker actually provides a useful service in connecting the network more efficiently. However, the wormhole puts the attacker in a very powerful position relative to other nodes in the network, and the attacker could exploit this position in a variety of ways. The attack can also still be performed even if the network communication provides confidentiality and authenticity, and even if the attacker has no cryptographic keys. Furthermore, the attacker is invisible at higher layers; unlike a malicious node during a routing protocol, which may often easily be named, the presence of the wormhole and therefore the two colluding attackers at either endpoint of the wormhole aren’t visible within the route. The wormhole attack is particularly dangerous against many ad hoc network routing protocols in which the nodes that hear a packet transmission directly from some node consider themselves to be in range of (and thus a neighbor of) that node. For example, when used against an on-demand routing protocol such as DSR (Johnson et al,1996), or AODV (Perkins et al, 1999) a powerful application of the wormhole attack can be mounted by tunneling each ROUTE REQUEST packet on to the destination target node of the REQUEST. When the destination node’s neighbors hear this REQUEST packet, they will follow normal routing protocol processing to rebroadcast that copy of the REQUEST and then discard without processing all other received ROUTE REQUEST packets originating from this same Route Discovery. This attack thus prevents any routes aside from through the wormhole from being discovered, and if the attacker is near the initiator of the Route Discovery, this attack can even prevent routes more than two hops long from being discovered. Possible ways for the attacker to then exploit the wormhole include discarding instead of forwarding all data packets, thereby creating a permanent Denial-of-Service attack (no other route to the destination are often discovered as long because the attacker maintains the wormhole for ROUTE REQUEST packets), or selectively discarding or modifying certain data packets

RESEARCH WORK IN FIELD OF NETWORK SECURITY

In the field of network security, network attacks are discovered to be as varied because the system that they plan to penetrate. Attacks are known to be either intentional or unintentional and for this reason, technically competent intruders also referred to as hackers are curious about targeting the protocols used for secure communication between networking devices. (Reed 2003). This chapter as earlier described addresses how highly sophisticated intruders are penetrating internet networks despite high levels of security. But because the intruders increase, the network experts are deriving many techniques in preventing attackers from accessing company networks

The KirtiRaj Bhatele, et al(2012), presented hybrid security protocol for better security experience employing a combination of both symmetric and asymmetric cryptographic algorithms. during this hybrid method, hash value of the decrypted message using AES algorithm is calculated using MD5 algorithm. This hash value has been encrypted with dual RSA and therefore the encrypted message of this hash value also sent to destination. Now at the receiving end, hash value of decrypted plaintext is calculated with MD5 then it’s compared with the hash value of original plain text which is calculated at the sending end for its integrity. By this we are ready to know whether the first text being altered or not during transmission within the communication medium. Arash Habibi Lashkari, et al(2009), presented a survey on wireless security protocols (WEP, WPA and WPA2/802.11i). Here WEP protocol types, weaknesses and enhancements, WPA protocol types, WPA improvements like cryptographic message integrity code or MIC, new IV sequencing discipline, per packet key mixing function and rekeying mechanism. They also explained major problems on WPA that happened on PSK part of algorithm. Finally paper explained third generation of wireless security protocol as WPA2/802.11i. Gamal Selim, et al(2006), explained various sorts of security attacks modification, fabrication, interception, brute force, maintainability and static placement of MIC. They surveyed currently available security protocols i.e. WEP, WEP2, WPA and WPA2. They also proposed a replacement mechanism called multiple slot system (MSS). MSS makes use of the key selector, slot selector and MIC shuffle selector. MSS uses one among four encryption algorithm RC4, RSA, Blowfish and AES. Hyung-Woo Lee, et al.(2006) explained various issues and challenges in wireless sensor network.

 

CHAPTER THREE

METHODOLOGY

This chapter reviews how the existing system works as well as how to produce a better alternative for its improvement. The relationship among actors, entities, platform and information flows within the organization is very important. In a nutshell, system investigation and analysis studies an existing system with the view of improving on it or developing an entirely new system to replace the existing one. The major task here is to design a new system using tested and trusted development methods that is as efficient and probably more efficient than the existing one. The software development model is the Waterfall model.

 FACTS FINDING 

Fact finding is an approach taken to acquire data about a specific or subject with the aim of analyzing and synthesizing the analyzed data to come up with a better system. Fact finding for this study was done by examining related publications, research work, journals and books.

ANALYSIS OF THE EXISTING SYSTEM(S)

In this section, thorough studying and analysis of the gathered data and fact were done on the existing system.

The typical process of a wormhole intrusion detection system generally follows the processes of:

  • Making system file comparisons against malware signatures.
  • Scanning processes that detect signs of harmful patterns.
  • Monitoring user behavior to detect malicious intent.
  • Monitoring system settings and configurations.

SYSTEM DESIGN

The system as extensively described in previous chapters seeks to prevent, detect, report and mitigate against unauthorized access that may arise due to the potential vulnerabilities the said network system. The system is designed in such a way to:

  1. To discover unauthorized access to a network
  2. To analyze traffic on a computer network to obtain signs of malicious activity
  3. To build a predictive model through machine learning which is capable of distinguishing between intrusions, attacks or normal network connections and activities.

CHAPTER FOUR

IMPLEMENTATION AND RESULTS

INTRODUCTION

This chapter discusses the deployment and testing of the wormhole attack detection system after the design and development. The Hardware and Software Requirements as well as Development tools are identified in this chapter.

PROGRAMMING LANGUAGE SELECTION

The programming languages used in this project include JavaScript, java and python. JavaScript was used to demonstrate the front end, Java was used to host the algorithm and python is used to communicate server side with the network systems.

CHAPTER FIVE

SUMMARY, CONCLUSIONS AND RECOMMENDATION

SUMMARY

A wormhole attack detection was developed in this project and integrated with the view to combat unauthorized access and vulnerabilities in the network system. The system was able to detect and do some reporting on the event of intrusion

 CONCLUSION

In conclusion, we have been able to explore ways to detect intrusions and breaches of typical network connections. This system is an open source and cross platform enabled one which can then be improved upon in future.

RECOMMENDATION

For future works, improvements can be made in terms of a more fire walled secure system and also can be broadened to make a case for applications in wider scopes of networks whether Metropolitan Area Networks and the Wide Area Network.

REFERENCES

  • Reed D. November 21, (2003). Network Model to Information Security
  • Arianit Maraj,Genc Jakupi,Ermir Rogova and Xheladin Grajqevic (2017)”Testing of network Security Through Dos Attacks”, Mediterranean Conference on Embedded Computing (MECO),Bar, Montenegro pp. 1-6
  • David B. Johnson and David A. Maltz. (1996). Dynamic Source Routing in Ad Hoc Wireless Networks. In Mobile Computing, edited by Tomasz Imielinski and Hank Korth, chapter 5, pages 153–181. Kluwer Academic Publishers.
  • Charles E. Perkins and Elizabeth M. Royer. (1999) Ad-Hoc On-Demand Distance Vector Routing. In Proceedings of the Second IEEE Workshop on Mobile Computing Systems and Applications (WMCSA’99), pages 90–100, February 1999
  • Tomar Kuldeep and Tyagi S.S (2014), “Enhancing Netwok Security by Implementing Preventive Mechanism using GNS3”, International Conference on Reliability,Optimization and Information Technology, Faridabad, India ,pp. 300-305
WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!