An Effective Threat Detection on ISA100.11a Network Utilizing Multi-Channel Passive Sniffers
DC Field | Value | Language |
---|---|---|
dc.contributor.advisor | Ki Hyung Kim | - |
dc.contributor.author | Zaidi, Syed Muhammad Asad | - |
dc.date.accessioned | 2018-11-08T07:58:30Z | - |
dc.date.available | 2018-11-08T07:58:30Z | - |
dc.date.issued | 2013-02 | - |
dc.identifier.other | 13881 | - |
dc.identifier.uri | https://dspace.ajou.ac.kr/handle/2018.oak/9253 | - |
dc.description | 학위논문(석사)아주대학교 일반대학원 :컴퓨터공학과,2013. 2 | - |
dc.description.tableofcontents | Table of Contents Acknowledgements ................................................................................................................ 1 Abstract ................................................................................................................................. 2 Table of Contents .................................................................................................................. 3 List of Figures ........................................................................................................................ 6 List of Tables ......................................................................................................................... 7 Introduction ........................................................................................................................... 8 1.1 Problem Statement.......................................................................................................... 11 1.2 Solution .......................................................................................................................... 11 1.3 Contribution .................................................................................................................... 12 1.4 Limitation ....................................................................................................................... 12 1.5 Structure of Report ......................................................................................................... 13 Part I Background Study & Literature Review .................................................................. 14 Overview of Wireless Sensor Networks ............................................................................... 15 2.1 Characteristics of Wireless Sensor Networks ................................................................. 15 2.3 Conclusion ...................................................................................................................... 17 IEEE 802.15.4 – Low Rate Wireless PAN ............................................................................ 18 3.1 Overview of IEEE 802.15.4 ........................................................................................... 18 3.2 IEEE 802.15.4 PHY Layer ............................................................................................. 20 3.2.1 Frequency Bands and Data Rates .................................................................. 20 3.2.2 Tasks Performed by PHY Layer ................................................................... 21 3.3 IEEE 802.15.4 MAC Layer ............................................................................................ 22 3.4 Conclusion ...................................................................................................................... 23 ISA100.11a ............................................................................................................................ 24 4.1 Spectrum management ................................................................................................... 26 4.1.1 Channel Blacklisting ..................................................................................... 26 4.1.2 Adaptive Hopping ......................................................................................... 27 4.2 Channel Hopping ............................................................................................................ 28 4 4.3 Graph Routing ................................................................................................................ 29 4.4 Security Keys ................................................................................................................. 30 Literature Review ................................................................................................................. 32 5.1 Security in Industrial Sensor Networks ........................................................................... 33 5.2 Monitoring and Diagnosis ............................................................................................... 33 Part II Security Features & Threat Detection Algorithms ................................................. 35 Identifying Unauthorized Access ......................................................................................... 36 6.1 Maintaining Whitelist ..................................................................................................... 36 6.2 Maintaining Blacklist ..................................................................................................... 37 ISA100.11a Security Vulnerabilities and Identification ...................................................... 38 7.1 DoS Attack (Jamming Attack) ....................................................................................... 38 7.1.1 Definition ...................................................................................................... 38 7.1.2 Attack Scenario ............................................................................................. 38 7.1.3Identification .................................................................................................. 39 7.1.4Algorithm ....................................................................................................... 39 7.2 Man-in-the-Middle Attack .............................................................................................. 40 7.2.1 Definition ...................................................................................................... 40 7.2.2 Attack Scenario (Routing Falsification Attack) ............................................ 40 7.2.3 Identification ................................................................................................. 41 7.2.4 Algorithm....................................................................................................... 41 7.3 Sinkhole Attack .............................................................................................................. 42 7.3.1 Definition ...................................................................................................... 42 7.3.2 Identification ................................................................................................. 42 7.3.3 Algorithm ...................................................................................................... 43 7.4 Wormhole Attack ........................................................................................................... 43 7.4.1 Definition ...................................................................................................... 43 7.4.2 Limitation in ISA100.11a .............................................................................. 44 7.4.3 Identification ................................................................................................. 45 7.4.4 Algorithm ...................................................................................................... 46 Part III Sniffer Implementation and Description ............................................................... 47 Proposed Monitoring Implementation ................................................................................. 48 8.1 Monitoring Suggestions .................................................................................................. 48 8.2 Conclusion ...................................................................................................................... 49 Software Tool Description .................................................................................................... 50 5 Part IV Experimental Results and Evaluation .................................................................... 54 Setting up the Environment ................................................................................................. 55 Network Diagnosis and Monitoring ..................................................................................... 57 11.1 Tab 1 – Live View ........................................................................................................ 57 11.1.1 Deep Packet Inspection ............................................................................... 58 11.2 Tab 2 – Statistical View................................................................................................ 58 11.2.1 Channel Utilization ..................................................................................... 59 11.2.2 Network Efficiency ..................................................................................... 59 11.2.3 Packet Type Classification .......................................................................... 60 11.2.1 Packet Volume Classification per Node ...................................................... 60 11.3 Tab 3 – Topology View ................................................................................................ 61 Conclusions and Future Work ............................................................................................. 63 References ............................................................................................................................. 65 | - |
dc.language.iso | eng | - |
dc.publisher | The Graduate School, Ajou University | - |
dc.rights | 아주대학교 논문은 저작권에 의해 보호받습니다. | - |
dc.title | An Effective Threat Detection on ISA100.11a Network Utilizing Multi-Channel Passive Sniffers | - |
dc.type | Thesis | - |
dc.contributor.affiliation | 아주대학교 일반대학원 | - |
dc.contributor.department | 일반대학원 컴퓨터공학과 | - |
dc.date.awarded | 2013. 2 | - |
dc.description.degree | Master | - |
dc.identifier.localId | 570781 | - |
dc.identifier.url | http://dcoll.ajou.ac.kr:9080/dcollection/jsp/common/DcLoOrgPer.jsp?sItemId=000000013881 | - |
dc.description.alternativeAbstract | Threat identification and diagnosis of the deployed network for the presence of any malicious element is an important task but it has not been carefully addressed in industrial wireless sensor networks. Main reason for this is its unique characteristics and design. Although recent wireless systems for industrial automation such as ISA100.11a employ device management protocols, these protocols generate and report a large amount of control packets from individual sensor nodes. Also, these protocols do not capture influences on network performance from external sources such as malicious nodes or interference from other networks. I propose a latent network diagnosis system (LaNDS) that adopts smart yet simple techniques based on packet sniffing method to identify common security threats originating from any external or internal malicious node. In the proposed security framework, first part is to point out some common security vulnerabilities in ISA100.11a and the second part deals with the identification and isolation of the malicious source. Special sniffer device running LaNDS monitors the ISA100.11a network by employing passive ethical sniffing and notify based on the characteristics and traffic patterns of an active security attacks. LaNDS also evaluate network performance efficiently and instantly identifying degradation causes of networking performance. Unique part in this approach is that it does not incur additional traffic overhead for collecting desired information and in making any decision. I also proposed several implementations of sniffer devices to carry out successful and efficient security detection with packet parsing. For evaluation, I have tested LaNDS on an ISA100.11a based sensor network in a lab environment and have validated the efficiency of the system based on the possible erroneous cases of industrial sensor network. | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.