[Queuing Based Intrusion Detection and Elimination Systems in Wireless Sensor Networks]

by

ACKNOWLDGEMENT

I would take this opportunity to thank my research supervisor, family and friends for their support and guidance without which this research would not have been possible (Ajzen, 1991,, 179).

DECLARATION

I, [type your full first names and surname here], declare that the contents of this dissertation/thesis represent my own unaided work, and that the dissertation/thesis has not previously been submitted for academic examination towards any qualification. Furthermore, it represents my own opinions and not necessarily those of the University (Ajzen, 1991,, 179).

Signed __________________ Date _________________

ABSTRACT

Simulation models have been developed in order to foresee characteristics of networks, systems or protocols when carrying out tests in laboratories is very expensive or even impossible. This paper presents a simulation model of a multiprocessor network traffic analysis system. The model, which is based on closed networks of queues, evaluates the efficiency of the system depending on the hardware/software platform features. Therefore, this model is able to estimate performance early in the design and development stages simulating a multiprocessor architecture in charge of analysing network traffic. The goodness of the model will be checked by comparing analytical results with practical ones obtained in laboratory using a traffic analysis system that runs on a multiprocessor platform. This paper presents a novel approach to measure and estimate end-to-end one-way queuing delay in a network, which carries information about traffic characteristics and congestion properties. The measurement results can be used to describe the normal behavior of the network and detect distributed denial-of-service attacks (DDoS attacks). The measurement does not require any synchronization between the two measurement ends. Pairs of probe packets are sent from the source to the destination and intra-gaps between the probes are separately measured at the two ends. By performing an iterative Fourier-to-time reconstruction algorithm on the measured intra-gaps, distribution of the end-to-end one-way queuing delay is estimated. The packet loss rate and delay jitter are simultaneously measured as well. The simulations and experiments are conducted to validate the approach.

TABLE OF CONTENTS

ACKNOWLDGEMENT2

DECLARATION3

ABSTRACT4

CHAPTER 1: INTRODUCTION7

Network Security and Potential Threats11

Intrusion Detection12

Aims and Objectives13

CHAPTER 2: LITERATURE REVIEW14

The GE / GE / c / k; N Censored Queue23

Queuing Networks24

GSPN24

Combined Modelling25

Definition of a PNiQ25

Remarks on the Definition27

Attacks From Distributed denial-of-service attack28

CHAPTER 3: MODEL FRAMEWORK31

A general traffic analysis system framework31

Packet analysis phases32

Packet losses32

Computational costs34

Multiprocessor support36

One-way queuing delay37

Non-synchronization measurement38

Reconstruction of delay distribution40

Simulation and experiment44

NS simulation setup44

CHAPTER 5: DISCUSSION AND RESULTS52

Analytical solution of the network52

Equivalent system equations52

General model equations52

Recurrent calculation method53

Validation of theoretical model54

Testbed features54

Stability of the model56

Comparison between theoretical model and real measures57

Simulation results58

Experiment results62

CHAPTER 6: CONCLUSIONS67

REFERENCES69

CHAPTER 1: INTRODUCTION

There are a lot of tools available that analyze network packets in order to give different services. Among them, we can find traffic analyzers, monitoring systems and intrusion detection systems. Even basic network devices like routers, gatseways, proxies and firewalls capture traffic from the network to accomplish their function (Wittevrongel & Bruneel, 1997: 24). These systems have been specialized in performing some specific actions over network packets. During the design of these systems, the importance of ...