Bluetooth Network-Based Misuse Detection

OConnor, TJ; Reeves, Douglas S.

doi:10.1109/acsac.2008.39

Cited by 21 publications

(13 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Such defense mechanisms cannot be applied to proximity malware as observations tend to be local and in the proximity of the infected devices. Recent research direction for recognizing local effects involve deployment of sensors in locations where device densities are expected to be high [43,77]. In other, more recent schemes the potential victim serves as a detector.…”

Section: Passive Self Detectionmentioning

confidence: 99%

High Performance Scalable and Expressive Modeling Environment to Study Mobile Malware in Large Dynamic Networks

Channakeshava

Bisset

Kumar

et al. 2011

2011 IEEE International Parallel &Amp; Distributed Processing Symposium

View full text Add to dashboard Cite

Advances in computing and communication technologies are blurring the distinction between today's PCs and mobile phones. With expected smart phones sales to skyrocket, lack of awareness regarding securing them, and access to personal and proprietary information, has resulted in the recent surge of mobile malware. In addition to using traditional social-engineering techniques such as email and file-sharing, malware unique to Bluetooth, Short Messaging Service (SMS) and Multimedia Messaging Service (MMS) messages are being used. Large scale simulations of malware on wireless networks have becomes important and studying them under realistic device deployments is important to obtain deep insights into their dynamics and devise ways to control them.In this dissertation, we present EpiNet: an individual-based scalable high-performance oriented modeling environment for simulating the spread of mobile malware over large, dynamic networks.EpiNet can be used to undertake comprehensive studies during both planning and response phase of a malware epidemic in present and future generation wireless networks. Scalability is an important design consideration and the current EpiNet implementation can scale to 3-5 million device networks and case studies show that large factorial designs on million device networks can be executed within a day on 100 node clusters. Beyond compute time, EpiNet has been designed for analysts to easily represent a range of interventions and evaluating their efficacy.The results indicate that Bluetooth malware with very low initial infection size will not result in a major wireless epidemic. The dynamics are dependent on the network structure and, activitybased mobility models or their variations can yield realistic spread dynamics. Early detection of the malware is extremely important in controlling the spread. Non-adaptive response strategies using static graph measures such as degree and betweenness are not effective. Device-based detection mechanisms provide a much better means to control the spread and only effective when detection occurs early on. Automatic signature generation can help in detecting newer strains of the malware and signature distributions through a central server results in better control of the spread. Centralized dissemination of patches are required to reach a large proportion of devices to be effective in slowing the spread. Non-adaptive dynamic graph measures such as vulnerability are found to be more effective.Our studies of SMS and hybrid malware show that SMS-only malware spread slightly faster than Bluetooth-only malware and do not spread to all devices. Hybrid malware spread orders of magnitude faster than either SMS-only or Bluetooth-only malware and can cause significant damage.Bluetooth-only malware spread faster than SMS-only malware in cases where density of devices in the proximity of an infected device is higher. Hybrid malware can be much more damaging than Bluetooth-only or SMS-only malware and we need mechanisms that can prevent such an outbreak.EpiNe...

show abstract

Section: Passive Self Detectionmentioning

confidence: 99%

High Performance Scalable and Expressive Modeling Environment to Study Mobile Malware in Large Dynamic Networks

Channakeshava

Bisset

Kumar

et al. 2011

2011 IEEE International Parallel &Amp; Distributed Processing Symposium

View full text Add to dashboard Cite

show abstract

“…Some examples of mobile device attacks include attacks against the Bluetooth, WiFi, infrared, or GPS protocols [9,11,14,4]. More intelligent attacks even combine multiple weaknesses of different protocols to circumvent the overall security of the mobile device.…”

Section: Overview Of Mobile Device Attacksmentioning

confidence: 99%

“…However, individual protocol intrusion detections for Bluetooth, and GPS are considered open academic problems. OConnor and Reeves created a signature-based Bluetooth Intrusion Detection system but no production level systems exist [9]. Further, we are unaware of any GPS IDSs.…”

Section: Towards Integration Into Idsmentioning

confidence: 99%

honeyM

OConnor

Sangster

2010

Proceedings of the Third ACM Conference on Wireless Network Security

View full text Add to dashboard Cite

This paper presents honeyM, a framework for deploying virtual mobile device honeyclients. Honeyclients provide the ability discover early warnings about novel attacks and exploitations and are typically deployed to protect wired infrastructure. In a wireless environment, honeyclients usually record attacks against the wireless access point. To identify attacks targeted specifically against mobile device users on wireless networks, we present honeyM. honeyM is a framework for virtual mobile honeyclients and contains a library of simulated mobile devices. honeyM emulates the wireless, Bluetooth, and GPS stacks of an actual mobile device in order to deceive mobile device fingerprinting tools. This paper discusses the design and framework for honeyM and demonstrates the necessity to provide a system to protect mobile users. In this paper, we implemented and evaluated the use of virtual honeyclients for mobile devices in two high risk environments, including a wireless security course and the DEFCON hacker conference.

show abstract

“…So if a malicious user wants to intrude the system with certain already known attacks, it will be caught due to its attack activity matching some records in the database. Although the ability of detecting intrusions is constrained by the knowledge of currently found attacks, the misuse detection is still an efficient and effective way to help detect attacks, for example, a framework of intrusion detection system based on misuse detection in ad hoc network [29], misuse detection technologies based malicious user discovering scheme in Bluetooth networks [30], and the efficiency evaluation of misuse detection and optimizing strategies [31].…”

Section: Detection-based Security Systemmentioning

confidence: 99%

Constructing secured cognitive wireless networks: experiences and challenges

Zhang¹,

Li²

2009

Wireless Communications

View full text Add to dashboard Cite

Recent development in wireless communications has lead to the problem of growing spectrum shortage. Cognitive radio, as a novel technology, has been proposed in recent years to solve this problem by dynamically accessing the spectrum so as to enhance the spectrum utilization. Security in cognitive radio networks has become a challenging issue because there are more chances open to attackers by cognitive radio technology, compared to those from conventional wireless networks. These weaknesses and vulnerable aspects, introduced by the nature of cognitive radio, may cause serious impact on the security and quality of service (QoS) provisioning for the entire network. Unfortunately, at present, there is no specific secure protocol designed for cognitive radio networks. Therefore, in this paper, we conduct a high-level survey to review and reflect the state-of-the-art work on the security issues in cognitive networks. We focus on analyzing the security system at the macroscopic level, where both protection and detection are considered to be the most essential parts to ensure security in the whole network. Furthermore, we investigate special characteristics of cognitive networks at different protocol layers, including physical layer, link layer, network layer, transport layer and application layer. We recognize both the challenges and experiences, and focus on constructing the secured cognitive wireless networks.

show abstract

Bluetooth Network-Based Misuse Detection

Cited by 21 publications

References 14 publications

High Performance Scalable and Expressive Modeling Environment to Study Mobile Malware in Large Dynamic Networks

High Performance Scalable and Expressive Modeling Environment to Study Mobile Malware in Large Dynamic Networks

honeyM

Constructing secured cognitive wireless networks: experiences and challenges

Contact Info

Product

Resources

About