Papers by Amin Hassanzadeh
2015 IEEE 2nd World Forum on Internet of Things (WF-IoT), 2015
Journal of Water Resources Planning and Management, 2016
Computers & Security, 2014
Resource-constrained wireless mesh networks Intrusion detection Traffic-agnostic Link-coverage mo... more Resource-constrained wireless mesh networks Intrusion detection Traffic-agnostic Link-coverage monitoring Genetic algorithm Multi-interface Snort a b s t r a c t Due to the recent increased interest in wireless mesh networks (WMN), their security challenges have become of paramount importance. An important security mechanism for WMN, intrusion detection, has received considerable attention from the research community. Recent results show that traditional monitoring mechanisms are not applicable to real-world WMN due to their constrained resources (memory and processing power), which result in high false negative rates since only a few IDS functions can be activated on monitoring nodes. Cooperative solutions, on the other hand, have high communication overhead and detection delay when the traffic load is high. A practical traffic-aware IDS solution was recently proposed for resource-constrained WMN, however, traffic-awareness might not be feasible for some WMN applications. This article proposes a traffic-agnostic IDS solution that uses a link-coverage approach to monitor both local and backbone WMN traffic. Using real-world experiments and extensive simulations, we show that our proposed IDS solutions outperform traffic-aware IDS solutions while incurring lower computation and communication overhead.
Lecture Notes in Computer Science, 2014
Lecture Notes in Computer Science, 2011
Wireless Mesh Networks (WMN) are easy-to-deploy, low cost solutions for providing networking and ... more Wireless Mesh Networks (WMN) are easy-to-deploy, low cost solutions for providing networking and internet services in environments with no network infrastructure, e.g., disaster areas and battlefields. Since electric power is not readily available in such environments batterypowered mesh routers, operating in an energy efficient manner, are required. To the best of our knowledge, the impact of energy efficient solutions, e.g., involving duty-cycling, on WMN intrusion detection systems, which require continuous monitoring, remains an open research problem. In this paper we propose that carefully chosen monitoring mesh nodes ensure continuous and complete detection coverage, while allowing nonmonitoring mesh nodes to save energy through duty-cycling. We formulate the monitoring node selection problem as an optimization problem and propose distributed and centralized solutions for it, with different tradeoffs. Through extensive simulations and a proof-of-concept hardware/software implementation we demonstrate that our solutions extend the WMN lifetime by 8%, while ensuring, at the minimum, a 97% intrusion detection rate.
Lecture Notes in Computer Science, 2013
2011 IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), 2011
Network flooding is a fundamental communication primitive for Wireless Sensor Networks (WSN). Flo... more Network flooding is a fundamental communication primitive for Wireless Sensor Networks (WSN). Flooding is used for disseminating code updates and parameter changes, affecting the operation of all nodes in the network. When flooding occurs each node, typically, broadcasts the flooding packet once. The costs for flooding, however, can become significant if neighborhood keys are used for communication (as proposed in recent research on secure localization and key distribution [1]), since, instead of a single broadcast, a node is required to perform several unicast transmissions. In this paper we address the problem of minimizing the number of unicast transmissions required for ensuring 100% network coverage for flooding in WSN secured with neighborhood keys. We show that the problem is NP-hard and propose an approximation algorithm for solving it. Through simulations, we demonstrate that our algorithm ensures 100% network coverage for flooding, while requiring, surprisingly, as low as 0.75 packet transmissions per node.
Ad Hoc Networks, 2014
As the interest in Wireless Mesh Networks (WMN), as an infrastructureless wireless network, grows... more As the interest in Wireless Mesh Networks (WMN), as an infrastructureless wireless network, grows, security issues, especially intrusion detection, become of paramount importance. The diversity in hardware along with a variety of WMN applications, have resulted in WMN with different network characteristics (e.g., resource levels, system and security models, etc.). Consequently, different intrusion detection mechanisms have been proposed by the research community. Recently, the community has proposed several monitoring techniques for intrusion detection where each considers different assumptions and presents a different problem formulation for optimal monitoring. This article proposes a taxonomy that categorizes existing solutions in this research area and identifies the similarities and differences in their optimal monitoring problem formulations. We then concentrate on two classes of monitoring techniques for intrusion detection in WMN: Traffic Agnostic and Resourceful and Traffic Aware and Resourceful and present centralized and distributed algorithms for solving optimal monitoring problem in these networks. Through extensive simulations and a real implementation, we demonstrate the effects of different network characteristics on the problem formulation and consequently the performance (e.g., intrusion detection rate and resource consumption) of proposed solutions for optimal monitoring in WMN.
2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN), 2011
The problem of cooperative intrusion detection in resource constrained wireless networks (e.g., a... more The problem of cooperative intrusion detection in resource constrained wireless networks (e.g., adhoc, sensor) is challenging, primarily because of the limited resources available to participating nodes. Although the problem has received some attention from the research community, little is known about the tradeoffs among different objectives, e.g. network performance, power consumption, delay in information being collected and security effectiveness. This paper proposes, to the best of our knowledge for the first time, to distribute cooperative intrusion detection functions that take into account, simultaneously, multiple objectives. We formulate the problem of identifying the type of intrusion detection each node runs as a multi-objective optimization problem and motivate/develop a genetic algorithm to solve it. Through extensive simulations we demonstrate that our solution is characterized by: a small variance in the normalized fitness values of individual/single objectives; and a smaller attack detection and reporting delay than state of art solutions. In a real implementation/evaluation of our cooperative intrusion detection system, we demonstrate that it achieves a higher detection rate (93%) than state of art solutions (60%-73%).
2008 Third International Conference on Availability, Reliability and Security, 2008
ABSTRACT Intrusion detection systems are designed based on the assumption that the behavior of an... more ABSTRACT Intrusion detection systems are designed based on the assumption that the behavior of an intruder is different from a normal user of a system. We show that intrusion detection can be done based on the assumption that the correlation of system events and parameters is changed during an attack to the system. In this paper, we propose a new method in correlating data and events for "network based intrusion detection systems". When an attack occurs, the correlation of security parameters is changed. We propose to use the state of correlation between parameters to detect an attack. First we show how to select effective security parameters for our detection engine with statistical correlation methods. Then, we propose how to build correlation relation graphs (CRG) for the parameters showing higher correlation. Finally we show how the attack may be detected with comparing the CRG parameter pairs for each session with the deviation from the regression line of them. We present our results for detecting a SynFlood attack with this method. We give also the corresponding detection rate and false alarm rate.
2009 Third Asia International Conference on Modelling & Simulation, 2009
We have simulated both f-cube3 and our algorithm for the same conditions; message length, network... more We have simulated both f-cube3 and our algorithm for the same conditions; message length, network size, traffic etc. As the simulation results show, our algorithm has a higher saturation point than f-cube3 algorithm. The results also show that our algorithm has more utilization of links and less blocked messages rate than f-cube3.
2009 IEEE International Advance Computing Conference, 2009
Abstract Fault tolerant routing algorithms, are a key concern in on-chip communication. This pape... more Abstract Fault tolerant routing algorithms, are a key concern in on-chip communication. This paper examines fault tolerant communication algorithms for use in network-on-chip (NoC). We propose an improved wormhole-switched routing algorithm in 2-dimensional mesh based on f-cube3 algorithm to decrease message latency. The existing key concept is using numbers of virtual channels (VC) via a physical link. This paper proposes some improvements to make use of VCs while the numbers of them are fixed. We show that ...
Computers & Security, 2013
Multi-objective optimization Single-objective optimization Genetic algorithm Cluster tree a b s t... more Multi-objective optimization Single-objective optimization Genetic algorithm Cluster tree a b s t r a c t
This paper presents AnonymousNet (AnonNet), a system for emergency response in large scale disast... more This paper presents AnonymousNet (AnonNet), a system for emergency response in large scale disaster areas, e.g., earthquake and tsunami in Japan (2011) and earthquake in Haiti (2010). Despite the attention the "emergency response" application area has received, we still lack data at the high spatial and temporal resolution needed to save lives, and to support disaster recovery efforts. Disaster victims are rescued after days, if not weeks; victims' physiological information is not delivered reliably on time; good coordination among responders is lacking, or it is based on archaic methods (pencil, paper, paint on walls); the delay in receiving vast amounts of information is bounded by the time used to physically transport tapes or hard drives; and no sensing/communication system built and deployed lasts more than a few days. AnonNet, designed in collaboration with US&R responders, is a first step to address these challenges. It is designed to aid in identifying victims under collapsed buildings, deliver victims' physiological information on time, deliver high volumes of field data at high throughput and in an energy efficient manner, and integrates new social networking paradigms. AnonNet is a large academic effort, proposing open systems, instead of proprietary solutions. AnonNet and its subsystems are evaluated in real deployments and simulations.
2009 First International Conference on Future Information Networks, 2009
ABSTRACT Normal profiles have specific properties which would be changed when an attack occurs. T... more ABSTRACT Normal profiles have specific properties which would be changed when an attack occurs. The main property we have considered for each behavior is the correlation between the parameters of it. We compute a correlation matrix for normal sessions in the training phase. Then we select effective security parameters for our detection engine using an equivalent class with a graphical illustration namely correlation relation graph (CRG). These extracted parameters among all parameters of each normal behavior have a relation with each other which could be computed by regression relations. Each behavior has some pairs of selected parameters including the independent parameter and the dependent one. As an inline detection process, we look at the value of selected parameters of each current session and put them into their computed regression relation. If the computed value of the dependent parameter of each pair has a value greater then what we compute by their regression relation, it will be considered as a deviation. Number of deviations per session and the combination of them is used to label a session as normal or attack. The results show that our proposed method has suitable detection rate and false alarm.
Uploads
Papers by Amin Hassanzadeh