Vassilios G. Vassilakis

Ozlem Ceviz, Pinar Sadioglu, Sevil Sen et al.

Unmanned aerial vehicles (UAVs) operating within Flying Ad-hoc Networks (FANETs) encounter security challenges due to the dynamic and distributed nature of these networks. Previous studies focused predominantly on centralized intrusion detection, assuming a central entity responsible for storing and analyzing data from all devices. However, these approaches face challenges including computation and storage costs, along with a single point of failure risk, threatening data privacy and availability. The widespread dispersion of data across interconnected devices underscores the need for decentralized approaches. This paper introduces the Federated Learning-based Intrusion Detection System (FL-IDS), addressing challenges encountered by centralized systems in FANETs. FL-IDS reduces computation and storage costs for both clients and the central server, which is crucial for resource-constrained UAVs. Operating in a decentralized manner, FL-IDS enables UAVs to collaboratively train a global intrusion detection model without sharing raw data, thus avoiding delay in decisions based on collected data, as is often the case with traditional methods. Experimental results demonstrate FL-IDS's competitive performance with Central IDS (C-IDS) while mitigating privacy concerns, with the Bias Towards Specific Clients (BTSC) method further enhancing FL-IDS performance even at lower attacker ratios. Comparative analysis with traditional intrusion detection methods, including Local IDS (L-IDS), sheds light on the strengths of FL-IDS. This study significantly contributes to UAV security by introducing a privacy-aware, decentralized intrusion detection approach tailored to UAV networks. Moreover, by introducing a realistic dataset for FANETs and federated learning, our approach differs from others lacking high dynamism and 3D node movements or accurate federated data federations.

Poonam Yadav, Angelo Feraudo, Budi Arief et al.

The popularity of the Internet of Things (IoT) devices makes it increasingly important to be able to fingerprint them, for example in order to detect if there are misbehaving or even malicious IoT devices in one's network. The aim of this paper is to provide a systematic categorisation of machine learning augmented techniques that can be used for fingerprinting IoT devices. This can serve as a baseline for comparing various IoT fingerprinting mechanisms, so that network administrators can choose one or more mechanisms that are appropriate for monitoring and maintaining their network. We carried out an extensive literature review of existing papers on fingerprinting IoT devices -- paying close attention to those with machine learning features. This is followed by an extraction of important and comparable features among the mechanisms outlined in those papers. As a result, we came up with a key set of terminologies that are relevant both in the fingerprinting context and in the IoT domain. This enabled us to construct a framework called IDWork, which can be used for categorising existing IoT fingerprinting mechanisms in a way that will facilitate a coherent and fair comparison of these mechanisms. We found that the majority of the IoT fingerprinting mechanisms take a passive approach -- mainly through network sniffing -- instead of being intrusive and interactive with the device of interest. Additionally, a significant number of the surveyed mechanisms employ both static and dynamic approaches, in order to benefit from complementary features that can be more robust against certain attacks such as spoofing and replay attacks.

Ryan Smith, Daniel Palin, Philokypros P. Ioulianou et al.

Many IoT devices, especially those deployed at the network edge have limited power resources. A number of attacks aim to exhaust these resources and drain the batteries of such edge nodes. In this work, we study the effects of a variety of battery draining attacks against edge nodes. Through simulation, we clarify the extent to which such attacks are able to increase the usage and hence waste the power resources of edge nodes. Specifically, we implement hello flooding, packet flooding, selective forwarding, rank attack, and versioning attack in ContikiOS and simulate them in the Cooja simulator, and measure and report a number of time and power resource usage metrics including CPU time, low power mode time, TX/RX time, and battery consumption. Besides, we test the stretch attack with three different batteries as an extreme scenario. Our extensive measurements enable us to compare the effectiveness of these attacks. Our results show that Versioning attack is the most severe attack in terms of draining the power resources of the network, followed by Packet Flooding and Hello Flood attacks. Furthermore, we confirm that Selective Forwarding and Rank attacks are not able to considerably increase the power resource usage in our scenarios. By quantifying the effects of these attacks, we demonstrate that under specific scenarios, Versioning attack can be three to four times as effective as Packet Flooding and Hello Flood attacks in wasting network resources, while Packet Flooding is generally comparable to Hello Flood in CPU and TX time usage increase but twice as powerful in draining device batteries.

Bander A. Alzahrani, Martin J. Reed, Vassilios G. Vassilakis

Line Speed Publish/Subscribe Inter-networking (LIPSIN) is one of the proposed forwarding mechanisms in Information Centric Networking (ICN). It is a stateless source-routing approach based on Bloom filters. However, it has been shown that LIPSIN is vulnerable to brute-force attacks which may lead to distributed denial-of-service (DDoS) attacks and unsolicited messages. In this work, we propose a new forwarding approach that maintains the advantages of Bloom filter based forwarding while allowing forwarding nodes to statelessly verify if packets have been previously authorized, thus preventing attacks on the forwarding mechanism. Analysis of the probability of attack, derived analytically, demonstrates that the technique is highly-resistant to brute-force attacks.