Muhammad Usman Vallipuram Muthukkumarasamy Xin-Wen Wu Surraya Khanum Mobile Agent-Based Anomaly Detection and Verification System for Smart Home Sensor Networks Mobile Agent-Based Anomaly Detection fi and Veri cation System for Smart Home Sensor Networks Muhammad Usman Vallipuram Muthukkumarasamy Xin-Wen Wu Surraya Khanum (cid:129) Mobile Agent-Based Anomaly Detection fi and Veri cation System for Smart Home Sensor Networks 123 Muhammad Usman Xin-Wen Wu Department ofComputer Sciences Schoolof Information andCommunication Quaid-I-Azam University Technology Islamabad GriffithUniversity Pakistan GoldCoast, QLD Australia Vallipuram Muthukkumarasamy Schoolof Information andCommunication Surraya Khanum Technology Department ofComputer Sciences GriffithUniversity Quaid-I-Azam University GoldCoast, QLD Islamabad Australia Pakistan ISBN978-981-10-7466-0 ISBN978-981-10-7467-7 (eBook) https://doi.org/10.1007/978-981-10-7467-7 LibraryofCongressControlNumber:2017962994 ©SpringerNatureSingaporePteLtd.2018 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpart of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission orinformationstorageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilar methodologynowknownorhereafterdeveloped. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publicationdoesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfrom therelevantprotectivelawsandregulationsandthereforefreeforgeneraluse. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authorsortheeditorsgiveawarranty,expressorimplied,withrespecttothematerialcontainedhereinor for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictionalclaimsinpublishedmapsandinstitutionalaffiliations. Printedonacid-freepaper ThisSpringerimprintispublishedbySpringerNature TheregisteredcompanyisSpringerNatureSingaporePteLtd. Theregisteredcompanyaddressis:152BeachRoad,#21-01/04GatewayEast,Singapore189721,Singapore Dedicated to the research community… Preface The rapid technological developments in microelectronics and associated tech- nologies have realized contemporary networking and computing paradigm, viz. sharedsensornetworks.Thisparadigmprimarilyreliesontinysensornodes,askey building blocks, to form a number of applications such as smart transport system, smarthome,smartcities,smartirrigationsystem,andinfrastructureandenvironment monitoring. The tiny sensor nodes, in the above-cited application domains, are vulnerabletoinsituattacks,errors,andfaults.Onthesimilaraccount,thedatasent by tiny nodes in the form of sensor readings is susceptible to transit attacks and errors.Amulti-aspectandcomprehensiveanomalydetectionandverificationsystem is, therefore, desired toaptlyidentify anomalies (orabnormalities)andconvey this informationtoacentralnode.Thesystemisknownasabnormalityidentificationand confirmation system in the subsequent discussion. The contemporary abnormality identification systems are unable to accurately detect the causes of abnormalities. The solitary focus of existing systems is on the identification of abnormalities. To determine theroot causes of abnormalities isimperative toremovethem. This book has elucidated an on-the-spot confirmation service for sensor net- works, which leverages from the mobile agent technology to ascertain the root cause of abnormalities. A detailed system, which is not only able to detect abnormalitiesbutcanalsoidentifytherootcauseofabnormalities,isintroducedfor smart home sensor networks. The system empowers mobile agents to employ data whichisreceivedthroughasynchronizedresourcemanagementtechniquetocarry out the in situ analysis of susceptible nodes. The synchronized resource manage- ment technique allows tiny nodes to share statuses of their resources with related cluster leader nodes for better network resource administration. Moreover, the key proposition of the work presented in this book is to use the information received through the synchronized resource management technique to identify numerous kindsofresource-consumptionstatus-relatedabnormalities.Anotherkeyaimofthe presented system is to maximize the usage of received synchronized resource management technique-based observations for abnormality identification. In this account,thestatisticalrelationshipsbetweenvariedfeaturesofinterestareexploited to identify abnormalities which occur due to faults on nodes and exhaustion of vii viii Preface resource and denial-of-sleep attacks. The system employs the data received from synchronized resource management technique-based observations using mobile agents to verify the root causes of abnormalities. Thefrequenttransmissionsofmobileagentscannotbeperformedduetothefact that transmission is an energy-expensive operation as compared to processing operation.Tosolvethisproblem,twomethods,namelyweighted-sumoptimization and 2-sigma, are presented. The nature of the proposed effective mobile agent transmission methods is generic. The proposed methods, therefore, can also be employedbyothermobileagent-enabledapplicationsforwirelesssensornetworks. This book has also introduced a mobile agent-enabled method that performs abnormality identification and confirmation using cross-layer features. It employs fuzzy logic and cross-layer optimization techniques to identify cross-layer abnor- malitiesandoptimizemobileagenttransmission.Aregionscomputationtechnique ispresented, which employs statistical methods tofacilitate decision makingabout mobile agent transmission and abnormality identification. A cross-layer rule-base, based on the fuzzy logic, is presented along with algorithmic specifications to identify abnormalities and to facilitate transmissions of mobile agents after taking into account the communication link states. A non-validated system design may adversely affect the resources of a wireless sensor network or even it may go into a standstill state. Therefore, this study extendsthetheoryofPetrinettotheformalcharacterizationandinvestigationofan abnormality identification and confirmation system which employs mobile agent technologyintinyresource-constrainedsensornetworks.Formaldefinitions,ofthe presentedsystem,usingstandardPetrinet,areelucidatedtoformalizeandverifythe behavioral characteristics and also flow of the work of the presented methods. A Generalized Stochastic Petri net (GSPN) model is formulated to study the time-based conduct of the presented system in an immensely non-deterministic communication environment of wireless sensor networks. The formal behavior is thenverifiedbyexperimentsthatarecarriedoutonarealtestbed.Theperformance of the proposed methods is thoroughly analyzed through theoretical analyses, experimentation on a real test bed, extensive simulations, and comparisons with relatedschemes.Theresultsindicatetheabilitiesoftheproposedmethodstodetect differentnatureofabnormalitieswithhighaccuraciesandincreasenetworklifetime by optimizing mobile agent transmission in addition to effectively identifying the sources of abnormalities. This book has focused on a single node mobile agent itinerary model. In future work,theproposedworkcouldbeextendedtoamulti-nodemobile agentitinerary modelinlarge-scalenetworks.Anotherpossibleextensioncouldbetheexploitation of higher-order joins to detect more complex natures of abnormalities. Islamabad, Pakistan Muhammad Usman Gold Coast, QLD, Australia Vallipuram Muthukkumarasamy Gold Coast, QLD, Australia Xin-Wen Wu Islamabad, Pakistan Surraya Khanum Acknowledgements Theworkelucidatedinthistextisbasedonthestudycarriedoutbytheleadauthor under the supervision of co-authors Prof. Vallipuram Muthukkumarasamy and Dr. Xin-WenWu.Ms.SurrayaKhanumhasbeeninvolvedinrefiningandimprovement in certain aspects of the research work. Authors are deeply indebted to Associate Professor Farooq Ahmed, a former colleague of the lead author, for introducing him to a rich body of knowledge, namely Petri net theory, which ultimately stimulated authors to explore structural and system-specific behavioral properties of the elucidated methods. Authors acknowledge the generous financial support provided by Griffith University to fully fund this research study and to provide several travel grants to present and publish findings in multiple conferences and also publish in several top-tierjournals.AuthorswouldalsoliketothankMrs.RobyneeBarnesandothers of GELI for their help in improving the presentation of this book. Authors are also indebted to currentand past members of the NetworkSecurity ResearchGroup,GriffithUniversity,fortheircriticismandsuggestionswhichhave helped authors to improve the quality of the work presented in this text. ix Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1.1 Wireless Sensor Networks . . . . . . . . . . . . . . . . . . . . . . . 1 1.1.2 Agents in Sensor Networks . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3 Problem Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.4 Book Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.1 Sensor Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.2 Abnormality Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.2.1 Statistical Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.2.2 Artificial Intelligence and Agent-Based Schemes . . . . . . 19 2.2.3 Learning Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.2.4 Other Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 2.3 Security of Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 2.3.1 Securing Agents on Middleware . . . . . . . . . . . . . . . . . . 33 2.3.2 Other Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 2.4 Formal Modeling and Analysis . . . . . . . . . . . . . . . . . . . . . . . . . 35 2.5 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 2.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 2.7 Bibliographic Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 3 Abnormality Identification and Confirmation System . . . . . . . . . . . 45 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 3.2 Terminologies and Formal Definitions . . . . . . . . . . . . . . . . . . . 45 3.3 Network Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 3.4 Architecture of Abnormality Identification and Confirmation Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 xi xii Contents 3.4.1 Abnormality Identification and Confirmation Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 3.5 Algorithms and Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 3.5.1 Features Collection by the Cluster Member Node . . . . . . 52 3.5.2 Abnormality Identification by the Cluster Leader Node. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.5.3 Anomalous Node Confirmation. . . . . . . . . . . . . . . . . . . . 54 3.5.4 Status Update on the Cluster Leader Mote . . . . . . . . . . . 55 3.5.5 Update of Status on Base Station . . . . . . . . . . . . . . . . . . 56 3.5.6 Complexity Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 3.6 Formal Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 3.7 Unified GSPN Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 3.8 Time-Based Behavior Validation . . . . . . . . . . . . . . . . . . . . . . . . 71 3.9 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 3.10 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 3.11 Bibliographic Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Appendix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 4 First-Order Abnormalities: Agent Transmission Optimization . . . . 81 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 4.2 Algorithms and Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 4.2.1 First-Order Abnormality Identification by the Cluster Leader Mote . . . . . . . . . . . . . . . . . . . . . . 82 4.2.2 2-Sigma Optimization by the Cluster Leader Mote . . . . . 84 4.2.3 Weighted-Sum Optimization . . . . . . . . . . . . . . . . . . . . . 86 4.2.4 Complexity Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 4.3 Formal Modeling and Analysis . . . . . . . . . . . . . . . . . . . . . . . . . 91 4.3.1 Model Formulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 4.3.2 Formal Characterization and Analysis . . . . . . . . . . . . . . 92 4.4 Performance Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 4.4.1 Simulation Study . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 4.4.2 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 4.4.3 Comparative Study and Discussion . . . . . . . . . . . . . . . . 105 4.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 4.6 Bibliographic Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 5 Cross-Layer Identification and Transmission of Agent Using Fuzzy Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 5.2 Network Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 5.3 Cross-Layer Abnormality Identification Module Architecture . . . 111 5.4 The Proposed Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112