大規模無線感測網路中之惡意攻擊研究

Abstract

本論文探討大規模無線感測網路中，攻擊者入侵感測器並偽造傳輸資料的問題。在未來物聯網生態中，大規模無線感測網路為一關鍵技術，應用層面廣泛。無線感測網路通常包含許多感測器及一訊息彙整中心。感測器偵測周圍狀況後，將偵測結果壓縮，透過無線通道傳輸至訊息彙整中心，並由訊息彙整中心整合所有訊息做出最終判斷。然而，無線感測器多處於開放或公共環境中，缺乏物理保護，同時無線訊號易受雜訊及干擾影響，因此無線感測網路具有易出錯或受到入侵的弱點。其中一種針對無線感測網路的惡意入侵稱為Byzantine攻擊，在Byzantine攻擊中，攻擊者入侵感測器並傳送偽造之訊息至訊息彙整中心，試圖誤導訊息彙整中心使之做出錯誤的判斷。與一般通道錯誤相比，具有針對性的攻擊所造成的系統損失往往較為嚴重，而本研究之目的即為設計對抗攻擊之感測演算法。 近年來已有許多研究探討在無線感測網路中之偽造訊息攻擊。在閱讀相關文獻後，我們發現多數研究所使用之數學模型假設每一感測器在每次傳送中均有同樣之機率成為被入侵之感測器，並傳送偽造訊息。然而，此假設與現況不盡相符，因此我們提出了修正之機率模型來描述遭受入侵的無線感測網路，並以複合假設檢定探討此攻擊問題。我們參考了W. Hoeffding於1965年對於複合假設檢定問題的研究成果，依照我們所提出之問題模型進行修改，得到了Hoeffding-type偵測演算法。對於Hoeffding-type演算法，我們提出了理論效能分析，並討論當訊息彙整中心對於攻擊資訊的認知不完全時，此演算法之表現。 訊息彙整中心能夠以兩種不同模式應用偵測演算法進行防禦： 1. 直接偵測(Direct Detect)：訊息彙整中心沒有任何關於被入侵感測器身份之信息，直接彙整所有訊息。 2. 分組後偵測(Clustering and Detect)：訊息彙整中心具有除了感測器訊息以外的額外資訊，並能夠利用此資訊辨識受入侵之感測器，並將感測器分為兩組。針對兩組感測器，訊息彙整中心分別進行偵測並整合兩組之結果。 由於分組後偵測模式與直接偵測相比具有額外之資訊幫助，分組後偵測模式所能達到的效能較佳，也能夠避免感測網路因入侵而失去功能，除非所有感測器均被入侵。

In this thesis, we study the problem of Byzantine attacks in large scale wireless sensor networks (WSNs). WSN is a critical technology in the future Internet of Things era, supporting various applications such as smart home, environmental monitoring, Internet of vehicles, etc. A WSN generally consists of some sensors and a fusion center (FC). Each sensor makes an observation about a phenomenon of interest, and transmits local message to the FC, who then makes a final decision based on those messages. Due to the exposed nature of the sensors and the characteristics of wireless channel, WSN is prone to be attacked and faulty. One of the attacks against WSN is called the Byzantine attack, which the attacker compromises some sensors and sends falsified messages to the FC. Unlike channel errors caused by noise or interference, Byzantine attack is targeted and may be more harmful to the system. It's thus an important and challenging goal to design a robust system that is immune to the attack, and this is the purpose of our research. The effect of Byzantine attack has been studied a lot in recent years, however, many works formulate it as a simple hypothesis testing problem by assuming each sensor being independently compromised with probability alpha_t, where alpha_t is the fraction of Byzantine sensors. We call this model the i.i.d. mixture model since the local messages are i.i.d. to a mixture distribution. It's easy to obtain the optimal error exponent in this problem formulation, however, we are not satisfied with the model since in practice it's unlikely an attacker randomly attack the sensors each time. To fix this assumption, we introduce a parameter that indicates the indices of compromised sensors and formulate the Byzantine attack as a composite hypothesis testing problem. Using the idea of Hoeffding test in conventional composite hypothesis testing, we propose a 'Hoeffding-type test'. The Hoeffding-type test depends only on the type of local messages, and achieves an error exponent which is the same as the optimal exponent in i.i.d. mixture model. We also show that it's easy to generalize the Hoeffding-type test so that it becomes universal over all possible attack distributions. Since Hoeffding-type test only uses the type information, we further propose an 'Order-aware Hoeffding-type test'. In the order-aware test, we perform joint detection of the indices parameter and the underlying hypothesis by brute-force search. Although the order-aware test seems to be using more information than the Hoeffding-type test, we show that they are equivalent in the asymptotic regime. The proposed detect algorithms can be applied in two kinds of defense scheme: 1. Direct Detect: FC has no information on the identities of Byzantine sensors and performs detection with all local messages 2. Clustering and Detect: FC will first identifies the Byzantines and clusters the sensors into two groups through some side information. For each group, independent detection is performed then results from both groups are combined using 0-AND rule. We show that the Clustering Detect scheme performs better than Direct Detect scheme, and FC can't be blinded unless all sensors are compromised. Finally, some numerical results are presented to compare the two defense scheme.