Download pdf Security And Privacy In Communication Networks 9Th International Icst Conference Securecomm 2013 Sydney Nsw Australia September 25 28 2013 Revised Selected Papers 1St Edition Eirini Karapistoli ebook full chapter

Security and Privacy in Communication
Networks 9th International ICST

Conference SecureComm 2013 Sydney
NSW Australia September 25 28 2013
Revised Selected Papers 1st Edition
Eirini Karapistoli
Visit to download the full and correct content document:
https://textbookfull.com/product/security-and-privacy-in-communication-networks-9th-i
nternational-icst-conference-securecomm-2013-sydney-nsw-australia-september-25-
28-2013-revised-selected-papers-1st-edition-eirini-karapistoli/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
International Conference on Security and Privacy in

Communication Networks 10th International ICST
Conference SecureComm 2014 Beijing China September 24
26 2014 Revised Selected Papers Part II 1st Edition
Jing Tian
https://textbookfull.com/product/international-conference-on-
security-and-privacy-in-communication-networks-10th-
international-icst-conference-securecomm-2014-beijing-china-
september-24-26-2014-revised-selected-papers-part-ii-1st-edi/
International Conference on Security and Privacy in

Communication Networks 10th International ICST
Conference SecureComm 2014 Beijing China September 24
26 2014 Revised Selected Papers Part I 1st Edition Jing
Tian
https://textbookfull.com/product/international-conference-on-
security-and-privacy-in-communication-networks-10th-
international-icst-conference-securecomm-2014-beijing-china-
september-24-26-2014-revised-selected-papers-part-i-1st-edit/
Mobile Networks and Management 5th International

Conference MONAMI 2013 Cork Ireland September 23 25
2013 Revised Selected Papers 1st Edition Minji Kim
https://textbookfull.com/product/mobile-networks-and-
management-5th-international-conference-monami-2013-cork-ireland-
september-23-25-2013-revised-selected-papers-1st-edition-minji-
kim/
Ad Hoc Networks 5th International ICST Conference

ADHOCNETS 2013 Barcelona Spain October 2013 Revised
Selected Papers 1st Edition Zayneb Trabelsi Ayoub
https://textbookfull.com/product/ad-hoc-networks-5th-
international-icst-conference-adhocnets-2013-barcelona-spain-
october-2013-revised-selected-papers-1st-edition-zayneb-trabelsi-
Personal Satellite Services 5th International ICST
Conference PSATS 2013 Toulouse France June 27 28 2013
Revised Selected Papers 1st Edition Pietrofrancesco
Apollonio
https://textbookfull.com/product/personal-satellite-services-5th-
international-icst-conference-psats-2013-toulouse-france-
june-27-28-2013-revised-selected-papers-1st-edition-
pietrofrancesco-apollonio/
Graph Drawing 21st International Symposium GD 2013

Bordeaux France September 23 25 2013 Revised Selected
Papers 1st Edition Fabrizio Frati
https://textbookfull.com/product/graph-drawing-21st-
international-symposium-gd-2013-bordeaux-france-
september-23-25-2013-revised-selected-papers-1st-edition-
fabrizio-frati/
Distributed Computer and Communication Networks 17th

International Conference DCCN 2013 Moscow Russia
October 7 10 2013 Revised Selected Papers 1st Edition
Vladimir Vishnevsky
https://textbookfull.com/product/distributed-computer-and-
communication-networks-17th-international-conference-
dccn-2013-moscow-russia-october-7-10-2013-revised-selected-
papers-1st-edition-vladimir-vishnevsky/
Citizen in Sensor Networks Second International

Workshop CitiSens 2013 Barcelona Spain September 19
2013 Revised Selected Papers 1st Edition Àlex Pardo
https://textbookfull.com/product/citizen-in-sensor-networks-
second-international-workshop-citisens-2013-barcelona-spain-
september-19-2013-revised-selected-papers-1st-edition-alex-pardo/
Information and Communication Technologies in Education

Research and Industrial Applications 9th International
Conference ICTERI 2013 Kherson Ukraine June 19 22 2013
Revised Selected Papers 1st Edition Wolf-Ekkehard
Matzke (Auth.)
https://textbookfull.com/product/information-and-communication-
technologies-in-education-research-and-industrial-
applications-9th-international-conference-icteri-2013-kherson-
Tanveer Zia
Albert Zomaya
Vijay Varadharajan
Morley Mao (Eds.)
127
Security and Privacy

in Communication
Networks
9th International ICST Conference, SecureComm 2013
Sydney, NSW Australia, September 2013
Revised Selected Papers
123
Lecture Notes of the Institute
for Computer Sciences, Social Informatics
and Telecommunications Engineering 127
Editorial Board
Ozgur Akan
Middle East Technical University, Ankara, Turkey
Paolo Bellavista
University of Bologna, Italy
Jiannong Cao
Hong Kong Polytechnic University, Hong Kong
Falko Dressler
University of Erlangen, Germany
Domenico Ferrari
Università Cattolica Piacenza, Italy
Mario Gerla
UCLA, USA
Hisashi Kobayashi
Princeton University, USA
Sergio Palazzo
University of Catania, Italy
Sartaj Sahni
University of Florida, USA
Xuemin (Sherman) Shen
University of Waterloo, Canada
Mircea Stan
University of Virginia, USA
Jia Xiaohua
City University of Hong Kong, Hong Kong
Albert Zomaya
University of Sydney, Australia
Geoffrey Coulson
Lancaster University, UK
Tanveer Zia Albert Zomaya
Vijay Varadharajan Morley Mao (Eds.)
Security and Privacy

in Communication
Networks
9th International ICST Conference, SecureComm 2013
Sydney, NSW Australia, September 25-28, 2013
Revised Selected Papers
13
Volume Editors
Tanveer Zia
Charles Sturt University
School of Computing and Mathematics
Wagga Wagga, NSW, Australia
E-mail: tzia@csu.edu.au
Albert Zomaya
The University of Sydney
School of Information Technologies
Darlington, NSW, Australia
E-mail: albert.zomaya@sydney.edu.au
Vijay Varadharajan
Macquarie University, Department of Computing
North Ryde, NSW, Australia
E-mail: vijay.varadharajan@mq.edu.au
Morley Mao
University of Michigan, Department of EECS
Ann Arbor, MI, USA
E-mail: zmao@umich.edu
ISSN 1867-8211 e-ISSN 1867-822X

ISBN 978-3-319-04282-4 e-ISBN 978-3-319-04283-1
DOI 10.1007/978-3-319-04283-1
Springer Cham Heidelberg New York Dordrecht London
Library of Congress Control Number: 2013956812
CR Subject Classification (1998): K.6.5, C.2, E.3, K.4.4, H.4, H.3

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2013
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of
the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology
now known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection
with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and
executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication
or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’s location,
in ist current version, and permission for use must always be obtained from Springer. Permissions for use
may be obtained through RightsLink at the Copyright Clearance Center. Violations are liable to prosecution
under the respective Copyright Law.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
While the advice and information in this book are believed to be true and accurate at the date of publication,
neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or
omissions that may be made. The publisher makes no warranty, express or implied, with respect to the
material contained herein.
Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, India
Printed on acid-free paper
Springer is part of Springer Science+Business Media (www.springer.com)
Preface
Owing to the increase in the scale and sophistication of cyber crimes conducted
through the communication networks, it is imperative for the research com-
munity to ensure the protection of data disseminated through these networks.
Online information assets are further threatened because of the increasing trend
toward adoption of cloud computing and virtualization. Stakeholders need to be
aware of the potential threats to the information assets and critical infrastructure
and how to mitigate and eliminate these threats.
In past nine years, SecureComm has emerged as a leading international forum
that covers all aspects of information and communications security with partic-
ular emphasis on security in communication and networking. SecureComm also
serves as a venue for learning about the emerging trends in security and privacy
research, giving participants the opportunity to network with experts in the field.
The strategic objectives of SecureComm are to provide a common platform for
security and privacy experts in academia, industry, and government as well as
practitioners, standards developers, and policy makers to engage in discussions
on the common goals in order to explore important research directions in the
field. This year SecureComm was held in Australia for the first time. This co-
incided with one of the 15 recently announced Australian government Strategic
Research Priorities in Cyber Security, securing Australia’s place in a changing
world.
For SecureComm 2013, 70 high-quality papers were submitted from over 15
countries. Unfortunately, the acceptance rate set for this conference did not allow
us to accept all papers with relevant merits. In this respect, special thanks to the
Technical Program Committee members for handling of the challenging task and
selecting 21 outstanding papers with a significant contribution to the field to be
included in the proceedings. The 21 accepted papers can be broadly classified
under the following themes:
– Security and privacy in mobile, sensor, and ad hoc networks

– Malware, botnets, and distributed denial of service
– Security for emerging technologies: VoIP, peer-to-peer, and cloud computing
– Encryption and key management
– Security in software and machine learning
– Network and system security model
– Security and privacy in pervasive and ubiquitous computing
In addition to the papers presented at the conference, we also had following four
exciting keynote speakers:
– Mike Holm, Operations Manager, AusCERT (Computer Emergency Re-

sponse Team in Australia)
VI Preface
– James Turner, Chair, AISA (Australian Information Security Association)

Advocacy Group
– Mark Goudie, Regional Manager – Investigations, Dell SecureWorks
– Jiankun Hu, Professor and Research Director Cyber Security Lab, Australian
Defence Force Academy
Finally, we are very grateful to the NSW government for their sponsorship, as
well as the European Alliance for Innovation (EAI) and the Institute for Com-
puter Sciences, Social Informatics and Telecommunications Engineering (ICST)
for allowing SecureComm 2013 to be held in Australia. We also thank the local
Organizing Committee and its many members and volunteers for their support. A
special thank goes to Erica Polini, EAI Conference Manager, and Elisa Mendini,
EAI Venue Manager and Conference Coordinator, for their utmost profession-
alism in managing the administrative aspects of the conference. Last but not
least, our gratitude goes to the Steering Committee members, in particular to
Peng Liu, for his continuous supervision to make SecureComm a very successful
event.
September 2013 Tanveer Zia

Albert Zomaya
Vijay Varadharajan
Morley Mao
Organization
General Chair
Tanveer A. Zia Charles Sturt University, Australia
Albert Y. Zomaya University of Sydney, Australia
Technical Program Committee Chairs

Vijay Varadharajan Macquarie University, Australia
Morley Mao University of Michigan, USA
Local Chairs
Junbin Gao Charles Sturt University, Australia
Adel Al-Jumaily University of Technology Sydney, Australia
Maumita Bhattacharya Charles Sturt University, Australia
Publicity Chairs
Salil Kanhere University of New South Wales, Australia
Jianming Yong University of Southern Queensland, Australia
Weili Han Fudan University, China
Publication Chairs
Aldar Chan Chun Fai Institute for Infocomm Research (I2R),
Singapore
Quazi Mamun Charles Sturt University, Australia
Workshop Chairs
Javed Taheri University of Sydney, Australia
Md Rafiqul Islam Charles Sturt University, Australia
Sponsorship Chair
Sabih-ur Rehman Charles Sturt University, Australia
VIII Organization
Web Chair
Saman Shafigh Charles Sturt University, Australia
Conference Manager
Erica Polini EAI, Italy
Steering Committee
Peng Liu Pennsylvania State University, USA
Imrich Chlamtac CREATE-NET, Italy
Table of Contents
Session I: Security & Privacy in Mobile, Sensor,

and Ad Hoc Networks
Anomaly Detection in Beacon-Enabled IEEE 802.15.4 Wireless Sensor
Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Eirini Karapistoli and Anastasios A. Economides
Secure and Verifiable Top-k Query in Two-Tiered Sensor Networks . . . . . 19
Ting Zhou, Yaping Lin, Wei Zhang, Sheng Xiao, and Jinguo Li
CamTalk: A Bidirectional Light Communications Framework for Secure
Communications on Smartphones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Mengjun Xie, Liang Hao, Kenji Yoshigoe, and Jiang Bian
Session II: Malware, Botnets, and Distributed Denial

of Service
Botnet Triple-Channel Model: Towards Resilient and Efficient
Bidirectional Communication Botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Cui Xiang, Fang Binxing, Shi Jinqiao, and Liu Chaoge
Contrasting Permission Patterns between Clean and Malicious Android
Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Veelasha Moonsamy, Jia Rong, Shaowu Liu, Gang Li, and
Lynn Batten
DroidAPIMiner: Mining API-Level Features for Robust Malware
Detection in Android . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Yousra Aafer, Wenliang Du, and Heng Yin
Session III: Security for Emerging Technologies:

VoIP, Peer-to-peer, and Cloud Computing
Disabling a Computer by Exploiting Softphone Vulnerabilities: Threat
and Mitigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Ryan Farley and Xinyuan Wang
VCCBox: Practical Confinement of Untrusted Software in Virtual
Cloud Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Jun Jiang, Meining Nie, Purui Su, and Dengguo Feng
Integrated Security Architecture for Virtual Machines . . . . . . . . . . . . . . . . 140
Vijay Varadharajan and Udaya Tupakula
X Table of Contents
Session IV: Encryption and Key Management

Generic Mediated Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Ibrahim Elashry, Yi Mu, and Willy Susilo
An Efficient Reconfigurable II-ONB Modular Multiplier . . . . . . . . . . . . . . . 169

Li Miao, He Liangsheng, Yang Tongjie, Gao Neng,
Liu Zongbin, and Zhang Qinglong
Public-Key Encryption Resilient to Linear Related-Key Attacks . . . . . . . . 182

Hui Cui, Yi Mu, and Man Ho Au
Session V: Security in Software and Machine Learning

Clonewise – Detecting Package-Level Clones Using Machine Learning . . . 197
Silvio Cesare, Yang Xiang, and Jun Zhang
Automatic Polymorphic Exploit Generation for Software

Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Minghua Wang, Purui Su, Qi Li, Lingyun Ying, Yi Yang, and
Dengguo Feng
Session VI: Network and System Security Model

A Novel Web Tunnel Detection Method Based on Protocol Behaviors . . . 234
Fei Wang, Liusheng Huang, Zhili Chen, Haibo Miao, and Wei Yang
Salus: Non-hierarchical Memory Access Rights to Enforce the Principle

of Least Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Niels Avonds, Raoul Strackx, Pieter Agten, and Frank Piessens
Scalable Security Model Generation and Analysis Using k -importance

Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Jin B. Hong and Dong Seong Kim
Session VII: Security and Privacy in Pervasive and

Ubiquitous Computing
The B-Side of Side Channel Leakage: Control Flow Security in
Embedded Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Mehari Msgna, Konstantinos Markantonakis, and Keith Mayes
An e-payment Architecture Ensuring a High Level of Privacy

Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Aude Plateaux, Patrick Lacharme, Vincent Coquet, Sylvain Vernois,
Kumar Murty, and Christophe Rosenberger
Table of Contents XI
Unveiling Privacy Setting Breaches in Online Social Networks . . . . . . . . . 323

Xin Ruan, Chuan Yue, and Haining Wang
ATIS 2013: 4th International Workshop on

Applications and Techniques in Information Security
Securing a Web-Based Anti-counterfeit RFID System . . . . . . . . . . . . . . . . . 342
Belal Chowdhury, Morshed Chowdhury, and Jemal Abawajy
Security Concerns and Remedy in a Cloud Based E-learning System . . . . 356

Md. Anwar Hossain Masud, Md. Rafiqul Islam, and Jemal Abawajy
Ensuring Data Integrity by Anomaly Node Detection during Data

Gathering in WSNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
Quazi Mamun, Rafiqul Islam, and Mohammed Kaosar
(k-n) Oblivious Transfer Using Fully Homomorphic Encryption

System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Mohammed Kaosar, Quazi Mamun, Rafiqul Islam, and Xun Yi
Detection of Android API Call Using Logging Mechanism within

Android Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
Yuuki Nishimoto, Naoya Kajiwara, Shinichi Matsumoto,
Yoshiaki Hori, and Kouichi Sakurai
Reversible Data Hiding Scheme Based on 3-Least Significant Bits and

Mix Column Transform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Wafaa Mustafa Abduallah, Abdul Monem S. Rahma, and
Al-Sakib Khan Pathan
Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419

Anomaly Detection in Beacon-Enabled
IEEE 802.15.4 Wireless Sensor Networks
Eirini Karapistoli and Anastasios A. Economides
Department of Information Systems,

University of Macedonia
Egnatia 156, Thessaloniki, Greece
{ikarapis,economid}@uom.gr
Abstract. During the past decade, wireless sensor networks (WSNs)

have evolved as an important wireless networking technology attracting
the attention of the scientific community. With WSNs being envisioned
to support applications requiring little to no human attendance, how-
ever, these networks also lured the attention of various sophisticated
attackers. Today, the number of attacks to which WSNs are susceptible
is constantly increasing. Although many anomaly detection algorithms
have been developed since then to defend against them, not all of them
are tailored to the IEEE 802.15.4 standard, a dominant communication
standard for low power and low data rate WSNs. This paper proposes a
novel anomaly detection algorithm aimed at securing the beacon-enabled
mode of the IEEE 802.15.4 MAC protocol. The performance of the pro-
posed algorithm in identifying intrusions using a rule-based detection
technique is studied via simulations.
Keywords: Wireless Sensor Networks, Beacon-enabled IEEE 802.15.4

MAC, Rule-based Anomaly Detection.
1 Introduction
WSNs raise the interest of different business domains, including that of security
[1]. Their ability to monitor and control physical environments and large scale
critical infrastructures make them a promising candidate. WSNs can be relatively
easily deployed in a large geographical span, and can provide with fault diagnosis,
intrusion detection and monitoring services in a cost-efficient manner since they
do not require additional infrastructure. While the distributed nature of a WSN
increases the survivability of the network in critical situations (it is much less
likely that the network will be affected in its entirety by failures or attacks),
defensive mechanisms that could protect and guarantee the normal operation of
the WSN in the presence of adversaries are still needed.
Currently, research on providing security solutions for WSNs has mainly fo-
cused in key management [2], [3], secure authentication and routing [4], secure
localization and data aggregation [5], [6], and recently, in intrusion detection [7].
T. Zia et al. (Eds.): SecureComm 2013, LNICST 127, pp. 1–18, 2013.

c Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2013
2 E. Karapistoli and A.A. Economides
Within the limited scope of this paper, we restrain our focus on the latter ap-
proach in an attempt to defend against strong inside attackers that have pen-
etrated the first perimeter of defense. An Intrusion Detection System (IDS)
monitors the events occurring in the network and analyzes them to detect signs
of intrusion [8]. Various signature-based and anomaly-based IDS architectures
have been proposed for flat and hierarchical WSNs [9], [10], [11]. However, to the
best of our knowledge, none of them is applicable to IEEE 802.15.4-compliant
WSNs.
The IEEE 802.15.4-2011 standard [12] is a dominant communication stan-
dard developed to provide low-power and highly reliable wireless connectivity
among inexpensive, battery-powered devices. While emphasis has been given on
improving the performance of the 802.15.4 MAC protocol [13], limited work has
been contacted on securing its beacon-enabled mode. As identified in [14], [15],
this mode is vulnerable to a number of attacks. Some of the attacks (i.e., ra-
dio jamming and link layer jamming) are common to all MAC layer definitions.
Others like the back-off manipulation and the attacks against the acknowledge-
ment mechanism may also occur in IEEE 802.11 wireless networks due to some
common properties in the MAC layer implementations [16]. However, several
attacks including the Personal Area Network (PAN) identifier conflict attack,
and the Guaranteed Time Slot (GTS) attack are only applicable to the 802.15.4
MAC layer mechanisms defined by the standard. Therefore, the latter category of
attacks requires novel, anomaly-based intrusion detection algorithms to defend
against them.
Accordingly, this work contributes to the area of anomaly detection for IEEE
802.15.4-compliant wireless sensor networks. We propose a distributed anomaly
detection algorithm for securing the beacon-enabled mode of the IEEE 802.15.4
MAC protocol. Vulnerabilities of the underlying MAC are exposed and dealt
with using a rule-based detection approach. Our algorithm differentiates from
existing works in that it does not rely on the existence of special types of nodes,
i.e. monitor nodes or watchdogs, to perform the anomaly detection task. Fi-
nally, the proposed algorithm does not require expensive communication be-
tween the sensor nodes, since anomaly detection and revocation are performed
distributively.
The remainder of the paper is organized as follows: in Section 2, existing work
on securing the beacon-enabled mode of the 802.15.4 MAC is outlined. In Sec-
tion 3, we review several features of the underlying MAC protocol and analyze
its vulnerabilities in order to provide a better understanding of the proposed
algorithm. In Section 4, we provide a detailed description of our anomaly detec-
tion algorithm. Section 5 illustrates the obtained simulation results, followed by
detailed reports. Finally, conclusions are given in Section 6.
2 Related Work
Several defensive methods have been proposed for securing the beacon-enabled
mode of the IEEE 802.15.4 MAC protocol. The standard itself encompasses
Anomaly Detection in Beacon-Enabled IEEE 802.15.4 WSNs 3
built-in security features to provide data secrecy and data authenticity. However,
as Sastry et al. [17] pointed out, these security features have vulnerabilities
related to the initial vector (IV) management, key management, and integrity
protection. To address these issues, Alim et al. introduced EAP-Sens [18], a link
layer secure protocol implementation for 802.15.4 sensor networks in beacon-
enabled mode. While effective in its design, as with any authentication protocol,
EAP-Sens is vulnerable to insider attacks launched by compromised (malicious)
nodes.
Sokullu et al. [14], [19] were the first to analyze insider attacks targeting
the beacon-enabled mode of the IEEE 802.15.4 MAC protocol. The authors
used ns2 simulations to demonstrate DoS-like GTS attacks whose main goal
was to create collisions at the GTS slots and deny the guaranteed communica-
tion. While effective, the major drawback of their work is that it lacks a clear
description of how to defend against such attacks. Amini et al. [20] proposed a
Received Signal Strength Indicator (RSSI)-based solution to detect Sybil attacks
in IEEE 802.15.4 beacon-enabled clusters. The coordinator is tasked with detect-
ing anomalies inside its cluster based on deviations in the tuple (disc number,
device ID) it assigned to its cluster members. However, this method does not
consider the case of compromised coordinators. Moreover, if a malicious node
is close enough to a legitimate node, its RSSI may be confused with the RSSI
of the legitimate node, thus enabling the malicious node to escape detection.
Recently, Jung et al. [15] performed an in-depth study of the vulnerable prop-
erties of the beacon-enabled mode of the IEEE 802.15.4 standard. The authors
implemented on real devices four potential insider attacks associated with those
vulnerabilities, and presented mechanisms to defend against them. While the
authors provide a good framework to analyzing IEEE 802.15.4 MAC layer at-
tacks, no implementation or testing exists relative to the defensive mechanisms
they propose in their paper.
Overall, a concrete framework for securing IEEE 802.15.4-compliant sensor
networks against insider attacks is still missing. Our approach to the problem
is to use rule-based anomaly detection. As analyzed in [11], rule-based anomaly
detection is attractive because its methodology is flexible and resource-friendly
and benefits from the absence of an explicit training procedure. In rule-based
detection, the anomaly detector uses predefined rules to classify data points
as anomalies or normalities. While monitoring the network, these rules are se-
lected appropriately and applied to the monitored data. If the rules defining an
anomalous condition are satisfied, an anomaly is declared. Da Silva et al. [21]
where among the first to propose a rule-based distributed ADS for WSNs. While
the authors provide a good framework to rule-based detection, the defined rules
are not applicable to attacks targeting beacon-enabled WSNs. This is also the
case for other similar rule-based anomaly detection systems (ADS) proposed for
WSNs [22], [23].
Therefore, in this paper, we attempt to move towards that direction propos-
ing a specific modular rule-based ADS architecture tailored to IEEE 802.15.4-
compliant wireless sensor networks operating under the beacon-enabled mode.
3 Preliminaries
3.1 The IEEE 802.15.4 MAC
The MAC sublayer of the standard provides services such as beacon generation
and synchronization, PAN association and disassociation, GTS management,
and channel access among others [12]. It also provides support for star and peer-
to-peer network topologies. Peer-to-peer topologies allow more complex network
formations to be implemented, such as mesh and cluster tree topologies that are
better suited for security-oriented applications. When lines of communication
exceed the implementation-specific personal operating space (POS), an 802.15.4
network can be a self-configuring, multi-hop network. Two different device types
can participate in an IEEE 802.15.4 network; a full-function device (FFD) and
a reduced-function device (RFD). An FFD device can operate in three modes
serving as a PAN coordinator, a coordinator, or a device. An RFD device instead,
only connects to a cluster tree network as a leaf device at the end of a branch
(see Fig.1).
The IEEE 802.15.4 MAC operates in two modes, the beacon-enabled mode
and the nonbeacon-enabled mode. In the beaconless mode, coordinators do not
emit regular beacons. Moreover, channel access is managed through the unslotted
version of the CSMA-CA algorithm. In beacon-enabled PANs, which can assume
only a star or tree topology, all non-leaf nodes periodically transmit beacon
frames. In this mode, a PAN coordinator relies on a superframe (SF) structure
to enable transmission and reception of message that consists of a beacon, an
active period, and an inactive period. While starting a PAN, coordinator sets
its macPANId and the length of both active and inactive periods, defined by
the macBeaconOrder, BO=[0,15), and the macSuperframeOrder, SO=[0,BO),
respectively. The active period consists of 16 equal sized time slots and contains
a contention access period (CAP), which uses slotted CSMA/CA for channel
access, and a contention free period (CFP), which consists of guaranteed time
slots (GTS) that are allocated on demand to nodes for a contention-free access
to the channel. Member nodes can switch over to sleep mode during the inactive
period to save battery.
3.2 Attacking the IEEE 802.15.4 MAC

The beacon-enabled mode of the IEEE 802.15.4 MAC protocol is vulnerable to a
number of internal and external attacks several of which are common to all wire-
less MAC layer definitions. Therefore, in this paper we concentrate on attacks
that target peculiar mechanisms of the underlying MAC, namely its PANID con-
flict resolution procedure, the GTS allocation and deallocation mechanisms and
the data transmissions during the CAP and CFP portions of the superframe.
PANId Conflict Attack. According to the IEEE 802.15.4 standard [12], the
PAN identifier conflict resolution procedure is executed when more than one PAN
coordinators with the same PANId operate in the same POS. If such a conflict
P AN ID 1 P AN ID 3
13 P AN ID 2 1 4
15
12 5 6
8 4
5 0 2
11 5
PAN 6 2
C oordinator 0 1
0 7 3
2 1 3 7
9 F irst PAN C oordinator
4
3 P AN Coordinators
10 14
Device
Fig. 1. An IEEE 802.15.4 cluster tree network. (Source: [12]).
occurs, a member device that receives beacons from both PAN coordinators,
can notify its PAN coordinator to perform the conflict resolution procedure. An
adversary device can take advantage of this vulnerability and frequently send
fake PANId conflict notification commands to the coordinator and oblige the
latter to perform the conflict resolution procedure. Such an attack may prevent
or greatly delay communication between devices and the PAN coordinator.
GTS Attack. According to [12], a GTS slot is the portion of the superframe
that provides contention free communication between a device that reserved the
slot and a coordinator. The GTS allocation mechanism is executed as follows.
First, the device has to receive the beacon frame to identify the superframe
boundaries. A GTS allocation request is sent in the CAP portion of the super-
frame to the coordinator. The request includes the required length and direction
(uplink or downlink) of the GTS slot. The coordinator may send an ACK packet
to confirm the successful reception of the GTS request. If GTS slots are available,
the coordinator assigns them to the requesting device using the beacon frame.
Once assigned, the data transmission takes place in the GTS slots of the follow-
ing superframes. Similarly, a deallocation request results to the deallocation of
a GST slot.
As it can be seen, the GTS management scheme does not verify the ID of each
device that requests GTS allocation or deallocation. Therefore, an inside attacker
can easily compromise this procedure by either impersonating existing legitimate
nodes’ IDs or creating new IDs for devices that do not exist (i.e., implement a
Sybil attack at the MAC layer [24]). Let us examine the possible attack scenarios
separately. In the first attack scenario, a malicious node that is in the POS of
the PAN coordinator first obtains the IDs of existing legitimate nodes in the
PAN by either overhearing the list of pending addresses in the beacon frame or
the GTS allocation requests that are sent during the CAP. Accordingly, when
a legitimate node requests GTS allocation to transmit data in the CFP portion
of the next superframes, the malicious node can cancel this transmission by
sending a GTS deallocation request using the spoofed ID immediately after the
GTS allocation request as shown in Fig 2. Since the PAN coordinator receives
the deallocation request while processing the GTS allocation from the legitimate
node, it ignores the GTS allocation coming first and does not assign any GTS
to the legitimate node. As a result, the legitimate node is not assigned any GTS
and cannot transmit its sensed data.
In the previous attack, a malicious node impersonates a legitimate node to
cause the PAN coordinator to deallocate the requested GTSs. In this attack,
a malicious node sends GTS requests from multiple fake IDs (up to 7) to com-
pletely allocate the CFP period. To perform this attack, a malicious node contin-
uously monitors the available GTS slots with the intent of completely occupying
them. Then, the attacker sends GTS allocation requests to fill up all the avail-
able GTSs in the superframe (see Fig. 3 for an explanation). By occupying the
available GTSs and not allowing legitimate nodes to reserve GTSs the malicious
node performs an exhaustion and unfairness type of attack. The malicious node
does not necessarily need to send data at the assigned time slots. However, oc-
casionally it may need to do so in order to prevent the PAN coordinator from
dropping the assigned GTSs.
False Data Injection. In this attack, the malicious node first identifies which
legitimate node has not requested GTS allocation by looking at the GTS descrip-
tors of the beacon frames. Then, it chooses the legitimate node’s ID that does
not have any GTS allocation request and sends a GTS allocation request using
that ID. After it confirms that a GTS is allocated by the PAN coordinator, the
malicious node uses the spoofed ID and sends false data to the PAN coordinator
during the CFP. The legitimate node at the same time sends its sensed data
during the CAP. After checking the node’s ID, the PAN coordinator regards the
false data as time-sensitive ones and ignores the data sent from the legitimate
node during the CAP.
Beacon
CAP CFP CAP CFP
Inactive Inactive
Period Period
GTS deallocation request from a malicious node time

Blocked transmission. No GTS slot was
GTS allocation request from a legitimate node allocated to the legitimate node.
Fig. 2. A malicious node launching a GTS deallocation attack
Beacon
CAP CFP CAP CFP
Inactive Inactive
Period Period
time
GTS allocation requests from a malicious node
GTS deallocation requests from legitimate nodes Data from a malicious node. All GTSs taken by the
malicious node. No GTSs left for legitimate nodes.
Fig. 3. A malicious node stealing all 7 GTSs of the CFP period

DoS-like Attacks. In this attack, the attacker has the ability to create col-
lisions by jamming the beacons or specific GTS slots, which are broadcast in
nature. In order to jam the beacons the malicious node must align to the su-
perframe boundary and produce a collision by sending data at the start of the
beacon. In the second case, it may intercept the beacons and learn in which GTS
slots legitimate nodes send data. Then, it can corrupt the guaranteed commu-
nication between this device and the coordinator by jamming one or multiple
GTSs.
Selective Forwarding and Black Hole Attacks. The communication flow

in IEEE 802.15.4 beacon-enabled PANs, allows a captured (compromised) coor-
dinator to perform a selective forwarding attack. In this attack, the malicious
nodes refuses to forward all or a subset of the messages it receives from its child
devices and simply drops them. If the attacker drops all the packets, the attack
is then called black hole.
4 Anomaly Detection in 802.15.4-Based WSNs

This section highlights our anomaly detection framework, stating assumptions,
and describing the proposed algorithm.
4.1 Assumptions of the Model

A number of assumptions are made concerning the framework in which the wire-
less sensor nodes operate. First, we consider a cluster tree 802.15.4 network in
which most devices are FFDs. We assume that there is no pre-existing distributed
trust model or peer-to-peer trust model, and hence no node can be fully trusted.
Sensor nodes comprising the WSN remain stationary all the time. Once the clus-
ters are formed and nodes are assigned short addresses, they maintain the same
members, except for cases where nodes are blacklisted, die, or when new nodes
join the network. Each node shall maintain a data structure that facilitates the
storage of direct observations of all its parent-child nodes. Moreover, since sen-
sor nodes are “weak” devices, we assume that an adversary can completely take
over nodes and extract their cryptographic keys or load malicious software to
launch an insider attack. Accordingly, and in order to limit the complexity of
our model, we do not implement any cryptographic security mechanism, even
though the MAC sublayer of the standard provides hooks that can be harnessed
by upper layers to achieve authentication, message integrity, confidentiality and
replay protection [17]. Next, we describe our anomaly detection algorithm in
detail.
4.2 Detailed Algorithm Description

The core of the proposed algorithm relies on the periodic normal/guarding oper-
ation of the nodes comprising the WSN. To implement the aforementioned dual
behavior, nodes inside the network adopt a periodic operation. Each node es-
tablishes the periods of normal/guarding operation during the cluster formation
and guarding initialization phases. After the clusters are formed and guards are
assigned, the monitor node collects statistics for its peers, which are used during
the anomaly detection and node revocation phase to detect signs of intrusion.
The different phases of our algorithm are analyzed below.
Phase 1: Cluster Formation. In the proposed algorithm, sensor nodes follow

the association procedure defined by the standard in order to gradually connect
and form a multicluster network structure. Before starting a PAN, the first
action a device needs to perform is to initiate an active or passive scan in order
to locate other PANs within its POS. Once a new PAN is established, the PAN
coordinator is ready to accept requests from other devices to join the PAN. In
the process of joining a PAN, the device requesting association will perform a
passive scan to determine which PANs in its POS are allowing association. A
device should attempt to associate only with a PAN through a coordinator that is
currently allowing association (i.e., a coordinator whose macAssociationPermit
is set to TRUE). In order to impose topological restrictions on the formation
of the network, the macAssociationPermit is set to FALSE when the number
of nodes joining a particular PAN exceeds the parameter Nu . If the original
candidate device is not able to join the network at that coordinator, it will
search for another parent device or it will become the PAN coordinator of a
new PAN adjacent to the first one by selecting a suitable PAN identifier (see
Fig. 1). Every device follows this association procedure and gradually connects
to a PAN.
After the clusters are formed, each node starts operating in one of the avail-
able two modes; the normal mode in which it collects and forwards application-
specific sensor measurements to the base station (BS), and the guarding mode
in which it promiscuously listens to its peers’ transmissions in order to detect
signs of intrusion. During the normal mode, nodes may exchange data in the
active portion of the superframe. Three types of data transfer transactions are
allowed in the IEEE 802.15.4 MAC. The first one is the direct transmission in
which a device sends data to a coordinator. The second data transfer model is
the indirect transmission in which a coordinator sends data to a device, and the
third transaction is the peer-to-peer data transfer (see Fig. 4 for an explanation).
Within our algorithm, nodes are allowed to perform direct transmissions in both
the CAP and CFP portions of the superframe resembling a sink-based reporting
scheme that is typical in WSNs. Each device shall transmit a data frame follow-
ing the successful application of the slotted version of the CSMA-CA algorithm.
The transmission procedure, which includes the acknowledgement mechanism,
begins with a randomly selected back-off time. Any transmission procedure can
be repeated (attempted), if it can be completed within the same portion of
the superframe. The remaining data, if any, will be deferred to the next active
portion of the superframe.
Transmitted Received Transmitted

Beacon Beacon Beacon
SF view from ‘Parent’ active

Inactive ‘Child’ active
the first PAN superframe & Inactive Period
Period superframe
coordinator guarding interval
SF view ‘Parent’ active ‘Child’ active

Inactive
from a superframe superframe & Inactive Period
Period
coordinator (Uplink) guarding Interval
t
SD (active) SD (active)
StartTime > SD
Beacon Interval, BI
FFD or RFD
First PAN
(leaf nodes)
Coordinator
(parent) Coordinator
Topology View (child) FFD or RFD
Fig. 4. Periodic normal/guarding operation of the nodes inside a PAN
Phase 2: Guarding Initialization. After completion of phase I, nodes peri-

odically enter the guarding phase by enabling the macPromiscuousMode of the
standard for a time equal to a superframe duration, SD. Time SD determines
the active portion of the superframe in symbols, and relates to the macSuper-
frameOrder, 0≤SO≤BO≤14, as follows:
SD = aBaseSuperf rameDuration ∗ 2SO symbols (1)
where aBaseSuperframeDuration=960, and BO is the interval at which the co-

ordinator shall transmit its beacon frames. During this time, also called the
guarding interval, each node gathers traffic-related attributes for all its parent
and child nodes (if any) by promiscuously listening to the packets transmit-
ted over the shared communication channel (see Fig. 4). As it can be seen, a
functional difference between the first PAN coordinator and the rest PAN co-
ordinators is that the latter alternatively acts as an associated device (during
the active period of the superframe of the first PAN coordinator) and as the
coordinator (guard) of a set of surrounding FFDs or RFDs.
So, a node in the guarding mode is in charge of monitoring its parent-child
nodes by turning the promiscuous listening mode on or equivalently by setting
the macPromiscuousMode to TRUE. When in promiscuous mode, the MAC
sublayer shall pass all frames correctly received to the next higher layer for
further processing. Note that each guarding period is a unique guarding round
for collecting traffic-related attributes. These attributes may then be used by
the ADS system running on each sensor node to detect signs of intrusions. At
this point we should also state that the guarding periods of the nodes inside
a PAN are not synchronized. Each cluster member enters the guarding mode
sequentially and in accordance to its allocated macShortAddress. This is because
we want to distribute the role of the guard among the cluster members and enable
the detection and revocation to be fully distributed.
As apparent, the guarding periods are bounded by the beacons the PAN
coordinators sent. Child devices associated with them use these beacons to syn-
chronize their guarding periods. A guarding period is actually considered active
following the transmission of the beacon frame. The beacon frames contain essen-
tial parameters of the PAN, such as the CoordPANId, the macBeaconOrder, the
macBSN, and the StartTime at which the beacon frame was received. A node
that receives a beacon frame stores its information locally and consequently
learns the consecutive moments during which it will enter in the guarding mode.
The reception of the beacon frame also confirms that the coordinator is still
alive and operational, and that the device has not been orphaned. As apparent,
keeping the correct timing for broadcasting/receiving these frames is the highest
priority task for every node. Whatever a node is doing, i.e. is engaged in other
transmit or receive operations, it will be interrupted for the accurate, on-time
transmission/reception of the beacon frame. In order to acquire beacon synchro-
nization and to maintain their periodicity, nodes need to set the TrackBeacon
parameter to TRUE. This will enable a node to switch on its radio slightly before
the expected broadcast of the beacon in order to receive it.
Phase 3: Anomaly Detection and Node Revocation. Our network-based

ADS detects anomalies based on the packets that it monitors. Hence, following
the data acquisition, anomaly detection and revocation come next. As already
revealed, each node activates its ADS functionality when the MAC sublayer is in
the so-called promiscuous (receive all) mode. During this guarding mode, each
node keeps track of the transactions of all its parent-child nodes and stores the
collected packet in a data structure. Since we follow a rule-based approach to
anomaly detection, each data structure is evaluated according to the sequence
of rules defined in Table 1. A packet is discarded after being tested against all
rules without failing any of them. On the opposite case, an alarm will be raised
if a violation of these rules occurs.
Indeed, an alarm indicates that a node is an intruder and needs to be revoked.
Revocation is initiated following a process similar to the disassociation mecha-
nism defined by the standard. Since nodes enter the guarding mode periodically,
every node can independently verify intrusion instances and take revocation on
the intruder. Note that revocation can be lazy, in that a node does not need to
verify the intruder unless the latter is its parent or its child. In this way, attacks
are detected and revoked in a fully distributed manner.
The MAC sublayer of the 802.15.4 standard allows us to implement the node
revocation functionality easily since it defines procedures on how a device can
disassociate from a PAN. The disassociation procedure may be initiated either
from the PAN coordinator or from an associated device. Following the comple-
tion of a guarding period and the declaration of an anomaly, the coordinator
11
Anomaly Detection in Beacon-Enabled IEEE 802.15.4 WSNs
Table 1. Rules definition for detecting IEEE 802.15.4 MAC attacks

Rule Description Attack Detected Malicious actor
When a PANId conflict notification command is received at the coordinator, PANId conflict attack Associated device
increase a counter. If after SD symbols, less than half of the associated devices
report this conflict, raise an alarm.
If both GTS allocation & deallocation requests arrive from the same device in the CAP, GTS deallocation attack Associated device
raise an alarm. If an associated device does not send data during its allocated GTS slots GTS allocation attack Associated device
for two consecutive CFP periods, raise an alarm.
If data arrives in both the CAP and CFP portions of the same superframe, and False data injection Associated device
originates from the same device, raise an alarm.
When half of the associated devices send an orphan notification request DoS-like beacon attack Associated device
following the transmission of a beacon, raise an alarm.
If after two consecutive CFP periods, no packets are received during allocated DoS-like GTS attack Associated device
GTS slots, raise an alarm.
When a packet is not forwarded as it should, increase a counter. When this counter Selective Forwarding Coordinator
reaches a threshold, t, after SD symbols, raise an alarm. & Black hole attacks
may send a disassociate notification command to instruct a device to leave the

PAN (malicious associated device case) or an associated device may request dis-
association from the coordinator (malicious coordinator case). Let us examine
these two cases separately.
When a coordinator wants one of its associated devices to leave the PAN,
it sends a disassociation notification command to the malicious device. Because
the disassociation command contains an acknowledgment request, the associated
device shall confirm its receipt by sending an ACK frame. Even if the ACK
is not received, the coordinator should consider the device disassociated. The
next higher layer of a coordinator should disassociate a device by removing
all references to that device. The device will soon conclude that it has been
orphaned and will attempt to join other PANs within its POS. If no PANs exist
in its POS, the revocation of the node would be global. In the opposite case, a
similar procedure will be followed to revoke this node from the rest of the PANs
it will attempt to associate with in the future.
In the second case, an associated device may send a disassociate notification
command to notify the malicious coordinator of its intent to leave the PAN.
Again, this command contains an ACK request. However, even if the ACK is
not received, the device should consider itself disassociated. The orphaned device
will in turn have to perform an active or passive scan in order to join other
PANs that exist in its POS, or initiate a new PAN in case the active or passive
scans fail. Since gradually all nodes associated with the malicious coordinator
will independently verify the intrusion and leave its PAN, new clusters will be
formed and the malicious coordinator will be completely revoked.
5 Performance Evaluation
5.1 Simulation Environment
In order to implement the proposed algorithm, we extended the capabilities of the
existing IEEE 802.15.4 model developed in the OMNeT++ simulator [25]. This
model was adapted from a version for ns-2 by Chen and Dressler. The model,
which is described in more details in [26], implements the IEEE 802.15.4-2006
protocol stack. It also consists of two protocol-independent modules supporting
energy measurement and mobility in the simulations. Our extension to the model
targeted only the MAC sublayer (the PHY layer remained intact). Besides adding
C++ code for the anomaly detection engine, modifications were made to the
beacon-enabled mode of the model in order to support 802.15.4 cluster-tree
topologies similar to [27]. In order to prevent overlapping, the emission of beacons
is governed by an offset time. The offset for each PAN coordinator is set in a
special StartTime parameter in the omnetpp.ini file. The particular value of the
offset, which is null for the first PAN coordinator, for any other PAN coordinator
is proportional to its CoordPANId.
We simulated a 802.15.4 cluster-tree network configured with our ADS. 20
nodes were placed uniformly at random in a rectangular playground of 100 x
100m2 (the first PAN coordinator (host[0]) was placed on the upper-left corner
of the network). Each node has a communication range (POS) of 20m and oper-
ates under the 2.4 GHz PHY. We set the maximum number of octets added by
the MAC sublayer to the PSDU without security equal to aMaxMPDUUnsecure-
dOverhead, 25 octets. This leads to a DATA PPDU length of 31 bytes, a beacon
PPDU length of 17 bytes and an ACK PPDU length of 11 bytes. Regarding the
transceiver characteristics, we use those of the IEEE 802.15.4-compliant CC2420
Chipcon radio [28], where each sensor consumes as high as 19.7 mA, 17.4 mA
and 20 μA, in receive, transmit and sleep modes respectively.
We simulated a security-oriented application supporting sink-based reporting,
that is to say, traffic flowing from the devices to the BS (typical case of a sensor
network). Since nodes perform upstream transmissions this fact guarantees that
the packet will reach the BS. In this scenario, only leaf node were generating traf-
fic. The traffic load was set equal to 2 packets per second. During the simulation,
randomly selected intelligent adversaries include themselves in the network by
replicating legitimate (captured) nodes. The malicious nodes selectively launch
one of the attacks identified in Section 3.2. All the presented results were aver-
aged over 10 simulation runs. Each run lasts for 20 minutes, which gives as an
overall simulation time of 10 hours.
5.2 Simulation Results
In this section, we evaluate the performance of the proposed anomaly detection

algorithm through simulations. Comparison of our algorithm with existing rule-
based anomaly detection schemes would not be appropriate, as they are not
tailored to the IEEE 802.15.4 standard. Two metrics were used to evaluate the
effectiveness of our algorithm. These are the percentage reduction in network
lifetime, which is used to examine the extent by which our ADS degrades the
network lifetime when being implemented in common sensor nodes, and the
detection accuracy defined as the ratio of the detected attacks to the total number
of detected and undetected attacks.
Energy Consumption. Fig. 5a illustrates the percentage reduction in network

lifetime as a function of the percentage increase in the number of compromised
nodes. To simulate the described scenario, we chose at random a number of
network nodes and we programmed them to selectively launch one of the attacks
depicted in Table 1. With regard to selective forwarding attacks (launched only
by non-leaf nodes), the attacker was dropping packets with a probability pd =
30%. When pd = 100%, the attacker was executing a black hole attack. We set
the threshold value for the percentage of packets being dropped over the guarding
interval, SD, to be t = 20%. Above this threshold, an alarm was generated and
node revocation was initiated. For all other types of attack, the counter-criterion
rules of Table 1 are evaluated in succession and, if violated, an alarm is raised.
As the three curves show in Fig. 5a, the percentage reduction in network
lifetime increases smoothly as the percentage of malicious nodes increases. This is
because more energy-consuming intrusion detection functions are being executed
16
Detection Accuracy of Selective Forwarding attacks (%)

SO=3 100
SO=4
Reduction in Network Lifetime (%)
SO=5
12 80
60
8
40
4
20 SO=3
SO=4
SO=5
0 0
0 10 20 30 40 50 0 10 20 30 40 50
Compromised Nodes (%) compromised nodes (%)
Fig. 5. a) Percentage reduction in network lifetime, and b) Detection accuracy of Se-

lective forwarding attacks
following the introduction, identification and revocation of an increasing number

of adversaries. Overall, the network lifetime decreases by as high as 14.8%. The
relatively small decrease in network lifetime is achieved because the energy-
consuming role of the guard is rotated among the network nodes, a fact that
uniformly distributes the energy dissipation among the nodes. As expected, the
percentage reduction in network lifetime is low when the network contains no
malicious nodes. The obtained curves also indicate the trade off between the
value of the macSuperframeOrder, SO={3,4,5} and the energy cost. According
to Eq. (1), bigger SO values extend the guarding interval, SD, or equivalently the
time window the monitor node is hearing in the promiscuous mode. As such, the
longer a monitor node stays in the ’receive all’ mode, the higher is the associated
energy cost.
Detection Accuracy. The rest of the figures evaluate the effectiveness of our
algorithm against the attacks depicted in Table 1. In each attack scenario, there
was always one single type of attacker, which was varied in each simulation.
One interesting aspect these figures present is that the variation of the value
of the SO does not impact the detection efficiency of our algorithm. Only the
selective forwarding attacks and PANId conflict attacks, which are assessed over
a time window SD, are affected by the value of SO. Indeed, as shown in Fig. 5b,
smaller SO values result in lower detection levels. This happens because small
SO values, result in small guarding intervals SD. Recall that the interval SD
relates to the time window that a monitor node has in order to gather packets
and analyze them for signs of intrusion. Since less packets are being collected as
a result of the smaller SD interval, this affects the decision making process of
anomaly detection and produces less accurate intrusion detection results. One
aspect that is common in all types of attack is that if there is a high fraction of
compromised nodes inside the network (50 percent or more), the detection levels
achieved by our anomaly detection algorithm tend to drop below 90 percent,
Detection Accuracy of PANId Conflict attacks (%)
100 100
Detection Accuracyof GTS attacks (%)

80 80
60 60
40 40
20 SO=3 20
SO=4 GTS allocation attacks
SO=5 GTS deallocation attacks
0 0
0 10 20 30 40 50 0 10 20 30 40 50
compromised nodes (%) compromised nodes (%)
Fig. 6. Detection accuracy of a) PANId conflict attacks, and b) GTS attacks
which is considered low for an effective ADS. We can thus say that our ADS
works acceptable when having 45% or less of compromised nodes inside the
WSN.
As already revealed, Fig. 5b shows results on the detection accuracy of se-
lective forwarding attacks. In this type of attack, since packets are dropped
probabilistically, there might be the case that during the guarding interval of
some nodes, the dropped packets are less than t = 20%, and no alert is pro-
duced by those nodes. Then, the detection rule over that time window will not
be satisfied, and would produce no alarm. This is less probable to happen if the
value of SO gets bigger or if the nodes launch black hole attacks (the results on
black hole attacks are not presented here due to space restrictions). In this case,
the probability that during an SD interval the dropped packets are less than t,
resulting in a false negative, is close to zero, and hence the accuracy in detecting
that kind of attack is close to 100%.
Fig. 6a illustrates the detection accuracy of PANId conflict attacks. In PANId
conflict attacks, detection was always close to 100% due to the rule being applied
to detect this kind of attack. Another factor that keeps the detection levels high
is that these attacks are not mistaken with any other kind of attack or with
occasional network failures, and as such, a small number of false negatives is
only generated. However, an increase in the number of misdetections is obtained
when half, or more, of the nodes behave maliciously. In this case, the minority
vote rule being applied does not prevail any more.
According to Fig. 6b, the detection of GTS attacks ranges between 99% and
80%. In this scenario, since the SO does not impact the detection levels, only
results for SO=4 are depicted. The two curves indicate that the detection of
GTS allocation attacks is less successful. This happens because this type of
attack may be confused with the DoS-like GTS attacks, and as such, it may
generate a higher number of false negatives.
Fig. 7a on the other hand, shows that false data injection attacks, similar to
PANId conflict attacks, are detected with very high accuracy. Again, this attack
is not mistaken with any other kind of attack or network failure, generating few
false negatives.
Detection Accuracy of False Data Injection attacks (%)
100 100
Detection Accuracy of DoS-like attacks (%)

80 80
60 60
40 40
20 SO=3 20
SO=4 DoS-like beacon attack
SO=5 DoS-like GTS attack
0 0
0 10 20 30 40 50 0 10 20 30 40 50
compromised nodes (%) compromised nodes (%)
Fig. 7. Detection accuracy of a) False data injection attacks, and b) DoS-like attacks
Fig. 7b illustrates the obtained results on the detection accuracy of DoS-like

attacks. While the DoS-like beacon attacks are detected with an accuracy always
above 95%, the detection effectiveness drops in the case of DoS-like GTS attacks.
This happens because in this type of attack there is no internal mechanism (sim-
ilar to the lost synchronization) to notify the coordinator and assist the decision
making process of anomaly detection. Moreover, these type of attacks may be
confused with the GTS allocation attacks when jamming occurs in multiple GTS
slots, a fact that may further increase the number of false negatives.
6 Conclusions and Future Work

In this paper, we presented a distributed anomaly detection algorithm for secur-
ing IEEE 802.15.4-compliant WSNs operating in the beacon-enabled mode. The
proposed algorithm exploits the peculiar characteristics of the standard in order
to incarnate the concept of periodic guarding for anomaly detection purposes.
The OMNeT++ simulator has been used to implement our algorithm and to
collect various results aiming at assessing its performance. The results showed
that our approach maintains the energy consumption overhead at very low lev-
els, while at the same time, it achieves high detection accuracy for all types of
identified attacks. In the future, we intend to examine the proposed algorithm
in larger networks operating under more hostile conditions.
Acknowledgments. This work is implemented within the framework of the

Action “Supporting Postdoctoral Researchers” of the Operational Program “Ed-
ucation and Lifelong Learning” (Actions Beneficiary: General Secretariat for Re-
search and Technology), and is co-financed by the European Social Fund (ESF)
and the Greek State.
References
1. Akyildiz, I.F., Su, W., Sankarasubramaniam, Y., Cayirci, E.: Wireless sensor net-
works: a survey. Computer Networks 38(4), 393–422 (2002)
2. Karlof, C., Wagner, D.: Secure routing in wireless sensor networks: Attacks and
countermeasures. In: First IEEE International Workshop on Sensor Network Pro-
tocols and Applications, pp. 113–127 (2002)
3. Camtepe, S.A., Yener, B.: Key distribution mechanisms for wireless sensor net-
works: a survey. Rensselaer Polytechnic Institute, Tech. Rep. (2005)
4. Shi, E., Perrig, A.: Designing secure sensor networks. IEEE Wireless Communica-
tions 11(6), 38–43 (2004)
5. Lazos, L., Poovendran, R.: Serloc: Robust localization for wireless sensor networks.
ACM Transactions on Sensor Networks (TOSN), 73–100 (2005)
6. Dimitriou, T., Krontiris, I.: Secure In-network Processing in Sensor Networks. In:
Security in Sensor Networks, pp. 275–290. CRC Press (August 2006)
7. Farooqi, A.H., Khan, F.A.: Intrusion detection systems for wireless sensor net-
works: A survey. In: Ślezak,
D., Kim, T.-H., Chang, A.C.-C., Vasilakos, T., Li,
M., Sakurai, K. (eds.) FGCN/ACN 2009. CCIS, vol. 56, pp. 234–241. Springer,
Heidelberg (2009)
8. Scarfone, K.A., Mell, P.M.: Sp 800-94. Guide to intrusion detection and prevention
systems (idps). National Institute of Standards & Technology, Gaithersburg, MD,
United States, Tech. Rep. (2007)
9. Rajasegarar, S., Leckie, C., Palaniswami, M.: Anomaly detection in wireless sensor
networks. IEEE Wireless Communications 15(4), 34–40 (2008)
10. Hu, J.: Host-based anomaly intrusion detection. In: Handbook of Information and
Communication Security, pp. 235–255 (2010)
11. Xie, M., Han, S., Tian, B., Parvin, S.: Anomaly detection in wireless sensor net-
works: A survey. J. Netw. Comput. Appl. 34(4), 1302–1325 (2011)
TM
12. IEEE 802.15.4 -2011: IEEE Stadard for Local and metropolitan area networks–
Part 15.4: Low-Rate Wireless Personal Area Networks (LR-WPANs) (2011)
13. Koubaa, A., Alves, M., Nefzi, B., Song, Y.-Q.: Improving the IEEE 802.15.4 Slotted
CSMA/CA MAC for Time-Critical Events in Wireless Sensor Networks. In: Pro-
ceedings of the Workshop of Real-Time Networks (RTN 2006), Dresden, Germany
(July 2006)
14. Sokullu, R., Korkmaz, I., Dagdeviren, O., Mitseva, A., Prasad, N.: An Investigation
on IEEE 802.15.4 MAC Layer Attacks. In: Proceedings of the 10th International
Symposium on Wireless Personal Multimedia Communications (WPMC 2007), pp.
1019–1023 (2007)
15. Jung, S.S., Valero, M., Bourgeois, A., Beyah, R.: Attacking beacon-enabled
802.15.4 networks. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST,
vol. 50, pp. 253–271. Springer, Heidelberg (2010)
16. Radosavac, S., Baras, J.S., Koutsopoulos, I.: A framework for MAC protocol mis-
behavior detection in wireless networks. In: Workshop on Wireless Security, pp.
33–42 (2005)
17. Sastry, N., Wagner, D.: Security considerations for IEEE 802.15.4 networks. In:
Proceedings of the 3rd ACM Workshop on Wireless Security, WiSe 2004, pp. 32–
42. ACM, New York (2004)
18. Alim, M.A., Sarikaya, B.: EAP-Sens: a security architecture for wireless sensor
networks. In: Proceedings of the 4th Annual International Conference on Wireless
Internet, WICON, pp. 1–9 (2008)
19. Sokullu, R., Dagdeviren, O., Korkmaz, I.: On the IEEE 802.15.4 MAC Layer At-
tacks: GTS Attack. In: Second International Conference on Sensor Technologies
and Applications, SENSORCOMM 2008, pp. 673–678 (2008)
20. Amini, F., Misic, J., Pourreza, H.: Detection of sybil attack in beacon enabled
IEEE 802.15.4 networks. In: International Wireless Communications and Mobile
Computing Conference, IWCMC 2008, pp. 1058–1063 (2008)
21. da Silva, A.P.R., et al.: Decentralized intrusion detection in wireless sensor net-
works. In: Proceedings of 1st ACM International Workshop on Quality of Service
and Security in Wireless and Mobile Networks (Q2SWINET 2005), pp. 16–23.
ACM Press (2005)
22. Onat, I., Miri, A.: An intrusion detection system for wireless sensor networks. In:
IEEE International Conference on Wireless and Mobile Computing, Networking
and Communications (WiMob 2005), vol. 3, pp. 253–259 (August 2005)
23. Yu, B., Xiao, B.: Detecting selective forwarding attacks in wireless sensor networks.
In: Proceedings of the 20th International Conference on Parallel and Distributed
Processing, IPDPS 2006, p. 351. IEEE Computer Society (2006)
24. Douceur, J.R.: The Sybil Attack. In: Druschel, P., Kaashoek, M.F., Rowstron, A.
(eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002)
25. Varga, A., Hornig, R.: An overview of the omnet++ simulation environment. In:
Simutools 2008: Proceedings of the 1st International Conference on Simulation
Tools and Techniques for Communications, Networks and Systems & Workshops,
pp. 1–10, ICST (2008)
26. Chen, F., Dressler, F.: A Simulation Model of IEEE 802.15.4 in OMNeT++. In:
6. GI/ITG KuVS Fachgesprach Drahtlose Sensornetze, Poster Session, pp. 35–38
(2007)
27. Hurtado-López, J., Casilari, E., Ariza, A.: Enabling IEEE 802.15.4 Cluster-Tree
Topologies in OMNeT++. ICST, Brussels (2009)
c
28. Chipcon AS SmartRF CC2420, preliminary datasheet, rev. 1.2 (2004),
http://www.chipcon.com/files/cc2420_data_sheet_1_3.pdf
Another random document with
no related content on Scribd:
place themselves between the Enemy and the Captured, and disabled
British Ships; and should the Enemy close, I have no fears as to the
result.
The Second in Command will in all possible things direct the
movements of his Line, by keeping them as compact as the nature of
the circumstances will admit. Captains are to look to their particular
Line as their rallying point. But, in case Signals can neither be seen
or perfectly understood, no Captain can do very wrong if he places
his Ship alongside that of an Enemy.
Of the intended attack from to windward, the Enemy in Line of
Battle ready to receive an attack,
B = British.[83]
E = Enemy.[83]
The divisions of the British Fleet will be brought nearly within gun
shot of the Enemy’s Center. The signal will most probably then be
made for the Lee Line to bear up together, to set all their sails, even
steering sails, in order to get as quickly as possible to the Enemy’s
Line, and to cut through, beginning from the 12 Ship from the
Enemy’s Rear. Some Ships may not get through their exact place, but
they will always be at hand to assist their friends; and if any are
thrown round the Rear of the Enemy, they will effectually complete
the business of twelve Sail of the Enemy.
Should the Enemy wear together, or bear up and sail large, still the
twelve Ships composing, in the first position, the Enemy’s Rear, are
to be the object of attack of the Lee Line, unless otherwise directed
from the Commander-in-Chief, which is scarcely to be expected, as
the entire management of the Lee Line, after the intentions of the
Commander-in-Chief is signified, is intended to be left to the
judgment of the Admiral commanding that Line.
The remainder of the Enemy’s Fleet, 34 Sail, are to be left to the
management of the Commander-in-Chief who will endeavor to take
care that the movements of the Second in Command are as little
interrupted as is possible.
Nelson and Bronté.
After a statement of general considerations, and a frank

attribution of full powers to the second in command for carrying out
his part, Nelson lays down the manner of attack from to leeward.
This condition not obtaining at Trafalgar, the plan cannot be
contrasted with the performance of that day. Upon this follows a
luminous enunciation of the general idea, namely, Collingwood’s
engaging the twelve rear ships, which underlies the method
prescribed for each attack—from to leeward and to windward. Of the
latter Nelson fortunately gives an outline diagram, which illustrates
the picture before his own mind, facilitating our comprehension of
his probable expectations, and allowing a comparison between them
and the event as it actually occurred. It is not to the discredit, but
greatly to the credit, of his conception, that it was susceptible of large
modification in practice while retaining its characteristic idea.
Looking at his diagram, and following his words, it will be seen
that the British lines are not formed perpendicularly to that of the
enemy (as they were at Trafalgar), but parallel to it. Starting from
this disposition, near the enemy and abreast his center, the lee line of
sixteen ships was to bear up together, and advance in line, not in
column (as happened at Trafalgar); their object being the twelve rear
ships of the enemy. This first move stands by itself; the action of the
weather line, and of the reserve squadron still farther to windward,
are held in suspense under the eye of the commander-in-chief, to
take the direction which the latter shall prescribe as the struggle
develops. The mere menace of such a force, just out of gunshot to
windward, would be sufficient to prevent any extensive maneuver of
the unengaged enemies. Nelson doubtless had in mind the
dispositions, more than a century old, of Tourville and De Ruyter, by
which a few ships, spaced to windward of an enemy’s van, could
check its tacking, because of the raking fire to which they would
subject it. Unquestionably, he would not have kept long in idle
expectancy twenty-four ships, the number he had in mind; but
clearly also he proposed to hold them until he saw how things went
with Collingwood. Thus much time would allow, granting the
position he assumed and a reasonable breeze. His twenty-four to
windward held an absolute check over the supposed thirty-four
unengaged, of the enemy.
The attack as planned, therefore, differed from that executed (1) in
that the lee line was not to advance in column, but in line, thereby
dispersing the enemy’s fire, and avoiding the terrific concentration
which crushed the leaders at Trafalgar; and (2) in that the weather
squadrons were not to attack simultaneously with the lee, but after it
had engaged, in order to permit the remedying of any mishap that
might arise in delivering the crucial blow. In both these matters of
detail the plan was better than the modification; but the latter was
forced upon Nelson by conditions beyond his control.[84]
The Battle
Napoleon’s commands to enter the Mediterranean reached

Villeneuve on September 27. The following day, when Nelson was
joining his fleet, the admiral acknowledged their receipt, and
submissively reported his intention to obey as soon as the wind
served. Before he could do so, accurate intelligence was received of
the strength of Nelson’s force, which the emperor had not known.
Villeneuve assembled a council of war to consider the situation, and
the general opinion was adverse to sailing; but the commander-in-
chief, alleging the orders of Napoleon, announced his determination
to follow them. To this all submitted. An event, then unforeseen by
Villeneuve, precipitated his action.
Admiral Rosily’s approach was known in Cadiz some time before
he could arrive. It at first made little impression upon Villeneuve,
who was not expecting to be superseded. On the 11th of October,
however, along with the news that his successor had reached Madrid,
there came to him a rumor of the truth. His honor took alarm. If not
allowed to remain afloat, how remove the undeserved imputation of
cowardice which he knew had by some been attached to his name.
He at once wrote to Decrès that he would have been well content if
permitted to continue with the fleet in a subordinate capacity; and
closed with the words, “I will sail to-morrow, if circumstances favor.”
The wind next day was fair, and the combined fleets began to
weigh. On the 19th eight ships got clear of the harbor, and by ten A.M.
Nelson, far at sea, knew by signal that the long-expected movement
had begun. He at once made sail toward the Straits of Gibraltar to
bar the entrance of the Mediterranean to the allies. On the 20th, all
the latter, thirty-three ships-of-the-line accompanied by five frigates
and two brigs, were at sea, steering with a south-west wind to the
northward and westward to gain the offing needed before heading
direct for the Straits. That morning Nelson, for whom the wind had
been fair, was lying to off Cape Spartel to intercept the enemy; and
learning from his frigates that they were north of him, he stood in
that direction to meet them.
During the day the wind shifted to west, still fair for the British
and allowing the allies, by going about, to head south. It was still very
weak, so that the progress of the fleets was slow. During the night
both maneuvered; the allies to gain, the British to retain, the position
they wished. At daybreak of the 21st they were in presence, the
French and Spaniards steering south in five columns; of which the
two to windward, containing together twelve ships, constituted a
detached squadron of observation under Admiral Gravina. The
remaining twenty-one formed the main body, commanded by
Villeneuve. Cape Trafalgar, from which the battle took its name, was
on the south-eastern horizon, ten or twelve miles from the allies; and
the British fleet was at the same distance from them to the westward.
Soon after daylight Villeneuve signalled to form line of battle on
the starboard tack, on which they were then sailing, heading south.
In performing this evolution Gravina with his twelve ships took post
in the van of the allied fleet, his own flagship heading the column. It
is disputed between the French and Spaniards whether this step was
taken by Villeneuve’s order, or of Gravina’s own motion. In either
case, these twelve, by abandoning their central and windward
position, sacrificed to a great extent their power to reinforce any
threatened part of the order, and also unduly extended a line already
too long. In the end, instead of being a reserve well in hand, they
became the helpless victims of the British concentration.
At eight A.M. Villeneuve saw that battle could not be shunned.
Wishing to have Cadiz under his lee in case of disaster, he ordered
the combined fleet to wear together. The signal was clumsily
executed; but by ten all had gone round and were heading north in
inverse order, Gravina’s squadron in the rear. At eleven Villeneuve
directed this squadron to keep well to windward, so as to be in
position to succor the center, upon which the enemy seemed about to
make his chief attack; a judicious order, but rendered fruitless by the
purpose of the British to concentrate on the rear itself. When this
signal was made, Cadiz was twenty miles distant in the north-north-
east, and the course of the allies was carrying them toward it.
Owing to the lightness of the wind Nelson would lose no time in
maneuvering. He formed his fleet rapidly in two divisions, each in
single column, the simplest and most flexible order of attack, and the
one whose regularity is most easily preserved. The simple column,
however, unflanked, sacrifices during the critical period of closing
the support given by the rear ships to the leader, and draws upon the
latter the concentrated fire of the enemy’s line. Its use by Nelson on
this occasion has been much criticized. It is therefore to be remarked
that, although his orders, issued several days previous to the battle,
are somewhat ambiguous on this point, their natural meaning seems
to indicate the intention, if attacking from to windward, to draw up
with his fleet in two columns parallel to the enemy and abreast his
rear. Then the column nearest the enemy, the lee, keeping away
together, would advance in line against the twelve rear ships; while
the weather column, moving forward, would hold in check the
remainder of the hostile fleet. In either event, whether attacking in
column or in line, the essential feature of his plan was to overpower
twelve of the enemy by sixteen British, while the remainder of his
force covered this operation. The destruction of the rear was
entrusted to the second in command; he himself with a smaller body
took charge of the more uncertain duties of the containing force.
“The second in command,” wrote he in his memorable order, “will,
after my instructions are made known to him, have the entire
direction of his line.”
The justification of Nelson’s dispositions for battle at Trafalgar
rests therefore primarily upon the sluggish breeze, which would so
have delayed formations as to risk the loss of the opportunity. It
must also be observed that, although a column of ships does not
possess the sustained momentum of a column of men, whose depth
and mass combine to drive it through the relatively thin resistance of
a line, and so cut the latter in twain, the results nevertheless are
closely analogous. The leaders in either case are sacrificed,—success
is won over their prostrate forms; but the continued impact upon one
part of the enemy’s order is essentially a concentration, the issue of
which, if long enough maintained, cannot be doubtful. Penetration,
severance, and the enveloping of one of the parted fragments, must
be the result. So, exactly, it was at Trafalgar. It must also be noted
that the rear ships of either column, until they reached the hostile
line, swept with their broadsides the sea over which enemy’s ships
from either flank might try to come to the support of the attacked
center. No such attempt was in fact made from either extremity of
the combined fleet.
The two British columns were nearly a mile apart and advanced on
parallel courses,—heading nearly east, but a little to the northward to
allow for the gradual advance in that direction of the hostile fleet.
The northern or left-hand column, commonly called the “weather
line” because the wind came rather from that side, contained twelve
ships, and was led by Nelson himself in the Victory, a ship of one
hundred guns. The Royal Sovereign, of the same size and carrying
Collingwood’s flag, headed the right column, of fifteen ships.
To the British advance the allies opposed the traditional order of
battle, a long single line, close-hauled,—in this case heading north,
with the wind from west-north-west. The distance from one flank to
the other was nearly five miles. Owing partly to the lightness of the
breeze, partly to the great number of ships, and partly to the
inefficiency of many of the units of the fleet, the line was very
imperfectly formed. Ships were not in their places, intervals were of
irregular width, here vessels were not closed up, there two
overlapped, one masking the other’s fire. The general result was that,
instead of a line, the allied order showed a curve of gradual sweep,
convex toward the east. To the British approach from the west,
therefore, it presented a disposition resembling a re-entrant angle;
and Collingwood, noting with observant eye the advantage of this
arrangement for a cross-fire, commented favorably upon it in his
report of the battle. It was, however, the result of chance, not of
intention,—due, not to the talent of the chief, but to the want of skill
in his subordinates.
THE ATTACK AT
TRAFALGAR
OCTOBER 21, 1805
5 minutes past noon
The French and

Spanish ships
marked + were
taken or destroyed
in the action.
References
A. Santa Ana, Alava’s Flagship

B. Bucentaure, Villeneuve’s Flagship
P. Principe De Asturias, Gravina’s
Flagship
R. Redoutable
S. Royal Sovereign, Collingwood’s
Flagship
T. Santisima Trinidad
V. Victory, Nelson’s Flagship
Recent investigation has shown that

Collingwood’s division was much more
nearly parallel to the enemy than is
indicated in this diagram, and thus in a
formation more closely resembling
Nelson’s original plan.—Editor.
The commander-in-chief of the allies, Villeneuve, was in the

Bucentaure, an eighty-gun ship, the twelfth in order from the van of
the line. Immediately ahead of him was the huge Spanish four-
decker, the Santisima Trinidad, a Goliath among ships, which had
now come forth to her last battle. Sixth behind the Bucentaure, and
therefore eighteenth in the order, came a Spanish three-decker, the
Santa Ana, flying the flag of Vice-Admiral Alava. These two admirals
marked the right and left of the allied center, and upon them,
therefore, the British leaders respectively directed their course,—
Nelson upon the Bucentaure, Collingwood upon the Santa Ana.
The Royal Sovereign had recently been refitted, and with clean
new copper easily outsailed her more worn followers. Thus it
happened that, as Collingwood came within range, his ship,
outstripping the others by three quarters of a mile, entered alone,
and for twenty minutes endured, unsupported, the fire of all the
hostile ships that could reach her. A proud deed, surely, but surely
also not a deed to be commended as a pattern. The first shot of the
battle was fired at her by the Fougueux, the next astern of the Santa
Ana. This was just at noon, and with the opening guns the ships of
both fleets hoisted their ensigns; the Spaniards also hanging large
wooden crosses from their spanker booms.
The Royal Sovereign advanced in silence until, ten minutes later,
she passed close under the stern of the Santa Ana. Then she fired a
double-shotted broadside which struck down four hundred of the
enemy’s crew, and, luffing rapidly, took her position close alongside,
the muzzles of the hostile guns nearly touching. Here the Royal
Sovereign underwent the fire not only of her chief antagonist, but of
four other ships; three of which belonged to the division of five that
ought closely to have knit the Santa Ana to the Bucentaure, and so
fixed an impassable barrier to the enemy seeking to pierce the center.
The fact shows strikingly the looseness of the allied order, these three
being all in rear and to leeward of their proper stations.
For fifteen minutes the Royal Sovereign was the only British ship
in close action. Then her next astern entered the battle, followed
successively by the rest of the column. In rear of the Santa Ana were
fifteen ships. Among these, Collingwood’s vessels penetrated in
various directions; chiefly, however, at first near the spot where his
flag had led the way, enveloping and destroying in detail the enemy’s
center and leading rear ships, and then passing on to subdue the rest.
Much doubtless was determined by chance in such confusion and
obscurity; but the original tactical plan ensured an ever-whelming
concentration upon a limited portion of the enemy’s order. This
being subdued with the less loss, because so outnumbered, the
intelligence and skill of the various British captains readily
compassed the destruction of the dwindling remnant. Of the sixteen
ships, including the Santa Ana, which composed the allied rear,
twelve were taken or destroyed.
Not till one o’clock, or nearly half an hour after the vessels next
following Collingwood came into action, did the Victory reach the
Bucentaure. The latter was raked with the same dire results that
befell the Santa Ana; but a ship close to leeward blocked the way,
and Nelson was not able to grapple with the enemy’s commander-in-
chief. The Victory, prevented from going through the line, fell on
board the Redoutable, a French seventy-four, between which and
herself a furious action followed,—the two lying in close contact. At
half-past one Nelson fell mortally wounded, the battle still raging
fiercely.
The ship immediately following Nelson’s came also into collision
with the Redoutable, which thus found herself in combat with two
antagonists. The next three of the British weather column each in
succession raked the Bucentaure, complying thus with Nelson’s
order that every effort must be made to capture the enemy’s
commander-in-chief. Passing on, these three concentrated their
efforts, first upon the Bucentaure, and next upon the Santisima
Trinidad. Thus it happened that upon the allied commander-in-
chief, upon his next ahead, and upon the ship which, though not his
natural supporter astern, had sought and filled that honorable post,
—upon the key, in short, of the allied order,—were combined under
the most advantageous conditions the fires of five hostile vessels,
three of them first-rates. Consequently, not only were the three
added to the prizes, but also a great breach was made between the
van and rear of the combined fleets. This breach became yet wider by
the singular conduct of Villeneuve’s proper next astern. Soon after
the Victory came into action, that ship bore up out of the line, wore
round, and stood toward the rear, followed by three others. This
movement is attributed to a wish to succor the rear. If so, it was at
best an indiscreet and ill-timed act, which finds little palliation in the
fact that not one of these ships was taken.
Thus, two hours after the battle began, the allied fleet was cut in
two, the rear enveloped and in process of being destroyed in detail,
the Bucentaure, Santisima Trinidad, and Redoutable practically
reduced, though not yet surrendered. Ahead of the Santisima
Trinidad were ten ships, which as yet had not been engaged. The
inaction of the van, though partly accounted for by the slackness of
the wind, has given just cause for censure. To it, at ten minutes
before two, Villeneuve made signal to get into action and to wear
together. This was accomplished with difficulty, owing to the heavy
swell and want of wind. At three, however, all the ships were about,
but by an extraordinary fatality they did not keep together. Five with
Admiral Dumanoir stood along to windward of the battle, three
passed to leeward of it, and two, keeping away, left the field entirely.
Of the whole number, three were intercepted, raising the loss of the
allies to eighteen ships-of-the-line taken, one of which caught fire
and was burned. The approach of Admiral Dumanoir, if made an
hour earlier, might have conduced to save Villeneuve; it was now too
late. Exchanging a few distant broadsides with enemy’s ships, he
stood off to the south-west with four vessels; one of those at first with
him having been cut off.
At quarter before five Admiral Gravina, whose ship had been the
rear of the order during the battle and had lost heavily, retreated
toward Cadiz, making signal to the vessels which had not struck to
form around his flag. Five other Spanish ships and five French
followed him. As he was withdrawing, the last two to resist of the
allied fleet struck their colors.
During the night of the 21st these eleven ships anchored at the
mouth of Cadiz harbor, which they could not then enter, on account
of a land wind from south-east. At the same time the British and
their prizes were being carried shoreward by the heavy swell which
had prevailed during the battle; the light air blowing from the sea not
enabling them to haul off. The situation was one of imminent peril.
At midnight the wind freshened much, but fortunately hauled to the
southward, whence it blew a gale all the 22d. The ships got their
heads to the westward and drew off shore, with thirteen of the prizes;
the other four having had to anchor off Cape Trafalgar. That morning
the Bucentaure, Villeneuve’s late flagship, was wrecked on some
rocks off the entrance to Cadiz; and toward evening the Redoutable,
that had so nobly supported her, was found to be sinking astern of
the British ship that had her in tow. During the night of the 22d she
went down with a hundred and fifty of her people still on board. On
the 24th the same fate befell the great Santisima Trinidad, which
had been the French admiral’s next ahead. Thus his own ship and his
two supports vanished from the seas.
For several days the wind continued violent from north-west and
south-west. On the 23d five of the ships that had escaped with
Gravina put out, to cut off some of the prizes that were near the
coast. They succeeded in taking two; but as these were battered to
pieces, while three of the five rescuers were carried on the beach and
wrecked with great loss of life, little advantage resulted from this
well-meant and gallant sortie. Two other prizes were given up to
their own crews by the British prize-masters, because the latter were
not able with their scanty force to save them. These got into Cadiz. Of
the remaining British prizes, all but four either went ashore or were
destroyed by the orders of Collingwood, who despaired of saving
them. No British ship was lost.
Of thirty-three combined French and Spanish ships which sailed
out of Cadiz on the 20th of October, eleven, five French and six
Spanish, mostly now disabled hulks, lay there at anchor on the last
day of the month. The four that escaped to sea under Dumanoir fell
in with a British squadron of the same size near Cape Ortegal, on the
4th of November, and were all taken. This raised the allied loss to
twenty-two,—two more than the twenty for which Nelson, in his
dying hour, declared that he had bargained.
No attempt to move from Cadiz was again made by the shattered
relics of the fight. On the 25th of October Rosily arrived and took up
his now blasted command. Nearly three years later, when the
Spanish monarchy, so long the submissive tool of the Directory and
of Napoleon, had been overthrown by the latter, and the Spanish
people had risen against the usurper, the five French ships were still
in the port. Surprised between the British blockade and the now
hostile batteries of the coast, Rosily, after an engagement of two days
with the latter, surrendered his squadron, with the four thousand
seamen then on board. This event occurred on the 14th of June,
1808. It was the last echo of Trafalgar.
Such, in its leading outlines and direct consequences, was the
famous battle of Trafalgar. Its lasting significance and far-reaching
results have been well stated by a recent historian, more keenly alive
than most of his fellows to the paramount, though silent, influence of
Sea Power upon the course of events: “Trafalgar was not only the
greatest naval victory, it was the greatest and most momentous
victory won either by land or by sea during the whole of the
Revolutionary War. No victory, and no series of victories, of
Napoleon produced the same effect upon Europe.... A generation
passed after Trafalgar before France again seriously threatened
England at sea. The prospect of crushing the British navy, so long as
England had the means to equip a navy, vanished. Napoleon
henceforth set his hopes on exhausting England’s resources, by
compelling every state on the Continent to exclude her commerce.
Trafalgar forced him to impose his yoke upon all Europe, or to
abandon the hope of conquering Great Britain.... Nelson’s last
triumph left England in such a position that no means remained to
injure her but those which must result in the ultimate deliverance of
the Continent.”[85]
These words may be accepted with very slight modification.
Napoleon’s scheme for the invasion of Great Britain, thwarted once
and again by the strategic difficulties attendant upon its execution,
was finally frustrated when Villeneuve gave up the attempt to reach
Brest and headed for Cadiz. On the part of the allies Trafalgar was, in
itself, a useless holocaust, precipitated in the end by the despair of
the unfortunate admiral, upon whose irresolution Napoleon not
unjustly visited the anger caused by the wreck of his plans.
Villeneuve was perfectly clear-sighted and right in his appreciation of
the deficiencies of his command,—of the many chances against
success. Where he wretchedly failed was in not recognizing the
simple duty of obedience,—the obligation to persist at all hazards in
the part of a great scheme assigned to him, even though it led to the
destruction of his whole force. Had he, upon leaving Ferrol, been
visited by a little of the desperation which brought him to Trafalgar,
the invasion of England might possibly—not probably—have been
effected.
An event so striking as the battle of Trafalgar becomes, however, to
mankind the symbol of all the circumstances—more important,
perhaps, but less obvious—which culminate in it. In this sense it may
be said that Trafalgar was the cause—as it certainly marked the
period—of Napoleon’s resolution to crush Great Britain by excluding
her commerce from the Continent. Here, therefore, the story of the
influence of Sea Power upon this great conflict ceases to follow the
strictly naval events, and becomes concerned simply with commerce-
destroying, ordinarily a secondary operation of maritime war, but
exalted in the later years of Napoleon’s reign to be the principal, if
not the sole, means of action.
Commerce Warfare after Trafalgar
The warfare against commerce during the French Revolution, alike

under the Republic and under Napoleon, was marked by the same
passionate vehemence, the same extreme and far-reaching
conceptions, the same obstinate resolve utterly to overthrow and
extirpate every opposing force, that characterized the political and
military enterprises of the period. In the effort to bring under the
yoke of their own policy the commerce of the whole world, the two
chief contestants, France and Great Britain, swayed back and forth in
deadly grapple over the vast arena, trampling under foot the rights
and interests of the weaker parties; who, whether as neutrals, or as
subjects of friendly or allied powers, looked helplessly on, and found
that in this great struggle for self-preservation, neither outcries, nor
threats, nor despairing submission, availed to lessen the pressure
that was gradually crushing out both hope and life. The question
between Napoleon and the British people became simply one of
endurance, as was tersely and powerfully shown by the emperor
himself. Both were expending their capital, and drawing freely drafts
upon the future, the one in money, the other in men, to sustain their
present strength. Like two infuriated dogs, they had locked jaws over
commerce, as the decisive element in the contest. Neither would let
go his grip until failing vitality should loose it, or until some
bystander should deal one a wound through which the powers of life
should drain away. All now know that in the latter way the end came.
The commercial policy of the great monarch, who, from the confines
of Europe, had watched the tussle with all the eagerness of self-
interest, angered Napoleon. To enforce his will, he made new and
offensive annexations of territory. The czar replied by a commercial
edict, sharp and decisive, and war was determined. “It is all a scene
in the Opera,” wrote Napoleon,[86] “and the English are the scene
shifters.” Words failed the men of that day to represent the grandeur
and apparent solidity of the Empire in 1811, when Napoleon’s heir
was born. In December, 1812, it was shattered from turret to
foundation stone; wrecked in the attempt “to conquer the sea by the
land.” The scene was shifted indeed.
Great Britain remained victorious on the field, but she had touched
the verge of ruin. Confronted with the fixed resolution of her enemy
to break down her commerce by an absolute exclusion from the
continent of Europe, and as far as possible from the rest of the world,
she met the challenge by a measure equally extreme, forbidding all
neutral vessels to enter ports hostile to her, unless they had first
touched at one of her own. Shut out herself from the Continent, she
announced that while this exclusion lasted she would shut the
Continent off from all external intercourse. “No trade except through
England,” was the formula under which her leaders expressed their
purpose. The entrance of Russia into this strife, under the
provocations of Napoleon, prevented the problem, which of these
two policies would overthrow the other, from reaching a natural
solution; and the final result of the measures which it is one object of
this and the following chapter to narrate must remain for ever
uncertain. It is, however, evident that a commercial and
manufacturing country like Great Britain must, in a strife the essence
of which was the restriction of trade, suffer more than one
depending, as France did, mainly upon her internal resources. The
question, as before stated, was whether she could endure the greater
drain by her greater wealth. Upon the whole, the indications were,
and to the end continued to be, that she could do so; that Napoleon,
in entering upon this particular struggle, miscalculated his enemy’s
strength.
But besides this, here, as in every contest where the opponents are
closely matched, where power and discipline and leadership are
nearly equal, there was a further question: which of the two would
make the first and greatest mistakes, and how ready the other party
was to profit by his errors. In so even a balance, the wisest prophet
cannot foresee how the scale will turn. The result will depend not
merely upon the skill of the swordsman in handling his weapons, but
also upon the wariness of his fence and the quickness of his returns;
much, too, upon his temper. Here also Napoleon was worsted.
Scarcely was the battle over commerce joined, when the uprising of
Spain was precipitated by overconfidence; Great Britain hastened at
once to place herself by the side of the insurgents. Four years later,
when the British people were groaning in a protracted financial
crisis,—when, if ever, there was a hope that the expected convulsion
and ruin were at hand,—Napoleon, instead of waiting for his already
rigorous blockade to finish the work he attributed to it, strove to
draw it yet closer, by demands which were unnecessary and to which
the czar could not yield. Again Great Britain seized her opportunity,
received her late enemy’s fleet, and filled his treasury. Admit the
difficulties of Napoleon; allow as we may for the intricacy of the
problem before him; the fact remains that he wholly misunderstood
the temper of the Spanish people, the dangers of the Spanish
enterprise, the resolution of Alexander. On the other hand, looking
upon the principal charge against the policy of the British
government, that it alienated the United States, it is still true that
there was no miscalculation as to the long-suffering of the latter
under the guidance of Jefferson, with his passion for peace. The
submission of the United States lasted until Napoleon was
committed to his final blunder, thus justifying the risk taken by Great
Britain and awarding to her the strategic triumph.
... As regards the rightfulness of the action of the two parties,
viewed separately from their policy, opinions will probably always
differ, according to the authority attributed by individuals to the
dicta of International Law. It may be admitted at once that neither
Napoleon’s decrees nor the British orders can be justified at that bar,
except by the simple plea of self-preservation,—the first law of states
even more than of men; for no government is empowered to assent
to that last sacrifice, which the individual may make for the noblest
motives. The beneficent influence of the mass of conventions known
as International Law is indisputable, nor should its authority be
lightly undermined; but it cannot prevent the interests of belligerents
and neutrals from clashing, nor speak with perfect clearness in all
cases where they do. Of this the Rule of 1756 offered, in its day, a
conspicuous instance. The belligerent claimed that the neutral, by
covering with his flag a trade previously the monopoly of the enemy,
not only inflicted a grave injury by snatching from him a lawful prey,
but was guilty likewise of a breach of neutrality; the neutral
contended that the enemy had a right to change his commercial
regulations, in war as well as in peace. To the author, though an
American, the belligerent argument seems the stronger; nor was the
laudable desire of the neutral for gain a nobler motive than the
solicitude, about their national resources, of men who rightly
believed themselves engaged in a struggle for national existence. The
measure meted to Austria and Prussia was an ominous indication of
the fate Great Britain might expect, if her strength failed her. But,
whatever the decision of our older and milder civilization on the
merits of the particular question, there can be no doubt of the
passionate earnestness of the two disputants in their day, nor of the
conviction of right held by either. In such a dilemma, the last answer
of International Law has to be that every state is the final judge as to
whether it should or should not make war; to its own self alone is it
responsible for the rightfulness of this action. If, however, the
condition of injury entailed by the neutral’s course is such as to
justify war, it justifies all lesser means of control. The question of the
rightfulness of these disappears, and that of policy alone remains.
It is the business of the neutral, by his prepared condition, to make
impolitic that which he claims is also wrong. The neutral which fails
to do so, which leaves its ports defenseless and its navy stunted until
the emergency comes, will then find, as the United States found in
the early years of this century, an admirable opportunity to write
State Papers.
26. General Strategy of the War of 1812[87]
The general considerations that have been advanced are sufficient to

indicate what should have been the general plan of the war on the
part of the United States. Every war must be aggressive, or, to use the
technical term, offensive, in military character; for unless you injure
the enemy, if you confine yourself, as some of the grumblers of that
day would have it, to simple defense against his efforts, obviously he
has no inducement to yield your contention. Incidentally, however,
vital interests must be defended, otherwise the power of offense falls
with them. Every war, therefore, has both a defensive and an
offensive side, and in an effective plan of campaign each must receive
due attention. Now, in 1812, so far as general natural conditions
went, the United States was relatively weak on the sea frontier, and
strong on the side of Canada. The seaboard might, indeed, in the
preceding ten years, have been given a development of force, by the
creation of an adequate navy, which would have prevented war, by
the obvious danger to British interests involved in hostilities. But this
had not been done; and Jefferson, by his gunboat policy, building
some two hundred of those vessels, worthless unless under cover of
the land, proclaimed by act as by voice his adherence to a bare
defensive. The sea frontier, therefore, became mainly a line of
defense, the utility of which primarily was, or should have been, to
maintain communication with the outside world; to support
commerce, which in turn should sustain the financial potency that
determines the issues of war.
... Such in general was the condition of the sea frontier, thrown
inevitably upon the defensive. With the passing comment that, had it
been defended as suggested [by a squadron of respectable battleships
in concentrated strength.—Editor], Great Britain would never have
forced the war, let us now consider conditions on the Canadian line,
where circumstances eminently favored the offensive by the United
States; for this war should not be regarded simply as a land war or a
naval war, nor yet as a war of offense and again one of defense, but as
being continuously and at all times both offensive and defensive,
both land and sea, in reciprocal influence.
Disregarding as militarily unimportant the artificial boundary
dividing Canada from New York, Vermont, and the eastern parts of
the Union, the frontier separating the land positions of the two
belligerents was the Great Lakes and the river St. Lawrence. This
presented certain characteristic and unusual features. That it was a
water line was a condition not uncommon; but it was exceptionally
marked by those broad expanses which constitute inland seas of
great size and depth, navigable by vessels of the largest sea-going
dimensions. This water system, being continuous and in continual
progress, is best conceived by applying to the whole, from Lake
Superior to the ocean, the name of the great river, the St. Lawrence,
which on the one hand unites it to the sea, and on the other divides
the inner waters from the outer by a barrier of rapids, impassable to
ships that otherwise could navigate freely both lakes and ocean.
The importance of the lakes to military operations must always be
great, but it was much enhanced in 1812 by the undeveloped
condition of land communications. With the roads in the state they
then were, the movement of men, and still more of supplies, was
vastly more rapid by water than by land. Except in winter, when
iron-bound snow covered the ground, the routes of Upper Canada
were well-nigh impassable; in spring and in autumn rains, wholly so
to heavy vehicles. The mail from Montreal to York,—now Toronto,—
three hundred miles, took a month in transit.[88] In October, 1814,
when the war was virtually over, the British general at Niagara
lamented to the commander-in-chief that, owing to the refusal of the
navy to carry troops, an important detachment was left “to struggle
through the dreadful roads from Kingston to York.”[89] “Should
reinforcements and provisions not arrive, the naval commander
would,” in his opinion, “have much to answer for.”[90] The
commander-in-chief himself wrote: “The command of the lakes
enables the enemy to perform in two days what it takes the troops
from Kingston sixteen to twenty days of severe marching. Their men
arrive fresh; ours fatigued, and with exhausted equipment. The
distance from Kingston to the Niagara frontier exceeds two hundred
and fifty miles, and part of the way is impracticable for supplies.”[91]
On the United States side, road conditions were similar but much
less disadvantageous. The water route by Ontario was greatly
preferred as a means of transportation, and in parts and at certain
seasons was indispensable. Stores for Sackett’s Harbor, for instance,
had in early summer to be brought to Oswego, and thence coasted
along to their destination, in security or in peril, according to the
momentary predominance of one party or the other on the lake. In
like manner, it was more convenient to move between the Niagara
frontier and the east end of the lake by water; but in case of
necessity, men could march. An English traveler in 1818 says: “I
accomplished the journey from Albany to Buffalo in October in six
days with ease and comfort, whereas in May it took ten of great
difficulty and distress.”[92] In the farther West the American armies,
though much impeded, advanced securely through Ohio and Indiana
to the shores of Lake Erie, and there maintained themselves in
supplies sent over-country; whereas the British at the western end of
the lake, opposite Detroit, depended wholly upon the water, although
no hostile force threatened the land line between them and Ontario.
The battle of Lake Erie, so disastrous to their cause, was forced upon
them purely by failure of food, owing to the appearance of Perry’s
squadron.
... The opinion of competent soldiers on the spot, such as Craig and
Brock, in full possession of all the contemporary facts, may be
accepted explicitly as confirming the inferences which in any event
might have been drawn from the natural features of the situation.
Upon Mackinac and Detroit depended the control and quiet of the
Northwestern country, because they commanded vital points on its
line of communication. Upon Kingston and Montreal, by their
position and intrinsic advantages, rested the communication of all
Canada, along and above the St. Lawrence, with the sea power of
Great Britain, whence alone could be drawn the constant support
without which ultimate defeat should have been inevitable. Naval
power, sustained upon the Great Lakes, controlled the great line of
communication between the East and West, and also conferred upon
the party possessing it the strategic advantage of interior lines; that
is, of shorter distances, both in length and time, to move from point
to point of the lake shores, close to which lay the scenes of
operations. It followed that Detroit and Michilimackinac, being at
the beginning in the possession of the United States, should have
been fortified, garrisoned, provisioned, in readiness for siege, and
placed in close communication with home, as soon as war was seen
to be imminent, which it was in December, 1811, at latest. Having in
that quarter everything to lose, and comparatively little to gain, the

Download pdf Security And Privacy In Communication Networks 9Th International Icst Conference Securecomm 2013 Sydney Nsw Australia September 25 28 2013 Revised Selected Papers 1St Edition Eirini Karapistoli ebook full chapter

Uploaded by

Copyright:

Available Formats

You might also like

Download pdf Security And Privacy In Communication Networks 9Th International Icst Conference Securecomm 2013 Sydney Nsw Australia September 25 28 2013 Revised Selected Papers 1St Edition Eirini Karapistoli ebook full chapter

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Download pdf Security And Privacy In Communication Networks 9Th International Icst Conference Securecomm 2013 Sydney Nsw Australia September 25 28 2013 Revised Selected Papers 1St Edition Eirini Karapistoli ebook full chapter

Uploaded by

Copyright:

Available Formats

Security and Privacy in Communication

Networks 9th International ICST

International Conference on Security and Privacy in

International Conference on Security and Privacy in

Mobile Networks and Management 5th International

Ad Hoc Networks 5th International ICST Conference

Graph Drawing 21st International Symposium GD 2013

Distributed Computer and Communication Networks 17th

Citizen in Sensor Networks Second International

Information and Communication Technologies in Education

Security and Privacy

Security and Privacy

ISSN 1867-8211 e-ISSN 1867-822X

Library of Congress Control Number: 2013956812

CR Subject Classification (1998): K.6.5, C.2, E.3, K.4.4, H.4, H.3

– Security and privacy in mobile, sensor, and ad hoc networks

– Mike Holm, Operations Manager, AusCERT (Computer Emergency Re-

– James Turner, Chair, AISA (Australian Information Security Association)

September 2013 Tanveer Zia

Technical Program Committee Chairs

Session I: Security &amp; Privacy in Mobile, Sensor,

Session II: Malware, Botnets, and Distributed Denial

Session III: Security for Emerging Technologies:

Session IV: Encryption and Key Management

An Eﬃcient Reconﬁgurable II-ONB Modular Multiplier . . . . . . . . . . . . . . . 169

Public-Key Encryption Resilient to Linear Related-Key Attacks . . . . . . . . 182

Session V: Security in Software and Machine Learning

Automatic Polymorphic Exploit Generation for Software

Session VI: Network and System Security Model

Salus: Non-hierarchical Memory Access Rights to Enforce the Principle

Scalable Security Model Generation and Analysis Using k -importance

Session VII: Security and Privacy in Pervasive and

An e-payment Architecture Ensuring a High Level of Privacy

Unveiling Privacy Setting Breaches in Online Social Networks . . . . . . . . . 323

ATIS 2013: 4th International Workshop on

Security Concerns and Remedy in a Cloud Based E-learning System . . . . 356

Ensuring Data Integrity by Anomaly Node Detection during Data

(k-n) Oblivious Transfer Using Fully Homomorphic Encryption

Detection of Android API Call Using Logging Mechanism within

Reversible Data Hiding Scheme Based on 3-Least Signiﬁcant Bits and

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419

Eirini Karapistoli and Anastasios A. Economides

Department of Information Systems,

Abstract. During the past decade, wireless sensor networks (WSNs)

Keywords: Wireless Sensor Networks, Beacon-enabled IEEE 802.15.4

3.2 Attacking the IEEE 802.15.4 MAC

Fig. 1. An IEEE 802.15.4 cluster tree network. (Source: [12]).

GTS deallocation request from a malicious node time

Fig. 2. A malicious node launching a GTS deallocation attack

Fig. 3. A malicious node stealing all 7 GTSs of the CFP period

Selective Forwarding and Black Hole Attacks. The communication ﬂow

4 Anomaly Detection in 802.15.4-Based WSNs

4.1 Assumptions of the Model

4.2 Detailed Algorithm Description

Phase 1: Cluster Formation. In the proposed algorithm, sensor nodes follow

Transmitted Received Transmitted

SF view from ‘Parent’ active

SF view ‘Parent’ active ‘Child’ active

Fig. 4. Periodic normal/guarding operation of the nodes inside a PAN

Session I: Security & Privacy in Mobile, Sensor,