Information Technology Reference
In-Depth Information
Signal. For this purpose, the failure of requested data delivery would cause the sink
node to generate a
PS
signal. Unlike other signals, that are just generated locally and
not forwarded to other nodes, the
PS
is forwarded to other nodes. In order to transport
the
PS
signal, a re-sent interest packet is used, with concentration of 1.0.
•
IC1
- Generated from the changes in gradient directions
This process aims to detect the onset of an attack through analysing the change in the
gradient directions. Relative change in the number of gradients per neighbour
indicates the addition or removal of paths to a data source by that neighbour and
consequently the number of paths that go through the given neighbour. The normal
behaviour of Directed Diffusion is such that if the majority of the maintained
gradients point to a given neighbour, a node would expect that neighbour to be closer
to the sink node than the other entities in the cache. This is because the only process
that should result in an increase in the frequency of gradients to a given neighbour is
the consequence of reinforcements applied to paths through that neighbour. In our
analogy, inflammatory cytokine (IC) amplifies the effects of the other three types of
signals but it alone is not sufficient to cause the maturation of a DC.
IC1
signals are
generated by identifying bursts in the frequency of gradients to given neighbours. The
concentration of
IC1
signals represents the magnitude of the changes. Though
IC1
alone is not strong enough to indicate an attack, i.e. it could be the result of a normal
topology change; it still indicates a disturbance that should be noted. It therefore
represents an
IC
and not a
DS
.
•
IC2
- Generated from data without matching interest cache entry
The reception of a data packet that cannot be matched to an interest in the cache can
be used as an indicator of a problem. Though this does not necessarily indicate the
presence of an attack, for example as the result of different interest expiration times, it
still identifies anomalous situations. The concentration of
IC2
is 1.0.
5.3 Antigens
From the view point of Danger Theory, antigens together with signals trigger immune
responses. Antigens can originate from pathogens, the self or foreign cells. Immune
cells attempt to bind antigens presented by semi-mature or mature DCs. When the
receptors of immune cells bind to antigens passed by mature DCs, the immune cells
become activated and later respond to new antigens binding to their receptors, i.e.
killing antigens. In contrast, when the receptors of immune cells bind to antigens
presented by semi-mature DCs, the immune cells become suppressed and later do not
respond to new antigens binding to the receptors
2
.
Likewise, the receptors of immune cells are used to find targets (antigens) of their
immune responses. The AIS proposed in this work is required to have two types of
responses. The first response is to identify an attacker node where a fabricated interest
packet is created and sent out, and then to exclude this node from a sensor network.
The second response is to identify bogus interest packets and then to stop forwarding
them. For an interest cache poisoning attack, a node that is receiving bogus packets
2
Or the receptors of immune cells binding antigens presented by semi-mature DCs will bind to
the receptors of other immune cells and suppress the responses released by these other
immune cells. Regulatory T cells are such immune cells.
