Information Technology Reference
In-Depth Information
(and thus its cache is being poisoned), might poison its neighbour nodes by
forwarding the bogus packets. If the AIS excludes this kind of node from a sensor
network, it runs the risk of disabling the entire network. In this case, a more desirable
response could be to continue the delivery of genuine packets while stopping the
forwarding of bogus interest packets. This work focuses on making the second
response and hence regards interest packets as antigens. In future work we aim to add
further antigens to trigger the first type of response - identifying an attacker node.
5.4 The Ubiquitous Dendritic Cell Algorithm
Detailed description of the original DCA is presented in [7] and a simplified pseudo-
code of the ubiquitous DCA (UDCA) is shown in fig 4. UDCA is a variation of DCA
that is designed to detect 'Interest Cache Poisoning Attacks' on sensor networks.
UDCA has several properties that distinguish it from existing AIS. In the following
section, we address the key elements of UDCA that could be particularly beneficial in
detecting malicious activities in sensor networks, and their implementation in UDCA.
•
UDCA attempts to collect signals from
multiple
data sources: Although multiple
signals provide richer information to make a detection decision, they require
temporal calibration. Line 8-14 of fig. 4 shows that a DC continuously calculates a
new output cytokine with new signals and antigens collected at each DC maturing
cycle (DC_Mat_Cycle). New output cytokines are then added to previously
estimated ones until the CSM cytokine reaches a migration threshold. This allows
a DC to collect signals indicating a possibly identical status of context despite
being generated asynchronously. Hence, UDCA fine-tunes delays between
multiple signals using a CSM value update with migration threshold.
•
UDCA maps the context information delivered by signals with antigens in a
temporal
manner: antigens (interests) are gathered when signals are generated (see
Signal_Generator and Antigen_Extractor at fig. 4). Depending on the type of
signals, one or multiple antigens can be paired with a signal. For instance, in the
UDCA (for SIG_new in Antigen_Extractor at fig.4),
DS2
,
SS
and
PS
will be
paired with one interest packet triggering the signal generation. However, for
DS1
,
IC1
and
IC2,
all the interests that exist at an interest cache when these signals are
generated will be selected as antigens. In this case, the antigen extractor collects
antigens that are temporally close to signals since the signals are generated from
the changes at multiple entries of interest caches or an absence of matching benign
interest.
•
UDCA combines multiple signals to judge an antigen context status: the diverse
nature of signals contribute differently when judging an antigen context status.
Empirical data obtained from immunologists' experimental results
3
suggest the
weight values given in table 1. Equation (1) is a weighting function that
determines the output cytokine by combining four types of input signals. This
weighting function is used to handle a possible inconsistency existing between
various signals. A given antigen can be judged by different signals in a
3
These results were obtained by the research team led by Dr. Julie McLeod, Dr. Rachel Harry
and Charlotte Williams at University of West England.
