Information Technology Reference
In-Depth Information
•
UDCA employs a population of DCs to determine the final antigen context status:
as shown DC_Analyser procedure of UDCA in fig. 4, the context status of each
antigen is determined by the collective decisions of multiple DCs'. Each DC
samples antigens and its migration threshold values are set differently (see line 2-3
of fig.4). These allow each DC to judge the context of one antigen differently and
the final decision on a given antigen is therefore made from the aggregations from
multiple DCs.
•
UDCA does not employ a pattern matching based detection: UDCA concentrates
on identifying bogus interest packets and filtering them out. This is another
different trait from other existing AISs, which usually employ pattern matching to
detect an on-going attack. UDCA detects an attack by examining how much a
given node is misbehaving via generated signals. It then collects data (=antigens)
for the next AIS algorithm to perform a pattern matching detection, which is
required to produce responses. In responding, an AIS needs to react to a malicious
antigen before it damages a monitored system and causes generations of signals. It
is necessary for an artificial immune responder to have a pattern matching based
detection. Therefore, UDCA plays the role of the innate immune system that
presents the context information with matching antigens to the adaptive immune
system [3], [15].
6 Conclusion
This work introduces the concept of sensor networks as a new application area for
AIS research and argues that some AIS features are inherent in sensor networks. We
illustrate how closely a Danger Theory based AIS, in particular the dendritic cell
algorithm (DCA), matches the structure and functional requirements of sensor
networks. This work also introduces a new sensor network attack called an interest
cache poisoning attack and discusses how the DCA can be applied to detect an
interest cache poisoning attack.
Currently we have implemented a number of different versions of an interest cache
poisoning attacks by varying the bogus packet sending rates, the number of sink node
interest subscriptions and the location of an attacker. In addition, various types of
signals introduced in this paper have been being generated. The attacks and the signal
generator have been being implemented under a network simulator, J-Sim (
www.j-
sim.org
) and TOSSIM (
www.cs.berkeley.edu/~pal/research/tossim.html
). As
discussed in this paper, UDCA appears to be an attractive solution to filter out bogus
packets but the more detailed features of UDCA need to be further investigated. In
future work, we aim to thoroughly study the appropriateness of a weight function
used, the sensitivity analysis of various parameters, and the efficiency required to be
used in a limited environment like a sensor node.
Acknowledgments
This project is supported by the EPSRC (GR/S47809/01).
