Chundong Wang

Bio: Chundong Wang is an academic researcher from Tianjin University of Technology. The author has contributed to research in topics: Routing protocol & Wireless network. The author has an hindex of 5, co-authored 15 publications receiving 130 citations.

A Distributed Anomaly Detection System for In-Vehicle Network Using HTM

Abstract: With the development of 5G and Internet of Vehicles technology, the possibility of remote wireless attack on an in-vehicle network has been proven by security researchers. Anomaly detection technology can effectively alleviate the security threat, as the first line of security defense. Based on this, this paper proposes a distributed anomaly detection system using hierarchical temporal memory (HTM) to enhance the security of a vehicular controller area network bus. The HTM model can predict the flow data in real time, which depends on the state of the previous learning. In addition, we improved the abnormal score mechanism to evaluate the prediction. We manually synthesized field modification and replay attack in data field. Compared with recurrent neural networks and hidden Markov model detection models, the results show that the distributed anomaly detection system based on HTM networks achieves better performance in the area under receiver operating characteristic curve score, precision, and recall.

Accurate Sybil attack detection based on fine-grained physical channel information

Abstract: With the development of the Internet-of-Things (IoT), wireless network security has more and more attention paid to it. The Sybil attack is one of the famous wireless attacks that can forge wireless devices to steal information from clients. These forged devices may constantly attack target access points to crush the wireless network. In this paper, we propose a novel Sybil attack detection based on Channel State Information (CSI). This detection algorithm can tell whether the static devices are Sybil attackers by combining a self-adaptive multiple signal classification algorithm with the Received Signal Strength Indicator (RSSI). Moreover, we develop a novel tracing scheme to cluster the channel characteristics of mobile devices and detect dynamic attackers that change their channel characteristics in an error area. Finally, we experiment on mobile and commercial WiFi devices. Our algorithm can effectively distinguish the Sybil devices. The experimental results show that our Sybil attack detection system achieves high accuracy for both static and dynamic scenarios. Therefore, combining the phase and similarity of channel features, the multi-dimensional analysis of CSI can effectively detect Sybil nodes and improve the security of wireless networks.

Quick and Accurate Android Malware Detection Based on Sensitive APIs

Abstract: With the rapid development of Android applications in recent years, the Android applications' security has more and more attention paid to it. The Android malware detection can be divided into two types: behavior-based malware detection and code-based malware detection. In this paper, we present a behavior-based quick and accurate Android malicious detection scheme based on sensitive API calls. In the training process, the API calls of various applications are extracted as a large eigenvector through the reverse analysis. Then we employ the mutual information to measure the correlation between specific API calls and malware, and generate a set of sensitive API calls. In the scanning process, an ensemble learning model based on decision tree classifier and kNN classifier is used to detect unknown APKs quickly and accurately. We construct massive experiments, including 516 benign applications and 528 malicious applications. The experimental results demonstrate that the accuracy of our scheme can be up to 92%, and the precision is up to 93%.

Fine-grained Trust-based Routing Algorithm for Wireless Sensor Networks

Abstract: The trust routing protocol is an important way to solve the security of wireless sensor networks In previous work, nodes’ trust evaluation granularity is coarse, and routing trust evaluation model is relatively insufficient In this paper, we propose a high-reliability trust evaluation model for secure routing based on combination inside states of a node with outside interaction behaviors between nodes Firstly, we leverage a Markov chain prediction model with inside four states to assess trust degree of a routing node The abnormal node could be found through changes of node power, traffic, response time and network delay However, a compromised routing node self can change its inside states, so we explore the interaction behaviors between nodes to find abnormal nodes and use an improved Bayesian model to calculate the trust degree of nodes Finally, this paper proposes a novel trust routing working principle based on a fine-grained trust model NS2 (Network Simulator version 2) results show that our routing trust evaluation scheme can effectively identify the abnormal and malicious nodes, and reduce the harm caused by malicious nodes to wireless sensor networks

Channel state information-based detection of Sybil attacks in wireless networks

Abstract: Single authentication mechanisms and broadcast characteristics of wireless networks make the Access Point (AP) vulnerable to spoofing attacks and Sybil attacks. However, Sybil attacks seriously affect network performance. Sybil nodes act with different identity, and prevent the normal clients from transmission. In this paper, a self-adaptive MUSIC algorithm is proposed, which improves the accuracy of the angle of the indoor wireless device by eliminating the phase offset in channel state information (CSI), and designs different types’ detection algorithm of Sybil attacks and spoofing attacks based on different Sybil attack models. And we experiment on mobile and commercial WiFi devices. The average detection error of angle is below 6.3°. After combining analysis of received signal strength indicator (RSSI), our detection algorithm can effectively detect whether the nodes launched by Sybil attacks, and the identity of other clients disguised by spoofing attacks. According to the experimental results, the scheme can distinguish the Sybil clients and the normal clients accurately, and the average success rate of the Sybil attack detection system is 98.5%.

From RSSI to CSI: Indoor Localization via Channel Response, A survey on indoor localization using PHY-layer information

Abstract: The spatial features of emitted wireless signals are the basis of location distinction and determination for wireless indoor localization. Available in mainstream wireless signal measurements, the Received Signal Strength Indicator (RSSI) has been adopted in vast indoor localization systems. However, it suffers from dramatic performance degradation in complex situations due to multipath fading and temporal dynamics. Break-through techniques resort to finer-grained wireless channel measurement than RSSI. Different from RSSI, the PHY layer power feature, channel response, is able to discriminate multipath characteristics, and thus holds the potential for the convergence of accurate and pervasive indoor localization. Channel State Information (CSI, reflecting channel response in 802.11 a/g/n) has attracted many research efforts and some pioneer works have demonstrated submeter or even centimeter-level accuracy. In this article, we survey this new trend of channel response in localization. The differences between CSI and RSSI are highlighted with respect to network layering, time resolution, frequency resolution, stability, and accessibility. Furthermore, we investigate a large body of recent works and classify them overall into three categories according to how to use CSI. For each category, we emphasize the basic principles and address future directions of research in this new and largely open area.

A Survey of Intrusion Detection for In-Vehicle Networks

Abstract: The development of the complexity and connectivity of modern automobiles has caused a massive rise in the security risks of in-vehicle networks (IVNs). Nevertheless, existing IVN designs (e.g., controller area network) lack cybersecurity consideration. Intrusion detection, an effective method for defending against cyberattacks on IVNs while providing functional safety and real-time communication guarantees, aims to address this issue. Therefore, the necessity of its research has risen. In this paper, an IVN environment is introduced, and the constraints and characteristics of an intrusion detection system (IDS) design for IVNs are presented. A survey of the proposed IDS designs for the IVNs is conducted, and the corresponding drawbacks are highlighted. Various optimization objectives are considered and comprehensively compared. Lastly, the trend, open issues, and emerging research directions are described.