System and control engineering approaches to some network vulnerability problems

Security and performance optimization are two important issues in communication networks. This dissertation focus on two kinds of network attacks: Denial of Service (DoS) attacks in the Internet and energy-depletion attacks in wireless sensor networks. Defense strategies against them are given that can achieve a good balance between security and performance. DoS attacks are designed to prevent the targeted computer from responding to legitimate connections, and can cause great damage to the current Internet. To defend against DoS attacks, a feedback-control-based strategy is proposed, which consists of a queue-content-based local detection mechanism to detect potential attacks and feedback control mechanism using a node's queue content to control the sending rate of the upstream nodes. Simulation results are included to illustrate the effectiveness of the proposed strategy in detecting DoS attacks at an early stage and reducing the damage to a desired degree. In order to optimize the performance of a network while it is under a DoS attack, this dissertation uses a stochastic fluid model of the target node, and a stochastic gradient-based algorithm to do on-line optimization, in which perturbation analysis techniques are used to obtain the necessary gradient estimates for implementing such an algorithm. Simulation results show that this approach can optimize a network's performance while it is under attack. Next, energy-depletion attacks is investigated, which can easily drain the whole sensor network's main resource, i.e. energy, and eliminate the sensor network's ability to perform its function. In order to defend against such attacks and maximize the lifetime of a network, this dissertation adopts probabilistic routing and use an optimal control approach to control and optimize the network performance. It is proved that in a fixed topology case there exists an optimal policy consisting of time-invariant routing probabilities that may be obtained by solving a set of relatively simple non-linear programming problems. Numerical examples are included to contrast the maximum lifetime obtained from proposed strategy to that resulting from alternative routing policies that are commonly adopted. The routing policy proposed in this thesis provides a good balance between security and performance in a wireless sensor network.