@inproceedings{liu_ning_2012, title={BitTrickle: Defending against broadband and high-power reactive jamming attacks}, DOI={10.1109/infcom.2012.6195840}, abstractNote={Reactive jamming is not only cost effective, but also hard to track and remove due to its intermittent jamming behaviors. Frequency Hopping Spread Spectrum (FHSS) and Direct Sequence Spread Spectrum (DSSS) have been widely used to defend against jamming attacks. However, both will fail if the jammer jams all frequency channels or has high transmit power. In this paper, we propose BitTrickle, an anti-jamming wireless communication scheme that allows communication in the presence of a broadband and high power reactive jammer by exploiting the reaction time of the jammer. We develop a prototype of BitTrickle using the USRP platform running GNURadio. Our evaluation shows that when under powerful reactive jamming, BitTrickle still maintains communication, whereas other schemes such as 802.11 DSSS fail completely.}, booktitle={2012 Proceedings IEEE infocom}, author={Liu, Y. and Ning, P.}, year={2012}, pages={909–917} }
 @inproceedings{liu_ning_2012, title={Enhanced wireless channel authentication using time-synched link signature}, DOI={10.1109/infcom.2012.6195669}, abstractNote={Wireless link signature is a physical layer authentication mechanism, which uses the unique wireless channel characteristics between a transmitter and a receiver to provide authentication of wireless channels. A vulnerability of existing link signature schemes has been identified by introducing a new attack, called mimicry attack. To defend against the mimicry attack, we propose a novel construction for wireless link signature, called time-synched link signature, by integrating cryptographic protection and time factor into traditional wireless link signatures. We also evaluate the mimicry attacks and the time-synched link signature scheme on the USRP2 platform running GNURadio. The experimental results demonstrate the effectiveness of time-synched link signature.}, booktitle={2012 Proceedings IEEE infocom}, author={Liu, Y. and Ning, P.}, year={2012}, pages={2636–2640} }
 @inproceedings{natarajan_ning_liu_jajodia_hutchinson_2012, title={NSDMiner: Automated discovery of network service dependencies}, DOI={10.1109/infcom.2012.6195642}, abstractNote={Enterprise networks today host a wide variety of network services, which often depend on each other to provide and support network-based services and applications. Understanding such dependencies is essential for maintaining the well-being of an enterprise network and its applications, particularly in the presence of network attacks and failures. In a typical enterprise network, which is complex and dynamic in configuration, it is non-trivial to identify all these services and their dependencies. Several techniques have been developed to learn such dependencies automatically. However, they are either too complex to fine tune or cluttered with false positives and/or false negatives. In this paper, we propose a suite of novel techniques and develop a new tool named NSDMiner (which stands for Mining for Network Service Dependencies) to automatically discover the dependencies between network services from passively collected network traffic. NSDMiner is non-intrusive; it does not require any modification of existing software, or injection of network packets. More importantly, NSDMiner achieves higher accuracy than previous network-based approaches. Our experimental evaluation, which uses network traffic collected from our campus network, shows that NSDMiner outperforms the two best existing solutions significantly.}, booktitle={2012 Proceedings IEEE infocom}, author={Natarajan, A. and Ning, P. and Liu, Y. and Jajodia, S. and Hutchinson, S. E.}, year={2012}, pages={2507–2515} }
 @article{liu_ning_reiter_2011, title={False Data Injection Attacks against State Estimation in Electric Power Grids}, volume={14}, ISSN={["1557-7406"]}, DOI={10.1145/1952982.1952995}, abstractNote={
            A power grid is a complex system connecting electric power generators to consumers through power transmission and distribution networks across a large geographical area. System monitoring is necessary to ensure the reliable operation of power grids, and
            state estimation
            is used in system monitoring to best estimate the power grid state through analysis of meter measurements and power system models. Various techniques have been developed to detect and identify bad measurements, including
            interacting bad measurements
            introduced by
            arbitrary, nonrandom
            causes. At first glance, it seems that these techniques can also defeat malicious measurements injected by attackers.
          }, number={1}, journal={ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY}, author={Liu, Yao and Ning, Peng and Reiter, Michael K.}, year={2011}, month={May} }
 @article{liu_ning_dai_2010, title={Authenticating Primary Users' Signals in Cognitive Radio Networks via Integrated Cryptographic and Wireless Link Signatures}, ISSN={["1081-6011"]}, DOI={10.1109/sp.2010.24}, abstractNote={To address the increasing demand for wireless bandwidth, cognitive radio networks (CRNs) have been proposed to increase the efficiency of channel utilization; they enable the sharing of channels among secondary (unlicensed) and primary (licensed) users on a non-interference basis. A secondary user in a CRN should constantly monitor for the presence of a primary user's signal to avoid interfering with the primary user. However, to gain unfair share of radio channels, an attacker (e.g., a selfish secondary user) may mimic a primary user's signal to evict other secondary users. Therefore, a secure primary user detection method that can distinguish a primary user's signal from an attacker's signal is needed. A unique challenge in addressing this problem is that Federal Communications Commission (FCC) prohibits any modification to primary users. Consequently, existing cryptographic techniques cannot be used directly. In this paper, we develop a novel approach for authenticating primary users' signals in CRNs, which conforms to FCC's requirement. Our approach integrates cryptographic signatures and wireless link signatures (derived from physical radio channel characteristics) to enable primary user detection in the presence of attackers. Essential to our approach is a {\em helper node} placed physically close to a primary user. The helper node serves as a "bridge" to enable a secondary user to verify cryptographic signatures carried by the helper node's signals and then obtain the helper node's authentic link signatures to verify the primary user's signals. A key contribution in our paper is a novel physical layer authentication technique that enables the helper node to authenticate signals from its associated primary user. Unlike previous techniques for link signatures, our approach explores the geographical proximity of the helper node to the primary user, and thus does not require any training process.}, journal={2010 IEEE SYMPOSIUM ON SECURITY AND PRIVACY}, author={Liu, Yao and Ning, Peng and Dai, Huaiyu}, year={2010}, pages={286–301} }
 @inproceedings{liu_ning_dai_liu_2010, title={Randomized differential DSSS: Jamming-resistant wireless broadcast communication}, DOI={10.1109/infcom.2010.5462156}, abstractNote={Jamming resistance is crucial for applications where reliable wireless communication is required. Spread spectrum techniques such as Frequency Hopping Spread Spectrum (FHSS) and Direct Sequence Spread Spectrum (DSSS) have been used as countermeasures against jamming attacks. Traditional anti-jamming techniques require that senders and receivers share a secret key in order to communicate with each other. However, such a requirement prevents these techniques from being effective for anti-jamming broadcast communication, where a jammer may learn the shared key from a compromised or malicious receiver and disrupt the reception at normal receivers. In this paper, we propose a Randomized Differential DSSS (RD-DSSS) scheme to achieve anti-jamming broadcast communication without shared keys. RD-DSSS encodes each bit of data using the correlation of unpredictable spreading codes. Specifically, bit ``0'' is encoded using two different spreading codes, which have low correlation with each other, while bit ``1'' is encoded using two identical spreading codes, which have high correlation. To defeat reactive jamming attacks, RD-DSSS uses multiple spreading code sequences to spread each message and rearranges the spread output before transmitting it. Our theoretical analysis and simulation results show that RD-DSSS can effectively defeat jamming attacks for anti-jamming broadcast communication without shared keys.}, booktitle={2010 proceedings ieee infocom}, author={Liu, Y. and Ning, P. and Dai, H. Y. and Liu, A.}, year={2010} }
 @inproceedings{liu_ning_reiter_2009, title={False data injection attacks against state estimation in electric power grids}, DOI={10.1145/1653662.1653666}, abstractNote={A power grid is a complex system connecting electric power generators to consumers through power transmission and distribution networks across a large geographical area. System monitoring is necessary to ensure the reliable operation of power grids, and state estimation is used in system monitoring to best estimate the power grid state through analysis of meter measurements and power system models. Various techniques have been developed to detect and identify bad measurements, including the interacting bad measurements introduced by arbitrary, non-random causes. At first glance, it seems that these techniques can also defeat malicious measurements injected by attackers.
 In this paper, we present a new class of attacks, called false data injection attacks, against state estimation in electric power grids. We show that an attacker can exploit the configuration of a power system to launch such attacks to successfully introduce arbitrary errors into certain state variables while bypassing existing techniques for bad measurement detection. Moreover, we look at two realistic attack scenarios, in which the attacker is either constrained to some specific meters (due to the physical protection of the meters), or limited in the resources required to compromise meters. We show that the attacker can systematically and efficiently construct attack vectors in both scenarios, which can not only change the results of state estimation, but also modify the results in arbitrary ways. We demonstrate the success of these attacks through simulation using IEEE test systems. Our results indicate that security protection of the electric power grid must be revisited when there are potentially malicious attacks.}, booktitle={CCS'09: Proceedings of the 16th ACM Conference on Computer and Communications Security}, author={Liu, Y. and Ning, P. and Reiter, M. K.}, year={2009}, pages={21–32} }