Intrusion detection in mobile ad hoc networks

Sun, Bo

29 August 2005

Most existent protocols, applications and services for Mobile Ad Hoc NET-works (MANETs) assume a cooperative and friendly network environment and do not accommodate security. Therefore, Intrusion Detection Systems (IDSs), serving as the second line of defense for information systems, are indispensable for MANETs with high security requirements. Central to the research described in this dissertation is the proposed two-level nonoverlapping Zone-Based Intrusion Detection System (ZBIDS) which fit the unique requirement of MANETs. First, in the low-level of ZBIDS, I propose an intrusion detection agent model and present a Markov Chain based anomaly detection algorithm. Local and trusted communication activities such as routing table related features are periodically selected and formatted with minimum errors from raw data. A Markov Chain based normal profile is then constructed to capture the temporal dependency among network activities and accommodate the dynamic nature of raw data. A local detection model aggregating abnormal behaviors is constructed to reflect recent subject activities in order to achieve low false positive ratio and high detection ratio. A set of criteria to tune parameters is developed and the performance trade-off is discussed. Second, I present a nonoverlapping Zone-based framework to manage locally generated alerts from a wider area. An alert data model conformed to the Intrusion Detection Message Exchange Format (IDMEF) is presented to suit the needs of MANETs. Furthermore, an aggregation algorithm utilizing attribute similarity from alert messages is proposed to integrate security related information from a wider area. In this way, the gateway nodes of ZBIDS can reduce false positive ratio, improve detection ratio, and present more diagnostic information about the attack. Third, MANET IDSs need to consider mobility impact and adjust their behavior dynamically. I first demonstrate that nodes?? moving speed, a commonly used parameter in tuning IDS performance, is not an effective metric for the performance measurement of MANET IDSs. A new feature -link change rate -is then proposed as a unified metric for local MANET IDSs to adaptively select normal profiles . Different mobility models are utilized to evaluate the performance of the adaptive mechanisms.

Intrusion Detection

Mobile Ad Hoc Networks

Intrusion detection in mobile ad hoc networks

Sun, Bo

29 August 2005

Most existent protocols, applications and services for Mobile Ad Hoc NET-works (MANETs) assume a cooperative and friendly network environment and do not accommodate security. Therefore, Intrusion Detection Systems (IDSs), serving as the second line of defense for information systems, are indispensable for MANETs with high security requirements. Central to the research described in this dissertation is the proposed two-level nonoverlapping Zone-Based Intrusion Detection System (ZBIDS) which fit the unique requirement of MANETs. First, in the low-level of ZBIDS, I propose an intrusion detection agent model and present a Markov Chain based anomaly detection algorithm. Local and trusted communication activities such as routing table related features are periodically selected and formatted with minimum errors from raw data. A Markov Chain based normal profile is then constructed to capture the temporal dependency among network activities and accommodate the dynamic nature of raw data. A local detection model aggregating abnormal behaviors is constructed to reflect recent subject activities in order to achieve low false positive ratio and high detection ratio. A set of criteria to tune parameters is developed and the performance trade-off is discussed. Second, I present a nonoverlapping Zone-based framework to manage locally generated alerts from a wider area. An alert data model conformed to the Intrusion Detection Message Exchange Format (IDMEF) is presented to suit the needs of MANETs. Furthermore, an aggregation algorithm utilizing attribute similarity from alert messages is proposed to integrate security related information from a wider area. In this way, the gateway nodes of ZBIDS can reduce false positive ratio, improve detection ratio, and present more diagnostic information about the attack. Third, MANET IDSs need to consider mobility impact and adjust their behavior dynamically. I first demonstrate that nodes?? moving speed, a commonly used parameter in tuning IDS performance, is not an effective metric for the performance measurement of MANET IDSs. A new feature -link change rate -is then proposed as a unified metric for local MANET IDSs to adaptively select normal profiles . Different mobility models are utilized to evaluate the performance of the adaptive mechanisms.

Intrusion Detection

Mobile Ad Hoc Networks

Security management for mobile ad hoc network of networks (MANoN)

Al-Bayatti, Ali Hilal

January 2009

Mobile Ad hoc Network of Networks (MANoN) are a group of large autonomous wireless nodes communicating on a peer-to-peer basis in a heterogeneous environment with no pre-defined infrastructure. In fact, each node by itself is an ad hoc network with its own management. MANoNs are evolvable systems, which mean each ad hoc network has the ability to perform separately under its own policies and management without affecting the main system; therefore, new ad hoc networks can emerge and disconnect from the MANoN without conflicting with the policies of other networks. The unique characteristics of MANoN makes such networks highly vulnerable to security attacks compared with wired networks or even normal mobile ad hoc networks. This thesis presents a novel security-management system based upon the Recommendation ITU-T M.3400, which is used to evaluate, report on the behaviour of our MANoN and then support complex services our system might need to accomplish. Our security management will concentrate on three essential components: Security Administration, Prevention and Detection and Containment and Recovery. In any system, providing one of those components is a problem; consequently, dealing with an infrastructure-less MANoN will be a dilemma, yet we approached each set group of these essentials independently, providing unusual solutions for each one of them but concentrating mainly on the prevention and detection category. The contributions of this research are threefold. First, we defined MANoN Security Architecture based upon the ITU-T Recommendations: X.800 and X.805. This security architecture provides a comprehensive, end-to-end security solution for MANoN that could be applied to every wireless network that satisfies a similar scenario, using such networks in order to predict, detect and correct security vulnerabilities. The security architecture identifies the security requirements needed, their objectives and the means by which they could be applied to every part of the MANoN, taking into consideration the different security attacks it could face. Second, realising the prevention component by implementing some of the security requirements identified in the Security Architecture, such as authentication, authorisation, availability, data confidentiality, data integrity and non-repudiation has been proposed by means of defining a novel Security Access Control Mechanism based on Threshold Cryptography Digital Certificates in MANoN. Network Simulator (NS-2) is a real network environment simulator, which is used to test the performance of the proposed security mechanism and demonstrate its effectiveness. Our ACM-MANoN results provide a fully distributed security protocol that provides a high level of secure, available, scalable, flexible and efficient management services for MANoN. The third contribution is realising the detection component, which is represented by providing a Behavioural Detection Mechanism based on nodes behavioural observation engaged with policies. This behaviour mechanism will be used to detect malicious nodes acting to bring the system down. This approach has been validated using an attacks case study in an unknown military environment to cope with misbehaving nodes.

004.6

Efficient Routing in Wireless Ad Hoc Networks

Huang, Huilong

January 2008

Routing is the fundamental problem for Wireless Ad hoc networks, including Wireless Mobile Ad hoc networks (MANETs) and Wireless Sensor networks (WSNs). Although the problem has been extensively studied in the past decade, the existing solutions have deficiencies in one or more aspects including efficiency, scalability, robustness, complexity, etc.This dissertation proposes several new solutions for routing in WSNs and MANETs. Spiral is a data-centric routing algorithm for short-term communication in unstructured static WSNs. Spiral is a biased walk that visits nodes near the source before more distant nodes. This results in a spiral-like search path that is not only more likely to find a closer copy of the desired data than random walk, but is also able to compute a shorter route because the network around the source is more thoroughly explored. Compared with existing flooding and random walk approaches, Spiral has a lower search cost than flooding and returns better routes than random walk.Closest Neighbor First Search (CNFS) is a query processing algorithm for mobile wireless sensor networks. It is also walk-based and biased to visit nodes close to the source first. Different from Spiral, CNFS collects topology information as the search progresses. The topology information is used to compute the shortest return path for the query result and to tolerate the network topology changes caused by node mobility, which could otherwise cause the query to fail. CNFS requires fewer messages to process a query than flooding-based algorithms, while tolerating node mobility better than random walk-based algorithms.Address Aggregation-based Routing (AAR) is a novel routing protocol designed for MANETs. It reactively performs route discovery, but proactively maintains an index hierarchy called a Route Discovery DAG (RDD) to make route discovery efficient. The RDD contains aggregated node address information, requiring fewer packets for route discovery than the flooding used in existing protocols, while handling mobility better than pre-computing routes to all nodes. Compared with some existing popular protocols, AAR shows better performance in delivery rate, message overhead, latency and scalability.

Wireless Sensor Networks

Mobile Ad Hoc Networks

Routing

Constructive relay based cooperative routing in mobile ad hoc networks

Bai, Jingwen

January 2016

Mobile Ad hoc networks (MANETs) are flexible networks that transmit packets node-by-node along a route connecting a given source and destination. Frequent link breaks (due to node mobility) and quick exhaustion of energy (due to limited battery capacity) are two major problems impacting on the flexibility of MANETs. Cooperative communication is a key concept for improving the system lifetime and robustness and has attracted considerable attention. As a result, there is much published research concerning how to utilize cooperative communication in a MANET context. In the past few years, most cooperative technologies have focused on lower layer enhancements, such as with the Physical Layer and MAC Layer, and have become very mature. At the Network Layer, although some research has been proposed, issues still remain such as the lack of a systematically designed cooperative routing scheme (including route discovery, route reply, route enhancement and cooperative data forwarding), the use of cooperative communication for mobility resilience, and route selection (jointly considering the energy consumption, energy harvesting potential and link break probability). Driven by the above concerns, a novel Constructive Relay based CooPerative Routing (CRCPR) protocol based on a cross-layer design is proposed in this thesis. In CRCPR, we fi rst modify the traditional hello message format to carry some additional neighbour information. Based on this information, a key aspect of this protocol is to construct one or more small rhombus topologies within the MANET structure, which are stored and maintained in a COoPerative (COP) Table and Relay Table. Next, the route request procedure is re-designed to improve resilience to node mobility with a scheme called Last hop Replacement. Finally, assuming nodes are mostly battery-powered, destination node based route-decision criteria are explored that can consider energy consumption, energy harvesting and link break probability to determine an appropriate route across the MANET. As the hello message format is modi ed to carry additional information, the control overhead is increased. However, in order to improve the control message eficiency, a new generalised hello message broadcasting scheme entitled Adjust Classi ed Hello Scheme is developed, which can be deployed onto every routing protocol employing a hello mechanism. As well as designing a new routing protocol for MANETs, including route discovery, route selection, route reply, route maintenance, route enhancement and cooperative data forwarding, the proposed scheme is implemented within an Opnetbased simulation environment and evaluated under a variety of realistic conditions. The results con rm that CRCPR improves mobility resilience, saves energy via cooperative communication and reduces the control overhead associated with the hello message mechanism.

A Framework for Peer-to-Peer Computing in Mobile Ad Hoc Networks

Mawji, Afzal

02 February 2010

Peer-to-peer (P2P) applications are enormously popular on the Internet. Their uses vary from file sharing to Voice-over-IP to gaming and more. Increasingly, users are moving toward wireless networked devices and wish to continue using P2P applications in these new environments. A mobile ad hoc network (MANET) is an infrastructureless network which allows users to dynamically form a mobile, wireless network. Though P2P and MANETs share some similarities, such as self-organization, dynamism, and resilience to failure, it is necessary to create new P2P algorithms that take advantage of the realities of MANETs. These algorithms must account for the numerous challenges found in these networks, including node mobility, resource constrained nodes, and the necessity of fully distributed algorithms. In this thesis, we propose a framework for mobile P2P computing in MANETs (P2P-MANETs). Our proposal includes the following components. First, nodes must be able to locate and join the P2P overlay. We therefore propose a fully distributed bootstrapping algorithm in which nodes multicast join requests and cache responses. Next, the overlay peers must form a topology of connections between themselves. We propose a fully distributed topology control heuristic which supports the dynamic nature of the P2P-MANET. It is important that peers contribute to the network by sharing their resources and forwarding traffic for others. We therefore propose a dynamically priced incentive scheme which rewards users for contributing to the network. We also propose a path selection algorithm to allow peers to select how many parts of a file to download from which servers and which paths to satisfy the user's preference for download time and cost. Finally, we propose a content distribution system that allows users to download large files through the use of network coding and multicasting. Each of these components is the first proposed for its respective place in a P2P-MANET architecture. Simulation results show that each of the proposed components achieves the goals set out for it and outperforms the comparison schemes. The results also show that the overlay topology and path selection heuristics provide good approximations compared to the optimal solutions. / Thesis (Ph.D, Computing) -- Queen's University, 2010-01-27 12:16:25.352

peer-to-peer computing

mobile ad hoc networks

Multiple criteria decision analysis in autonomous computing: a study on independent and coordinated self-management.

Yazir, Yagiz Onat

26 August 2011

In this dissertation, we focus on the problem of self-management in distributed systems. In this context, we propose a new methodology for reactive self-management based on multiple criteria decision analysis (MCDA). The general structure of the proposed methodology is extracted from the commonalities of the former well-established approaches that are applied in other problem domains. The main novelty of this work, however, lies in the usage of MCDA during the reaction processes in the context of the two problems that the proposed methodology is applied to. In order to provide a detailed analysis and assessment of this new approach, we have used the proposed methodology to design distributed autonomous agents that can provide self-management in two outstanding problems. These two problems also represent the two distinct ways in which the methodology can be applied to self-management problems. These two cases are: 1) independent self management, and 2) coordinated self-management. In the simulation case study regarding independent self-management, the methodology is used to design and implement a distributed resource consolidation manager for clouds, called IMPROMPTU. In IMPROMPTU, each autonomous agent is attached to a unique physical machine in the cloud, where it manages resource consolidation independently from the rest of the autonomous agents. On the other hand, the simulation case study regarding coordinated self-management focuses on the problem of adaptive routing in mobile ad hoc networks (MANET). The resulting system carries out adaptation through autonomous agents that are attached to each MANET node in a coordinated manner. In this context, each autonomous node agent expresses its opinion in the form of a decision regarding which routing algorithm should be used given the perceived conditions. The opinions are aggregated through coordination in order to produce a final decision that is to be shared by every node in the MANET. Although MCDA has been previously considered within the context of artificial intelligence---particularly with respect to algorithms and frameworks that represent different requirements for MCDA problems, to the best of our knowledge, this dissertation outlines a work where MCDA is applied for the first time in the domain of these two problems that are represented as simulation case studies. / Graduate

Multiple Criteria Decision Analysis

Mobile Ad Hoc Networks

Cloud Computing

Mobility-based Candidate Selection and Coordination in Opportunistic Routing for Mobile Ad-Hoc Networks

Tahooni, Mohammad

January 2014

Opportunistic Routing (OR) is an effective and enhanced routing scheme for wireless multihop environment. OR is an approach that selects a certain number of best forwarders (candidates) at each hop by taking the advantage of the broadcast nature of the wireless medium to reach the destination. When a set of candidates receive the packet, they coordinate with each other to figure out which one has to forward the packet toward the destination. Most of the research in this area has been done in mesh networks where nodes do not have mobility. In this survey, we propose a new OR protocol for mobile ad hoc scenarios called as Enhanced Mobility-based Opportunistic Routing (EMOR) protocol. To deal with the node mobility, we have proposed a new metric which considers the following: geographical position of the candidates; the link delivery probability to reach them; the number of neighboring nodes of candidates; and the predicted position of nodes using the motion vector of the nodes. We have compared EMOR with five other well-known routing protocols in terms of delivery ratio, end-to-end delay, and expected number of transmissions from source to the destination. Our simulation results show that proposed protocol improves delivery ratio and number of expected transmission in terms of different type of mobility models.

Opportunistic routing

Mobile ad hoc networks

Candidate selection

Candidate coordination

Achieving quality of service in mobile ad hoc networks containing packet forwarding attackers

Mcnerney, Peter Joseph John

January 2013

In future, Mobile Ad Hoc Networks (MANETs) may provide access to services in the Internet. MANETs should therefore support diverse applications and data types. This introduces a need for quality of service (QoS), a process of discriminating different data types to provide them with an appropriate level of service. However, QoS can be affected by nodes performing packet forwarding attacks. A critical analysis of the related literature shows that research into QoS and security has typically proceeded independently. However, QoS and security should be considered together as attacks may adversely affect QoS. A simulation study demonstrates this by investigating two single-path packet forwarding approaches under a range of conditions. The study shows that using single-path packet forwarding in the presence of attackers is generally insufficient to support QoS.Based on this background research, a novel 2-Dimensional Adaptation ARChitecture (2-DAARC) and a Priority-based Multi-path Type Selection (PMTS) algorithm are proposed. 2-DAARC integrates two modes of adaptation. The single-path adaptation (SPA) mode uses adaptive bandwidth reservations over a single path for QoS in the presence of node mobility. The multi-path adaptation (MPA) mode uses duplicated data packet transmissions over multiple paths for QoS in the presence of packet forwarding attackers. Adaptation occurs within and between modes to optimize priority packet forwarding in the dynamic MANET environment. The MPA mode uses the PMTS algorithm to select a secondary path which is maximally-disjoint with the primary path. This aims to select a path which may enhance reliability whilst keeping the costs of path selection low. Simulating 2-DAARC shows that under light loads it achieves better QoS than related work, but with a higher control packet overhead. Simulating PMTS shows that under light loads it achieves packet deliveries which are at best as good as a related approach, with lower end-to-end delays and control packet overhead. A novel Congestion and ATtack (CAT) detection mechanism is proposed to improve the performance of 2-DAARC in heavily loaded networks. CAT detection differentiates the causes of packet loss so that adaptation can be better tailored to the network conditions. Without CAT detection, 2-DAARC uses the MPA mode in congested conditions, and this worsens QoS. Simulating 2-DAARC with CAT detection shows that it generally achieves packet deliveries which are greater than or similar to, and end-to-end delays which are less than or similar to related work, and it does so with a lower control packet overhead.

004.6

Load Balancing, Queueing and Scheduling Mechanisms in Mobile Ad Hoc Networks

Joshi, Avinash

08 November 2001

No description available.

Computer Science

Mobile Ad Hoc Networks

dropping policies

scheduling policies