Intrusion Identification For Mobile Ad Hoc Networks

Sahoo, Chandramani

03 1900

A Mobile Ad Hoc Network (MANETs) is a collection of wireless hosts that can be rapidly deployed as a multi hop packet radio network without the aid of any established infrastructure or centralized administration. Such networks can be used to enable next generation of battlefield applications envisioned by the military, including situation awareness systems for maneuvering war fighters, and remotely deployed unmanned microsensor networks. Ad Hoc networks can also provide solutions for civilian applications such as disaster recovery and message exchanges among safety and security personnel involved in rescue missions. Existing solutions for wired network Intrusion Detection Systems (IDSs) do not suit wireless Ad Hoc networks. To utilize either misuse detection or anomaly detection to monitor any possible compromises, the IDS must be able to distinguish normal from anomaly activities. To enable intrusion detection in wireless Ad Hoc networks, the research problems are: • How to efficiently collect normal and anomaly patterns of Ad Hoc networks? The lifetime of the hosts is short and Ad Hoc networks do not have traffic concentration points (router, switch). • How to detect anomalies? The loss could be caused by host movement instead of attacks. Unexpectedly long delay could be caused by unreliable channel instead of malicious discard. In this thesis, we have proposed a novel architecture that uses specification based intrusion detection techniques to detect active attacks against the routing protocols of mobile Ad Hoc networks. Our work analyzes some of the vulnerabilities and discuss the attacks against the AODV protocol. Our approach involves the use of an FSM (Finite State Machine) for specifying the AODV routing behavior and the distributed network monitors for detecting the sequence number attack. Our method can detect most of the bad nodes with low false positive rate and the packet delivery ratio can also be increased with high detection rate. For packet dropping attack, we present a distributed technique to detect this attack in wireless Ad Hoc networks. A bad node can forward packets but in fact it fails to do so. In our technique, every node in the network will check the neighboring nodes to detect if any of them fail to forward the packets. Our technique can detect most of the bad nodes with low false positive rate and the packet delivery ratio can also be increased. The proposed solution can be applied to identify multiple malicious nodes cooperating with each other in MANETs and discover secure routes from source to destination by avoiding malicious nodes acting in cooperation. Our technique will detect the sequence number and Packet Dropping attacks in real time within its radio range with no extra overhead. For resource consumption attack, the proposed scheme incurs no extra overhead, as it makes minimal modifications to the existing data structures and functions related to bad listing a node in the existing version of pure AODV. The proposed scheme is more efficient in terms of the resultant routes established, resource reservations, and computational complexity. If multiple malicious nodes collaborate, they in turn will be restricted and isolated by their neighbors, because they monitor and exercise control over forwarding RREQs by nodes. Hence, the scheme successfully prevents Distributed attacks. The proposed scheme shifts the responsibility of monitoring this parameter to the node's neighbor, ensuring compliance of this restriction. This technique solves all of the problems caused due to unnecessary RREQs from a compromised node. Instead of self-control, the control exercised by a node's neighbor results in preventing this attack. Experiments show that the tool provides effective intrusion detection functionality while using only a limited amount of resources. The loop freedom property has been reduced to an invariant on pairs of nodes. Each node decides & transmits its decision to a control center. Robustness to Threats, Robustness to nodes destruction: Loss of Performance (in terms of ratio) is least for Distributed Option and highest for Centralized Option and Robustness to observations deletion. All the proposed schemes were analyzed and tested under different topologies and conditions with varying number of nodes .The proposed algorithms for improving the robustness of the wireless Ad Hoc networks using AODV protocol against Packet Dropping Attack, Sequence Number attack and resource consumption attack have been simulated for an illustrative network of about 30 nodes. Our experiments have shown that the pattern extracted through simulation can be used to detect attacks effectively. The patterns could also be applied to detect similar attacks on other protocols.

Cellular Telephone

Mobile Communication Networks

Intrusion (Communication)

Routing Protocols

Routing (Computer Networks)

Network Security

Wireless Ad Hoc Networks

Mobile Ad Hoc Networks (MANETs)

Intrusion Detection

Ad Hoc On-Demand Distance Vector (AODV)

Intrusion Detection Systems (IDSs)

Intrusion Identification

Communication Engineering

Une solution pour l'établissement non planifié de groupes sécurisés permettant des communications sûre dans les réseaux MANets purs

Atallah, Eve

04 September 2008

Le travail présenté dans cette thèse porte sur les réseaux MANets sans centralisation ni administration dans lesquels les utilisateurs sont mobiles et non nécessairement liés entre eux par une organisation humaine. Notre contribution consiste en une architecture totalement décentralisée permettant de sécuriser les échanges au sein de tels réseaux. Sa concrétisation, l'application SManet, repose sur un module administrateur embarqué sur carte à puce chargé de tâches habituellement réalisées par une entité centralisée. Chaque dispositif utilisateur possède une carte équipée de ce module qui procède à toutes les opérations de contrôle assurant le bon comportement de son hôte et la sécurité des communications avec les autres possesseurs d'une carte. Cette solution permet de mettre en place des échanges sûrs, n'importe où, n'importe quand, sans aucune planification et donc sans aucune oraganisation humaine préalable sous-jacente.

[INFO:INFO_OH] Computer Science/Other

[INFO:INFO_OH] Informatique/Autre

MANets

Gestion des identités

Groupes sécurisés

Cartes à puce

Auto-administration

Spontanéité

Auto-organisation

An Efficient Network Management System using Agents for MANETs

Channappagoudar, Mallikarjun B

January 2017

Network management plays a vital role to keep a network and its application work e ciently. The network management in MANETs is a crucial and the challenging task, as these networks are characterized by dynamic environment and the scarcity of resources. There are various existing approaches for network management in MANETs. The Ad hoc Network Management Protocol (ANMP) has been one of the rst e orts and introduced an SNMP-based solution for MANETs. An alternative SNMP-based solu-tion is proposed by GUERRILLA Management Architecture (GMA). Due to self-organizing characteristic feature of MANETs, the management task has to be distributed. Policy-based network management relatively o ers this feature, by executing and applying policies pre-viously de ned by network manager. Otherwise, the complexity of realization and control becomes di cult Most of the works address the current status of the MANET to take the network man-agement decisions. Currently, MANETs addresses the dynamic and intelligent decisions by considering the present situation and all related history information of nodes into consid-eration. In this connection we have proposed a network management system using agents (NMSA) for MANETs, resolving major issues like, node monitoring, location management, resource management and QoS management. Solutions to these issues are discussed as inde-pendent protocols, and are nally combined into a single network management system, i.e., NMSA. Agents are autonomous, problem-solving computational entities capable of performing e ective operation in dynamic environments. Agents have cooperation, intelligence, and mobility characteristics as advantages. The agent platforms provide the di erent services to agents, like execution, mobility, communication, security, tracking, persistence and directory etc. The platform execution environment allows the agents to run, and mobility service allows them to travel among the di erent execution environments. The entire management task will be delegated to agents, which then executes the management logic in a distributed and autonomous fashion. In our work we used the static and mobile agents to nd some solutions to the management issues in a MANET. We have proposed a node monitoring protocol for MANETs, which uses both static agent (SA) and mobile agents (MA), to monitor the nodes status in the network. It monitors the gradational energy loss, bu er, bandwidth, and the mobility of nodes running with low to high load of mobile applications. Protocol assumes the MANET is divided into zones and sectors. The functioning of the protocol is divided into two segments, The NMP main segment, which runs at the chosen resource rich node (RRN) at the center of a MANET, makes use of SA which resides at same RRN, and the NMP subsegment which runs in the migrated MAs at the other nodes. Initially SA creates MAs and dispatches one MA to each zone, in order to monitor health conditions and mobility of nodes of the network. MAs carrying NMP subsegment migrates into the sector of a respective zone, and monitors the resources such as bandwidth, bu er, energy level and mobility of nodes. After collecting the nodes information and before moving to next sector they transfer collected information to SA respectively. SA in turn coordinates with other modules to analyze the nodes status information. We have validated the protocol by performing the conformance testing of the proposed node monitoring protocol (NMP) for MANETs. We used SDL to obtain MSCs, that repre-sents the scenario descriptions by sequence diagrams, which in turn generate test cases and test sequences. Then TTCN-3 is used to execute the test cases with respect to generated test sequences to know the conformance of protocol against the given speci cation. We have proposed a location management protocol for locating the nodes of a MANET, to maintain uninterrupted high-quality service for distributed applications by intelligently anticipating the change of location of its nodes by chosen neighborhood nodes. The LMP main segment of the protocol, which runs at the chosen RRN located at the center of a MANET, uses SA to coordinate with other modules and MA to predict the nodes with abrupt movement, and does the replacement with the chosen nodes nearby which have less mobility. We have proposed a resource management protocol for MANETs, The protocol makes use of SA and MA for fair allocation of resources among the nodes of a MANET. The RMP main segment of the protocol, which runs at the chosen RRN located at the center of a MANET, uses SA to coordinate with other modules and MA to allocate the resources among the nodes running di erent applications based on priority. The protocol does the distribution and parallelism of message propagation (mobile agent with information) in an e cient way in order to minimize the number of message passing with reduction in usage of network resources and improving the scalability of the network. We have proposed a QoS management protocol for MANETs, The QMP main segment of the protocol, which runs at the chosen RRN located at the center of a MANET, uses SA to coordinate with other modules and MA to allocate the resources among the nodes running di erent applications based on priority over QoS. Later, to reallocate the resources among the priority applications based on negotiation and renegotiation for varying QoS requirements. The performance testing of the protocol is carried out using TTCN-3. The generated test cases for the de ned QoS requirements are executed with TTCN-3, for testing of the associated QoS parameters, which leads to performance testing of proposed QoS management protocol for MANETs. We have combined the developed independent protocols for node monitoring, location management, resource management, and QoS management, into one single network management system called Network Management System using Agents (NMSA) for MANETs and tested in di erent environments. We have implemented NMSA on Java Agent development environment (JADE) Platform. Our developed network management system is a distributed system. It is basically divided into two parts, the Network Management Main Segment and other is Network Management Subsegment. A resource rich node (RRN) which is chosen at the center of a MANET where the Main segment of NMSA is located, and it controls the management activities. The other mobile nodes in the network will run MA which has the subsegments of NMSA. The network management system, i.e., the developed NMSA, has Network manage-ment main (NMSA main), Zones and sector segregation scheme, NMP, LMP, RMP, QMP main segments at the RRN along with SA deployed. The migrated MA at mobile node has subsegments of NMP, LMP, RMP, and QMP respectively. NMSA uses two databases, namely, Zones and sectors database and Node history database. Implementation of the proposed work is carried out in a con ned environment with, JDK and JADE installed on network nodes. The launched platform will have AMS and DF automatically generated along with MTP for exchange of message over the channel. Since only one JVM, which is installed, will executes on many hosts in order to provide the containers for agents on those hosts. It is the environment which o ered, for execution of agents. Many agents can be executed in parallel. The main container, is the one which has AMS and DF, and RMI registry are part of JADE environment which o ers complete run time environment for execution of agents. The distribution of the platform on many containers of nodes is shown in Fig. 1. The NMSA is based on Linux platform which provides distributed environment, and the container of JADE could run on various platforms. JAVA is the language used for code development. A middle layer, i.e., JDBC (java database connection) with SQL provides connectivity to the database and the application. The results of experiments suggest that the proposed protocols are e ective and will bring, dynamism and adaptiveness to the applied system and also reduction in terms network overhead (less bandwidth consumption) and response time.

Mobile Adhoc Network

Wireless Network

Simple Network Management Protocol

Node Monitoring Protocol (NMP)

MANETs

QoS Management Protocol

Mobile Adhoc Networks

Agent based Location Management Protocol

Network Management - Agent Technology

Electrical Communication Engineering

Aprimorando o desempenho de algoritmos de roteamento em VANETs utilizando classificação

Costa, Lourdes Patrícia Portugal Poma

31 July 2013

Made available in DSpace on 2016-06-02T19:06:08Z (GMT). No. of bitstreams: 1 5463.pdf: 18006027 bytes, checksum: 047b84b38eb03b475dacbf51b7bf50b1 (MD5) Previous issue date: 2013-07-31 / Financiadora de Estudos e Projetos / Vehicular ad-hoc networks (VANETs) are networks capable of establishing communications between vehicles and road-side units. VANETs could be employed in data transmission applications. However, due to vehicle mobility, VANETs present intermittent connectivity, making message transmission a challenging task. Due to the lack of an end-to-end connectivity, messages are forwarded from vehicle to vehicle and stored when it is not possible to retransmit. Additionally, in order to improve delivery probability, messages are replicated and disseminated over the network. However, message replication may cause high network overhead and resource usage. As result, considerable research e_ort has been devoted to develop algorithms for speci_c scenarios: low, moderate and high connectivity. Nevertheless, algorithms projected for scenarios with a speci_c connectivity lack the ability to adapt to situations with zones presenting diferent node density. This lack of adaptation may negatively a_ect the performance in application such as data transmission in cities. This masters project proposes develops a method to automatically adapt message replication routing algorithms to diferent node density scenarios. The proposed method is composed of three phases. The first phase collects data from message retransmission events using a standard routing algorithms. The second phase consists in training a decision tree classifier based on the collected data. Finally, in the third phase the trained classifier is used to determine whether a message should be retransmitted or not based on the local node density. Therefore, the proposed method allows routing algorithms to query the trained classifier to decide if a message should be retransmitted. The proposed method was evaluated with real movement traces in order to improve Spray and Wait and Epidemic routing algorithms. Results indicate that the proposed method may contribute to performance enhancement. / As VANETs são redes de veículos com capacidade de estabelecer comunicações sem fio entre veículos e com equipamentos nas estradas. Estas redes poderiam ser usadas para a transferência de dados de diversas aplicações. No entanto, devido á mobilidade dos veículos, as VANETs apresentam conectividade intermitente entre os nós, dificultando a transmissão de mensagens. Ante a impossibilidade de ter conectividade de fim a fim, as mensagens são encaminhadas progressivamente de veículo em veículo, e armazenadas quando não houver a possibilidade de retransmitir. Adicionalmente, para incrementar a probabilidade de entrega, as mensagens são replicadas e disseminadas pela rede. Não obstante, a replicação de mensagens pode gerar alta sobrecarga de rede e alto consumo de recursos. Por causa disto, projetaram-se algoritmos para cenários específicos de: baixa, moderada e alta conectividade. Estes algoritmos, quando aplicados em ambientes de zonas de diferente densidade de nós,como cidades, podem diminuir o seu desempenho pela falta da capacidade de se adaptar a diferentes condições de conectividade. Contudo, neste trabalho foi desenvolvido um método para adaptar o comportamento dos algoritmos de roteamento por replicação de mensagens a diferentes situações de conectividade segundo a densidade das zonas onde se movimentam os nós retransmissores. O método consiste em três fases. Na primeira, são coletados os dados dos eventos de repasse de mensagens utilizando o algoritmo de roteamento padrão. Na segunda fase, utilizam-se os dados coletados para treinar um classificador baseado em _arvores de decisão. Na _ultima fase, o classificador é então empregado para determinar se uma situação de repasse de mensagem _e favorável segundo a densidade de nós. Desta forma, os algoritmos de roteamento podem decidir se repassar ou não uma mensagem com o suporte do classificador. Esta abordagem foi avaliada com traces de movimentos reais, para aprimorar o desempenho dos algoritmos de roteamento Spray and Wait e Epidemic. Os resultados dos experimentos realizados revelam que esta abordagem pode contribuir para o aprimoramento do desempenho.

Redes de computação

Sistemas de comunicação móvel

Ad hoc networks (Redes de computação)

Delay and Disruption Tolerant Networks

DTNs

Mobile Networks

Mobile Ad-Hoc Networks

MANETs

Vehicular Networks

VANETs

Predikce Pohybu Bezdrátových Uzlů v Mobilních Ad Hoc Sítích (MANET) / Movement Prediction of Wireless Nodes in Mobile Ad Hoc Networks (MANETS)

Makhlouf, Nermin

January 2019

Rychlý vývoj v oblasti mobilní informatiky vyústil v nový, alternativní způsob mobilní komunikace, v němž mobilní uzly tvoří samoorganizující se bezdrátovou síť, jíž se říká mobilní síť ad hoc (Mobile Ad hoc Network, MANET). Specifické vlastnosti sítí MANET stavějí návrh síťového protokolu před řadu problémů na všech vrstvách protokolové sady . Příčinou jsou nepředvídatelné změny topologie a mobilní povaha těchto sítí. Nástrojem, který řeší problémy plynoucí z mobility uzlů, je predikce budoucích změn v topologii sítě. To má zásadní význam pro různé úlohy jako přesměrování. Tato disertační práce se zabývá dvěma metodami predikce mobility pro sítě MANET. První metoda se nazývá „predikce mobility s využitím virtuální mapy“ (mobility prediction using virtual map) a předpokládá, že každý uzel si dokáže vybudovat svou virtuální mapu v závislosti na svém umístění v průběhu času. Vyvinutý predikční algoritmus byl implementován do síťového simulátoru NS-2, aby jej bylo možné vyhodnotit. V této práci zkoumám stávající modely mobility a způsob, jakým v nich lze aplikovat tuto metodu predikce. Simulace sledují zlepšení výkonnosti, co se týče průměrného zpoždění na bázi end-to-end, poměru doručených paketů a propustnosti sítě. Navržený koncept predikce byl implementován pomocí směrovacího protokolu AODV(Ad Hoc On-Demand Distance Vector). Pro druhou metodu jsem vyvinula umělou neuronovou síť pro predikci pohybů v sítích MANET. Model pro predikci mobility vznikl na základě dat shromážděných ze vzorců umístění. K učení či trénování ANN byl využit bayesovský přístup. Ten byl implementován v softwaru pro trénování bayesovských neuronových sítí s názvem Model Manager. Nejlepším způsobem hodnocení závěrečného modelu je provedení predikcí a jejich srovnání s cílovými daty. Predikce vznikají na základě 50 vzorců jako vstupních proměnných. Dosažené výsledky prezentované s diskutované v práci se vyznačují zlepšením zásadních parametrů komunikační sítě, jako jsou propustnost, zpoždění, Poměr doručených paketů, až o 30% v porovnání s klasickým směrovacím protokolem AODV, kde není implementován predikční model.

Efficient Key Management, and Intrusion Detection Protocols for Enhancing Security in Mobile Ad Hoc Networks

Maity, Soumyadev

January 2014

Security of communications is a major requirement for Mobile Adhoc NETworks(MANETs) since they use wireless channel for communications which can be easily tapped, and physical capture of MANET nodes is also quite easy. From the point of view of providing security in MANETs, there are basically two types of MANETs, viz., authoritarian MANETs, in which there exist one or more authorities who decide the members of the network, and self-organized MANETs, in which there is no such authority. Ensuring security of communications in the MANETs is a challenging task due to the resource constraints and infrastructure-less nature of these networks, and the limited physical security of MANET nodes. Attacks on security in a MANET can be launched by either the external attackers which are not legitimate members of the MANET or the internal attackers which are compromised members of the MANET and which can hold some valid security credentials or both. Key management and authentication protocols(KM-APs)play an important role in preventing the external attackers in a MANET. However, in order to prevent the internal attackers, an intrusion detection system(IDS) is essential. The routing protocols running in the network layer of a MANET are most vulnerable to the internal attackers, especially to the attackers which launch packet dropping attack during data packet forwarding in the MANET. For an authoritarian MANET, an arbitrated KM-AP protocol is perfectly suitable, where trusts among network members are coordinated by a trusted authority. Moreover, due to the resource constraints of a MANET, symmetric key management protocols are more efficient than the public key management protocols in authoritarian MANETs. The existing arbitrated symmetric key management protocols in MANETs, that do not use any authentication server inside the network are susceptible to identity impersonation attack during shared key establishments. On the other hand, the existing server coordinated arbitrated symmetric key management protocols in MANETs do not differentiate the role of a membership granting server(MGS) from the role of an authentication server, and so both are kept inside the network. However, keeping the MGS outside the network is more secure than keeping it inside the network for a MANET. Also, the use of a single authentication server inside the network cannot ensure robustness against authentication server compromise. In self-organized MANETs, public key management is more preferable over symmetric key management, since the distribution of public keys does not require a pre-established secure channel. The main problem for the existing self-organized public key management protocols in MANETs is associated with the use of large size certificate chains. Besides, the proactive certificate chaining based approaches require each member of a MANET to maintain an updated view of the trust graph of the entire network, which is highly resource consuming. Maintaining a hierarchy of trust relationships among members of a MANET is also problematic for the same reason. Evaluating the strength of different alternative trust chains and restricting the length of a trust chain used for public key verification is also important for enhancing the security of self-organized public key management protocols. The existing network layer IDS protocols in MANETs that try to defend against packet dropping attack use either a reputation based or an incentive based approach. The reputation based approaches are more effective against malicious principals than the incentive based approaches. The major problem associated with the existing reputation based IDS protocols is that they do not consider the protocol soundness issue in their design objectives. Besides, most of the existing protocols incorporate no mechanism to fight against colluding principals. Also, an IDS protocol in MANETs should incorporate some secure and efficient mechanism to authenticate the control packets used by it. In order to mitigate the above mentioned problems in MANETs, we have proposed new models and designed novel security protocols in this thesis that can enhance the security of communications in MANETs at lesser or comparable cost. First, in order to perform security analysis of KM-AP protocols, we have extended the well known strand space verification model to overcome some of its limitations. Second, we have proposed a model for the study of membership of principals in MANETs with a view to utilize the concept for analyzing the applicability and the performance of KM-AP protocols in different types of MANETs. Third and fourth, we have proposed two novel KM-AP protocols, SEAP and CLPKM, applicable in two different types of MANET scenarios. The SEAP protocol is an arbitrated symmetric key management protocol designed to work in an authoritarian MANET, whereas the CLPKM protocol is a self-organized public key management protocol designed for self-organized MANETs. Fifth, we have designed a novel reputation based network layer IDS protocol, named EVAACK protocol, for the detection of packet dropping misbehavior in MANETs. All of the three proposed protocols try to overcome the limitations of the existing approaches in their respective categories. We have provided rigorous mathematical proofs for the security properties of the proposed protocols. Performance of the proposed protocols have been compared with those of the other existing similar approaches using simulations in the QualNet simulator. In addition, we have also implemented the proposed SEAP and CLPKM protocols on a real MANET test bed to test their performances in real environments. The analytical, simulation and experimentation results confirm the effectiveness of the proposed schemes.

Mobile Ad Hoc Networks (MANET)

Mobile Ad Hoc Network Security

Intrusion Detection Systems (IDSs)

Extended Strand Space Model

Intrusion Detection Protocols

MANETs

Strand Space Model

Intrusion Detection Systems (IDSs)

Communication Engineering