移动Ad hoc网络中一种基于电池量的路由算法

介绍了一种利用移动Agent来解决Ad hoc网络环境中基于电池量的路由问题的方法。首先通过移动Agent和各节点进行数据交换,了解网络中所有节点的连接信息,形成一个节点信息矩阵表；然后在该矩阵表的基础上,根据各节点电池余量,选择最合适的路径进行数据报文的发送。由于这种方法可以使用很少的Agent获得全局电池量的信息，因此可以减少维持节点信息而产生的开销。实验结果表明这种路由算法可以使各节点电池量的消耗趋于平衡。     

MANET环境中抵御“黑洞”攻击的路由算法

介绍了adhoc网络环境中的“黑洞”攻击，并根据“黑洞”的特点提出了一种基于mobile agent的路由算法。利用mobile agent和各节点进行数据交换，得到节点连接关系的矩阵表，当数据报文需要传送时，根据矩阵表可以迅速得到最佳路径，之后通过对邻居节点数据包转发的监视，抵御“黑洞”的攻击。     

Ad Hoc网络中的虫洞攻击与检测方法研究

虫洞攻击是一种针对移动自组织网络路由协议的攻击,一般是至少由两个节点进行合谋的协同攻击。攻击节点之间通过虫洞攻击能够大量吸引数据包,从而达到控制网络的目的。基于按需距离矢量路由协议,根据移动自组织网络中的虫洞攻击原理,采用NS2仿真平台,通过对按需距离矢量路由协议的修改,对虫洞攻击进行了仿真,并且分析了虫洞攻击对网络性能参数的影响。根据虫洞攻击特性,设计了三种攻击检测方法:地理位置定位、邻居信任检测以及邻居监听。将这三种方法在NS2中仿真,验证了其可行性。     

一种基于邻居信任评估的虫洞防御机制

移动adhoc网是一种新型无线移动网络,具有无中心、自组织、拓扑结构变化频繁以及开放式通讯信道等特性,因此adhoc网络下的路由协议所面临的安全问题比有线网环境中更为严重。虫洞攻击就是其中的一种,能够对adhoc网络产生致命的影响。在这种攻击下,网络的路由机制将会紊乱,特别是那些依赖通过接收对方的广播报文进行邻居探测的路由协议。本文首先从虫洞形成的根源上入手,重新定义了邻居的概念,强调了邻居作为节点信息转发第一站的功能。然后根据邻居定义,引入简化的Marsh信任模型,将邻居的以往表现作为信任评估的经验来源,再通过具体公式对邻居关系做出判定。在具体的路由过程中,节点根据信任评估值选取高可信度的邻居作为下一跳的转发节点,从而避免虫洞攻击的危害。为了验证方法的可行性,本文将模型应用于OLSR路由协议中并在NS2中进行了仿真。     

虫洞攻击检测与防御技术

虫洞攻击是一种针对Ad hoc路由协议,破坏网络路由机制的攻击,它是Ad hoc网络的重大安全威胁。该文提出一种基于信任评估的端到端虫洞检测方法,估算源节点和目的节点间最短路径长度,根据路由长度和邻居节点信任度来选择路由,从而检测和防御虫洞 攻击。     

移动ad hoc网络中DOS攻击及其防御机制

移动ad hoc网络由于其动态拓扑、无线信道以及各种资源有限的特点,特别容易遭受拒绝服务(DOS)攻击．提出了移动ad hoc网络中一种新的DOS攻击模型——ad hoc flooding攻击及其防御策略．该攻击主要针对移动ad hoc网络中的按需路由协议,如AODV,DSR等．ad hoc flooding攻击是通过在网络中泛洪发送超量路由查询报文及数据报文,大量地占用网络通信及节点资源,以至于阻塞节点正常的通信．分析ad hoc flooding攻击之后,提出了两种防御策略：其一是邻居阻止,即当入侵者发送大量路由查询报文时,邻居节点降低对其报文的处理优先级,直至不再接收其报文．其二是路径删除,即目标节点将入侵者发送攻击报文的路径删除,以阻止其继续发送攻击报文．模拟实验证实,通过这两种方法的结合．能够有效地阻止网络中的ad hoc flooding攻击行为．     

无线传感器网络中虫洞攻击实时被动式探测

在无线传感器网络所面临的安全问题中,虫洞攻击是最严重的威胁之一.由于无线传感器节点的资源非常有限,因此,适用于有线网络上的基于密码学的安全技术不能直接移植于无线传感网络.目前已知的传感网中,虫洞攻击的探测方案在应用上存在问题,这些方案或需要精确时间同步、或额外的定位算法或硬件、或有较大的通信开销,并且,现有方案均不能检测可自适应调整攻击策略的主动虫洞敌手.结合无线传感器网络的特点,提出了基于拓扑的被动式实时虫洞攻击探测方案,称为Pworm.通过利用虫洞攻击的主要特征——大量吸引网络流量和显著缩短平均网络路径,Pworm不需要任何额外的硬件,只需要收集网络中部分路由信息,就能实时地探测虫洞节点,即使是主动虫洞节点,也不能通过改变自身攻击策略而躲避探测.实验结果和分析表明：该方案具有轻量级、低漏报率、高可扩展性等优点,适用于大规模无线传感网络.     

基于OLSR路由协议的HIDA算法

针对Ad Hoc网络中的虫洞攻击,根据最优链路状态路由(OLSR)协议的运行特点,提出检测伪邻居的HELLO间隔分布式算法(HIDA)。仿真结果表明,在网络平均节点数大于4、节点随机最大移动速率大于2 m/s时,HIDA算法能达到80%以上的虫洞攻击检测率。     

基于移动Agent的任播多目标路由协议

针对以往任播多目标路由协议要求全局信息导致大量节点资源和网络资源耗费的问题，提出一种基于移动Agent的任播多目标路由协议．该协议只要求节点掌握局部信息，通过移动Agent去寻找任播组员，建立任播路由表，因此节点和网络资源开销较少．在路由表建立子协议中，该协议采用移动Agent寻找任播组员、计算路径权重和建立路由表；在数据包传递子协议中，采用随机权重选择法进行目标选择，平衡网络流量．仿真实验证明本文协议因节省了节点和网络资源开销，在网络时延性能上具有较好的表现．     

一种有效防御虫洞攻击的方法

由于无线传感器网络节点位置信息对网络的应用起着重要的作用,且传感器网络的资源有限,因此,针对DV-Hop定位算法的安全性能较差,定位过程中极易受到破坏性极大的虫洞攻击等缺点,提出了一种有效防御DV-Hop中的虫洞攻击的方法,在DV-Hop算法中引入了检测虫洞攻击及有效防御虫洞攻击的EPWDV-Hop算法,通过Matlab仿真软件进行模拟仿真。仿真结果表明,修改后的算法不仅提高了定位精度,而且很好地预防了算法中的虫洞攻击。     

Defending against Wormhole Attack in MANET Using an Artificial Immune System

MANETs are mobile networks that are spontaneously deployed over a geographically limited area without requiring any pre-existing infrastructure. Typically, nodes are both autonomous and self-organized without requiring a central administration or a fixed network infrastructure. Due to their distributed nature, MANET is vulnerable to a specific routing misbehavior, called wormhole attack. In a wormhole attack, one malicious node tunnels packets from its location to the other malicious node. Such wormhole attacks result in a false route with fewer hop count. If the source node follows this fake route, malicious nodes have the option of delivering the packets or dropping them. This article aims at removing these attacks. For this purpose, it investigates the use of an Artificial Immune System (AIS) to defend against wormhole attack. The proposed approach learns rapidly how to detect and bypass the wormhole nodes without affecting the overall performance of the network. The proposed approach is evaluated in comparison with other existing solutions in terms of dropped packet count, packet loss ratio, throughput, packet delivery ratio, and end-to-end delay. A simulation result shows that the proposed approach offers better performance than other schemes defending against the wormhole attack.     

DAWA: Defending against wormhole attack in MANETs by using fuzzy logic and artificial immune system

Mobile ad hoc networks (MANETs) are mobile networks, which are automatically outspread on a geographically limited region, without requiring any preexisting infrastructure. Mostly, nodes are both self-governed and self-organized without requiring a central monitoring. Because of their distributed characteristic, MANETs are vulnerable to a particular routing misbehavior, called wormhole attack. In wormhole attack, one attacker node tunnels packet from its position to the other attacker nodes. Such wormhole attack results in a fake route with fewer hop count. If source node selects this fictitious route, attacker nodes have the options of delivering the packets or dropping them. For this reason, this paper proposes an improvement over AODV routing protocol to design a wormhole-immune routing protocol. The proposed protocol called defending against wormhole attack (DAWA) employs fuzzy logic system and artificial immune system to defend against wormhole attacks. DAWA is evaluated through extensive simulations in the NS-2 environment. The results show that DAWA outperforms other existing solutions in terms of false negative ratio, false positive ratio, detection ratio, packet delivery ratio, packets loss ratio and packets drop ratio.     

移动自组织网络中内部丢包的检测模型

无线移动自组织网络中数据的传输是基于中间节点的合作转发的,但由于内部自私节点为了节省带宽和电量或者网络受到恶意节点的攻击,导致丢包行为发生,网络性能严重降低。基于无线自组织网络常用的路由协议AODV,提出了一种新的针对内部丢包攻击的检测模型。该检测模型引入旁信道概念,旁信道节点和看门狗共同检测并记录节点转发报文行为,采用邻居信息表存放检测结果,当相应节点的记录值达到一定下限时就被隔离出网络。由于旁信道可以发送警报报文,该模型能够同时检测到自私节点或合作攻击节点引起的内部丢包攻击。     

A cost matrix agent for shortest path routing in ad hoc networks

Wireless ad hoc networks do not rely on an existing infrastructure. They are organized as a network with nodes that act as hosts and routers to treat packets. With their frequent changes in topology, ad hoc networks do not rely on the same routing methods as for pre-established wired networks; they require routing methods for mobile wireless networks. To select a path from a source to a destination in dynamic ad hoc networks, an efficient and reliable routing method is very important. In this paper, we introduce a cost-matrix-based routing algorithm. An agent node creates topology information in the form of the adjacency-cost matrix which shows link costs of the network.Based on the adjacency-cost matrix, the minimum-cost matrix and the next-node matrices can be calculated. Based on the minimum-cost matrix and the next-node matrices, the minimum cost between source and destination nodes and between intermediate nodes on the minimum-cost paths can be calculated.The matrices are periodically distributed by the agent to the other nodes. Based on the minimum-cost matrix and the next-node matrices, each node decides the minimum-cost path to its destination. Because none of the nodes except the agent needs to gather network topology information, the control overhead of the proposed method is small compared with those of the general table-driven routing protocols.     

Prevention of Black Hole Attack in Multicast Routing Protocols for Mobile Ad-Hoc Networks Using a Self-Organized Public Key Infrastructure

ABSTRACT

A mobile ad-hoc network (MANET) is an autonomous system of mobile nodes connected by wireless links in which nodes cooperate by forwarding packets for each other thereby enabling communication beyond direct wireless transmission range. Example applications include battlefield communication, disaster recovery operations, and mobile conferencing. The dynamic nature of ad-hoc networks makes them more vulnerable to security attacks compared with fixed networks. Providing security in mobile ad-hoc networks has been a major issue in recent years. Most of the secure routing protocols proposed by researchers need a centralized authority or a trusted third party to provide authentication. This destroys the self-organizing nature of ad-hoc networks. Black Hole attack is one of the routing attacks that occur in MANETs. In this attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In this article, we propose an enhanced certificate based authentication mechanism, where nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. The proposed scheme uses Multicast Ad-hoc On Demand Distance Vector Routing (MAODV) protocol as a support for certification. The effectiveness of our mechanism is illustrated by simulations conducted using network simulator ns-2.     

MRABM:一种新的基于mesh结构的多径路由算法

针对移动AdHoc网络提出了一种新的基于mesh结构的多径路由算法MRABM(MultipathRoutingAlgorithmBasedonMeshStructure),该算法采用目的节点建立和更新mesh结构的机制。该算法不仅为每个源节点、中间节点提供了到目的节点最优路径,而且为每个节点建立了到目的节点的多条路径。当节点移动造成链路断开时,该算法能避开断开的链路,迅速沿其它路径转发数据,不需要路由修复和路由重建过程,从而降低了丢包率和端到端的延时。对大流量数据的传输,该算法能有效利用网络资源,减少网络拥塞。因此该算法能很好地适应网络拓扑结构的动态变化。     

HiMAC:一种用于消息认证和加密的分层安全协议

为检测并阻止恶意节点伪装成新的可信节点攻击移动自组织网络,该文提出了一种用于消息认证和加密的分层安全协议(HiMAC)。该协议将分层消息认证码用于保护移动Ad-Hoc网络中的数据传播。在源和目标之间的由中间节点转发分组时动态地计算可信路由,在每个中间节点对数据包进行签名和加密,防止攻击者篡改数据包或修改其跳数,实现数据可信传输。在NS2模拟器中,运用Crypto++库中的RSA算法对HiMAC进行测试。结果表明:HiMAC可以检测和阻止对MANET节点和数据包的攻击;与原有的A-SAODV安全机制相比,HiMAC平均跳数减少了47.1%,平均队列长度减小了35.5%,节点数据包数量降低2.5倍,其性能明显优于A-SAODV。尽管HiMAC的密码操作给路由协议带来了额外的开销,但由于HiMAC采用基于信任机制动态建立安全路由,使得节点能够动态地选择路径上的下一个节点,不必始终保持安全路由,使得HiMAC中的增减开销可以相互抵消达到平衡。