共查询到20条相似文献,搜索用时 406 毫秒
1.
Prevention of selective black hole attacks on mobile ad hoc networks through intrusion detection systems 总被引:1,自引:0,他引:1
Ming-Yang Su 《Computer Communications》2011,34(1):107-117
A black hole attack on a MANET refers to an attack by a malicious node, which forcibly acquires the route from a source to a destination by the falsification of sequence number and hop count of the routing message. A selective black hole is a node that can optionally and alternately perform a black hole attack or perform as a normal node. In this paper, several IDS (intrusion detection system) nodes are deployed in MANETs in order to detect and prevent selective black hole attacks. The IDS nodes must be set in sniff mode in order to perform the so-called ABM (Anti-Blackhole Mechanism) function, which is mainly used to estimate a suspicious value of a node according to the abnormal difference between the routing messages transmitted from the node. When a suspicious value exceeds a threshold, an IDS nearby will broadcast a block message, informing all nodes on the network, asking them to cooperatively isolate the malicious node. This study employs ns2 to validate the effect of the proposed IDS deployment, as IDS nodes can rapidly block a malicious node, without false positives, if a proper threshold is set. 相似文献
2.
Ad hoc网络的自组织、动态拓扑和无线接入等特点使得路由的安全问题日益突出。提出了一种在保证安全前提下允许中间节点返回路由应答报文的安全DSR路由协议。该协议对原有的信任机制进行了改进。仿真结果表明该协议可以有效防止路由信息伪装、篡改、路由重放以及黑洞攻击,可以缓解因恶意节点和自私节点拒绝网络服务或者网络环境变化造成的路由再发现问题。 相似文献
3.
《Information Security Journal: A Global Perspective》2013,22(5):248-256
ABSTRACT A mobile ad-hoc network (MANET) is an autonomous system of mobile nodes connected by wireless links in which nodes cooperate by forwarding packets for each other thereby enabling communication beyond direct wireless transmission range. Example applications include battlefield communication, disaster recovery operations, and mobile conferencing. The dynamic nature of ad-hoc networks makes them more vulnerable to security attacks compared with fixed networks. Providing security in mobile ad-hoc networks has been a major issue in recent years. Most of the secure routing protocols proposed by researchers need a centralized authority or a trusted third party to provide authentication. This destroys the self-organizing nature of ad-hoc networks. Black Hole attack is one of the routing attacks that occur in MANETs. In this attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In this article, we propose an enhanced certificate based authentication mechanism, where nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. The proposed scheme uses Multicast Ad-hoc On Demand Distance Vector Routing (MAODV) protocol as a support for certification. The effectiveness of our mechanism is illustrated by simulations conducted using network simulator ns-2. 相似文献
4.
Most routing protocols in mobile ad hoc networks (MANETs) place an emphasis on finding paths in dynamic networks without considering security. As a result, there are a number of attacks that can be used to manipulate the routing in MANET. A malicious node that sends a modified control message to an intermediate node can disturb the network using a control message. To solve this problem, we introduce AODV protocol with route investigation procedure (AODV‐RIP). It uses two additional control messages to defeat security attacks that can occur in AODV routing protocol. When an intermediate node that is on the path between the source node and the destination node receives a control message, it sends a Rroute Investigation Request (IREQ) message to the destination node in order to check the reliability of the control message. According to the existence of Route Investigation Reply (IREP), the intermediate node decides whether it transmits the control message to the source node or not. Consequently, the intermediate node that receives the control message confirms that it is using two additive control messages: IREQ and IREP. Through this investigation procedure, the source node can obtain a reliable path for transmitting data packets to an intentional destination node. The simulation results show an improvement in the packet delivery ratio and end‐to‐end delay at the expense of a moderate increase of the control message overhead compared with the current routing protocols. Copyright © 2009 John Wiley & Sons, Ltd. 相似文献
5.
A mobile ad hoc network (MANET) consists of a set of mobile hosts that can communicate with each other without the assistance of base stations. In MANETs, the high mobility of mobile nodes is a major reason for link failures. In this paper, we propose a stable weight-based on-demand routing protocol (SWORP) for MANETs. The proposed scheme uses the weight-based route strategy to select a stable route in order to enhance system performance. The weight of a route is decided by three factors: the route expiration time, the error count, and the hop count. Route discovery usually first finds multiple routes from the source node to the destination node. Then the path with the largest weight value for routing is selected. Simulation results show that the proposed SWORP outperforms DSR, AODV, and AODV-RFC, especially in a high mobility environment. 相似文献
6.
移动Ad hoc网络(MANETs)在民用设施和国防事业方面得到广泛应用.动态变化的拓扑结构是Ad hoc网络的一大特征,也正是这种动态性使得Ad hoc网络特别容易受到安全方面的攻击.重点讨论在AODV协议下的黑洞攻击和灰洞攻击,并根据攻击的特点,提出了一种利用虫洞原理防御的策略. 相似文献
7.
分析了移动自组网(mobile ad hoc network,简称MANET)暴露拓扑带来的安全问题,提出了一种拓扑隐藏的安全多路径路由协议.在路由发现过程中,不在路由包中携带任何路径信息,从而有效隐藏网络拓扑.通过按需的邻居发现进行身份认证并建立路由表项,最终采用排除节点的方法实现多路径的选取;在路由维护过程中,设计了专门的错误发现机制以检验所选路径的有效性和安全性.该协议综合考虑时间因素和路径长度因素,实现了安全的最短路径确定.安全分析表明,该方案可以抵御黑洞攻击、虫洞攻击、rushing攻击和sybil等典型攻击,同时对一般类型的攻击也具有抵御能力.仿真结果表明,与SRP(secure routing protocol)这种典型的安全多路径方案相比,该方案能够找到更多节点不相交的多路径;在普通场景中,该方案没有对协议性能带来额外影响;在黑洞攻击场景中,该方案只需付出一定的信令开销即可大幅度提高数据包转发率,可有效抵御黑洞攻击. 相似文献
8.
9.
10.
A mobile ad hoc network (MANET) is a collection of mobile hosts that form a temporary network on the fly without using any fixed infrastructure. Recently, the explosive growth in the use of real-time applications on mobile devices has resulted in new challenges to the design of protocols for MANETs. Chief among these challenges to enable real-time applications for MANETs is incorporating support for quality of service (QoS), such as bandwidth constraints. However, MANETs having a high ratio of topology change make routing especially unstable; making stability is an important challenge, especially for routing having a quality of service provision. In this paper, we propose a reliable multi-path QoS routing (RMQR) protocol with a slot assignment scheme. In this scheme, we examine the QoS routing problem associated with searching for a reliable multi-path (or uni-path) QoS route from a source node to a destination node in a MANET. This route must also satisfy certain bandwidth requirements. We determine the route expiration time between two connected mobile nodes using global positioning system (GPS). Then, two parameters, the route expiration time and the number of hops, are used to select a routing path with low latency and high stability. Simulation results show that the proposed RMQR protocol have some outstanding properties when compared with Lin's [Lin C-R. On-demand QoS routing in multihop mobile networks. In: Proceedings of the twentieth annual joint conference of the IEEE computer and communications societies (INFOCOM), vol. 3(22–26), 2001, p. 1735–44], Liao's [Liao W-H, Tseng Y-C, Wang S-L, Sheu J-P. A multi-path QoS routing protocol in a wireless mobile Ad Hoc network. Telecommunication Systems 2002;19(3–4):329–47], and Chen's [Chen Y-S, Tseng Y-C, Sheu J-P, Kuo P-H. An on-demand, link-state, multi-path QoS routing in a wireless mobile Ad-Hoc network. Computer Communications 204;27(1):27–40] protocols. 相似文献
11.
As the use of mobile devices continues to rise, trust administration will significantly improve security in routing the guaranteed quality of service (QoS) supply in Mobile Ad Hoc Networks (MANET) due to the mobility of the nodes. There is no continuance of network communication between nodes in a delay-tolerant network (DTN). DTN is designed to complete recurring connections between nodes. This approach proposes a dynamic source routing protocol (DSR) based on a feed-forward neural network (FFNN) and energy-based random repetition trust calculation in DTN. If another node is looking for a node that swerved off of its path in this situation, routing will fail since it won’t recognize it. However, in the suggested strategy, nodes do not stray from their pathways for routing. It is only likely that the message will reach the destination node if the nodes encounter their destination or an appropriate transitional node on their default mobility route, based on their pattern of mobility. The EBRRTC-DTN algorithm (Energy based random repeat trust computation) is based on the time that has passed since nodes last encountered the destination node. Compared to other existing techniques, simulation results show that this process makes the best decision and expertly determines the best and most appropriate route to send messages to the destination node, which improves routing performance, increases the number of delivered messages, and decreases delivery delay. Therefore, the suggested method is better at providing better QoS (Quality of Service) and increasing network lifetime, tolerating network system latency. 相似文献
12.
针对移动Ad Hoc网络的动态拓扑容易遭受各种网络攻击的特点,研究和比较现有的多种攻击模型,在动态源路由(DSR)协议下提出将黑洞节点按主动攻击和被动攻击进行分类的方法。在NS2网络仿真平台上实现包括RREQ洪泛攻击、被动型黑洞攻击和主动型黑洞攻击在内的3种攻击模式。通过仿真实验评估和比较这3种攻击对网络性能的影响,得出结论,就破坏性而言,RREQ洪泛攻击强于黑洞攻击,而主动型黑洞攻击强于被动型黑洞攻击。 相似文献
13.
14.
QoS AODV协议是目前自组网QoS路由协议的研究热点.由于只能由目的节点返回路由确认RREP,它的协议开销较大.提出了一种基于QoS AODV的改进协议AQ-AODV (Advanced Q-AODV).通过建立QoS分级路由表并改进QOS-LOST分组的转发机制,可由中间节点返回RREP.仿真实验表明,AQ-AODV的协议开销比AODV和QoS AODV有较大幅度降低,同时分组递交率和分组平均传输延迟也略有改善. 相似文献
15.
Anbarasan M. Prakash S. Antonidoss A. Anand M. 《Multimedia Tools and Applications》2020,79(13-14):8929-8949
MANET(Mobile Adhoc Networks) possess the open system condition, absence of central server, mobile nodes that make helpless to security assault while conventional security components couldn’t meet MANET security prerequisites in view of restricted correspondence data transfer capacity, calculation power, memory and battery limit in addition to the vitality enabled environment. The trusted MANETs provide a reliable path and efficient communication but the secrecy of the trust values sometimes may be overheard by the masqueraders. Due to the need of the clustered MANETs the exchange of mathematical values remains to be a necessary part. In the proposed security of the trusted MANETs is focused so as to provide rigid and robust networks when additional resources are added. For clustering of the nodes LEACH protocol is suggested in which the CHs and CMs are fixed for the data transfer in the network. The energy is disseminated in the LEACH as to avoid the battery drain and network fatal. Hence to add resistance and to make an authentic network, the encryption and decoding is incorporated as a further supplementary to avoid the denial of service attacks, we have utilized DoS Pliancy Algorithm in which the acknowledgment based flooding attacks is focused. Likewise the encoded messages from the source node in one cluster can be recoded in the transmission stage itself to reproduce the messages. Contrasted with the past works, QoS of our proposed work has been made strides when tested with black hole and sink hole attacks. Simulation results shows that the DoS pliancy scheme works better and efficient when compared to the existing trust based systems.
相似文献16.
一种基于分治策略的多路径Ad Hoc路由协议 总被引:1,自引:0,他引:1
在无线自组织网络(MANET)中,比起单路径路由协议,多路径路由协议提供了更好的可靠性、容错性、负载平衡等,并且提供较小的端对端延迟、提供较大的有效总带宽;但是,当网络规模较大、通信节点之间相距较远时,多路径路由协议的开销会很大,多路径的条数也减少.针对这一问题,提出了一种基于分治思想的多路径路由协议(DCMR).当通信节点之间必须经过的节点较多时,将这些节点划分为较小的节点集,对各个节点集分别进行路径查找及维护.模拟实验表明,该协议明显提高了路由寻径效率,减小了网络维护开销,并且实现简单,更具实用性. 相似文献
17.
针对传统非均匀节点分布网络能量空洞攻击抑制方法存在抑制效果差、响应时间长、能量空洞攻击抑制性能较差的问题,提出非均匀节点分布网络能量空洞攻击抑制方法。为了有效识别非均匀节点分布网络能量空洞攻击,需要获取OpenFlow交换机的流表项,分析非均匀节点分布下网络能量空洞攻击的特性,获取和非均匀节点分布网络能量空洞攻击相关的流表特征,根据相关特征的变化,对相关的训练样本进行分类,完成非均匀节点分布网络能量空洞攻击检测;根据检测结果,选用网络半径和数据流量监测,组建非均匀节点分布网络能量空洞攻击抑制模型,通过所组建的模型对不同类型的非均匀节点分布网络能量空洞攻击进行有效抑制。实验结果表明,所提方法的抑制效果较好,在不同节点数量下的响应时间较短,能量空洞攻击抑制性能较强。 相似文献
18.
作为下一代网络发展趋势之一的移动Ad Hoc网络受到各种类型的安全威胁,灰洞攻击就是其中最常见的类型之一。仿真模拟了MANET环境下的灰洞攻击,即选择性丢包攻击对MANET性能的影响。从仿真模拟中可以看出灰洞攻击对于MANET的路由影响,不仅导致丢包率增加,而且会导致端到端时延方面的增加。基于信任度的定义,提出一种可信AODV路由协议(Trusted AODV Routing,TAR),方案通过交换相邻节点的节点信任度,并计算路径信任度的方法,集合最短路径算法,从而选择合适的可信路径。通过性能分析,TAR协议在丢包率、端到端时延和路径建立时延方面,相比于AODV协议有明显的提高,能够有效地抵制灰洞攻击。 相似文献
19.
从降低节点度、减少网络链路数和缩短网络直径的角度出发,提出一种新型的互连网络结构--基三分层互连网络,深入地研究了该网络的静态度量并和2-D Mesh做了相应的比较.针对基三分层互连网络提出了一种使消息沿两节点间确定路径传递的分布式确定路由算法DDRA.该算法充分利用基三分层互连网络的层次特性,不需要构建路由表,且算法实现简单,路由效率高,且易于硬件实现. 相似文献
20.
A black hole attack in ad hoc network refers to an attack by malicious nodes, which forcibly acquires the route from a source to destination by falsely advertising shortest hop count to reach the destination node. In this paper, we present a Modified Dynamic Source Routing Protocol (MDSR) to detect and prevent selective black hole attack. Selective black hole attack is a special kind of black hole attack where malicious nodes drop the data packets selectively. We proposed an Intrusion Detection System (IDS) where the IDS nodes are set in promiscuous mode only when required, to detect the abnormal difference in the number of data packets being forwarded by a node. When any anomaly is detected, the nearby IDS node broadcast the block message, informing all nodes on the network to cooperatively isolate the malicious node from the network. The proposed technique employs Glomosim to validate the effectiveness of proposed intrusion detection system. 相似文献