A time stamp-based algorithm to improve security and performance of mobile ad hoc network

Mobile ad hoc network is open medium and infrastructure-less network. Mobile ad hoc network is susceptible to various security attacks such as, black hole attack, gray hole attack, bad mouthing attack, sybil attack and worm hole attack due to open medium, infrastructure-less features and lack of in-built security. In black hole attack and gray hole attack, attacker falsely sends route reply and dropped data packets received from source node. Due to these attacks, performance of mobile ad hoc network decreases. This paper proposes a time stamp-based algorithm which is an enhanced version of existing IDSNAODV algorithm. Proposed algorithm modifies existing palling process to validate identity of observer nodes using a time stamp-based approach. Based on defined set of rules and recorded activities report, source node decides the nature of target node. The performance of proposed algorithm is evaluated using the network simulator. The proposed algorithm shows improved performance for packet delivery ratio, throughput and routing overhead as compared to existing algorithm.

     

Intelligent Internal Stealthy Attack and its Countermeasure for Multicast Routing Protocol in MANET

Multicast communication of mobile ad hoc networks is vulnerable to internal attacks due to its routing structure and high scalability of its participants. Though existing intrusion detection systems (IDSs) act smartly to defend against attack strategies, adversaries also accordingly update their attacking plans intelligently so as to intervene in successful defending schemes. In our work, we present a novel indirect internal stealthy attack on a tree‐based multicast routing protocol. Such an indirect stealthy attack intelligently makes neighbor nodes drop their routing‐layer unicast control packets instead of processing or forwarding them. The adversary targets the collision avoidance mechanism of the Medium Access Control (MAC) protocol to indirectly affect the routing layer process. Simulation results show the success of this attacking strategy over the existing “stealthy attack in wireless ad hoc networks: detection and countermeasure (SADEC)” detection system. We design a cross‐layer automata‐based stealthy attack on multicast routing protocols (SAMRP) attacker detection system to identify and isolate the proposed attacker. NS‐2 simulation and analytical results show the efficient performance, against an indirect internal stealthy attack, of SAMRP over the existing SADEC and BLM attacker detection systems.     

Single-Adversary Relaying Attack Defense Mechanism in Wireless Ad Hoc Networks

There have been many security protocols to provide authenticity and confidentiality in wireless ad hoc networks. However, they fail to defend networks against relaying attack in which attacker nodes simply broadcast received packets without compromising any legitimate nodes. Wormhole attack is a representative example of relaying attack, in which a pair of attacker nodes relay received packets to each other and selectively drop them. The wormhole attack is known to ruin routing and communication of a network considerably, however, is not very straightforward to be accomplished due to the pairwise nature. In this paper, we introduce two new types of relaying attack, called teleport and filtering attacks that require a single attacker node only for accomplishment. We describe their accomplishment conditions and impacts on the network performance in a formal manner. We then propose a countermeasure framework against these attacks called Single-Adversary Relaying Attack defense Mechanism (SARAM), which is composed of a bandwidth-efficient neighbor discovery customized for multi-hop environments and neighbor list management combined into an on-demand ad hoc routing protocol. SARAM does not require any special hardware such as location-aware equipments and tight synchronized clocks, thus is cost-efficient as well. We show via ns-2 simulation that the new relaying attacks deteriorate the network performance significantly and SARAM is effective and efficient in defending a network against these attacks.     

Wormhole attacks in wireless networks

As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts, and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many ad hoc network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a general mechanism, called packet leashes, for detecting and, thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes. We also discuss topology-based wormhole detection, and show that it is impossible for these approaches to detect some wormhole topologies.     

An Adaptive and Predictive Security Model for Mobile Ad hoc Networks

Mobile ad hoc networks are infrastructure-free, pervasive and ubiquitous in nature, without any centralized authority. These unique characteristics coupled with the growing concerns for security attacks demand an immediate solution for securing the ad hoc network, prior to its full-fledged deployment in commercial and military applications. So far, most of the research in mobile ad hoc networks has been primarily focused on routing and mobility aspects rather than securing the ad hoc networks themselves. Due to ever increasing security threats, there is a need to develop schemes, algorithms, and protocols for a secured ad hoc network infrastructure. To realize this objective, we have proposed a practical and effective security model for mobile ad hoc networks. The proposed predictive security model is designed using a fuzzy feedback control approach. The model is based on identifying critical network parameters that are affected by various types of attacks and it continuously monitors those parameters. Once we measure the relative change in these parameter values, we could detect the type of attack accurately and protect the system, without compromising its effectiveness. Experimental results of the model simulated for selected packet mistreatment attacks and routing attacks are very promising.     

Trust Based Detection and Elimination of Packet Drop Attack in the Mobile Ad-Hoc Networks

The mobile ad hoc network (MANET) is communication network of a mobile node without any prior infrastructure of communication. The network does not have any static support; it dynamically creates the network as per requirement by using available mobile nodes. This network has a challenging security problem. The security issue mainly contains a denial of service attacks like packet drop attack, black-hole attack, gray-hole attack, etc. The mobile ad-hoc network is an open environment so the working is based on mutual trust between mobile nodes. The MANETs are vulnerable to packet drop attack in which packets travel through the different node. The network while communicating, the node drops the packet, but it is not attracting the neighboring nodes to drop the packets. This proposed algorithm works with existing routing protocol. The concept of trusted list is used for secure communication path. The trusted list along with trust values show how many times node was participated in the communication. It differentiates between altruism and selfishness in MANET with the help of energy level of mobile components. The trust and energy models are used for security and for the differentiation between altruism and selfishness respectively.     

A Secure Path Selection Scheme for Mobile Ad Hoc Network

Mobile ad hoc network is open medium, infrastructure-less and easy to install. Despite these features, mobile ad hoc network is vulnerable to various security attacks. Black hole and gray hole security attacks outrank among all security attacks. This paper proposes a distributed delegation-based scheme, namely, a secure path selection scheme. The proposed scheme identifies and allows only trusted nodes to become part of active path. The simulation results revealed that proposed scheme improved the packet delivery ratio, packet loss rate, throughput by 8% and routing overhead by 5% as compared to other system.

     

Biologically inspired artificial intrusion detection system for detecting wormhole attack in MANET

A mobile ad hoc network (MANET) does not have traffic concentration points such as gateway or access points which perform behaviour monitoring of individual nodes. Therefore, maintaining the network function for the normal nodes when other nodes do not forward and route properly is a big challenge. One of the significant attacks in ad hoc network is wormhole attack. In this wormhole attack, the adversary disrupts ad hoc routing protocols using higher bandwidth and lower-latency links. Wormhole attack is more hidden in character and tougher to detect. So, it is necessary to use mechanisms to avoid attacking nodes which can disclose communication among unauthorized nodes in ad hoc networks. Mechanisms to detect and punish such attacking nodes are the only solution to solve this problem. Those mechanisms are known as intrusion detection systems (IDS). In this paper, the suggested biological based artificial intrusion detection system (BAIDS) include hybrid negative selection algorithm (HNSA) detectors in the local and broad detection subsection to detect anomalies in ad hoc network. In addition to that, response will be issued to take action over the misbehaving nodes. These detectors employed in BAIDS are capable of discriminating well behaving nodes from attacking nodes with a good level of accuracy in a MANET environment. The performance of BAIDS in detecting wormhole attacks in the background of DSR, AODV and DSDV routing protocols is also evaluated using Qualnet v 5.2 network simulator. Detection rate, false alarm rate, packet delivery ratio, routing overhead are used as metrics to compare the performance of HNSA and the BAIDS technique.     

蜜罐技术发展初探

目前,传统网络防护技术都是在攻击者对网络进行攻击时对系统进行被动的防护,蜜罐技术是一种主动防御技术,可以诱骗攻击,记录入侵过程,及时获得攻击信息并以此来深入分析各种攻击行为。文章从蜜罐技术发展历程的角度来阐述蜜罐、蜜网、蜜场等技术原理及其在实际中的典型应用。     

Markov Chain Based Roaming Schemes for Honeypots

The paper proposes a reactive roaming scheme for honeypots. The main aim of a honeypot is to capture the activities of the attacker. If the attacker detects honeypot on a system, its value drops. So, the concept of roaming honeypots is being proposed, to prevent the attacker from detecting the honeypot, which in turn increases the efficiency of honeypot and allows collecting rich data about activities of active attackers. The honeypot is shifted to another system which is most probable to be attacked within the network. The concept of Markov chain analysis is being used to detect the most probable system to be attacked based on the current status of the network. Further, using IP shuffling and services on/off concepts, honeypots roam on the network to the most probable system to be attacked using the threat score. Snort is used to capture data about the number of attacks on each of the nodes of the network and the data collected is then used as an input for Markov chain analysis to identify the most probable system where honeypot can be roamed/moved. The roaming scheme has been implemented for both high interaction honeypots and low interaction honeypots. The high interaction implementation helps in capturing in depth information on a shorter range of IP addresses, whereas the low interaction implementation is efficient in capturing information on a large range of IP addresses. The main advantage of this approach is that it predicts the frequency of attacks on the nodes of a particular network and takes a reactive step by starting the honeypot services on that particular node/system on the network.     

移动Ad Hoc网络安全按需路由协议

Ad Hoc网络的安全性问题越来越引起人们的关注,如何确保Ad Hoc网络路由协议的安全成为Ad Hoc研究的一项关键技术。提出一种适用于移动Ad Hoc网络的安全按需源路由协议,利用移动节点之间的会话密钥和基于散列函数的消息鉴别码HMAC一起来验证路由发现和路由应答的有效性。提出的邻居节点维护机制通过把MAC地址和每个节点的ID绑定来防御各种复杂的攻击如虫洞攻击。NS-2仿真表明该协议能有效地探测和阻止针对Ad Hoc网络的大部分攻击。     

Analysis of area-congestion-based DDoS attacks in ad hoc networks

Increased instances of distributed denial of service (DDoS) attacks on the Internet have raised questions on whether and how ad hoc networks are vulnerable to such attacks. This paper studies the special properties of such attacks in ad hoc networks. We examine two types of area-congestion-based DDoS attacks – remote and local attacks – and present in-depth analysis on various factors and attack constraints that an attacker may use and face. We find that (1) there are two types of congestion – self congestion and cross congestion – that need to be carefully monitored; (2) the normal traffic itself causes significant packet loss in addition to the attack impacts in both remote and local attacks; (3) the number of flooding nodes has major impacts on remote attacks while, the load of normal traffic and the position of flooding nodes are critical to local attacks; and (4) given the same number of flooding nodes and attack loads, a remote DDoS attack can cause more damage to the network than a local DDoS attack.     

Simulation Based Comparative Study of Routing Protocols Under Wormhole Attack in Manet

A Mobile Ad hoc network (manet) has emerged as an autonomous, multi-hop, wireless and temporary type of network which works within the constraints like bandwidth, power and energy. Manet can be observed as an open type of network where nodes become a part of any network at any time that’s why it is susceptible to different types of attacks. Wormhole attack is most threatening security attack in ad hoc network where an attacker node receives packet at one location and replay them at other location which is remotely located far. In this paper, we study and compare the performance of AODV, DSR and ZRP under the impact of multiple wormhole attacker nodes. Diverse scenarios are characterized as like average of 50 runs and mobility. By statistical placement of multiple wormhole nodes across the network, we evaluate the performance in terms of throughput, packet delivery ratio, packet loss, average end to end delay and jitter. Finally based on the simulation we investigated the most affected routing protocol in terms of network metrics.     

Distributed detection of mobile malicious node attacks in wireless sensor networks

In wireless sensor networks, sensor nodes are usually fixed to their locations after deployment. However, an attacker who compromises a subset of the nodes does not need to abide by the same limitation. If the attacker moves his compromised nodes to multiple locations in the network, such as by employing simple robotic platforms or moving the nodes by hand, he can evade schemes that attempt to use location to find the source of attacks. In performing DDoS and false data injection attacks, he takes advantage of diversifying the attack paths with mobile malicious nodes to prevent network-level defenses. For attacks that disrupt or undermine network protocols like routing and clustering, moving the misbehaving nodes prevents them from being easily identified and blocked. Thus, mobile malicious node attacks are very dangerous and need to be detected as soon as possible to minimize the damage they can cause. In this paper, we are the first to identify the problem of mobile malicious node attacks, and we describe the limitations of various naive measures that might be used to stop them. To overcome these limitations, we propose a scheme for distributed detection of mobile malicious node attacks in static sensor networks. The key idea of this scheme is to apply sequential hypothesis testing to discover nodes that are silent for unusually many time periods—such nodes are likely to be moving—and block them from communicating. By performing all detection and blocking locally, we keep energy consumption overhead to a minimum and keep the cost of false positives low. Through analysis and simulation, we show that our proposed scheme achieves fast, effective, and robust mobile malicious node detection capability with reasonable overhead.     

Design and analysis of a denial-of-service-resistant quality-of-service signaling protocol for MANETs

Quality-of-service (QoS) signaling protocols for mobile ad hoc networks (MANETs) are highly vulnerable to attacks. In particular, a class of denial-of-service (DoS) attacks can severely cripple network performance with relatively little effort expended by the attacker. A distributed QoS signaling protocol that is resistant to a class of DoS attacks on signaling is proposed. The signaling protocol provides QoS for real-time traffic and employs mechanisms at the medium access control (MAC) layer, which serve to avoid potential attacks on network resource usage. The key MAC layer mechanisms that provide support for the QoS signaling scheme include sensing of available bandwidth, traffic policing, and rate monitoring, all of which are performed in a distributed manner by the mobile nodes. The proposed signaling scheme achieves a compromise between signaling protocols that require the maintenance of per-flow state and those that are completely stateless. The signaling scheme scales gracefully in terms of the number of nodes and/or traffic flows in the MANET. The authors analyze the security properties of the protocol and present simulation results to demonstrate its resistance to DoS attacks.     

移动自组网中基于声誉机制的安全路由协议设计与分析

移动自组网是一种有特殊用途的对等式网络,具有无中心、自组织、可快速展开、可移动等特点,这些特点使得它在战场、救灾等特殊场合的应用日渐受到人们的重视.由于在移动自组网络中每节点既是主机又是路由器,所以容易遭受基于路由信息的攻击,而现今的路由协议基本没有考虑到该问题.本文在分析移动自组网络安全特性的基础上,综述了该方面的研究工作,建立了基于声誉机制评价体系,并给出了具体的评价方法和计算模型.在此基础上,提出了基于声誉机制的安全路由协议S-DSR.仿真结果表明在存在攻击节点的情况下S-DSR协议比DSR协议具有更好的包传输率、包丢失率等属性.     

基于朋友机制的移动ad hoc网络路由入侵检测模型研究

从如何有效检测移动ad hoc网络路由入侵行为、如何准确地响应并将恶意路由节点移除网络,提供可信路由环境的角度进行分析,提出了一种基于朋友机制的轻量级移动ad hoc网络入侵检测模型,并以典型的黑洞攻击为例,通过OPNET网络建模仿真及实验分析,验证了该模型的可行性和有效性。     

路由信息的攻击对AODV协议性能的影响分析

AODV协议是移动自组网络中一种按需反应的表驱动路由协议。在移动自组网中，每个节点既是计算机又是路由器，容易遭受基于路由信息的网络攻击，而现今的路由协议基本没有考虑到该问题。本文在分析移动自组网中针对路由信息主要攻击方法的基础上，建立了主动性和自私性两个攻击模型，并且在AODV协议中扩充实现了这两类攻击行为。通过对模拟结果的分析和比较，讨论了路由信息的攻击对AODV协议性能的影响，并进一步探讨了针对基于路由信息攻击的防御措施。     

浅谈MANET网络攻击类型与网络安全

随着计算机网络技术的高速发展,互联网技术的应用越来越广泛.很快,由传统的防单机病毒,人们更加意识到网络安全的重要性.很多类型的攻击每天都在增加,保护计算机和网络安全是关键问题.MANET在计算机技术方面定义为移动自组网络的工作组,全称为Mobile Ad-hoc NETworks.本文描述了网络安全机密向量、网络安全完整性向量和网络安全可用性向量,并提出了MANET中的主要攻击类型.     

Novel intrusion prediction mechanism based on honeypot log similarity

The current network‐based intrusion detection systems have a very high rate of false alarms, and this phenomena results in significant efforts to gauge the threat level of the anomalous traffic. In this paper, we propose an intrusion detection mechanism based on honeypot log similarity analysis and data mining techniques to predict and block suspicious flows before attacks occur. With honeypot logs and association rule mining, our approach can reduce the false alarm problem of intrusion detection because only suspicious traffic would be present in the honeypots. The proposed mechanism can reduce human effort, and the entire system can operate automatically. The results of our experiments indicate that the honeypot prediction system is practical for protecting assets from attacks or misuse.