以SIP协定整合移动AD HOC网络

随着时代的演进,网络通讯科技的发展也从有线网络演进到无线网络。其中移动AdHoc网络,更是备受瞩目。它是由许多具有无线装置的移动节点所动态构成的网络,节点与节点之间的通讯是经由其邻近的节点所传送,其特色是不需预先建构相关网络基础设施。该论文是建立在集群路由方式的移动AdHoc网络平台上,整合IPv6自动组态设定和SIP协定,以提供移动节点所需的IP地址,与相关位置指信息。并提出一个分散式路由机制,使网络内的终端机可与移动网络节点互相通讯。     

一种MANET网络的位置辅助路由协议

Ad-Hoc网络（即MANET）由于节点的移动，导致路由频繁变化．基于位置辅助路由协议（LAR1），本文提出了一种带路径优化的增强LAR1协议（ELAR1）．节点通过在接收到的路由请求包中获取其携带的其它转发节点位置信息，提高发起路由请求时预知目的节点位置的几率，降低网络内路由广播包的数量．针对路由路径中可能存在非最短路由，利用位置信息对获得的路由进行路径优化．仿真结果表明，ELAR1比LAR1有较低的路由请求开销、较高的包投递率和较低的端到端延迟．     

Securing Passive Objects in Mobile Ad-Hoc Peer-to-Peer Networks

Security and privacy in mobile ad-hoc peer-to-peer environments are hard to attain, especially when working with passive objects (without own processing power, e.g. RFID tags). This paper introduces a method for integrating such objects into a peer-to-peer environment without infrastructure components while providing a high level of privacy and security for peers interacting with objects. The integration is done by associating public keys to passive objects, which can be used by peers to validate proxies (peers additionally acting on behalf of objects). To overcome the problem of limited storage capacity on small embedded objects, ECC keys are used.     

Modeling and Evaluation of a Policy Provisioning Architecture for Mobile Ad-Hoc Networks

The ability to dynamically configure mobile ad-hoc network (MANET) devices is critical for supporting complex services such as quality of service (QoS), security and access control in these networks. In our work, we address the problem of policy distribution and provisioning in MANETs. Previously, we have proposed a policy provisioning architecture that enables the operator, e.g., a military command and control center, to maintain a logically centralized control of the network as a whole, while allowing a physically decentralized and self-managing implementation essential for a MANET environment. In this paper, we present an analytical model of the availability of the policy distribution service in a MANET and analyze the performance using stochastic Petri nets (SPNs). We develop the model at two levels of complexity: as a simple Markovian model with Poisson assumptions and as a more accurate non-Markovian model with general distributions obtained using statistical parameterization. We compare and cross-validate the analytical results with simulation and experimental results. Finally, we illustrate the effectiveness of the architecture for managing QoS for soft real-time applications, using an emulated mobile ad-hoc network testbed.     

无线传感器网络的生存性评估

当前无线传感器网络的生存性评估模型均假设网络的节点分布符合某种规律且在长期的运行中规律保持不变,但该种模型未考虑节点的移动性。针对以上问题进行了研究,通过引入节点的移动速率建立连续时间马尔科夫链表示的评估模型,该模型不依赖于网络的拓扑,能准确反映出节点的实际分布情况;其次研究不同攻击和故障对节点隔离的影响;稳态连通概率是刻画可生存性最为重要的指标,最后提出该指标的计算方法。仿真实验结果表明,本文提出的生存性评估模型能够对无线传感器网络的生存性进行有效的评估。     

移动自组网中一种新的混合认证协议

在现有的面向移动自组网环境的认证方案中,分布式认证的安全性高,但其认证成功率低,尤其是在大规模移动自组网中。针对这一问题,该文提出一种将分布式认证和链式认证有机结合的混合认证方案,前者用于证书管理,后者用于身份认证。理论分析表明,在保证安全性的前提下,该方案提高了协议的可扩展性和认证成功率。     

移动自组网络分布式组密钥更新算法

安全性是移动自组网络组通信的基本需求,安全、高效的组密钥更新算法是保证组通信安全的关键.在移动自组网络分布式组密钥管理框架(distrbuted group key management framework,简称DGKMF)的基础上,提出了一种组密钥更新算法--DGR(distributed group rekeying)算法.该算法能够利用局部密钥信息更新组密钥,适合拓扑结构变化频繁、连接短暂、带宽有限的移动自组网络.为了进一步降低算法的通信代价,通过在组密钥更新时动态生成组密钥更新簇，对DGR算法进行了改进，提出了CDGR(cluster distributed group rekeying)算法，并讨论了上述算法的安全性、正确性和完备性，分析了算法的通信代价.最后，利用ns2模拟器对算法的性能进行了分析.模拟结果显示，DGR和CDGR算法在组密钥更新成功率和延迟等方面均优于其他算法，并且由于采用簇结构，CDGR算法的更新延迟低于DGR算法.     

Defense Against Injecting Traffic Attacks in Wireless Mobile Ad-Hoc Networks

In ad-hoc networks, nodes need to cooperatively forward packets for each other. Without necessary countermeasures, such networks are extremely vulnerable to injecting traffic attacks, especially those launched by insider attackers. Injecting an overwhelming amount of traffic into the network can easily cause network congestion and decrease the network lifetime. In this paper, we focus on those injecting traffic attacks launched by insider attackers. After investigating the possible types of injecting traffic attacks, we have proposed two sets of defense mechanisms to combat such attacks. The first set of defense mechanisms is fully distributed, while the second is centralized with decentralized implementation. The detection performance of the proposed mechanisms has also been formally analyzed. Both theoretical analysis and experimental studies have demonstrated that under the proposed defense mechanisms, there is almost no gain to launch injecting traffic attacks from the attacker's point of view     

Intrusion Detection Systems in Internet of Things and Mobile Ad-Hoc Networks

Internet of Things (IoT) devices work mainly in wireless mediums; requiring different Intrusion Detection System (IDS) kind of solutions to leverage 802.11 header information for intrusion detection. Wireless-specific traffic features with high information gain are primarily found in data link layers rather than application layers in wired networks. This survey investigates some of the complexities and challenges in deploying wireless IDS in terms of data collection methods, IDS techniques, IDS placement strategies, and traffic data analysis techniques. This paper’s main finding highlights the lack of available network traces for training modern machine-learning models against IoT specific intrusions. Specifically, the Knowledge Discovery in Databases (KDD) Cup dataset is reviewed to highlight the design challenges of wireless intrusion detection based on current data attributes and proposed several guidelines to future-proof following traffic capture methods in the wireless network (WN). The paper starts with a review of various intrusion detection techniques, data collection methods and placement methods. The main goal of this paper is to study the design challenges of deploying intrusion detection system in a wireless environment. Intrusion detection system deployment in a wireless environment is not as straightforward as in the wired network environment due to the architectural complexities. So this paper reviews the traditional wired intrusion detection deployment methods and discusses how these techniques could be adopted into the wireless environment and also highlights the design challenges in the wireless environment. The main wireless environments to look into would be Wireless Sensor Networks (WSN), Mobile Ad Hoc Networks (MANET) and IoT as this are the future trends and a lot of attacks have been targeted into these networks. So it is very crucial to design an IDS specifically to target on the wireless networks.     

A Framework for Optimizing End-to-End Connectivity Degree in Mobile Ad-Hoc Networks

Mobile ad-hoc networks are networks spontaneously deployed from a set of mobile devices without requiring any fixed infrastructures. The increasing interest in this technology raises new research challenges towards providing them a management framework. Network users expect a service level as close as in regular fixed networks. A primary expectation is the capability to communicate (end-to-end) with the other network users. We present in this paper a framework for monitoring and optimizing this capability in mobile ad-hoc networks. Our normalized metric, called end-to-end connectivity degree, characterizes the number of nodes, that a node can reach in the entire network. We describe a management architecture to monitor this metric together with the network density, and illustrate how routing configuration can be performed to optimize it.     

移动自组网络组密钥管理框架

许多应用于军事、紧急救灾等场合的移动自组网络需要安全组通信支持,然而节点的移动性、链路不可靠以及多跳通信延迟等特点使移动自组网络的组密钥管理面临巨大的挑战。基于秘密共享机制和RSA非对称机密体制提出了一种新的移动自组网络组密钥管理框架DGKMF,该框架具有不依赖网络拓扑结构、组密钥局部生成以及有效维护组密钥的一致性的特点。模拟实验表明,DGKMF在组密钥更新成功率和延迟等方面均优于其他协议和算法。     

移动自组网络环境下组密钥管理协议性能分析

移动自组网络是一种不依赖任何固定基础设施的新型无线网络。组通信是移动自组网络的重要通信方式之一。本文分析三种有线网络组密钥管理协议(CKD协议、GDH v．2协议以及BD协议)的通信与运算代价,比较了它们在移动自组网络中的性能,指出了移动自组网络对组密钥管理协议的特殊需求,提出了移动自组网络组密钥管理协议的研究思路     

基于博弈的MANETs信任模型研究

移动Ad-Hoc网络(MANET)是由一组带有无线收发装置的移动节点组成的无须固定设置支持的临时性的通信网络.MANETs具有开放的媒质、动态的拓扑结构、分布式的合作和受限的网络能力等基本特点.在MANETs中,节点之间相互信赖路由和转发数据包,节点间的合作是非常重要的.但是由于自私节点为了储存能量和其他资源,而不参与转发数据.由于MANETs通信没有第3方的中心认证,所以集中于强制合作是不适应的.基于博弈研究MANETs中的节点行为,根据节点的信誉度来获得资源,刺激节点共享资源和转发数据.提出了基于博弈理论的信任模型,鼓励包转发,约束自私节点.仿真结果表明该信任模型能够识别自私节点并且能在信任节点之间建立信任,提高了整个网络效率.     

一种新颖的移动自组网灰洞攻击检测方案

移动自组网(mobile ad hoc networks,MANETs)是典型的分布式网络,没有集中式的管理节点,网络拓扑动态变化,而且网络带宽有限.移动自组网无网络基础设施的特点,使其易于受到各种拒绝服务攻击(denial of service,DoS).灰洞攻击是一种类型的拒绝服务攻击,攻击者在网络状态良好的情况下,首先以诚实的方式参与路由发现过程,然后以不被察觉的方式丢弃部分或全部转发数据包.首先介绍了相关工作、DSR算法、聚合签名算法和网络模型.然后基于聚合签名算法,给出了用于检测丢包节点的3个相关算法:证据产生算法、审查算法和诊断算法.证据产生算法用于节点产生转发证据;审查算法用于审查源路由节点;诊断算法用于确定丢包节点.最后分析了算法的效率.ns-2仿真结果表明,在移动速度中等的网络中,提出的算法可以检测出多数丢包节点,且路由包开销较低.舍弃含丢包节点的路由后,数据发送率有相应的改善.     

基于邻结点表的MAN ET网络路由协议

本文先分析了当前MANET系统中的路由协议,提出了一种基于邻结点表的路由协议算法,利用邻结点信息,提高了路由的自我维护能力。最后通过仿真实验,验证了该算法的有效性。     

Ensemble methods for anomaly detection and distributed intrusion detection in Mobile Ad-Hoc Networks

This paper examines the problem of distributed intrusion detection in Mobile Ad-Hoc Networks (MANETs), utilizing ensemble methods. A three-level hierarchical system for data collection, processing and transmission is described. Local IDSs (intrusion detection systems) are attached to each node of the MANET, collecting raw data of network operation, and computing a local anomaly index measuring the mismatch between the current node operation and a baseline of normal operation. Anomaly indexes from nodes belonging to a cluster are periodically transmitted to a cluster head, which averages the node indexes producing a cluster-level anomaly index. Cluster heads periodically transmit these cluster-level anomaly indexes to a manager which averages them.On the theoretical side, we show that averaging improves detection rates under very mild conditions concerning the distributions of the anomaly indexes of the normal class and the anomalous class. On the practical side, the paper describes clustering algorithms to update cluster centers and machine learning algorithms for computing the local anomaly indexes. The complete suite of algorithms was implemented and tested, under two types of MANET routing protocols and two types of attacks against the routing infrastructure. Performance evaluation was effected by determining the receiver operating characteristics (ROC) curves and the corresponding area under the ROC curve (AUC) metrics for various operational conditions. The overall results confirm the theoretical developments related with the benefits of averaging with detection accuracy improving as we move up in the node–cluster–manager hierarchy.     

基于邻结点表的MANET网络路由协议

本文先分析了当前MANET系统中的路由协议，提出了一种基于邻结点表的路由协议算法，利用邻结点信息，提高了路由的自我维护能力。最后通过仿真实验，验证了该算法的有效性。     

QoSTRP: A Trusted Clustering Based Routing Protocol for Mobile Ad-Hoc Networks

Programming and Computer Software - One of the secured communication methods in MANET is providing a Trust Management (TM). A TM calculates a trust value for all the participants in the...     

Ad—Hoc网络中的密钥建立协议

Ad-Hoc网络作为一种新兴的无线网络,与传统的无线网络相比缺少固定基础设施的支持(比如基站或移动交换中心),节点直接依靠无线链路进行通信并维持网络的连接。由于Ad-Hoc网络的建立灵活便捷,因此在军事、商业上有着广泛的应用前景,比如:战场上的作战单位之间的通信,数字电子设备之间的联网以及虚拟会议(教室)等等。Ad-Hoc网络的安全性问题也随之成为一个研究热点,文[1,2]对此作了讨论。     

一种基于马尔可夫链的车辆自组网可生存性模型

根据车辆自组网（VANET）的特点和实际应用,分析了VANET的可生存性要素,给出了VANET的可生存性定义,分析了VANET的服务、威胁与策略,提出了基于马尔可夫链的平均可生存性量化模型,并通过模拟验证了该模型的正确性。理论和模拟结果均表明,保证基本服务和防止严重威胁可以有效保障VANET的可生存性。