Collaborative techniques for intrusion detection in mobile ad-hoc networks

In this paper, we present two intrusion detection techniques for mobile ad-hoc networks, which use collaborative efforts of nodes in a neighborhood to detect a malicious node in that neighborhood. The first technique is designed for detection of malicious nodes in a neighborhood of nodes in which each pair of nodes in the neighborhood are within radio range of each other. Such a neighborhood of nodes is known as a clique [12]. The second technique is designed for detection of malicious nodes in a neighborhood of nodes, in which each pair of nodes may not be in radio range of each other but where there is a node among them which has all the other nodes in its one-hop vicinity. This neighborhood is identical to a cluster as mentioned in [12]. Both techniques use message passing between the nodes. A node called the monitor node initiates the detection process. Based on the messages that it receives during the detection process, each node determines the nodes it suspects to be malicious and send votes to the monitor node. The monitor node upon inspecting the votes determines the malicious nodes from among the suspected nodes. Our intrusion detection system is independent of any routing protocol. We give the proof of correctness of the first algorithm, which shows that it correctly detects the malicious nodes always when there is no message loss. We also show with the help of simulations that both the algorithms give good performance even when there are message losses arising due to unreliable channel.     

Friend-assisted intrusion detection and response mechanisms for mobile ad hoc networks

Nowadays, a commonly used wireless network (i.e., Wi-Fi) operates with the aid of a fixed infrastructure (i.e., an access point) to facilitate communication between nodes. The need for such a fixed supporting infrastructure limits the adaptability and usability of the wireless network, especially in situations where the deployment of such an infrastructure is impractical. Recent advancements in computer network introduced a new wireless network, known as a mobile ad hoc network (MANET), to overcome the limitations. Often referred as a peer to peer network, the network does not have any fixed topology, and through its multi hop routing facility, each node can function as a router, thus communication between nodes becomes available without the need of a supporting fixed router or an access point. However, these useful facilities come with big challenges, particularly with respect to providing security. A comprehensive analysis of attacks and existing security measures suggested that MANET are not immune to a colluding blackmail because such a network comprises autonomous and anonymous nodes. This paper addresses MANET security issues by proposing a novel intrusion detection system based upon a friendship concept, which could be used to complement existing prevention mechanisms that have been proposed to secure MANETs. Results obtained from the experiments proved that the proposed concepts are capable of minimising the problem currently faced in MANET intrusion detection system (IDS). Through a friendship mechanism, the problems of false accusations and false alarms caused by blackmail attackers in intrusion detection and response mechanisms can be eliminated.     

A novel support vector machine based intrusion detection system for mobile ad hoc networks

Wireless Networks - The performance of mobile ad hoc networks (MANETs) is significantly affected by the malicious nodes. One of the most common attacks in MANETs is denial of service (DoS); a type...     

GUARD: an intrusion detection framework for routing protocols in multi-hop wireless networks

Wireless Networks - The Multihop Wireless Networks have received great attention in recent years, owing to the rapid proliferation of wireless devices. The wireless routing protocols assume that...     

LIDF: Layered intrusion detection framework for ad-hoc networks

As ad-hoc networks have different characteristics from a wired network, the intrusion detection techniques used for wired networks are no longer sufficient and effective when adapted directly to a wireless ad-hoc network. In this article, first the security challenges in intrusion detection for ad-hoc networks are identified and the related work for anomaly detection is discussed. We then propose a layered intrusion detection framework, which consists of collection, detection and alert modules that are handled by local agents. The collection, detection and alert modules are uniquely enabled with the main operations of ad-hoc networking, which are found at the OSI link and network layers. The proposed modules are based on interpolating polynomials and linear threshold schemes. An experimental evaluation of these modules shows their efficiency for several attack scenarios, such as route logic compromise, traffic patterns distortion and denial of service attacks.     

Distributed node selection for threshold key management with intrusion detection in mobile ad hoc networks

In mobile ad hoc networks (MANETs), identity (ID)-based cryptography with threshold secret sharing is a popular approach for the security design. Most previous work for key management in this framework concentrates on the protocols and structures. Consequently, how to optimally conduct node selection in ID-based cryptography with threshold secret sharing is largely ignored. In this paper, we propose a distributed scheme to dynamically select nodes with master key shares to do the private key generation service. The proposed scheme can minimize the overall threat posed to the MANET while simultaneously taking into account of the cost (e.g., energy consumption) of using these nodes. Intrusion detection systems are modeled as noisy sensors to derive the system security situations. We use stochastic system to formulate the MANET to obtain the optimal policy. Simulation results are presented to illustrate the effectiveness of the proposed scheme.     

A routing architecture for mobile integrated services networks

A drawback of the conventional Internet routing architecture is that its route computation and packet forwarding mechanisms are poorly integrated with congestion control mechanisms. Any datagram offered to the network is accepted; routers forward packets on a best-effort basis and react to congestion only after the network resources have already been wasted. A number of proposals improve on this to support multimedia applications; a promising example is the Integrated Services Packet Network (ISPN) architecture. However, these proposals are oriented to networks with fairly static topologies and rely on the same conventional Internet routing protocols to operate. This paper presents a routing architecture for mobile integrated services networks in which network nodes (routers) can move constantly while providing end-to-end performance guarantees. In the proposed connectionless routing architecture, packets are individually routed towards their destinations on a hop by hop basis. A packet intended for a given destination is allowed to enter the network if and only if there is at least one path of routers with enough resources to ensure its delivery within a finite time. Once a packet is accepted into the network, it is delivered to its destination, unless resource failures prevent it. Each router reserves resources for each active destination, rather than for each source–destination session, and forwards a received packet along one of multiple loop-free paths towards the destination. The resources and available paths for each destination are updated to adapt to congestion and topology changes. This mechanism could be extended to aggregate dissimilar flows as well. This revised version was published online in June 2006 with corrections to the Cover Date.     

Wireless sensor networks for intrusion detection: packet traffic modeling

Performance evaluation of wireless sensor network (WSN) protocols requires realistic data traffic models since most of the WSNs are application specific. In this letter, a sensor network packet traffic model is derived and analyzed for intrusion detection applications. Presented analytical work is also validated using simulations.     

基于多自治代理的一种分布式入侵检测系统

提出了一种基于多自治代理的分布式入侵检测系统结构，该结构不仅能够避免分布式系统中存在的单点失效问题、平衡计算并提高系统整体的效率，还可以大大的降低系统对网络入侵行为的响应时间，使入侵检测系统能够适应计算机及互联网的迅速发展。     

An elastic intrusion detection system for software networks

Internal users are the main causes of anomalous and suspicious behaviors in a communication network. Even when traditional security middleboxes are present, internal attacks may lead the network to outages or to leakage of sensitive information. In this article, we propose BroFlow, an Intrusion Detection and Prevention System based on Bro traffic analyzer and on the global network view of the software-defined networks (SDN) which is provided by the OpenFlow. BroFlow main contributions are (i) dynamic and elastic resource provision of traffic-analyzing machines under demand; (ii) real-time detection of DoS attacks through simple algorithms implemented in a policy language for network events; (iii) immediate reaction to DoS attacks, dropping malicious flows close of their sources, and (iv) near-optimal placement of sensors through a proposed heuristic for strategically positioning sensors in the network infrastructure, which is shared by multi-tenants, with a minimum number of sensors. We developed a prototype of the proposed system, and we evaluated it in a virtual environment of the Future Internet Testbed with Security (FITS). An evaluation of the system under attack shows that BroFlow guarantees the forwarding of legitimate packets at the maximal link rate, reducing up to 90 % of the maximal network delay caused by the attack. BroFlow reaches 50 % of bandwidth gain when compared with conventional firewalls approaches, even when the attackers are legitimate tenants acting in collusion. In addition, the system reduces the sensors number, while keeping full coverage of network flows.     

OpenRAN: a new architecture for mobile wireless Internet radioaccess networks

Cellular telephony networks depend on an extensive wired network to provide access to the radio link. The wired network, called a radio access network, provides such functions as power control and, in CDMA networks, combination of soft handoff legs (also known as macrodiversity resolution) that require coordination between multiple radio base stations and multiple mobile terminals. Existing RAN architectures for cellular systems are based on a centralized radio network controller connected by point-to-point links with the radio base transceiver stations. The existing architecture is subject to a single point of failure if the RNC fails, and is difficult to expand because adding an RNC is expensive. Also, although a network operator may have multiple radio link protocols available, most RAN architectures treat each protocol separately and require a separate RAN control protocol for each. We describe a new architecture, the OpenRAN architecture, based on a distributed processing model with a routed IP network as the underlying transport fabric. OpenRAN was developed by the Mobile Wireless Internet Forum IP in the RAN working group. The OpenRAN architecture applies principles to the radio access network that have been successful in reducing cost and increasing reliability in data communications networks. The result is an architecture that can serve as the basis for an integrated next-generation cellular radio access network     

Building a signaling protocol architecture for future mobile networks

Third-generation mobile systems are emerging. These systems will support a unified user access to a variety of services, including the existing mobile and fixed network (PSTN, N-ISDN) services, the enhanced multimedia and multiparty services envisaged for broadband networks, and personal communication services as well. The role of signaling is predominant in building a flexible, efficient, and evolving system. The aim of this paper is to provide a framework for developing a signaling protocol architecture for future mobile networks. The study especially focuses on the universal mobile telecommunication system (UMTS). Within this framework various design and operational requirements imposed on UMTS can be satisfied. A method to deal with the functional complexity of UMTS is provided. Mobile networks are viewed as integral parts of the broadband infrastructure and are built upon the IN principles.     

An immunity-based security architecture for mobile ad hoc networks

This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in mobile ad hoc networks. In this approach, the immunity-based agents monitor the situation in the network. These agents can take appropriate actions according to the underlying security policies. Specifically, their activities are coordinated in a hierarchical fashion while sensing, communicating, decision and generating responses. Such an agent can learn and adapt to its environment dynamically and can detect both known and unknown intrusions. The proposed intrusion detection architecture is designed to be flexible, extendible, and adaptable that can perform real-time monitoring. This paper provides the conceptual view and a general framework of the proposed system. In the end, the architecture is illustrated by an example to show it can prevent the attack efficiently.     

A lightweight intrusion detection framework for wireless sensor networks

In recent years, Wireless Sensor Networks (WSNs) have demonstrated successful applications for both civil and military tasks. However, sensor networks are susceptible to multiple types of attacks because they are randomly deployed in open and unprotected environments. It is necessary to utilize effective mechanisms to protect sensor networks against multiple types of attacks on routing protocols. In this paper, we propose a lightweight intrusion detection framework integrated for clustered sensor networks. Furthermore, we provide algorithms to minimize the triggered intrusion modules in clustered WSNs by using an over‐hearing mechanism to reduce the sending alert packets. Our scheme can prevent most routing attacks on sensor networks. In in‐depth simulation, the proposed scheme shows less energy consumption in intrusion detection than other schemes. Copyright © 2009 John Wiley & Sons, Ltd.     

A mobility toolbox architecture for all-IP networks: an ambient networks approach [architectures and protocols for mobility management in all-IP mobile networks]

The future Internet will need to cater to an increasing number of mobile devices and mobile networks, roaming across different access networks and trust domains. In addition, various limitations imposed by the end user, service provider, or network operator agreements and preferences will need to be considered. A plethora of mobility management protocols have been proposed to handle different and mostly limited sets of these mobility requirements. In this article we make the case for coexistence of mobility protocols in order to support the large range of mobility scenarios possible in future all-IP networks. This coexistence takes the form of a mobility toolbox that enables mobility handling mechanisms to be selected according to the context. We then present a design for the mobility toolbox as a component of the ambient networks architecture, including a simplified mobility tool interface toward protocol modules, and show how it meets the requirements of future all-IP networks. We further demonstrate the feasibility and performance gains of the mobility toolbox architecture with a prototype implementation based on network mobility.     

Optimized deep learning-based intrusion detection for wireless sensor networks

The technological innovations and wide use of Wireless Sensor Network (WSN) applications need to handle diverse data. These huge data possess network security issues as intrusions that cannot be neglected or ignored. An effective strategy to counteract security issues in WSN can be achieved through the Intrusion Detection System (IDS). IDS ensures network integrity, availability, and confidentiality by detecting different attacks. Regardless of efforts by various researchers, the domain is still open to obtain an IDS with improved detection accuracy with minimum false alarms to detect intrusions. Machine learning models are deployed as IDS, but their potential solutions need to be improved in terms of detection accuracy. The neural network performance depends on feature selection, and hence, it is essential to bring an efficient feature selection model for better performance. An optimized deep learning model has been presented to detect different types of attacks in WSN. Instead of the conventional parameter selection procedure for Convolutional Neural Network (CNN) architecture, a nature-inspired whale optimization algorithm is included to optimize the CNN parameters such as kernel size, feature map count, padding, and pooling type. These optimized features greatly improved the intrusion detection accuracy compared to Deep Neural network (DNN), Random Forest (RF), and Decision Tree (DT) models.     

基于朋友机制的移动ad hoc网络路由入侵检测模型研究

从如何有效检测移动ad hoc网络路由入侵行为、如何准确地响应并将恶意路由节点移除网络,提供可信路由环境的角度进行分析,提出了一种基于朋友机制的轻量级移动ad hoc网络入侵检测模型,并以典型的黑洞攻击为例,通过OPNET网络建模仿真及实验分析,验证了该模型的可行性和有效性。     

无线传感网络中基于规则预设的集中式入侵检测系统

黑洞攻击和选择性转发攻击是威胁分簇无线传感器路由协议安全的主要攻击手段。提出一种基于规则预设的集中式入侵检测系统,预设两种攻击条件下网络的行为规则,一旦簇头通过收发控制分组检测到入侵节点,发现网络行为偏离预设规则,则判定网络遭受某种网络攻击。使用网络仿真软件(NS2)评估入侵检测系统。仿真实验结果证明,在节点能量受限的无线传感器网络应用场景下,集中式入侵检测系统具有优越的安全性能和节能特性。     

TOPS: an architecture for telephony over packet networks

Packet telephony is of increasing interest in both the telecommunications and Internet communities. The emergence of packet telephony will create new services, and presents an opportunity to rethink how conventional telephony services are implemented. In this paper, we present an architecture for telephony over packet networks (TOPS). TOPS allows users to move between terminals or to use mobile terminals while being reachable by the same name. TOPS users can have multiple terminals and control how calls are routed to them. TOPS allows for terminals with a range of capabilities such as support for video, whiteboard, and other media with a variety of coding formats. TOPS retains the necessary information on terminal capabilities to determine the appropriate type of communication to be established with the remote terminal. The architecture assumes that the underlying network supports the establishment of end-to-end connectivity between terminals, with an appropriate quality of service. The components of TOPS are a directory service, an application layer signaling protocol, and a logical channel abstraction for communication between end-systems. The directory service maps a user's name to a set of terminals where the user may be reached. A user can control the translation operation by specifying profiles that customize how his name is mapped to a set of terminals where he can be reached. Terminal capabilities are also stored in the directory service. The application layer signaling protocol establishes and maintains call state between communicating terminals. The logical channel abstraction provides a shared end-to-end context for a call's constituent media and control streams, while isolating the applications from the details of the network transport mechanisms. In addition to supporting simple point-to-point calls, the architecture supports both centralized and decentralized conferencing. We also introduce a simple encapsulation format for voice