DAWA: Defending against wormhole attack in MANETs by using fuzzy logic and artificial immune system

Mobile ad hoc networks (MANETs) are mobile networks, which are automatically outspread on a geographically limited region, without requiring any preexisting infrastructure. Mostly, nodes are both self-governed and self-organized without requiring a central monitoring. Because of their distributed characteristic, MANETs are vulnerable to a particular routing misbehavior, called wormhole attack. In wormhole attack, one attacker node tunnels packet from its position to the other attacker nodes. Such wormhole attack results in a fake route with fewer hop count. If source node selects this fictitious route, attacker nodes have the options of delivering the packets or dropping them. For this reason, this paper proposes an improvement over AODV routing protocol to design a wormhole-immune routing protocol. The proposed protocol called defending against wormhole attack (DAWA) employs fuzzy logic system and artificial immune system to defend against wormhole attacks. DAWA is evaluated through extensive simulations in the NS-2 environment. The results show that DAWA outperforms other existing solutions in terms of false negative ratio, false positive ratio, detection ratio, packet delivery ratio, packets loss ratio and packets drop ratio.     

Modified DSR protocol for detection and removal of selective black hole attack in MANET

A black hole attack in ad hoc network refers to an attack by malicious nodes, which forcibly acquires the route from a source to destination by falsely advertising shortest hop count to reach the destination node. In this paper, we present a Modified Dynamic Source Routing Protocol (MDSR) to detect and prevent selective black hole attack. Selective black hole attack is a special kind of black hole attack where malicious nodes drop the data packets selectively. We proposed an Intrusion Detection System (IDS) where the IDS nodes are set in promiscuous mode only when required, to detect the abnormal difference in the number of data packets being forwarded by a node. When any anomaly is detected, the nearby IDS node broadcast the block message, informing all nodes on the network to cooperatively isolate the malicious node from the network. The proposed technique employs Glomosim to validate the effectiveness of proposed intrusion detection system.     

LiteWorp: Detection and isolation of the wormhole attack in static multihop wireless networks

In multihop wireless systems, such as ad hoc and sensor networks, the need for cooperation among nodes to relay each other’s packets exposes them to a wide range of security attacks. A particularly devastating attack is known as the wormhole attack, where a malicious node records control and data traffic at one location and tunnels it to a colluding node far away, which replays it locally. This can either disrupt route establishment or make routes pass through the malicious nodes. In this paper, we present a lightweight countermeasure for the wormhole attack, called LiteWorp, which relies on overhearing neighbor communication. LiteWorp is particularly suitable for resource-constrained multihop wireless networks, such as sensor networks. Our solution allows detection of the wormhole, followed by isolation of the malicious nodes. Simulation results show that every wormhole is detected and isolated within a very short period of time over a large range of scenarios. The results also show that the fraction of packets lost due to the wormhole when LiteWorp is applied is negligible compared to the loss in an unprotected network. Simulation results bring out the configuration where no framing is possible, while still having high detection rate. Analysis is done to show the low resource consumption of LiteWorp, the low detection latency, and the likelihood of framing by malicious nodes.     

AODV路由协议的安全性改进

针对Ad Hoc网络易遭受黑洞攻击而造成大量丢包现象的安全问题,提出了一种基于非合作博弈理论的安全路由方法。以Ad Hoc网络节点和恶意节点为对象建立双人博弈模型,理论分析证明该模型存在纳什均衡点,即对博弈的双方均存在优势策略。Ad Hoc网络根据自己的优势策略选择路由进行防御和网络传输,恶意节点根据自己的优势策略采取网络攻击行为。分析和仿真结果表明,新方法能有效地选择比较安全的路由,从而减少了恶意节点对Ad Hoc网络进行黑洞攻击造成的影响,降低了路由开销和网络丢包率。     

移动自组织网络中内部丢包的检测模型

无线移动自组织网络中数据的传输是基于中间节点的合作转发的,但由于内部自私节点为了节省带宽和电量或者网络受到恶意节点的攻击,导致丢包行为发生,网络性能严重降低。基于无线自组织网络常用的路由协议AODV,提出了一种新的针对内部丢包攻击的检测模型。该检测模型引入旁信道概念,旁信道节点和看门狗共同检测并记录节点转发报文行为,采用邻居信息表存放检测结果,当相应节点的记录值达到一定下限时就被隔离出网络。由于旁信道可以发送警报报文,该模型能够同时检测到自私节点或合作攻击节点引起的内部丢包攻击。     

无线传感器网络中的虫洞攻击防护机制

虫洞攻击能够随意制造“热点”区域以加速消耗特定区域能量,对依赖连接的无线传感器网络来说影响最大：直接导致获得的数据混乱,结果远远偏离实际情况。现有的措施虽然有一定的抵御作用,但是它们仍然存在很多不足。针对这种情况,提出了基于信誉认证的虫洞攻击抵御机制,利用了自反馈的信誉认证机制,不需要任何额外硬件。仿真实验结果表明,基于信誉认证的虫洞抵御机制能够有效地抵御无线传感器网络中各种类型的虫洞攻击。     

虫洞攻击检测与防御技术

虫洞攻击是一种针对Ad hoc路由协议,破坏网络路由机制的攻击,它是Ad hoc网络的重大安全威胁。该文提出一种基于信任评估的端到端虫洞检测方法,估算源节点和目的节点间最短路径长度,根据路由长度和邻居节点信任度来选择路由,从而检测和防御虫洞 攻击。     

一种新颖的移动自组网灰洞攻击检测方案

移动自组网(mobile ad hoc networks,MANETs)是典型的分布式网络,没有集中式的管理节点,网络拓扑动态变化,而且网络带宽有限.移动自组网无网络基础设施的特点,使其易于受到各种拒绝服务攻击(denial of service,DoS).灰洞攻击是一种类型的拒绝服务攻击,攻击者在网络状态良好的情况下,首先以诚实的方式参与路由发现过程,然后以不被察觉的方式丢弃部分或全部转发数据包.首先介绍了相关工作、DSR算法、聚合签名算法和网络模型.然后基于聚合签名算法,给出了用于检测丢包节点的3个相关算法:证据产生算法、审查算法和诊断算法.证据产生算法用于节点产生转发证据;审查算法用于审查源路由节点;诊断算法用于确定丢包节点.最后分析了算法的效率.ns-2仿真结果表明,在移动速度中等的网络中,提出的算法可以检测出多数丢包节点,且路由包开销较低.舍弃含丢包节点的路由后,数据发送率有相应的改善.     

An efficient homomorphic MAC-based scheme against data and tag pollution attacks in network coding-enabled wireless networks

Recent research efforts have shown that wireless networks can benefit from network coding (NC) technology in terms of bandwidth, robustness to packet losses, delay and energy consumption. However, NC-enabled wireless networks are susceptible to a severe security threat, known as data pollution attack, where a malicious node injects into the network polluted packets that prevent the destination nodes from decoding correctly. Due to recoding, occurred at the intermediate nodes, according to the core principle of NC, the polluted packets propagate quickly into other packets and corrupt bunches of legitimate packets leading to network resource waste. Hence, a lot of research effort has been devoted to schemes against data pollution attacks. Homomorphic MAC-based schemes are a promising solution against data pollution attacks. However, most of them are susceptible to a new type of pollution attack, called tag pollution attack, where an adversary node randomly modifies tags appended to the end of the transmitted packets. Therefore, in this paper, we propose an efficient homomorphic message authentication code-based scheme, called HMAC, providing resistance against data pollution attacks and tag pollution attacks in NC-enabled wireless networks. Our proposed scheme makes use of three types of homomorphic tags (i.e., MACs, D-MACs and one signature) which are appended to the end of the coded packet. Our results show that the proposed HMAC scheme is more efficient compared to other competitive tag pollution immune schemes in terms of complexity, communication overhead and key storage overhead.     

Pattern recognition for detecting distributed node exhaustion attacks in wireless sensor networks

Malicious attacks when launched by the adversary-class against sensor nodes of a wireless sensor network, can disrupt routine operations of the network. The mission-critical nature of these networks signifies the need to protect sensory resources against all such attacks. Distributed node exhaustion attacks are such attacks that may be launched by the adversarial class from multiple ends of a wireless sensor network against a set of target sensor nodes. The intention of such attacks is the exhaustion of the victim’s limited energy resources. As a result of the attack, the incapacitated data-generating legitimate sensor nodes are replaced with malicious nodes that will involve in further malicious activity against sensory resources. One such activity is the generation of fictitious sensory data to misguide emergency response systems to mobilize unwanted contingency activity. In this paper, a model is proposed for such an attack based on network traffic flow. In addition, a distributed mechanism for detecting such attacks is also defined. Specific network topology-based patterns are defined to model normal network traffic flow, and to facilitate differentiation between legitimate traffic packets and anomalous attack traffic packets. The performance of the proposed attack detection scheme is evaluated through simulation experiments, in terms of the size of the sensor resource set required for participation in the detection process for achieving a desired level of attack detection accuracy. The results signify the need for distributed pattern recognition for detecting distributed node exhaustion attacks in a timely and accurate manner.     

CTAC: Control traffic tunneling attacks’ countermeasures in mobile wireless networks

Multihop wireless ad hoc and sensor networks open the door for great networking opportunities especially in scenarios where it is infeasible or expensive to deploy significant networking infrastructure. However, the open communication media and the lack of networking infrastructure make these networks vulnerable to a wide range of security attacks. A particularly devastating attack is the control traffic tunneling attack, where a malicious node records control traffic at one location and tunnels it to a colluding node, possibly far away, which replays it locally. One of the control traffic attacks’ incarnations is the wormhole attack that can be used to prevent route establishment by preventing nodes from discovering legitimate routes that are more than two hops away. These attacks have been addressed by many researchers, however, most of the presented work is either limited to static scenarios, require expensive hardware or suffer from high overhead and performance degradation. In this paper, we present a scalable countermeasure for the control traffic tunneling attack, called CTAC, which alleviates these drawbacks and efficiently mitigates the attack in both static and mobile networks. CTAC uses trusted nodes called cluster heads (CH) for global tracking of node locations and profile keeping. Local monitoring is used to detect and isolate malicious nodes locally. Additionally, when sufficient suspicion builds up at a CH, it enforces a global isolation of the malicious node from the whole network. The performance gain, the relatively low overhead, and the positive impact of CTAC on the data traffic fidelity are brought out through analysis and extensive simulation using ns-2. The results show that CTAC achieves higher detection ratio and faster isolation time while considerably decreases the overhead energy and the end-to-end delay compared to the state-of-the art schemes.     

Dynamic camouflage event based malicious node detection architecture

Compromised sensor nodes may collude to segregate a specific region of the sensor network preventing event reporting packets in this region from reaching the basestation. Additionally, they can cause skepticism over all data collected. Identifying and segregating such compromised nodes while identifying the type of attack with a certain confidence level is critical to the smooth functioning of a sensor network. Existing work specializes in preventing or identifying a specific type of attack and lacks a unified architecture to identify multiple attack types. Dynamic Camouflage Event-Based Malicious Node Detection Architecture (D-CENDA) is a proactive architecture that uses camouflage events generated by mobile-nodes to detect malicious nodes while identifying the type of attack. We exploit the spatial and temporal information of camouflage event while analyzing the packets to identify malicious activity. We have simulated D-CENDA to compare its performance with other techniques that provide protection against individual attack types and the results show marked improvement in malicious node detection while having significantly less false positive rate. Moreover, D-CENDA can identify the type of attack and is flexible to be configured to include other attack types in future.     

基于信任感知的无线传感器网络安全路由协议

为提高无线传感器网络的安全性和节能性,提出一种基于信任的安全路由协议TSRP。根据新的直接信任值、间接信任值、挥发因子和剩余能量来计算邻居节点的综合信任值,以评估节点的安全指标,并快速地识别和排除发起黑洞攻击、选择性转发攻击、Hello洪泛攻击和槽洞攻击的恶意节点。sink针对难以发现的虫洞攻击,根据多条链路的链路质量、传输距离和跳数计算出最优路径以保证所选路由的安全性和节能性。仿真结果表明,与AODV和TBSRP相比,TSRP选择的最优路由有效地减少了每个节点的负载,降低了网络的延迟和丢包率。     

HiMAC:一种用于消息认证和加密的分层安全协议

为检测并阻止恶意节点伪装成新的可信节点攻击移动自组织网络,该文提出了一种用于消息认证和加密的分层安全协议(HiMAC)。该协议将分层消息认证码用于保护移动Ad-Hoc网络中的数据传播。在源和目标之间的由中间节点转发分组时动态地计算可信路由,在每个中间节点对数据包进行签名和加密,防止攻击者篡改数据包或修改其跳数,实现数据可信传输。在NS2模拟器中,运用Crypto++库中的RSA算法对HiMAC进行测试。结果表明:HiMAC可以检测和阻止对MANET节点和数据包的攻击;与原有的A-SAODV安全机制相比, HiMAC平均跳数减少了47.1%,平均队列长度减小了35.5%,节点数据包数量降低2.5倍,其性能明显优于A-SAODV。尽管HiMAC的密码操作给路由协议带来了额外的开销,但由于HiMAC采用基于信任机制动态建立安全路由,使得节点能够动态地选择路径上的下一个节点,不必始终保持安全路由,使得HiMAC中的增减开销可以相互抵消达到平衡。     

Detection of wormhole attacks in multi-path routed wireless ad hoc networks: A statistical analysis approach

Various routing attacks for single-path routing have been identified for wireless ad hoc networks and the corresponding counter measures have been proposed in the literature. However, the effects of routing attacks on multi-path routing have not been addressed. In this paper, the performance of multi-path routing under wormhole attack is studied in detail. The results show that multi-path routing is vulnerable to wormhole attacks. A simple scheme based on statistical analysis of multi-path (called SAM) is proposed to detect such attacks and to identify malicious nodes. Comparing to the previous approaches (for example, using packet leash), no special requirements (such as time synchronization or GPS) are needed in the proposed scheme. Simulation results demonstrate that SAM successfully detects wormhole attacks and locates the malicious nodes in networks with different topologies and with different node transmission range. Moreover, SAM may act as a module in local detection agents in an intrusion detection system (IDS) for wireless ad hoc networks.     

Efficient, Secure, Dynamic Source Routing for Ad-hoc Networks

Routing is a must for networks that do not have a fixed point-to-point infrastructure, such as in an ad hoc wireless network that offers unrestricted mobility. A source node in such a network can communicate with a distant destination node after finding a route, relying on the intermediate nodes to transfer the packets. However, some intermediate nodes might act selfishly and drop packets for other nodes in order to save their own battery power. In this paper, we propose an algorithm to find selfish nodes and deal with them, using a modified Dynamic Source Routing (DSR) protocol, that we call Efficient Secure Dynamic Source Routing (ESDSR). Our results show an increase in the packet delivery ratio in a network containing selfish/unreliable nodes when we compare DSR with our protocol.     

Prevention of selective black hole attacks on mobile ad hoc networks through intrusion detection systems

A black hole attack on a MANET refers to an attack by a malicious node, which forcibly acquires the route from a source to a destination by the falsification of sequence number and hop count of the routing message. A selective black hole is a node that can optionally and alternately perform a black hole attack or perform as a normal node. In this paper, several IDS (intrusion detection system) nodes are deployed in MANETs in order to detect and prevent selective black hole attacks. The IDS nodes must be set in sniff mode in order to perform the so-called ABM (Anti-Blackhole Mechanism) function, which is mainly used to estimate a suspicious value of a node according to the abnormal difference between the routing messages transmitted from the node. When a suspicious value exceeds a threshold, an IDS nearby will broadcast a block message, informing all nodes on the network, asking them to cooperatively isolate the malicious node. This study employs ns2 to validate the effect of the proposed IDS deployment, as IDS nodes can rapidly block a malicious node, without false positives, if a proper threshold is set.     

分组无线网缠绕多路径数据路由协议仿真

在分组无线网的路由协议中,传统路由协议在恶意节点数目较多时网络吞吐量较低,因此提出一种分组无线网缠绕多路径数据路由协议,利用获取的源节点数量信息与位置信息进行路由发现;根据路由发现结果建立从汇聚节点至源节点之间的路径,从而建立缠绕多径路由;对缠绕多径路由进行建簇与重构;进行支路径数优化,从而实现分组无线网缠绕多路径数据路由协议的构建。为了验证上述路由协议的网络吞吐量,将路由协议与基于链路状态的主动式多路径路由协议、基于动态源的按需式多路径路由协议、基于距离矢量的混合式多路径路由协议进行对比,上述四种路由协议在恶意节点数目为30时的网络吞吐量分别为69.5%、33.5%、23.6%、4.2%,通过比较可知,新提出的路由协议的网络吞吐量最高,证明了新路由协议的性能。     

Ad Hoc网络中的虫洞攻击与检测方法研究

虫洞攻击是一种针对移动自组织网络路由协议的攻击,一般是至少由两个节点进行合谋的协同攻击。攻击节点之间通过虫洞攻击能够大量吸引数据包,从而达到控制网络的目的。基于按需距离矢量路由协议,根据移动自组织网络中的虫洞攻击原理,采用NS2仿真平台,通过对按需距离矢量路由协议的修改,对虫洞攻击进行了仿真,并且分析了虫洞攻击对网络性能参数的影响。根据虫洞攻击特性,设计了三种攻击检测方法:地理位置定位、邻居信任检测以及邻居监听。将这三种方法在NS2中仿真,验证了其可行性。     

Fuzzy Based Reliable Load Balanced Routing Approach for Ad hoc Sensor Networks

Energy management and packet delivery rate are the important factors in ad hoc networks. It is the major network where nodes share the information without administration. Due to the mobility of nodes, maximum energy is spent on transmission of packets. Mostly energy is wasted on packet dropping and false route discovery. In this research work, Fuzzy Based Reliable Load Balanced Routing Approach (RLRA) is proposed to provide high energy efficiency and more network lifetime using optimal multicast route discovery mechanism. It contains three phases. In first phase, optimal multicast route discovery is initiated to resolve the link failures. In second phase, the link quality is estimated and set to threshold value to meet the requirements of high energy efficiency. In third phase, energy model is shown to obtain total energy of network after transmission of packets. A multicast routing is established Based on path reliability and fault tolerant calculation is done and integrated with multicast routing. The routes can withstand the malicious issues. Fuzzy decision model is integrated with propose protocol to decide the performance of network lifetime. The network simulation tool is used for evaluating the RLRA with existing schemes and performance of RLRA is good compared to others.