A survey of routing attacks in mobile ad hoc networks

Recently, mobile ad hoc networks became a hot research topic among researchers due to their flexibility and independence of network infrastructures, such as base stations. Due to unique characteristics, such as dynamic network topology, limited bandwidth, and limited battery power, routing in a MANET is a particularly challenging task compared to a conventional network. Early work in MANET research has mainly focused on developing an efficient routing mechanism in such a highly dynamic and resource-constrained network. At present, several efficient routing protocols have been proposed for MANET. Most of these protocols assume a trusted and cooperative environment. However, in the presence of malicious nodes, the networks are vulnerable to various kinds of attacks. In MANET, routing attacks are particularly serious. In this article, we investigate the state-of-the-art of security issues in MANET. In particular, we examine routing attacks, such as link spoofing and colluding misrelay attacks, as well as countermeasures against such attacks in existing MANET protocols.     

An EDRI-based approach for detecting and eliminating cooperative black hole nodes in MANET

Mobile Ad hoc Network (MANET) is a self-configurable, self-maintenance network with wireless, mobile nodes. Special features of MANET like dynamic topology, hop-by-hop communications and open network boundary, made security highly challengeable in this network. From security aspect, routing protocols are highly vulnerable against a wide range of attacks like black hole. In black hole attack malicious node injects fault routing information to the network and leads all data packets toward it-self. In this paper, we proposed an approach to detect and eliminate cooperative malicious nodes in MANET with AODV routing protocol. A data control packet is used in order to check the nodes in selected path; also, by using an Extended Data Routing Information table, all malicious nodes in selected path are detected, then, eliminated from network. For evaluation, our approach and a previous work have been implemented using Opnet 14 in different scenarios. Referring to simulation results, the proposed approach decreases packet overhead and delay of security mechanism with no false positive detection. In addition, network throughput is improved by using the proposed approach.     

Performance evaluation of mobile ad hoc networks under flooding‐based attacks

A mobile ad hoc network (MANET) is an open wireless network that comprises a set of mobile, decentralized, and self‐organized nodes. Its properties render its environment susceptible to different types of attacks, which can paralyze the mobile nodes in MANET. A particularly dangerous type of attack is run primarily under flooding bogus packet mechanisms, such as hello floods, routing table overflows, exploitation of node penalizing schemes, and resource consumption attack (RCA). Flooding‐based attacks impose severe effects because they are intended to consume MANET resources, such as bandwidth, node memory, and battery power. Therefore, identifying such effects facilitates the development of countermeasures against the intrusions. In this paper, we introduce a simulation‐based study on the effects of RCA on MANET. Qual Net v5.0.2 is used to examine the severity of the effects on MANET performance metrics in terms of throughput, end‐to‐end delay, energy consumption, and routing overhead. The effects of RCA are also monitored under two combinations of four factors: we first vary the number of attackers and attackers' positions, and then modify the attackers' radio range and flooding rate. We also examine the effect of flooding mechanism on the energy consumed by resource consumption attackers. Copyright © 2013 John Wiley & Sons, Ltd.     

基于FSM检测的移动自组网攻击分类研究

在移动自组网环境下,由于移动节点可能被攻击截获,导致攻击从内部产生,传统的网络安全措施难以应用,只有通过入侵检测才能发现攻击者。通过分析移动自组网的攻击类型,并构造从恶意节点发起的攻击树,采用有限状态机的思想,设计一个基于FSM的入侵检测算法。采用该算法的入侵检测系统可通过邻居节点的监视,实时地检测到节点的各种攻击行为。     

Distributed detection of mobile malicious node attacks in wireless sensor networks

In wireless sensor networks, sensor nodes are usually fixed to their locations after deployment. However, an attacker who compromises a subset of the nodes does not need to abide by the same limitation. If the attacker moves his compromised nodes to multiple locations in the network, such as by employing simple robotic platforms or moving the nodes by hand, he can evade schemes that attempt to use location to find the source of attacks. In performing DDoS and false data injection attacks, he takes advantage of diversifying the attack paths with mobile malicious nodes to prevent network-level defenses. For attacks that disrupt or undermine network protocols like routing and clustering, moving the misbehaving nodes prevents them from being easily identified and blocked. Thus, mobile malicious node attacks are very dangerous and need to be detected as soon as possible to minimize the damage they can cause. In this paper, we are the first to identify the problem of mobile malicious node attacks, and we describe the limitations of various naive measures that might be used to stop them. To overcome these limitations, we propose a scheme for distributed detection of mobile malicious node attacks in static sensor networks. The key idea of this scheme is to apply sequential hypothesis testing to discover nodes that are silent for unusually many time periods—such nodes are likely to be moving—and block them from communicating. By performing all detection and blocking locally, we keep energy consumption overhead to a minimum and keep the cost of false positives low. Through analysis and simulation, we show that our proposed scheme achieves fast, effective, and robust mobile malicious node detection capability with reasonable overhead.     

A novel approach for mitigating route request flooding attack in MANET

Mobile ad-hoc network (MANET) is a temporary network in which the main requirement for establishing the communication path among nodes is that the nodes should be cooperative. However, in the presence of malicious node, the MANET’s routing protocol such as AODV is vulnerable to different types of flooding attacks. The flooding attack can be continuous or selective. In the available literature, although many researchers have analyzed the network under continuous flooding attack but they have not focussed on selective flooding attack in which an attacker can sometimes behave as a normal and sometimes behave as a malicious. Most of the existing schemes use constant threshold value which lead to a false positive problem in the network. In order to address this issue, a new mechanism called as Mitigating Flooding Attack Mechanism is proposed which is based on a dynamic threshold value and consists of three phases. It makes use of several special nodes called as Flooding-Intrusion Detection System (F-IDS) that are deployed in MANETs in order to detect and prevent flooding attack. The F-IDS nodes are set in promiscuous in order to monitor the behaviour of the node. The simulation results show that the proposed mechanism improves network performance metrics in terms of PDR, throughput and reduces the routing overhead as well as normalized routing load.     

Trust Based Detection and Elimination of Packet Drop Attack in the Mobile Ad-Hoc Networks

The mobile ad hoc network (MANET) is communication network of a mobile node without any prior infrastructure of communication. The network does not have any static support; it dynamically creates the network as per requirement by using available mobile nodes. This network has a challenging security problem. The security issue mainly contains a denial of service attacks like packet drop attack, black-hole attack, gray-hole attack, etc. The mobile ad-hoc network is an open environment so the working is based on mutual trust between mobile nodes. The MANETs are vulnerable to packet drop attack in which packets travel through the different node. The network while communicating, the node drops the packet, but it is not attracting the neighboring nodes to drop the packets. This proposed algorithm works with existing routing protocol. The concept of trusted list is used for secure communication path. The trusted list along with trust values show how many times node was participated in the communication. It differentiates between altruism and selfishness in MANET with the help of energy level of mobile components. The trust and energy models are used for security and for the differentiation between altruism and selfishness respectively.     

Fuzzy Logic Based Reliable and Real-Time Routing Protocol for Mobile Ad hoc Networks

Wireless Personal Communications - MANET (mobile ad-hoc network) includes a set of wireless mobile nodes which communicate with one another without any central controls or infrastructures and they...     

Power Management Based Grid Routing Protocol for IEEE 802.11 Based MANET

MANET(Mobile Ad Hoc Network)is a collection of wireless mobile nodes forming a temporary communica-tion network without the aid of any established infrastructure or centralized administration.The lifetime of a MANETdepends on the battery resources of the mobile nodes.So energy consumption may one of important design criterions forMANET.With changing the idle model to sleep model in the grid environment,this paper proposes a new energy-awarerouting protocol.Performance simulation results show that the proposed strategy can dynamic balance the traffic load in-side the whole network,extend the lifetime of a MANET,and without decreasing the throughput ratio.     

Routing security in wireless ad hoc networks

A mobile ad hoc network consists of a collection of wireless mobile nodes that are capable of communicating with each other without the use of a network infrastructure or any centralized administration. MANET is an emerging research area with practical applications. However, wireless MANET is particularly vulnerable due to its fundamental characteristics, such as open medium, dynamic topology, distributed cooperation, and constrained capability. Routing plays an important role in the security of the entire network. In general, routing security in wireless MANETs appears to be a problem that is not trivial to solve. In this article we study the routing security issues of MANETs, and analyze in detail one type of attack-the "black hole" problem-that can easily be employed against the MANETs. We also propose a solution for the black hole problem for ad hoc on-demand distance vector routing protocol.     

Biologically inspired artificial intrusion detection system for detecting wormhole attack in MANET

A mobile ad hoc network (MANET) does not have traffic concentration points such as gateway or access points which perform behaviour monitoring of individual nodes. Therefore, maintaining the network function for the normal nodes when other nodes do not forward and route properly is a big challenge. One of the significant attacks in ad hoc network is wormhole attack. In this wormhole attack, the adversary disrupts ad hoc routing protocols using higher bandwidth and lower-latency links. Wormhole attack is more hidden in character and tougher to detect. So, it is necessary to use mechanisms to avoid attacking nodes which can disclose communication among unauthorized nodes in ad hoc networks. Mechanisms to detect and punish such attacking nodes are the only solution to solve this problem. Those mechanisms are known as intrusion detection systems (IDS). In this paper, the suggested biological based artificial intrusion detection system (BAIDS) include hybrid negative selection algorithm (HNSA) detectors in the local and broad detection subsection to detect anomalies in ad hoc network. In addition to that, response will be issued to take action over the misbehaving nodes. These detectors employed in BAIDS are capable of discriminating well behaving nodes from attacking nodes with a good level of accuracy in a MANET environment. The performance of BAIDS in detecting wormhole attacks in the background of DSR, AODV and DSDV routing protocols is also evaluated using Qualnet v 5.2 network simulator. Detection rate, false alarm rate, packet delivery ratio, routing overhead are used as metrics to compare the performance of HNSA and the BAIDS technique.     

A modified algorithm to improve security and performance of AODV protocol against black hole attack

Ad Hoc network is a temporal network which is managed by autonomous nodes which have the ability to communicate with each other without having fixed network infrastructure or any central base station. Due to some reasons such as dynamic changes of the network topology, trusting the nodes to each other, lack of fixed substructure for the analysis of nodes’ behaviours and loss of specific offensive lines, this type of networks is not supportive against malicious nodes’ attacks. One of these attacks is black hole attack. In this attack, the malicious nodes absorb data packets and destroy them. Thus, it is essential to present an algorithm against the black hole attacks. This article suggests a new algorithm which enhances the security of AODV routing protocol to encounter the black hole attacks. This algorithm tries to identify malicious nodes according to nodes’ behaviours in an Ad Hoc network and delete them from routing. The suggested algorithm is simulated by NS2. The simulation results show some improvements in end-to-end delay and packet delivery rate in the suggested algorithm.     

A Safe Proactive Routing Protocol SDSDV for Ad Hoc Network

In mobile Ad Hoc network, nodes move freely, this can lead to frequent changes of network topology. Routing protocol algorithm is the strategy to establish communication links for network nodes, and its performance influences the availability of Ad Hoc network directly. By using wireless channel to transmit data in Ad Hoc network, the invaded malicious nodes will cause various attacks, aim to steal the transmission data or destroy the network. Based on the traditional proactive routing protocol for Ad Hoc network, an improved safe routing strategy SDSDV is put forward to resist attacks against routing protocols. The safe proactive routing protocol includes route request and route response two stages. When the network initialization is complete, after successful identity authentication by each other, secure communication paths are established between nodes and the encrypted data will be transmission through the path. The protocol integrates distributed authentication, encryption algorithm, hash check, and other security policy together. SDSDV protocol reduces the risk of malicious manipulation of routing information and ensures the safe and reliable routing between the source and destination nodes.     

基于朋友机制的移动ad hoc网络路由入侵检测模型研究

从如何有效检测移动ad hoc网络路由入侵行为、如何准确地响应并将恶意路由节点移除网络,提供可信路由环境的角度进行分析,提出了一种基于朋友机制的轻量级移动ad hoc网络入侵检测模型,并以典型的黑洞攻击为例,通过OPNET网络建模仿真及实验分析,验证了该模型的可行性和有效性。     

Novel approach of distributed & adaptive trust metrics for MANET

It is known to all that mobile ad hoc network (MANET) is more vulnerable to all sorts of malicious attacks which affects the reliability of data transmission because the network has the characteristics of wireless, multi-hop, etc. We put forward novel approach of distributed & adaptive trust metrics for MANET in this paper. Firstly, the method calculates the communication trust by using the number of data packets between nodes, and predicts the trust based on the trend of this value, and calculates the comprehensive trust by considering the history trust with the predict value; then calculates the energy trust based on the residual energy of nodes and the direct trust based on the communication trust and energy trust. Secondly, the method calculates the recommendation trust based on the recommendation reliability and the recommendation familiarity; adopts the adaptive weighting, and calculates the integrate direct trust by considering the direct trust with recommendation trust. Thirdly, according to the integrate direct trust, considering the factor of trust propagation distance, the indirect trust between nodes is calculated. The feature of the proposed method is its ability to discover malicious nodes which can partition the network by falsely reporting other nodes as misbehaving and then proceeds to protect the network. Simulation experiments and tests of the practical applications of MANET show that the proposed approach can effectively avoid the attacks of malicious nodes, besides, the calculated direct trust and indirect trust about normal nodes are more conformable to the actual situation.

     

Secure way routing protocol for mobile ad hoc network

Mobile adhoc network is dynamic in nature and it operates completely in an infrastructure-less environment. It discovers the way routes dynamically to reach the destination. Securing a dynamic way route, which is not known before establishing communication, is always a challenge in the mobile ad hoc network. Most of the existing secure routing protocols target to evade specific type of attacks or malicious behaviour of the nodes or networks. We propose a novel secure way routing protocol for securing the dynamic way routes in MANET. It provides a unique session key for each route to secure the data communication. Moreover, it authenticates the data packets using asymmetric cryptography and secures the routing field message using two-way asymmetric cryptography. The proposal is implemented and tested for assessing the protocol’s performance. We have also compared the protocol with the other secure routing protocols for evaluating its performance.     

Performance comparison of trust-based reactive routing protocols

Ad hoc networks, due to their improvised nature, are frequently established in insecure environments and hence become susceptible to attacks. These attacks are launched by participating malicious nodes against different network services. Routing protocols, which act as the binding force in these networks, are a common target of these nodes. A number of secure routing protocols have recently been proposed, which make use of cryptographic algorithms to secure the routes. However, in doing so, these protocols entail a number of prerequisites during both the network establishment and operation phases. In contrast, trust-based routing protocols locate trusted rather than secure routes in the network by observing the sincerity in participation by other nodes. These protocols thus permit rapid deployment along with a dynamically adaptive operation, which conforms with the current network situation. In this paper, we evaluate the performance of three trust-based reactive routing protocols in a network with varying number of malicious nodes. With the help of exhaustive simulations, we demonstrate that the performance of the three protocols varies significantly even under similar attack, traffic, and mobility conditions. However, each trust-based routing protocol has its own peculiar advantage making it suitable for application in a particular extemporized environment.     

Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks

An ad hoc network is a group of wireless mobile computers (or nodes), in which individual nodes cooperate by forwarding packets for each other to allow nodes to communicate beyond direct wireless transmission range. Prior research in ad hoc networking has generally studied the routing problem in a non-adversarial setting, assuming a trusted environment. In this paper, we present attacks against routing in ad hoc networks, and we present the design and performance evaluation of a new secure on-demand ad hoc network routing protocol, called Ariadne. Ariadne prevents attackers or compromised nodes from tampering with uncompromised routes consisting of uncompromised nodes, and also prevents many types of Denial-of-Service attacks. In addition, Ariadne is efficient, using only highly efficient symmetric cryptographic primitives.     

Mitigation of colluding route falsification attacks by insider nodes in mobile ad hoc networks

Colluding malicious insider nodes with no special hardware capability can use packet encapsulation and tunneling to create bogus shortcuts (in‐band wormholes) in routing paths and influence data traffic to flow through them. This is a particularly hard attack using which even a handful of malicious nodes can conduct data traffic analysis of packets or disrupt connections by dropping packets when needed. Simulation analysis shows that a disproportionately large amount of traffic goes through routes with wormholes even when a secure routing protocol (SRP) such as Ariadne is used. To mitigate such attacks and augment existing on demand SRPs, distributed packet filtering techniques based on statistical profiling of control packet propagation speeds are proposed. These techniques do not require network‐wide synchronized clocks or new packet transmissions and need only simple computations by the sources or the destinations of the connections. The proposed packet filters together with Ariadne are implemented in the Glomosim simulator and their effectiveness is evaluated. The simulation results indicate that the proposed packet filters can reduce the in‐band wormhole creation and their usage by a factor of 2‐‐10. Also, the false alarm rates of the proposed techniques are very low and have little impact on normal network throughput, making them practical for mobile ad hoc networks. Copyright © 2008 John Wiley & Sons, Ltd.     

A routing protocol for mobile ad‐hoc networks using the profit optimization model

Recently, wireless networks have become one of the major development trends in computer network technology. Because there is no more need of the wired transmission medium, applications have thus diversified. One such growing field of wireless networks is the mobile ad‐hoc network (MANET). A MANET consists of mobile hosts (such as portable laptops, vehicles, etc.), and no fixed infrastructure is required. MANETs provide ease of self‐configuration and can extend coverage at a low cost. Numerous applications have therefore been proposed under this network environment for daily life use. Because MANETs nodes are capable of moving, MANET network topology changes frequently. Thus, the traditional routing protocols fail to fit such an environment. In this paper, we propose an efficient routing protocol for MANETs, which integrates the mathematical model of profit optimization (the Kelly formula) from the field of economics to cope with the routing problem caused by node mobility. Some numerical simulations have been conducted to evaluate the performance of the proposed method using the network simulator NS‐2. The results show that our proposed method outperforms conventional routing protocols in packet delivery ratio comparisons; and the average end‐to‐end delays are within a tolerable range. Copyright © 2013 John Wiley & Sons, Ltd.