A Safe Proactive Routing Protocol SDSDV for Ad Hoc Network

In mobile Ad Hoc network, nodes move freely, this can lead to frequent changes of network topology. Routing protocol algorithm is the strategy to establish communication links for network nodes, and its performance influences the availability of Ad Hoc network directly. By using wireless channel to transmit data in Ad Hoc network, the invaded malicious nodes will cause various attacks, aim to steal the transmission data or destroy the network. Based on the traditional proactive routing protocol for Ad Hoc network, an improved safe routing strategy SDSDV is put forward to resist attacks against routing protocols. The safe proactive routing protocol includes route request and route response two stages. When the network initialization is complete, after successful identity authentication by each other, secure communication paths are established between nodes and the encrypted data will be transmission through the path. The protocol integrates distributed authentication, encryption algorithm, hash check, and other security policy together. SDSDV protocol reduces the risk of malicious manipulation of routing information and ensures the safe and reliable routing between the source and destination nodes.     

An EDRI-based approach for detecting and eliminating cooperative black hole nodes in MANET

Mobile Ad hoc Network (MANET) is a self-configurable, self-maintenance network with wireless, mobile nodes. Special features of MANET like dynamic topology, hop-by-hop communications and open network boundary, made security highly challengeable in this network. From security aspect, routing protocols are highly vulnerable against a wide range of attacks like black hole. In black hole attack malicious node injects fault routing information to the network and leads all data packets toward it-self. In this paper, we proposed an approach to detect and eliminate cooperative malicious nodes in MANET with AODV routing protocol. A data control packet is used in order to check the nodes in selected path; also, by using an Extended Data Routing Information table, all malicious nodes in selected path are detected, then, eliminated from network. For evaluation, our approach and a previous work have been implemented using Opnet 14 in different scenarios. Referring to simulation results, the proposed approach decreases packet overhead and delay of security mechanism with no false positive detection. In addition, network throughput is improved by using the proposed approach.     

基于FSM检测的移动自组网攻击分类研究

在移动自组网环境下,由于移动节点可能被攻击截获,导致攻击从内部产生,传统的网络安全措施难以应用,只有通过入侵检测才能发现攻击者。通过分析移动自组网的攻击类型,并构造从恶意节点发起的攻击树,采用有限状态机的思想,设计一个基于FSM的入侵检测算法。采用该算法的入侵检测系统可通过邻居节点的监视,实时地检测到节点的各种攻击行为。     

基于AODV协议的自组网络安全机制的研究

路由协议的安全性是移动自组网络安全中最重要的一环,AODV路由协议因简单和控制开销小而广泛用于自组网络,但其没有任何安全机制保障,为此,本文探讨了AODV路由协议存在的主要安全隐患,对协议进行必要的改进,增加攻击检测功能,并为网络中节点建立信誉机制,二者相互作用共同完成协议安全性保障.利用NS进行仿真,结果表明改进后的算法能够检测到网络中节点的恶意行为并迅速做出反应,实现对网络内部及外部攻击的防范.     

MANET路由与路由安全问题

移动自组网MANET(Mobile Ad Hoc Networks)是一种新型的无线移动网络,由于它具有开放的媒质、动态的拓扑、分布式合作以及网络能力受限等特点,因此特别容易受到攻击。路由安全是MANET安全中的重要一环。介绍了移动自组网的路由协议以及面临的路由安全问题,重点分析了AODV路由协议的寻路过程以及其存在的安全问题之一———黑洞。在分析了一些已有解决方案存在的缺点的基础上,提出了一种新的解决方案,该方案有效地解决了黑洞问题,并消除了已有方案存在的漏洞。     

Performance comparison of trust-based reactive routing protocols

Ad hoc networks, due to their improvised nature, are frequently established in insecure environments and hence become susceptible to attacks. These attacks are launched by participating malicious nodes against different network services. Routing protocols, which act as the binding force in these networks, are a common target of these nodes. A number of secure routing protocols have recently been proposed, which make use of cryptographic algorithms to secure the routes. However, in doing so, these protocols entail a number of prerequisites during both the network establishment and operation phases. In contrast, trust-based routing protocols locate trusted rather than secure routes in the network by observing the sincerity in participation by other nodes. These protocols thus permit rapid deployment along with a dynamically adaptive operation, which conforms with the current network situation. In this paper, we evaluate the performance of three trust-based reactive routing protocols in a network with varying number of malicious nodes. With the help of exhaustive simulations, we demonstrate that the performance of the three protocols varies significantly even under similar attack, traffic, and mobility conditions. However, each trust-based routing protocol has its own peculiar advantage making it suitable for application in a particular extemporized environment.     

A time stamp-based algorithm to improve security and performance of mobile ad hoc network

Mobile ad hoc network is open medium and infrastructure-less network. Mobile ad hoc network is susceptible to various security attacks such as, black hole attack, gray hole attack, bad mouthing attack, sybil attack and worm hole attack due to open medium, infrastructure-less features and lack of in-built security. In black hole attack and gray hole attack, attacker falsely sends route reply and dropped data packets received from source node. Due to these attacks, performance of mobile ad hoc network decreases. This paper proposes a time stamp-based algorithm which is an enhanced version of existing IDSNAODV algorithm. Proposed algorithm modifies existing palling process to validate identity of observer nodes using a time stamp-based approach. Based on defined set of rules and recorded activities report, source node decides the nature of target node. The performance of proposed algorithm is evaluated using the network simulator. The proposed algorithm shows improved performance for packet delivery ratio, throughput and routing overhead as compared to existing algorithm.

     

基于朋友机制的移动ad hoc网络路由入侵检测模型研究

从如何有效检测移动ad hoc网络路由入侵行为、如何准确地响应并将恶意路由节点移除网络,提供可信路由环境的角度进行分析,提出了一种基于朋友机制的轻量级移动ad hoc网络入侵检测模型,并以典型的黑洞攻击为例,通过OPNET网络建模仿真及实验分析,验证了该模型的可行性和有效性。     

E2EACK: an end-to-end acknowledgment-based scheme against collusion black hole and slander attacks in MANETs

Mobile ad hoc networks (MANETs) rely on the benevolence of nodes within the network to forward packets from a source node to a destination node. This network construction allows for the forwarding nodes, whether they are selfish or malicious, to drop packets hindering end-to-end communication. In this paper, a new scheme is proposed against collusion black hole and slander attacks in MANETs, named E2EACK. A novel method is used to detect collusion attacks due to collusive malicious nodes which cooperate in the route discovery, but refuse to forward data packets and do not disclose the misbehavior of each other. Contrary to existing methods that detect only collusion black hole attacks, the E2EACK also detects slander attacks and framing attacks. Moreover, the E2EACK uses ACKnowledgment packet to detect malicious nodes on the path and Message Authentication Code (MAC) to authenticate the sender of each data packet. Analytical and simulation results show that the proposed scheme considerably decreases the routing overhead and increases the packet delivery ratio compared to the existing methods.     

Invincible AODV to detect black hole and gray hole attacks in mobile ad hoc networks

Today's communication world is majorly driven by mobile nodes that demand wireless systems for their data relay. One such network is mobile ad hoc network, which is a purely wireless network with which communication is feasible instantly without any aid of preexisting infrastructure; due to this magnificent feature, it has a wide variety of applications. Mobile ad hoc network hinges on cooperative nature of the mobile nodes for relaying data. But at the same time, nodes relaying data for others may compromise, leading to various security attacks. Two main security attacks that drastically bring down the performance of mobile ad hoc network are black hole and gray hole attacks. In this paper, we propose 2 versions of invincible Ad hoc On‐Demand Distance Vector protocol to detect black hole and gray hole nodes that have bypassed preventive mechanism during route discovery process. First is the basic version, which is based on node‐to‐node frame check sequence tracking mechanism, and second is the enhanced version, which is based on signed frame check sequence tracking mechanism. They create a deterrent environment addressing all kinds of black and gray hole attacks. They also provide reliable data transmission to all the nonmalicious nodes in the network by using end‐to‐end authentication mechanism. Simulation results show better performance in packet delivery ratio when compared with other contemporary solutions while addressing all kinds of black and gray hole attacks. It shows significant improvement in end‐to‐end delay and normalized routing load over Ad hoc On‐Demand Distance Vector under black hole or gray hole attacks and also shows better throughput and packet delivery ratio than the existing solution.     

Efficient traffic control and lifetime maximization in mobile ad hoc network by using PSO–BAT optimization

Recent developments in dynamic mobile ad-hoc network enhance the network speed and reliability. The nodes in the dynamic ad-hoc network are moving in nature. Due to the increased subscribers in this network, the network traffic has increased to manifold which in turn creating the challenge of maintaining the energy level. In path optimization process in mobile ad-hoc network consumes more energy and the draining of the energy is dependent on network reliability and connectivity. Further, the network also suffers by harmful attacks such as denial of service attack, black hole attack and warm hole attack. The primary focus of this paper is to prevent these attacks with the help of dynamic mobile ad-hoc network on demand protocol and hybrid meta-heuristics methodologies, and also to reduce the energy drain rate. This is achieved by estimating the velocity and fitness value of the nodes. Finally, the empirical simulation results of hybrid particle swarm optimization with bat algorithm (PSO–BAT) shows that the energy drain rate level is reduced 90% as 1 mJ/s than ad-hoc on demand vector. The end-to-end delay minimized to 50% than existing Ad hoc on-demand distance vector routing. The performance metrics routing overhead and execution time has been reduced and throughput is gradually increased in PSO–BAT optimization in dynamic mobile ad hoc network scenario.

     

无线Ad Hoc环境下EIGRP的安全加固

文章指出了Ad Hoc网络存在的安全隐患和安全路由协议的设计需求,提出了一种基于EIGRP的具有认证和加密功能的安全路由加固方案。协议采用公钥密码体制,利用节点对路由信息的签名,能有效地抵制各种恶意攻击。     

一种基于节点位置的Ad Hoc和蜂窝混合网络路由算法

介绍了Ad Hoc网络的基本概念及其特点,分析了一种现有的基于AODV的混合网络路由算法,并在这种算法的基础上,提出了一种改进此算法的方案,使之减少网络中占用带宽的控制包数量,节约了有限的带宽资源.最后,用NS网络仿真工具对其进行了仿真分析,结果表明改进后的路由协议在减少控制包的数量和时延方面均有较好的表现.     

FJADA: Friendship Based JellyFish Attack Detection Algorithm for Mobile Ad Hoc Networks

TCP and UDP are considered the most popular and well known transport layer protocols to facilitate the end to end communication between two nodes in the network. TCP is used as the transport layer protocol in packet delivery and error sensitive applications, where packet loss cannot be compromised. However, low-rate TCP targeted Denial of Service (DoS) attacks exploit the retransmission timeout and congestion control features of TCP protocol. These low-rate TCP targeted Denial of Service (DoS) attacks are also called JellyFish (JF) attacks. These attacks perform the malicious activities either by delaying, or periodically dropping or mis-ordering the data packets on the route from source to destination node in the network, and cause severe degradation in end-to-end throughput in the network. JellyFish attack is further classified as JF-Delay Variance Attack, JF-Periodic Drop Attack and JF-Reorder Attack based on the type of the malicious activities being performed. JellyFish attack conforms to all existing routing and packet forwarding protocol specifications, and therefore it becomes very difficult to detect its presence in the network. In this paper, a Friendship Based JellyFish Attack Detection Algorithm (FJADA) is presented for Mobile Ad Hoc Networks, where the basic concept of friendship mechanism is added to the existing Direct Trust-based Detection (DTD) algorithm to save the valuable resources of a node in monitoring the activities of its one hop neighbours, through promiscuous mode. FJADA also minimizes the possibility of overestimating the malicious behaviour of innocent nodes due to radio transmission errors, network congestion or packet collisions. The results obtained throughout the simulation experiments clearly show the feasibility and effectiveness of the proposed detection algorithm.     

Security upgrade against RREQ flooding attack by using balance index on vehicular ad hoc network

VANET is an ad hoc network that formed between vehicles. Security in VANET plays vital role. AODV routing protocol is a reactive or on-demand routing protocol which means if there is data to be send then the path will create. AODV is the most commonly used topology based routing protocol for VANET. Using of broadcast packets in the AODV route discovery phase caused it is extremely vulnerable against DOS and DDOS flooding attacks. Flooding attack is type of a denial of service attack that causes loss of network bandwidth and imposes high overhead to the network. The method proposed in this paper called Balanced AODV (B-AODV) because it expects all network node behave normally. If network nodes are out of the normal behavior (too much route request) then they identified as malicious node. B-AODV is designed with following feature: (1) The use of adaptive threshold according to network conditions and nodes behavior (balance index) (2) Not using additional routing packets to detect malicious nodes (3) Perform detection and prevention operations independently on each node (4) Perform detection and prevention operations in real time (5) No need for promiscuous mode. This method for detection and prevention flooding attack uses average and standard deviation. In this method each node is employing balance index for acceptation or rejection RREQ packets. The results of the simulation in NS2 indicates B-AODV is resilience against flooding attack and prevent loss of network bandwidth. Comparing between AODV with B-AODV in normal state (non-attacker) shows B-AODV is exactly match with AODV in network performance, this means that the B-AODV algorithm does not impose any overhead and false positive to AODV.     

DEBH: detecting and eliminating black holes in mobile ad hoc network

Security in mobile ad hoc network (MANET) is one of the key challenges due to its special features e.g. hop-by-hop communications, dynamic topology, and open network boundary that received tremendous attention by scholars. Traditional security methods are not applicable in MANET due to its special properties. In this paper, a novel approach called detecting and eliminating black holes (DEBH) is proposed that uses a data control packet and an additional black hole check table for detecting and eliminating malicious nodes. Benefiting from trustable nodes, the processing overhead of the security method decreases by passing time. Ad hoc on-demand distance vector (AODV) routing protocol is used as the routing protocol in our design. After finding the freshest path using AODV, our design checks the safety of selected path. In case of detecting any malicious node, it is isolated from the entire network by broadcasting a packet that contains the ID of malicious nodes. Simulation results show that DEBH increases network throughput and decreases packet overhead and delay in comparison with other studied approaches. Moreover, DEBH is able to detect all active malicious nodes which generates fault routing information.     

自组织Ad Hoc网络的信任路径研究

信任机制是Ad Hoc网络安全通信的前提。针对AdHoc网络自组织信任模型,给出信任和推荐信任的定义,设计由最大入度算法和基于证据理论度量信任的评估算法共同构成的一种最优信任路径选择算法．模拟结果和性能分析表明在小规模的Ad Hoc网络中,该算法具有良好的复杂度O（n）,信任路径经过恶意节点的比率下降3％．5％,丢包率也降低4％～10％。事实证明该算法在小规模Ad Hoc网络中具有良好性能。     

A dynamic threshold based approach for mitigating black-hole attack in MANET

Mobile ad-hoc network is an infrastructure less type of network which does not require any kind of fixed infrastructure. It provides multi-hop communication between the source and destination nodes which are not within the direct range of each other through the intermediate nodes. These intermediate nodes cooperate with other nodes in finding an optimum and shortest route toward the destination. However, in holistic environments, some nodes do not cooperate with other nodes in finding the optimal route towards the destination and intentionally give the false route information of having the shortest path toward the destination with a high destination sequence number in order to attract the traffic toward itself and start dropping of the data packets instead of forwarding it. This type of routing misbehaviour is generally called as black hole attack or full packet dropping attack which is one of the most severe destructive attacks that lead to the network degradation. In this paper, we have proposed a protocol called as Mitigating Black Hole effects through Detection and Prevention (MBDP-AODV) based on a dynamic threshold value of the destination sequence number. In order to validate the efficiency of proposed protocol, the NS-2.35 simulator is used. The simulation results show that proposed protocol performs better as compared with existing one under black hole attack.     

基于OPNET的MAODV仿真技术分析

移动Ad Hoc网络是指由一组带有无线收发装置的移动节点组成的一个多跳的、不需要固定中心接入点或者基站支持的自治系统。对移动Ad Hoc网络多播路由中的MAODV协议进行理论分析,采用OPNET软件对该协议在AdHoc网络中的分组投递速率和延迟等关键参数进行仿真统计,并分析了节点移动速率对路由协议性能的影响。     

多跳蜂窝网互连性研究

将Ad Hoc网络与蜂窝网融合首要解决的问题是Ad Hoc如何接入蜂窝网,多数方案使用的是移动IP。提出了一种基于扩展Ad Hoc路由协议的多跳转发网络方案。Ad Hoc多种路由协议中可以实现Ad Hoc网络与蜂窝网互连的只有DSDV,但在移动场景中的低性能限制了它的发展。AODV是Ad Hoc路由协议中最有前途的协议,但它并不支持Ad Hoc节点接入基站的路由搜索。研究对AODV协议进行改进,以使它能支持移动节点到固定基站以及有线网络的寻路。