Friend-assisted intrusion detection and response mechanisms for mobile ad hoc networks

Nowadays, a commonly used wireless network (i.e., Wi-Fi) operates with the aid of a fixed infrastructure (i.e., an access point) to facilitate communication between nodes. The need for such a fixed supporting infrastructure limits the adaptability and usability of the wireless network, especially in situations where the deployment of such an infrastructure is impractical. Recent advancements in computer network introduced a new wireless network, known as a mobile ad hoc network (MANET), to overcome the limitations. Often referred as a peer to peer network, the network does not have any fixed topology, and through its multi hop routing facility, each node can function as a router, thus communication between nodes becomes available without the need of a supporting fixed router or an access point. However, these useful facilities come with big challenges, particularly with respect to providing security. A comprehensive analysis of attacks and existing security measures suggested that MANET are not immune to a colluding blackmail because such a network comprises autonomous and anonymous nodes. This paper addresses MANET security issues by proposing a novel intrusion detection system based upon a friendship concept, which could be used to complement existing prevention mechanisms that have been proposed to secure MANETs. Results obtained from the experiments proved that the proposed concepts are capable of minimising the problem currently faced in MANET intrusion detection system (IDS). Through a friendship mechanism, the problems of false accusations and false alarms caused by blackmail attackers in intrusion detection and response mechanisms can be eliminated.     

Distributed node selection for threshold key management with intrusion detection in mobile ad hoc networks

In mobile ad hoc networks (MANETs), identity (ID)-based cryptography with threshold secret sharing is a popular approach for the security design. Most previous work for key management in this framework concentrates on the protocols and structures. Consequently, how to optimally conduct node selection in ID-based cryptography with threshold secret sharing is largely ignored. In this paper, we propose a distributed scheme to dynamically select nodes with master key shares to do the private key generation service. The proposed scheme can minimize the overall threat posed to the MANET while simultaneously taking into account of the cost (e.g., energy consumption) of using these nodes. Intrusion detection systems are modeled as noisy sensors to derive the system security situations. We use stochastic system to formulate the MANET to obtain the optimal policy. Simulation results are presented to illustrate the effectiveness of the proposed scheme.     

Spanning-tree based autoconfiguration for mobile ad hoc networks

In order to allow truly spontaneous and infrastructureless networking, autoconfiguration algorithm is needed in the practical usage of most mobile ad hoc networks (MANETs). This paper presents spanning-tree based autoconfiguration for mobile ad hoc networks, a novel approach for the efficient distributed address autoconfiguration. With the help of the spanning tree, the proposed scheme attempts to distribute address resources as balanced as possible at the first beginning. Since each node holds a block of free addresses, a newly joining node can obtain a free address almost immediately. Subnet partitioning and merging are well supported. Finally, analysis and simulation demonstrate that our algorithm outperforms the existing approaches in terms of both communication overhead and configuration latency.     

移动分布式无线网络中具有QoS保证的UPMA协议

该文基于有效竞争预约接入、无冲突轮询传输的思想提出了支持节点移动性、多跳网络结构和服务质量(QoS)的依据用户妥善安排的多址接入(UPMA)协议。它大大提高了信道的使用效率,保证了发送节点能快速接入信道,同时,最大程度地保证所有实时业务的时延和带宽要求。最后,我们考察了它对Internet数据业务的支持性能。     

基于朋友机制的移动ad hoc网络路由入侵检测模型研究

从如何有效检测移动ad hoc网络路由入侵行为、如何准确地响应并将恶意路由节点移除网络,提供可信路由环境的角度进行分析,提出了一种基于朋友机制的轻量级移动ad hoc网络入侵检测模型,并以典型的黑洞攻击为例,通过OPNET网络建模仿真及实验分析,验证了该模型的可行性和有效性。     

Integration of mobility and intrusion detection for wireless ad hoc networks

One of the main challenges in building intrusion detection systems (IDSs) for mobile ad hoc networks (MANETs) is to integrate mobility impacts and to adjust the behaviour of IDSs correspondingly. In this paper, we first introduce two different approaches, a Markov chain‐based approach and a Hotelling's T² test based approach, to construct local IDSs for MANETs. We then demonstrate that nodes' moving speed, a commonly used parameter in tuning IDS performances, is not an effective metric to tune IDS performances under different mobility models. To solve this problem, we further propose an adaptive scheme, in which suitable normal profiles and corresponding proper thresholds can be selected adaptively by each local IDS through periodically measuring its local link change rate, a proposed unified performance metric. We study the proposed adaptive mechanism at different mobility levels, using different mobility models such as random waypoint model, random drunken model, and obstacle mobility model. Simulation results show that our proposed adaptive scheme is less dependent on the underlying mobility models and can further reduce false positive ratio. Copyright © 2006 John Wiley & Sons, Ltd.     

A mobility measure for mobile ad hoc networks

A mobility measure for mobile ad hoc networks is proposed that is flexible because one can customize the definition of mobility using a remoteness function. The proposed measure is consistent because it has a linear relationship to the rate at which links are established or broken for a wide range of mobility scenarios, where a scenario consists of the choice of mobility model, the physical dimensions of the network, the number of nodes. This consistency is the strength of the proposed mobility measure because the mobility measure reliably represents the link change rate regardless of network scenarios.     

A novel caching scheme for improving Internet-based mobile ad hoc networks performance

Internet-based mobile ad hoc network (Imanet) is an emerging technique that combines a wired network (e.g. Internet) and a mobile ad hoc network (Manet) for developing a ubiquitous communication infrastructure. To fulfill users’ demand to access various kinds of information, however, an Imanet has several limitations such as limited accessibility to the wired Internet, insufficient wireless bandwidth, and longer message latency. In this paper, we address the issues involved in information search and access in Imanets. An aggregate caching mechanism and a broadcast-based Simple Search (SS) algorithm are proposed for improving the information accessibility and reducing average communication latency in Imanets. As a part of the aggregate cache, a cache admission control policy and a cache replacement policy, called Time and Distance Sensitive (TDS) replacement, are developed to reduce the cache miss ratio and improve the information accessibility. We evaluate the impact of caching, cache management, and the number of access points that are connected to the Internet, through extensive simulation. The simulation results indicate that the proposed aggregate caching mechanism can significantly improve an Imanet performance in terms of throughput and average number of hops to access data items.     

Threshold-based intrusion detection in ad hoc networks and secure AODV

Mobile ad hoc networks (MANETs) play an important role in connecting devices in pervasive environments. MANETs provide inexpensive and versatile communication, yet several challenges remain in addressing their security. So far, numerous schemes have been proposed for secure routing and intrusion detection, with only simulations to validate them; little work exists, in implementing such schemes on small handheld devices. In this paper, we present our approach of securing a MANET using a threshold-based intrusion detection system and a secure routing protocol. We present a proof-of-concept implementation of our IDS deployed on handheld devices and in a MANET testbed connected by a secure version of AODV over IPv6 – SecAODV. While the IDS helps detect attacks on data traffic, SecAODV incorporates security features of non-repudiation and authentication, without relying on the availability of a Certificate Authority (CA) or a Key Distribution Center (KDC). We present the design and implementation details of our system, the practical considerations involved, and how these mechanisms can be used to detect and thwart malicious attacks.     

A location-based routing method for mobile ad hoc networks

Using location information to help routing is often proposed as a means to achieve scalability in large mobile ad hoc networks. However, location-based routing is difficult when there are holes in the network topology and nodes are mobile or frequently disconnected to save battery. Terminode routing, presented here, addresses these issues. It uses a combination of location-based routing (terminode remote routing, TRR), used when the destination is far, and link state-routing (terminode local routing, TLR), used when the destination is close. TRR uses anchored paths, a list of geographic points (not nodes) used as loose source routing information. Anchored paths are discovered and managed by sources, using one of two low overhead protocols: friend assisted path discovery and geographical map-based path discovery. Our simulation results show that terminode routing performs well in networks of various sizes. In smaller networks; the performance is comparable to MANET routing protocols. In larger networks that are not uniformly populated with nodes, terminode routing outperforms, existing location-based or MANET routing protocols.     

Contention-based forwarding for mobile ad hoc networks

Existing position-based unicast routing algorithms which forward packets in the geographic direction of the destination require that the forwarding node knows the positions of all neighbors in its transmission range. This information on direct neighbors is gained by observing beacon messages each node sends out periodically.

Due to mobility, the information that a node receives about its neighbors becomes outdated, leading either to a significant decrease in the packet delivery rate or to a steep increase in load on the wireless channel as node mobility increases. In this paper, we propose a mechanism to perform position-based unicast forwarding without the help of beacons. In our contention-based forwarding scheme (CBF) the next hop is selected through a distributed contention process based on the actual positions of all current neighbors. For the contention process, CBF makes use of biased timers. To avoid packet duplication, the first node that is selected suppresses the selection of further nodes. We propose three suppression strategies which vary with respect to forwarding efficiency and suppression characteristics. We analyze the behavior of CBF with all three suppression strategies and compare it to an existing greedy position-based routing approach by means of simulation with ns-2. Our results show that CBF significantly reduces the load on the wireless channel required to achieve a specific delivery rate compared to the load a beacon-based greedy forwarding strategy generates.     

A secure incentive protocol for mobile ad hoc networks

The proper functioning of mobile ad hoc networks depends on the hypothesis that each individual node is ready to forward packets for others. This common assumption, however, might be undermined by the existence of selfish users who are reluctant to act as packet relays in order to save their own resources. Such non-cooperative behavior would cause the sharp degradation of network throughput. To address this problem, we propose a credit-based Secure Incentive Protocol (SIP) to stimulate cooperation among mobile nodes with individual interests. SIP can be implemented in a fully distributed way and does not require any pre-deployed infrastructure. In addition, SIP is immune to a wide range of attacks and is of low communication overhead by using a Bloom filter. Detailed simulation studies have confirmed the efficacy and efficiency of SIP. This work was supported in part by the U.S. Office of Naval Research under Young Investigator Award N000140210464 and under grant N000140210554. Yanchao Zhang received the B.E. degree in Computer Communications from Nanjing University of Posts and Telecommunications, Nanjing, China, in July 1999, and the M.E. degree in Computer Applications from Beijing University of Posts and Telecommunications, Beijing, China, in April 2002. Since September 2002, he has been working towards the Ph.D. degree in the Department of Electrical and Computer Engineering at the University of Florida, Gainesville, Florida, USA. His research interests are network and distributed system security, wireless networking, and mobile computing, with emphasis on mobile ad hoc networks, wireless sensor networks, wireless mesh networks, and heterogeneous wired/wireless networks. Wenjing Lou is an assistant professor in the Electrical and Computer Engineering department at Worcester Polytechnic Institute. She obtained her Ph.D degree in Electrical and Computer Engineering from University of Florida in 2003. She received the M.A.Sc degree from Nanyang Technological University, Singapore, in 1998, the M.E degree and the B.E degree in Computer Science and Engineering from Xi'an Jiaotong University, China, in 1996 and 1993 respectively. From Dec 1997 to Jul 1999, she worked as a Research Engineer in Network Technology Research Center, Nanyang Technological University. Her current research interests are in the areas of ad hoc and sensor networks, with emphases on network security and routing issues. Wei Liu received his B.E. and M.E. in Electrical and Information Engineering from Huazhong University of Science and Technology, Wuhan, China, in 1998 and 2001. In August 2005, he received his PhD in Electrical and Computer Engineering from University of Florida. Currently, he is a senior technical member with Scalable Network Technologies. His research interest includes cross-layer design, and communication protocols for mobile ad hoc networks, wireless sensor networks and cellular networks. Yuguang Fang received a Ph.D. degree in Systems Engineering from Case Western Reserve University in January 1994 and a Ph.D degree in Electrical Engineering from Boston University in May 1997. He was an assistant professor in the Department of Electrical and Computer Engineering at New Jersey Institute of Technology from July 1998 to May 2000. He then joined the Department of Electrical and Computer Engineering at University of Florida in May 2000 as an assistant professor, got an early promotion to an associate professor with tenure in August 2003 and a professor in August 2005. He has published over 150 papers in refereed professional journals and conferences. He received the National Science Foundation Faculty Early Career Award in 2001 and the Office of Naval Research Young Investigator Award in 2002. He has served on many editorial boards of technical journals including IEEE Transactions on Communications, IEEE Transactions on Wireless Communications, IEEE Transactions on Mobile Computing and ACM Wireless Networks. He is a senior member of the IEEE.     

A distributed cross-layer intrusion detection system forad hoc networks

Most existing intrusion detection systems (Idss) for ad hoc networks are proposed for single layer detection. Although they may apply to other layers of network protocol stack, individual layers of data is still being analyzed separately. In addition, most have not been able to emphasize localization of attack source. In this paper, we propose an anomaly-based ids that utilizes cross-layer features to detect attacks, and localizes attack sources within onehop perimeter. Specifically, we suggest a compact feature set that incorporate intelligence from bothMac layer and network layer to profile normal behaviors of mobile nodes; we adapt a data mining anomaly detection technique from wired networks to ad hoc networks; and we develop a novel collaborative detection scheme that enables theIds to correlate local and global alerts. We validate our work through ns-2 simulation experiments. Experimental results demonstrate the effectiveness of our method.     

SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks

An ad hoc network is a collection of wireless computers (nodes), communicating among themselves over possibly multihop paths, without the help of any infrastructure such as base stations or access points. Although many previous ad hoc network routing protocols have been based in part on distance vector approaches, they have generally assumed a trusted environment. In this paper, we design and evaluate the Secure Efficient Ad hoc Distance vector routing protocol (SEAD), a secure ad hoc network routing protocol based on the design of the Destination-Sequenced Distance-Vector routing protocol. In order to support use with nodes of limited CPU processing capability, and to guard against Denial-of-Service attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time, we use efficient one-way hash functions and do not use asymmetric cryptographic operations in the protocol. SEAD performs well over the range of scenarios we tested, and is robust against multiple uncoordinated attackers creating incorrect routing state in any other node, even in spite of any active attackers or compromised nodes in the network.     

Future trust management framework for mobile ad hoc networks [security in mobile ad hoc]

In mobile ad hoc networks nodes should collaborate with each other to support the functions of the network. The trust management framework, which evaluates the trust of participating nodes, is used to force nodes to cooperate in a normal way. We make an effort to design a robust and attack-resistant trust management framework for the future. In this article we describe the vulnerabilities of and possible attacks on existing frameworks. An objective trust management framework is proposed to overcome these vulnerabilities. We provide a theoretical basis and skeleton for this framework. The performance evaluation and security analysis are provided showing the effectiveness and robustness of the OTMF compared with existing frameworks.     

基于博弈论的移动自组织网络的信任管理方法

采用博弈论的思想为节点间的间接信任信息获取建立了博弈模型,提出了惩罚机制并给出了节点的效用函数。此外,建立了信任演化的复制动态方程来研究在不同参数下节点的演化稳定策略。通过实验验证了方法的正确性及有效性,证明该模型可使节点为了获得最大利益而在间接信任评估过程中趋于选择同邻居节点合作,从而提高信任管理系统的可用性与有效性,同时验证了节点在不同前提条件下的演化稳定策略。     

QoS routing based on multi-class nodes for mobile ad hoc networks

In this paper, we present a new quality of service (QoS) routing protocol for mobile ad hoc networks (MANETs). Most of the existing routing protocols assume homogeneous nodes in MANETs, i.e., all nodes have the same communication capabilities and characteristics. However, in many ad hoc networks, nodes are not the same. Some nodes have longer transmission range, larger transmission bandwidth, and are more reliable and robust than other nodes. We take advantage of the non-homogeneous property to design more efficient QoS routing protocol. And node location information is used to aid routing. We also develop a new algorithm to calculate end-to-end bandwidth for a given path. Our QoS routing protocol contains end-to-end bandwidth calculation and bandwidth reservation. QoS route is discovered and setup only when it is needed. Extensive simulation studies demonstrate the good performance of the QoS routing protocol.     

AOS: an anonymous overlay system for mobile ad hoc networks

Providing anonymous communications in mobile ad hoc networks (MANETs) is an effective countermeasure against malicious traffic analysis. This paper presents AOS, an Anonymous Overlay System for MANETs, which provides provably strong source and destination anonymity under a rather strong adversary model. AOS differs significantly from previous anonymous communication systems for MANETs mainly in three aspects. First, AOS is an overlay system independent of the underlying MANET protocol stack. Second, AOS resolves the conflict between anonymous communications and secure routing in MANETs and enables providing both at the same time. Last but not least, AOS can satisfy diverse anonymity requirements with different communication and computation overhead. AOS is the first system of its kind, and its efficacy and efficiency are confirmed by detailed qualitative and quantitative analysis.     

QoS-aware routing based on bandwidth estimation for mobile ad hoc networks

Routing protocols for mobile ad hoc networks (MANETs) have been explored extensively in recent years. Much of this work is targeted at finding a feasible route from a source to a destination without considering current network traffic or application requirements. Therefore, the network may easily become overloaded with too much traffic and the application has no way to improve its performance under a given network traffic condition. While this may be acceptable for data transfer, many real-time applications require quality-of-service (QoS) support from the network. We believe that such QoS support can be achieved by either finding a route to satisfy the application requirements or offering network feedback to the application when the requirements cannot be met. We propose a QoS-aware routing protocol that incorporates an admission control scheme and a feedback scheme to meet the QoS requirements of real-time applications. The novel part of this QoS-aware routing protocol is the use of the approximate bandwidth estimation to react to network traffic. Our approach implements these schemes by using two bandwidth estimation methods to find the residual bandwidth available at each node to support new streams. We simulate our QoS-aware routing protocol for nodes running the IEEE 802.11 medium access control. Results of our experiments show that the packet delivery ratio increases greatly, and packet delay and energy dissipation decrease significantly, while the overall end-to-end throughput is not impacted, compared with routing protocols that do not provide QoS support.