Ad Hoc Networks : Technologies and Protocols - University of ...

More documents

Recommendations

Info

Intrusion Detection Techniques 259 Cooperative detection can result in lower false alarm rate because local intrusion report can be confirmed by others. It can also helps the investigation and identification the compromised node(s) behind the intrusion. For example, routing “blackhole” and network “partitioning” attacks usually result in anomalies observable by multiple IDS agents, which can then share the information to pinpoint the likely compromised node(s). Local and Global Response. Intrusion response in MANET depends on the type of intrusion, the help (if any) from other security mechanisms, and the application-specific policy. An example response is to re-authenticate the nodes and re-organize the network, e.g., by re-initializing communication channels between the re-authenticated legitimate nodes, to exclude the compromised node(s). 9.4.2 A Learning-Based Approach Intrusion detection in MANET is a very challenging task because there are many potential (and new) attacks, and because the distinction between intrusions and legitimate conditions is not always obvious due to the dynamically changing topology and volatile physical environment. In order to be effective (i.e., highly accurate), an ID model must perform comprehensive analysis on an extensive set of features. One way to build such ID models is to use a learning-based approach for automatically selecting and constructing appropriate features from audit data and computing ID models. The main idea is to first start with a (broad) set of features, perhaps enumerated using domain knowledge, then apply data mining algorithms (e.g., [1] [27]) to compute temporal and statistical patterns describing the correlations among the features and the co-occurring events. The consistent patterns of normal activities and the unique patterns associated with intrusions are then identified and analyzed to select the appropriate features or construct additional features. Machine learning algorithms [29] (e.g., the RIPPER [11] classification rule learner) are then used to compute the detection models. In this approach, the selected and constructed features are seeded from domain knowledge but are more empirical and objective because they are based on patterns computed from audit data. The inductively learned ID rules are usually more generalizable than hand-coded rules. That is, they tend to have better performance against new variants of known normal behavior or intrusions. This is because when there is more than one candidate model, classification algorithms always produce the model with better performance on a hold-out dataset, which is not used to produce the models and is intended to simulate the situation of encountering unseen or future cases. The learning-based approach toward ID models has been proved successful in wired network environment [26]. It is therefore rational to believe that
260 Security in Mobile Ad-Hoc Networks this approach, complemented with the use of expert knowledge, can achieve the objective of providing systematic tools for IDS developers to construct ID models quickly and easily for MANET. However, it is also conceivable to expect that this approach will face the following new challenges as MANET has introduced new constraints and new requirements to ID models. Multitude of ID models. It is impractical to compute (or train) ID models on-line with MANET nodes because of the resource constraints. Instead, the models need to be computed off-line using simulation or historical data. Therefore, we may have to train a wide range of ID models each suitable for a class of similar application scenarios. At run-time, we will attempt to identify the run-time scenario and activate the appropriate model (if one is indeed available). Focus on anomaly detection. Unlike the case of misuse detection, where a machine learning algorithm is given a set of data labeled with normal or intrusions to compute a classifier as an ID model, often there is only normal data available for training an anomaly detection model. Anomaly detection assumes that strong feature correlation exists in normal behavior, and such correlation can be used to detect deviations caused by abnormal (or intrusive) activities. Therefore, we should use a cross-feature analysis approach that explores correlations between each feature and all other features. This approach computes a classifier for each using where is the feature set. The original anomaly detection problem, i.e., whether a record described by the feature set is normal or not, is then transformed into a set of sub-problems each examining whether the actual value of the feature matches with what the corresponding classifier has predicted. A mismatch is assigned a score according to the confidence (i.e., its accuracy in training) of the classifier. The scores are then combined to generate a final anomaly score. If it is above a threshold, then the original record is deemed anomalous. Learning-based approach for cooperative detection. The learning-based approach needs to be applied to build a cooperative detection model. Our idea is to compute a classifier for using as features, where is the alert from node The computed detection model is to be used on node 0. That is, the classifier models the correlation between the alert by the local ID agent and alerts from neighboring ID agents. the number of ID agents that participate in cooperative detection, is obviously not fixed in run-time. Our approach is to (in the training phase) determine the minimum required to produce a sufficiently accurate model. In run-time, if there are more than agents participating, alerts from the top agents (e.g., that are the closest in
Page 2 and 3:
AD HOC NETWORKS Technologies and Pr
Page 4 and 5:
AD HOC NETWORKS Technologies and Pr
Page 6 and 7:
Contents List of Figures List of Ta
Page 8 and 9:
Contents vii 4.7. Conclusions and F
Page 10 and 11:
Contents ix 9.2. Potential Attacks
Page 12 and 13:
List of Figures 1.1 Internet in the
Page 14 and 15:
List of Figures xiii 6.3 COMPOW com
Page 16 and 17:
List of Figures xv 9.1 9.2 An IDS a
Page 18 and 19:
List of Tables 2.1 2.2 2.3 2.4 2.5
Page 20 and 21:
Contributing Authors Samir R. Das i
Page 22 and 23:
Preface Wireless mobile networks an
Page 24 and 25:
Acknowledgments xxiii We wish to ex
Page 26 and 27:
Chapter 1 AD HOC NETWORKS Emerging
Page 28 and 29:
Introduction and Definitions 3 coul
Page 30 and 31:
Introduction and Definitions 5 Secu
Page 32 and 33:
Ad Hoc Network Applications 7 tunis
Page 34 and 35:
Ad Hoc Network Applications 9 The d
Page 36 and 37:
Ad Hoc Network Applications 11 Figu
Page 38 and 39:
Design Challenges 13 example of cro
Page 40 and 41:
Evaluating Ad Hoc Network Protocols
Page 42 and 43:
Overview of the Chapters in this Bo
Page 44 and 45:
Overview of the Chapters in this Bo
Page 46 and 47:
Conclusions 21 1.6 Conclusions This
Page 48 and 49:
Chapter 2 COLLISION AVOIDANCE PROTO
Page 50 and 51:
Performance of collision avoidance
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Framework and Mechanisms for Fair A
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Conclusion 59 In the first part of
Page 86 and 87:
Conclusion 61 [13] [14] [15] [16] [
Page 88 and 89:
Chapter 3 ROUTING IN MOBILE AD HOC
Page 90 and 91:
Flooding 65 vector and link state p
Page 92 and 93:
Flooding 67 centralized approximati
Page 94 and 95:
Proactive Routing 69 status of each
Page 96 and 97:
Proactive Routing 71 Topology Broad
Page 98 and 99:
On-demand Routing 73 reply packets
Page 100 and 101:
On-demand Routing 75 during the lin
Page 102 and 103:
Proactive Versus On-demand Debate 7
Page 104 and 105:
Proactive Versus On-demand Debate 7
Page 106 and 107:
Location-based Routing 81 to find a
Page 108 and 109:
Location-based Routing 83 Figure 3.
Page 110 and 111:
Concluding Remarks 85 relative meri
Page 112 and 113:
Concluding Remarks 87 [14] [15] [16
Page 114 and 115:
Concluding Remarks 89 [42] [43] [44
Page 116 and 117:
Chapter 4 MULTICASTING IN AD HOC NE
Page 118 and 119:
Introduction 93 The mobility of the
Page 120 and 121:
Classifications of Protocols 95 red
Page 122 and 123:
Multicasting Protocols 97 this sect
Page 124 and 125:
Multicasting Protocols 99 as close
Page 126 and 127:
Multicasting Protocols 101 In ODMRP
Page 128 and 129:
Multicasting Protocols 103 hoc netw
Page 130 and 131:
Multicasting Protocols 105 A member
Page 132 and 133:
Multicasting Protocols 107 Figure 4
Page 134 and 135:
Broadcasting 109 “talk” to a ra
Page 136 and 137:
Broadcasting 111 broadcasted packet
Page 138 and 139:
Protocol Comparisons 113 are cluste
Page 140 and 141:
Overarching Issues 115 is user data
Page 142 and 143:
Overarching Issues 117 and RTS/CTS
Page 144 and 145:
Conclusions and Future Directions 1
Page 146 and 147:
Conclusions and Future Directions 1
Page 148 and 149:
Chapter 5 TRANSPORT LAYER PROTOCOLS
Page 150 and 151:
TCP and Ad-hoc Networks 125 Modifie
Page 152 and 153:
TCP and Ad-hoc Networks 127 mechani
Page 154 and 155:
TCP and Ad-hoc Networks 129 timeout
Page 156 and 157:
TCP and Ad-hoc Networks 131 to freq
Page 158 and 159:
TCP and Ad-hoc Networks 133 Figure
Page 160 and 161:
Transport Layer for Ad-hoc Networks
Page 162 and 163:
Modified TCP 137 MAC layers without
Page 164 and 165:
Modified TCP 139 Figure 5.6. TCP-EL
Page 166 and 167:
TCP-aware Cross-layered Solutions 1
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Ad-hoc Transport Protocol 147 in it
Page 174 and 175:
Ad-hoc Transport Protocol Figure 5.
Page 176 and 177:
Summary 151 References [1] [2] [3]
Page 178 and 179:
Chapter 6 ENERGY CONSERVATION Robin
Page 180 and 181:
Energy Consumption in Ad Hoc Networ
Page 182 and 183:
Energy Consumption in Ad Hoc Networ
Page 184 and 185:
Communication-Time Energy Conservat
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Idle-time Energy Conservation 175 a
Page 202 and 203:
Idle-time Energy Conservation 177 T
Page 204 and 205:
Idle-time Energy Conservation 179 k
Page 206 and 207:
Idle-time Energy Conservation 181 F
Page 208 and 209:
Page 210 and 211:
Idle-time Energy Conservation 185 t
Page 212 and 213:
Idle-time Energy Conservation 187 c
Page 214 and 215:
Page 216 and 217:
Conclusion 191 [6] [7] [8] [9] [10]
Page 218 and 219:
Conclusion 193 [33] [34] [35] [36]
Page 220 and 221:
Conclusion 195 [59] [60] [61] [62]
Page 222 and 223:
Chapter 7 USE OF SMART ANTENNAS IN
Page 224 and 225:
Smart Antenna Basics and Models 199
Page 226 and 227:
Medium Access Control with Directio
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235: Medium Access Control with Directio
Page 242 and 243: Routing with Directional Antennas 2
Page 248 and 249: Broadcast with Directional Antennas
Page 250 and 251: Broadcast with Directional Antennas
Page 252 and 253: Summary 227 [4] [5] [6] [7] [8] [9]
Page 254 and 255: Chapter 8 QOS ISSUES IN AD-HOC NETW
Page 256 and 257: Introduction 231 The concept of ad-
Page 258 and 259: Physical Layer 233 The 802.11a stan
Page 260 and 261: Medium Access Layer 235 neighbors,
Page 262 and 263: Medium Access Layer 237 Figure 8.5.
Page 264 and 265: QoS Routing 239 where is the number
Page 266 and 267: QoS at other Networking Layers 241
Page 268 and 269: Inter-Layer Design Approaches 243 8
Page 270 and 271: Conclusion 245 are specifically des
Page 272 and 273: Conclusion 247 [13] S. Mangold, S.
Page 274 and 275: Chapter 9 SECURITY IN MOBILE AD-HOC
Page 276 and 277: Potential Attacks 251 attacks, such
Page 278 and 279: Attack Prevention Techniques 253 9.
Page 280 and 281: Intrusion Detection Techniques 255
Page 290 and 291: Conclusion 265 an important and sti
Page 292 and 293: Conclusion 267 [24] [25] [26] [27]
Page 294 and 295: Index Ad hoc network multicast rout
show all

Ad Hoc Networks : Technologies and Protocols - University of ...

Create successful ePaper yourself

Delete template?

Save as template?