Ad Hoc Networks : Technologies and Protocols - University of ...

More documents

Recommendations

Info

Intrusion Detection Techniques 261 distance) are used. Otherwise, the model cannot be used, and no cooperative detection and response will take place (at this node). 9.4.3 Case Study: Anomaly Detection for Ad-Hoc Routing Protocols In this section, we present a preliminary study to illustrate the research issues and our proposed approaches outlined earlier. Although we currently focus on the ad-hoc routing protocols, and intrusion detection at different network layers may use different audit data and have different performance and efficiency requirements, we believe that the same principles apply to the problems of building ID models for other layers. Our objective in this study is to lead to a better understanding of the important and challenging issues in intrusion detection for ad-hoc routing protocols. First, we want to identify which routing protocol, with potentially all its routing table information used, can result in better performing detection models. This will help answer the question “what information should be included in the routing table to make intrusion detection effective.” This finding can be used to design more robust routing protocols. Next, using a given routing protocol, we can explore the feature space and algorithm space to find the best performing model. This will give insight to the general practices of building intrusion detection for mobile networks. MANET Environments. We choose two specific wireless ad-hoc protocols as the subject of our study. They are Dynamic Source Routing (DSR) Protocol [24] and Ad-hoc On-demand Distance Vector (AODV) Protocol [33]. There are other MANET routing protocols such as ZRP [15], OLSR [10], etc. We consider the above two protocols because they have been intensively studied in recent research. They have competitive performance under high load and mobility. We used the wireless network simulation software from network simulator ns2 [6] (release 2. 1b9a, July 2002) in our study. It includes simulation for wireless ad-hoc network infrastructure, popular wireless ad-hoc routing protocols (e.g., DSR, AODV, and others), and mobility scenario and traffic pattern generation. Attack Models. In our study, we implemented the following attacks in simulation: (1) blackhole attack where a malicious node advertise itself as having the shortest path to all nodes in the environment; and (2) selective packet dropping where a malicious node drops packets based on packet destinations or some other characteristics. The first is representative routing attack and the second is an attack on packet forwarding.
262 Security in Mobile Ad-Hoc Networks Audit Data. We suggest these three local data sources be used for anomaly detection: (1) topology information, such as node moving speed, (2) local routing information, such as route cache entries and route updates; and (3) traffic information, all incoming and outgoing traffic statistics, including interarrival periods and frequencies. We use only local information because remote nodes can be compromised and their data cannot be trusted. The intuition here is that there should be correlation between node movements and routing table changes, and between routing changes and traffic changes under normal conditions, and that such information can be used to detect anomalies caused by attacks. Features. In our study, we define a total of 141 features according to domain knowledge and intuition. These features belong to two categories, non-traffic related and traffic related. The non-traffic related features are listed in Table 9.1. They capture the basic view of network topology and routing operations. In addition, “absolute velocity” characterizes the physical movement of a node. The traffic related features are collected based on the following considerations. Packets come from different layers and different sources. For example, it can be a TCP data packet or a route control message packet (for instance, a ROUTE REQUEST message used in AODV and DSR) that is being forwarded at the observed node. We can define the first two aspects or dimensions of a traffic feature as, packet type, which can be data specific and route specific (including different route messages used in AODV and DSR), and flow direction, which can take one of the following values, received (observed at destinations), sent (observed at sources), forwarded (observed at intermediate routers) or dropped (observed at routers where no route is available for the packet). We need to evaluate both short-term and long-term traffic patterns. In our experiments, we sample data in three predetermined sampling periods, 5 seconds, 1 minute and 15 minutes. Finally, for each traffic pattern, we choose two typical statistics measures widely used in literature, namely, the packet count and the standard deviation of inter-packet intervals. Overall, a traffic feature has the following dimensions: packet type, flow direction, sampling periods, and statistics measures. An example is the feature that computes the standard deviation of inter-packet intervals of received ROUTE REQUEST packets every 5 seconds. All dimensions and allowed values for each dimension are defined in Table 9.2. Classifiers. We use the cross-feature analysis approach discussed in Section 9.4.2 for anomaly detection, where a classifier is built for each feature using the rest of the features. We use several classification algorithms for evaluation purposes. These classifiers are C4.5 [36], a decision tree classifier, RIPPER [11], a rule based classifier, SVM Light [23], a support vector machine
Page 2 and 3:
AD HOC NETWORKS Technologies and Pr
Page 4 and 5:
AD HOC NETWORKS Technologies and Pr
Page 6 and 7:
Contents List of Figures List of Ta
Page 8 and 9:
Contents vii 4.7. Conclusions and F
Page 10 and 11:
Contents ix 9.2. Potential Attacks
Page 12 and 13:
List of Figures 1.1 Internet in the
Page 14 and 15:
List of Figures xiii 6.3 COMPOW com
Page 16 and 17:
List of Figures xv 9.1 9.2 An IDS a
Page 18 and 19:
List of Tables 2.1 2.2 2.3 2.4 2.5
Page 20 and 21:
Contributing Authors Samir R. Das i
Page 22 and 23:
Preface Wireless mobile networks an
Page 24 and 25:
Acknowledgments xxiii We wish to ex
Page 26 and 27:
Chapter 1 AD HOC NETWORKS Emerging
Page 28 and 29:
Introduction and Definitions 3 coul
Page 30 and 31:
Introduction and Definitions 5 Secu
Page 32 and 33:
Ad Hoc Network Applications 7 tunis
Page 34 and 35:
Ad Hoc Network Applications 9 The d
Page 36 and 37:
Ad Hoc Network Applications 11 Figu
Page 38 and 39:
Design Challenges 13 example of cro
Page 40 and 41:
Evaluating Ad Hoc Network Protocols
Page 42 and 43:
Overview of the Chapters in this Bo
Page 44 and 45:
Overview of the Chapters in this Bo
Page 46 and 47:
Conclusions 21 1.6 Conclusions This
Page 48 and 49:
Chapter 2 COLLISION AVOIDANCE PROTO
Page 50 and 51:
Performance of collision avoidance
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Framework and Mechanisms for Fair A
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Conclusion 59 In the first part of
Page 86 and 87:
Conclusion 61 [13] [14] [15] [16] [
Page 88 and 89:
Chapter 3 ROUTING IN MOBILE AD HOC
Page 90 and 91:
Flooding 65 vector and link state p
Page 92 and 93:
Flooding 67 centralized approximati
Page 94 and 95:
Proactive Routing 69 status of each
Page 96 and 97:
Proactive Routing 71 Topology Broad
Page 98 and 99:
On-demand Routing 73 reply packets
Page 100 and 101:
On-demand Routing 75 during the lin
Page 102 and 103:
Proactive Versus On-demand Debate 7
Page 104 and 105:
Proactive Versus On-demand Debate 7
Page 106 and 107:
Location-based Routing 81 to find a
Page 108 and 109:
Location-based Routing 83 Figure 3.
Page 110 and 111:
Concluding Remarks 85 relative meri
Page 112 and 113:
Concluding Remarks 87 [14] [15] [16
Page 114 and 115:
Concluding Remarks 89 [42] [43] [44
Page 116 and 117:
Chapter 4 MULTICASTING IN AD HOC NE
Page 118 and 119:
Introduction 93 The mobility of the
Page 120 and 121:
Classifications of Protocols 95 red
Page 122 and 123:
Multicasting Protocols 97 this sect
Page 124 and 125:
Multicasting Protocols 99 as close
Page 126 and 127:
Multicasting Protocols 101 In ODMRP
Page 128 and 129:
Multicasting Protocols 103 hoc netw
Page 130 and 131:
Multicasting Protocols 105 A member
Page 132 and 133:
Multicasting Protocols 107 Figure 4
Page 134 and 135:
Broadcasting 109 “talk” to a ra
Page 136 and 137:
Broadcasting 111 broadcasted packet
Page 138 and 139:
Protocol Comparisons 113 are cluste
Page 140 and 141:
Overarching Issues 115 is user data
Page 142 and 143:
Overarching Issues 117 and RTS/CTS
Page 144 and 145:
Conclusions and Future Directions 1
Page 146 and 147:
Conclusions and Future Directions 1
Page 148 and 149:
Chapter 5 TRANSPORT LAYER PROTOCOLS
Page 150 and 151:
TCP and Ad-hoc Networks 125 Modifie
Page 152 and 153:
TCP and Ad-hoc Networks 127 mechani
Page 154 and 155:
TCP and Ad-hoc Networks 129 timeout
Page 156 and 157:
TCP and Ad-hoc Networks 131 to freq
Page 158 and 159:
TCP and Ad-hoc Networks 133 Figure
Page 160 and 161:
Transport Layer for Ad-hoc Networks
Page 162 and 163:
Modified TCP 137 MAC layers without
Page 164 and 165:
Modified TCP 139 Figure 5.6. TCP-EL
Page 166 and 167:
TCP-aware Cross-layered Solutions 1
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Ad-hoc Transport Protocol 147 in it
Page 174 and 175:
Ad-hoc Transport Protocol Figure 5.
Page 176 and 177:
Summary 151 References [1] [2] [3]
Page 178 and 179:
Chapter 6 ENERGY CONSERVATION Robin
Page 180 and 181:
Energy Consumption in Ad Hoc Networ
Page 182 and 183:
Energy Consumption in Ad Hoc Networ
Page 184 and 185:
Communication-Time Energy Conservat
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Idle-time Energy Conservation 175 a
Page 202 and 203:
Idle-time Energy Conservation 177 T
Page 204 and 205:
Idle-time Energy Conservation 179 k
Page 206 and 207:
Idle-time Energy Conservation 181 F
Page 208 and 209:
Page 210 and 211:
Idle-time Energy Conservation 185 t
Page 212 and 213:
Idle-time Energy Conservation 187 c
Page 214 and 215:
Page 216 and 217:
Conclusion 191 [6] [7] [8] [9] [10]
Page 218 and 219:
Conclusion 193 [33] [34] [35] [36]
Page 220 and 221:
Conclusion 195 [59] [60] [61] [62]
Page 222 and 223:
Chapter 7 USE OF SMART ANTENNAS IN
Page 224 and 225:
Smart Antenna Basics and Models 199
Page 226 and 227:
Medium Access Control with Directio
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235:
Page 236 and 237: Medium Access Control with Directio
Page 242 and 243: Routing with Directional Antennas 2
Page 248 and 249: Broadcast with Directional Antennas
Page 250 and 251: Broadcast with Directional Antennas
Page 252 and 253: Summary 227 [4] [5] [6] [7] [8] [9]
Page 254 and 255: Chapter 8 QOS ISSUES IN AD-HOC NETW
Page 256 and 257: Introduction 231 The concept of ad-
Page 258 and 259: Physical Layer 233 The 802.11a stan
Page 260 and 261: Medium Access Layer 235 neighbors,
Page 262 and 263: Medium Access Layer 237 Figure 8.5.
Page 264 and 265: QoS Routing 239 where is the number
Page 266 and 267: QoS at other Networking Layers 241
Page 268 and 269: Inter-Layer Design Approaches 243 8
Page 270 and 271: Conclusion 245 are specifically des
Page 272 and 273: Conclusion 247 [13] S. Mangold, S.
Page 274 and 275: Chapter 9 SECURITY IN MOBILE AD-HOC
Page 276 and 277: Potential Attacks 251 attacks, such
Page 278 and 279: Attack Prevention Techniques 253 9.
Page 280 and 281: Intrusion Detection Techniques 255
Page 290 and 291: Conclusion 265 an important and sti
Page 292 and 293: Conclusion 267 [24] [25] [26] [27]
Page 294 and 295: Index Ad hoc network multicast rout
show all

Ad Hoc Networks : Technologies and Protocols - University of ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?