1) This document proposes a new anomaly detection scheme for mobile ad hoc networks (MANETs) based on dynamic learning.
2) The scheme uses a statistical decision theory to calculate projection distances between the current and normal states of nodes using weighted coefficients and a forgetting curve.
3) Simulations evaluate the scheme's effectiveness in detecting five types of attacks on the ad hoc on-demand distance vector (AODV) routing protocol for MANETs of different sizes.
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORKIJNSA Journal
Wireless sensor network (WSN) is regularly deployed in unattended and hostile environments. The WSN is vulnerable to security threats and susceptible to physical capture. Thus, it is necessary to use effective mechanisms to protect the network. It is widely known, that the intrusion detection is one of the most efficient security mechanisms to protect the network against malicious attacks or unauthorized access. In this paper, we propose a hybrid intrusion detection system for clustered WSN. Our intrusion framework uses a combination between the Anomaly Detection based on support vector machine (SVM) and the Misuse Detection. Experiments results show that most of routing attacks can be detected with low false alarm.
A Novel Approach to Detect & Prevent Wormhole Attack over MANET & Sensor n/w ...IOSR Journals
Abstract: In Mobile Ad hoc Network (MANET) mobile node is responsible for route establishment using
wireless link where each node may behave like both as a host and router. MANET encounters number of
security threats because of its open entrusted environment, with little security arrangement, security over
MANET can be enhance up to some satisfactory level because of its inherent characteristics. Among some of
the prominent security threats wormhole attack is considered to be a very serious security threat over MANET.
In wormhole two selfish node which is geographically very far away to each other makes tunnel between each
other to hide their actual location and give the illusion that they are true neighbours and attract other nodes to
make conversation through the wormhole tunnel. Many researchers focused on detecting wormhole attack and
its prevention mechanism. It seems that in the previous technique there is a need to improve their results in the
brink of false negative rate, routing overhead etc. The present paper has proposed the hybrid model in order to
detect and prevent the wormhole attack. This approach has been work with neighbour node and hop count
method.
Keywords: Mobile Ad hoc Network, Selfish node, Malicious node, AODV
DYNAMIC NEURAL NETWORKS IN THE DETECTION OF DISTRIBUTED ATTACKS IN MOBILE AD-...IJNSA Journal
This document summarizes research on developing a distributed intrusion detection system for mobile ad hoc networks (MANETs) using dynamic neural networks. The system uses learning vector quantization neural networks distributed across nodes to identify patterns of network attacks. In a simulation of 18 nodes, the system successfully detected 80% of man-in-the-middle attacks on the ad hoc on-demand distance vector routing protocol. The distributed nature of the neural network approach helps overcome limitations of bandwidth and connectivity in MANETs compared to traditional centralized intrusion detection systems.
Dear Students
Ingenious techno Solution offers an expertise guidance on you Final Year IEEE & Non- IEEE Projects on the following domain
JAVA
.NET
EMBEDDED SYSTEMS
ROBOTICS
MECHANICAL
MATLAB etc
For further details contact us:
enquiry@ingenioustech.in
044-42046028 or 8428302179.
Ingenious Techno Solution
#241/85, 4th floor
Rangarajapuram main road,
Kodambakkam (Power House)
http://www.ingenioustech.in/
WDA: Wormhole Attack Detection Algorithm based on measuring Round Trip Delay ...ijsrd.com
The recent advancements in the wireless arena and their wide-spread utilization have introduced new security vulnerabilities. The wireless media being shared is exposed to outside world, so it is susceptible to various attacks at different layers of OSI network stack. For example, jamming and device tampering at the physical layer; disruption of the medium access control (MAC) layer; routing attacks like Blackhole, rushing, wormhole; targeted attacks on the transport protocol like session hijacking, SYN flooding or even attacks intended to disrupt specific applications through viruses, worms and Trojan Horses. Wormhole attack is one of the serious routing attacks amongst all the network layer attacks launched on MANET. Wormhole attack is launched by creation of tunnels and it leads to total disruption of the routing paths on MANET. In this paper, Wormhole detection algorithm (WDA) is proposed based on modifying the forwarding packet process that detects and isolates wormhole nodes in ad hoc on demand distance vector (AODV) routing protocol.
Detection and prevention of wormhole attack in mobile adhoc networksambitlick
This document discusses detection and prevention of wormhole attacks in mobile ad hoc networks. A wormhole attack is a powerful attack where two or more malicious nodes collude to tunnel packets between them, emulating a shorter route and attracting traffic. This can severely disrupt network communication. The paper proposes a novel trust-based scheme to identify wormhole-creating nodes without cryptography. Extensive simulations show the scheme effectively handles colluding malicious nodes without imposing extra network conditions.
Securing WSN communication using Enhanced Adaptive Acknowledgement ProtocolIJMTST Journal
This document summarizes an enhanced adaptive acknowledgement protocol for securing wireless sensor network communication. It begins by describing security challenges in WSNs like the wireless medium, hostile environments, and resource constraints. It then discusses common security attacks like black hole and grey hole attacks. Existing acknowledgement schemes like Watchdog, TWOACK, and AACK are explained along with their limitations in detecting such attacks. The document proposes an Enhanced Adaptive Acknowledgement (EAACK) scheme that uses ACK, Secure ACK, and Misbehavior Report Authentication to better detect attacks while reducing overhead. EAACK aims to securely detect black hole, grey hole, and false misbehavior reporting in wireless sensor networks.
A Distributed Approach for Detecting Wormhole Attack in Wireless Network Codi...IRJET Journal
This document presents a distributed algorithm called DAWN to detect wormhole attacks in wireless network coding systems. The algorithm has two phases: 1) a detection phase where each node uses the expected transmission count (ETX) metric to detect if any attackers exist, and 2) a reporting phase where detected attackers are reported to other nodes. ETX represents the number of transmissions needed for a packet to be received and can reveal the network topology. DAWN examines the order nodes receive packets and their ETX values to identify attackers. It signatures reports to prevent manipulation and distributes the workload of detection across all nodes. The algorithm successfully detects wormhole attacks with high rates while imposing low computation and communication overhead.
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORKIJNSA Journal
Wireless sensor network (WSN) is regularly deployed in unattended and hostile environments. The WSN is vulnerable to security threats and susceptible to physical capture. Thus, it is necessary to use effective mechanisms to protect the network. It is widely known, that the intrusion detection is one of the most efficient security mechanisms to protect the network against malicious attacks or unauthorized access. In this paper, we propose a hybrid intrusion detection system for clustered WSN. Our intrusion framework uses a combination between the Anomaly Detection based on support vector machine (SVM) and the Misuse Detection. Experiments results show that most of routing attacks can be detected with low false alarm.
A Novel Approach to Detect & Prevent Wormhole Attack over MANET & Sensor n/w ...IOSR Journals
Abstract: In Mobile Ad hoc Network (MANET) mobile node is responsible for route establishment using
wireless link where each node may behave like both as a host and router. MANET encounters number of
security threats because of its open entrusted environment, with little security arrangement, security over
MANET can be enhance up to some satisfactory level because of its inherent characteristics. Among some of
the prominent security threats wormhole attack is considered to be a very serious security threat over MANET.
In wormhole two selfish node which is geographically very far away to each other makes tunnel between each
other to hide their actual location and give the illusion that they are true neighbours and attract other nodes to
make conversation through the wormhole tunnel. Many researchers focused on detecting wormhole attack and
its prevention mechanism. It seems that in the previous technique there is a need to improve their results in the
brink of false negative rate, routing overhead etc. The present paper has proposed the hybrid model in order to
detect and prevent the wormhole attack. This approach has been work with neighbour node and hop count
method.
Keywords: Mobile Ad hoc Network, Selfish node, Malicious node, AODV
DYNAMIC NEURAL NETWORKS IN THE DETECTION OF DISTRIBUTED ATTACKS IN MOBILE AD-...IJNSA Journal
This document summarizes research on developing a distributed intrusion detection system for mobile ad hoc networks (MANETs) using dynamic neural networks. The system uses learning vector quantization neural networks distributed across nodes to identify patterns of network attacks. In a simulation of 18 nodes, the system successfully detected 80% of man-in-the-middle attacks on the ad hoc on-demand distance vector routing protocol. The distributed nature of the neural network approach helps overcome limitations of bandwidth and connectivity in MANETs compared to traditional centralized intrusion detection systems.
Dear Students
Ingenious techno Solution offers an expertise guidance on you Final Year IEEE & Non- IEEE Projects on the following domain
JAVA
.NET
EMBEDDED SYSTEMS
ROBOTICS
MECHANICAL
MATLAB etc
For further details contact us:
enquiry@ingenioustech.in
044-42046028 or 8428302179.
Ingenious Techno Solution
#241/85, 4th floor
Rangarajapuram main road,
Kodambakkam (Power House)
http://www.ingenioustech.in/
WDA: Wormhole Attack Detection Algorithm based on measuring Round Trip Delay ...ijsrd.com
The recent advancements in the wireless arena and their wide-spread utilization have introduced new security vulnerabilities. The wireless media being shared is exposed to outside world, so it is susceptible to various attacks at different layers of OSI network stack. For example, jamming and device tampering at the physical layer; disruption of the medium access control (MAC) layer; routing attacks like Blackhole, rushing, wormhole; targeted attacks on the transport protocol like session hijacking, SYN flooding or even attacks intended to disrupt specific applications through viruses, worms and Trojan Horses. Wormhole attack is one of the serious routing attacks amongst all the network layer attacks launched on MANET. Wormhole attack is launched by creation of tunnels and it leads to total disruption of the routing paths on MANET. In this paper, Wormhole detection algorithm (WDA) is proposed based on modifying the forwarding packet process that detects and isolates wormhole nodes in ad hoc on demand distance vector (AODV) routing protocol.
Detection and prevention of wormhole attack in mobile adhoc networksambitlick
This document discusses detection and prevention of wormhole attacks in mobile ad hoc networks. A wormhole attack is a powerful attack where two or more malicious nodes collude to tunnel packets between them, emulating a shorter route and attracting traffic. This can severely disrupt network communication. The paper proposes a novel trust-based scheme to identify wormhole-creating nodes without cryptography. Extensive simulations show the scheme effectively handles colluding malicious nodes without imposing extra network conditions.
Securing WSN communication using Enhanced Adaptive Acknowledgement ProtocolIJMTST Journal
This document summarizes an enhanced adaptive acknowledgement protocol for securing wireless sensor network communication. It begins by describing security challenges in WSNs like the wireless medium, hostile environments, and resource constraints. It then discusses common security attacks like black hole and grey hole attacks. Existing acknowledgement schemes like Watchdog, TWOACK, and AACK are explained along with their limitations in detecting such attacks. The document proposes an Enhanced Adaptive Acknowledgement (EAACK) scheme that uses ACK, Secure ACK, and Misbehavior Report Authentication to better detect attacks while reducing overhead. EAACK aims to securely detect black hole, grey hole, and false misbehavior reporting in wireless sensor networks.
A Distributed Approach for Detecting Wormhole Attack in Wireless Network Codi...IRJET Journal
This document presents a distributed algorithm called DAWN to detect wormhole attacks in wireless network coding systems. The algorithm has two phases: 1) a detection phase where each node uses the expected transmission count (ETX) metric to detect if any attackers exist, and 2) a reporting phase where detected attackers are reported to other nodes. ETX represents the number of transmissions needed for a packet to be received and can reveal the network topology. DAWN examines the order nodes receive packets and their ETX values to identify attackers. It signatures reports to prevent manipulation and distributes the workload of detection across all nodes. The algorithm successfully detects wormhole attacks with high rates while imposing low computation and communication overhead.
Analysis of security threats in wireless sensor networkijwmn
Wireless Sensor Network(WSN) is an emerging technology and explored field of researchers worldwide
in the past few years, so does the need for effective security mechanisms. The sensing technology
combined with processing power and wireless communication makes it lucrative for being exploited in
abundance in future. The inclusion of wireless communication technology also incurs various types of
security threats due to unattended installation of sensor nodes as sensor networks may interact with
sensitive data and /or operate in hostile unattended environments. These security concerns be addressed
from the beginning of the system design. The intent of this paper is to investigate the security related
issues in wireless sensor networks. In this paper we have explored general security threats in wireless
sensor network with extensive study.
Survey of manet misbehaviour detection approachesIJNSA Journal
Distributed Denial of Service (DDoS) attacks today
have been amplified into gigabits volume with
broadband Internet access; at the same time, the us
e of more powerful botnets and common DDoS
mitigation and protection solutions implemented in
small and large organizations’ networks and servers
are no longer effective. Our survey provides an in-
depth study on the current largest DNS reflection a
ttack
with more than 300 Gbps on Spamhaus.org. We have re
viewed and analysed the current most popular
DDoS attack types that are launched by the hacktivi
sts. Lastly, effective cloud-based DDoS mitigation
and
protection techniques proposed by both academic res
earchers and large commercial cloud-based DDoS
service providers are discussed.
MANETs have unique characteristics like dynamic topology, wireless radio medium, limited resources and lack of centralized administration; as a result, they are vulnerable to different types of attacks in different layers of protocol stack. wormhole attack detection in wireless sensor networks
NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...ijcsa
Mobile Ad Hoc Networks (MANETs) are more vulnerable
to different attacks. Prevention methods as
cryptographic techniques alone are not sufficient t
o make them secure; therefore, efficient intrusion
detection must be deployed and elaborated to facili
tate the identification of attacks. An Intrusion De
tection
System (IDS) aims to detect malicious and selfish n
odes in a network. The intrusion detection methods
used
normally for wired networks can no longer adequate
when adapted directly to a wireless ad-hoc network,
so existing techniques of intrusion detection have
to be changed and new techniques have to be determi
ned
to work efficiency and effectively in this new netw
ork architecture of MANETs. In this paper we give a
survey of different architectures and methods of in
trusion detection systems (IDSs) for MANETs
accordingly to the recent literature.
Mobile ad hoc network (MANETs) is an emerging
area with practical applications. One such field concerns
mobile ad hoc networks (MANETs) in which mobile nodes
organize themselves in a network without the help of any
predefined infrastructure. Securing MANETs is an important
part of deploying and utilizing them, since them are often
used in critical applications where data and communications
integrity in important. Existing solutions for wireless
networks can be used to obtain a certain level of such security.
Nevertheless, these solutions may not always be sufficient, as
ad-hoc networks have their own vulnerabilities that cannot
be addressed by these solutions. To obtain an acceptable level
of security in such a context, traditional security solutions
should be coupled with an intrusion detection mechanism.
We propose using a quantitative method to detect intrusion in
MANETS with mobile nodes. Our method is a behavioral
anomaly based system, which makes it dynamic, scalable,
configurable and robust. Finally, we verify our method by
running ns2 simulations with mobile nodes using Ad-hoc ondemand
Distance Vector (AODV) routing. It is observed that
the malicious node detection rate is very good, and the false
positive detection rate is low
Proposed Agent Based Black hole Node Detection Algorithm for Ad-Hoc Wireless...ijcsa
A Mobile ad-hoc network (MANET) is a latest and eme
rging Research topic among researchers. The
reason behind the popularity of MANET is flexibilit
y and independence of network infrastructure. MANET
has some unique characteristic like dynamic network
topology, limited power and limited bandwidth for
communication. MANET has more challenge compare to
any other conventional network. However the
dynamical network topology of MANETs, infrastructur
e-less property and lack of certificate authority m
ake
the security problems of MANETs need to pay more at
tention. This paper represents review of layer wise
security attacks. It also discussed the issues and
challenges of mobile ad hoc network. On the importa
nce of
security issues, this paper proposed intrusion dete
ction framework for detecting network layer threats
such
as black hole attack.
This document discusses statistical approaches for detecting anomalies in network traffic. It begins by describing the typical four-stage process for anomaly detection: data collection, data analysis/feature extraction, inference to classify traffic as normal or anomalous, and validation. It then discusses several specific statistical approaches that can be used:
(1) Extracting features using statistical models of the traffic distributions, such as α-stable distributions, which can properly model highly variable network traffic.
(2) Using techniques like the Kalman filter to analyze traffic volume changes at different time scales and detect both short-term and long-term anomalies.
(3) Applying the Holt-Winters forecasting technique to decompose traffic into a baseline, trend,
Wormhole attack detection algorithms in wireless network coding systemsPvrtechnologies Nellore
This document proposes algorithms to detect wormhole attacks in wireless network coding systems. It first discusses how wormhole attacks can severely impact network coding protocols by disrupting routing and introducing unfair workload distributions. It then presents a centralized algorithm that uses a central node to detect wormholes by measuring changes in expected transmission counts. For distributed systems without a central node, it proposes DAWN, a distributed algorithm that examines the order nodes receive innovative packets and their expected transmission counts to detect wormholes. The algorithms aim to detect wormholes using only local information available from regular network coding protocols to keep overhead low. Extensive testing validated the effectiveness and efficiency of the proposed approaches.
This document summarizes an article about intrusion detection systems (IDS) for secure mobile ad hoc networks (MANETs). It discusses the distributed and cooperative architecture of IDS for MANETs, where each node runs an IDS agent to detect intrusions locally and cooperate with other nodes. It describes several IDS approaches for MANETs including the Watchdog technique to detect misbehaving nodes, the Pathrater technique to find routes without those nodes, and the CORE technique which uses a collaborative reputation system. The document concludes that considering these IDS techniques can help make MANETs more secure.
The document proposes a label-based secure localization scheme to defend against wormhole attacks in wireless sensor networks. It analyzes the impact of wormhole attacks on DV-Hop localization and describes a three-phase approach to label beacon and sensor nodes to identify and remove illegal connections introduced by wormholes. Simulation results show the scheme is effective at detecting wormholes and minimizing their impact on localization accuracy.
This document summarizes a research paper that proposes WRSR, a routing protocol for wireless mesh networks that is resistant to wormhole attacks. WRSR can detect and prevent routes containing wormhole links during the route discovery process. It does not require specialized hardware like GPS or synchronized clocks. WRSR uses the unit disk graph model to determine that for a path to be wormhole-free, any two-hop sub-path must have an alternate shorter sub-path. This allows WRSR to identify route requests traversing wormhole links and quarantine those routes before they can be established. The key features of WRSR are its ability to defend against hidden and Byzantine wormhole attacks without relying on extra hardware or computationally intensive cryptography.
This document summarizes a research paper that proposes a new solution to detect and prevent selfish attacks in mobile ad hoc networks (MANETs). The solution uses a watchdog technique to monitor node behavior and a varying threshold-based policy to avoid falsely accusing nodes in dense networks. It describes how the Ad Hoc On-Demand Distance Vector (AODV) routing protocol works in MANETs and related work on detecting and preventing selfish attacks. The proposed technique aims to safely monitor, detect, and isolate misbehaving nodes through dynamic learning without falsely accusing correct nodes.
A Security Mechanism Against Reactive Jammer Attack In Wireless Sensor Netwo...ijsptm
Providing an efficient security for wireless sensor network is a crucial challenge which is made more
difficult due to its broadcast nature and restrictions on resources such as energy, power memory usage,
computation and communication capabilities. The Reactive Jammer Attack is a major security threat to
wireless sensor networks because reactive jammer attack is a light weight attack which is easy to launch
but difficult to detect .This work suggest a new scheme to neutralize malicious reactive jammer nodes by
changing the characteristic of trigger nodes to act as only receiver. Here the current approach attempts to
identify the trigger nodes using the group testing technique, which enhances the identification speed and
reduces the message complexity of the status report sent periodically between the sensor nodes and the
base station.
NetSim Webinar on Network Attacks and DetectionDESHPANDE M
Webinar Contents:
Why use a Network Simulator
Introduction to NetSim
Introduction to Sinkhole Attack : Attack scenario in MANET using NetSim
Intrusion Detection System: Detection mechanism in MANET using NetSim
Analyzing Metrics
Areas of R & D in MANET
Q & A
The document describes an intrusion detection system for cluster-based wireless sensor networks. It proposes using MAC address-based intruder tracking to detect intruders early. The system divides the network into clusters, with cluster heads monitoring members. It uses port numbers, IP addresses and MAC addresses to authenticate nodes and detect intruders pretending to be valid nodes. If intruder behavior is detected, an alarm is raised. The approach aims to securely transmit data in the network by identifying and preventing malicious intrusions and attacks.
A novel approach for a secured intrusion detection system in maneteSAT Publishing House
This document proposes a novel intrusion detection system (IDS) for mobile ad hoc networks (MANETs) that promotes complete unlinkability and conceals packet contents to add privacy preservation. The proposed scheme uses a combination of group IDs and digital signatures for encrypted route discovery. This allows malicious nodes to be detected during route discovery and avoided for data transmission. Compared to existing approaches, the proposed scheme has lower end-to-end delay and improved packet delivery ratio.
Now a day the technology is improving day by day. The wired network has been changed to wireless network. There are many advantages of wireless network over wired network. One of the main advantage is we can walk around freely in a network area and accesses internet. Security is one of the challenging issues. Intrusion Detection System is one of the systematic ways to detect malicious node in a mobile ad hoc network MANET and it is driven by battery power. This paper gives a survey on various intrusion detection systems in MANET. Praveen Mourya | Prof. Avinash Sharma ""Review on Intrusion Detection in MANETs"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-2 , February 2020, URL: https://www.ijtsrd.com/papers/ijtsrd29970.pdf
Paper Url : https://www.ijtsrd.com/engineering/computer-engineering/29970/review-on-intrusion-detection-in-manets/praveen-mourya
This document proposes a hybrid intrusion detection system (HIDS) for wireless sensor networks. The HIDS combines cluster-based and rule-based intrusion detection techniques. It is designed to address the limited resources of sensor networks while achieving high detection rates and low false positives. The system works by using cluster heads to detect intrusions based on both anomaly detection and comparing activities to known attack behaviors. A simulation evaluated the HIDS and found it performed intrusion detection efficiently while being energy efficient and having a high detection rate.
PERUSAL OF INTRUSION DETECTION AND PREVENTION SYSTEM ON A MANET WITH BLACK HO...ijsptm
MANET is a self configuring network of nodes which is a wireless . The nodes in this network move
randomly .Mobility of nodes is more. The nodes are dynamic and infrastructure less ,self maintainable. In
MANET there are many types of security attacks like Blackhole, greyhole attack, wormhole, jellyfish etc.
When the MANET is under blackhole attack there is a loss of energy which is high at the node resulting in
loss of battery backup and also excess of bandwidth may be consumed by the attacker. The attacker is an
insider. Among various mobility models to generate mobility patterns the Random waypoint mobility
model is used .To solve these issues an IDPS framework for MANET using image processing techniques
under blackhole attack is proposed to detect the blackhole attack RREP by providing security services like
authentication and confidentiality.
Admission control and routing in multi hop wireless networksambitlick
This document summarizes a research paper about admission control and routing algorithms for multi-hop wireless networks that provide quality of service guarantees for flows requesting a pre-specified bandwidth. The paper develops an optimal admission control and routing algorithm that has performance close to an offline algorithm with complete future knowledge. The algorithm makes no assumptions about flow arrival patterns and can be implemented in a distributed manner. It also proves this algorithm is asymptotically optimal with respect to competitive ratio, a metric that measures performance compared to an offline algorithm. Finally, the paper discusses how the algorithm can be modified to allow use of standard shortest-path algorithms for distributed implementation.
A novel pause count backoff algorithm for channel accessambitlick
The document summarizes a proposed novel backoff algorithm called Pause Count Backoff (PCB) for channel access in IEEE 802.11 wireless networks. PCB observes the number of pauses in a node's backoff procedure to estimate the number of active stations and set an appropriate contention window size. Simulation results show PCB outperforms other algorithms like DCF, EIED, and AEDCF in terms of goodput, fairness index, and end-to-end delay under different network conditions.
Analysis of security threats in wireless sensor networkijwmn
Wireless Sensor Network(WSN) is an emerging technology and explored field of researchers worldwide
in the past few years, so does the need for effective security mechanisms. The sensing technology
combined with processing power and wireless communication makes it lucrative for being exploited in
abundance in future. The inclusion of wireless communication technology also incurs various types of
security threats due to unattended installation of sensor nodes as sensor networks may interact with
sensitive data and /or operate in hostile unattended environments. These security concerns be addressed
from the beginning of the system design. The intent of this paper is to investigate the security related
issues in wireless sensor networks. In this paper we have explored general security threats in wireless
sensor network with extensive study.
Survey of manet misbehaviour detection approachesIJNSA Journal
Distributed Denial of Service (DDoS) attacks today
have been amplified into gigabits volume with
broadband Internet access; at the same time, the us
e of more powerful botnets and common DDoS
mitigation and protection solutions implemented in
small and large organizations’ networks and servers
are no longer effective. Our survey provides an in-
depth study on the current largest DNS reflection a
ttack
with more than 300 Gbps on Spamhaus.org. We have re
viewed and analysed the current most popular
DDoS attack types that are launched by the hacktivi
sts. Lastly, effective cloud-based DDoS mitigation
and
protection techniques proposed by both academic res
earchers and large commercial cloud-based DDoS
service providers are discussed.
MANETs have unique characteristics like dynamic topology, wireless radio medium, limited resources and lack of centralized administration; as a result, they are vulnerable to different types of attacks in different layers of protocol stack. wormhole attack detection in wireless sensor networks
NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...ijcsa
Mobile Ad Hoc Networks (MANETs) are more vulnerable
to different attacks. Prevention methods as
cryptographic techniques alone are not sufficient t
o make them secure; therefore, efficient intrusion
detection must be deployed and elaborated to facili
tate the identification of attacks. An Intrusion De
tection
System (IDS) aims to detect malicious and selfish n
odes in a network. The intrusion detection methods
used
normally for wired networks can no longer adequate
when adapted directly to a wireless ad-hoc network,
so existing techniques of intrusion detection have
to be changed and new techniques have to be determi
ned
to work efficiency and effectively in this new netw
ork architecture of MANETs. In this paper we give a
survey of different architectures and methods of in
trusion detection systems (IDSs) for MANETs
accordingly to the recent literature.
Mobile ad hoc network (MANETs) is an emerging
area with practical applications. One such field concerns
mobile ad hoc networks (MANETs) in which mobile nodes
organize themselves in a network without the help of any
predefined infrastructure. Securing MANETs is an important
part of deploying and utilizing them, since them are often
used in critical applications where data and communications
integrity in important. Existing solutions for wireless
networks can be used to obtain a certain level of such security.
Nevertheless, these solutions may not always be sufficient, as
ad-hoc networks have their own vulnerabilities that cannot
be addressed by these solutions. To obtain an acceptable level
of security in such a context, traditional security solutions
should be coupled with an intrusion detection mechanism.
We propose using a quantitative method to detect intrusion in
MANETS with mobile nodes. Our method is a behavioral
anomaly based system, which makes it dynamic, scalable,
configurable and robust. Finally, we verify our method by
running ns2 simulations with mobile nodes using Ad-hoc ondemand
Distance Vector (AODV) routing. It is observed that
the malicious node detection rate is very good, and the false
positive detection rate is low
Proposed Agent Based Black hole Node Detection Algorithm for Ad-Hoc Wireless...ijcsa
A Mobile ad-hoc network (MANET) is a latest and eme
rging Research topic among researchers. The
reason behind the popularity of MANET is flexibilit
y and independence of network infrastructure. MANET
has some unique characteristic like dynamic network
topology, limited power and limited bandwidth for
communication. MANET has more challenge compare to
any other conventional network. However the
dynamical network topology of MANETs, infrastructur
e-less property and lack of certificate authority m
ake
the security problems of MANETs need to pay more at
tention. This paper represents review of layer wise
security attacks. It also discussed the issues and
challenges of mobile ad hoc network. On the importa
nce of
security issues, this paper proposed intrusion dete
ction framework for detecting network layer threats
such
as black hole attack.
This document discusses statistical approaches for detecting anomalies in network traffic. It begins by describing the typical four-stage process for anomaly detection: data collection, data analysis/feature extraction, inference to classify traffic as normal or anomalous, and validation. It then discusses several specific statistical approaches that can be used:
(1) Extracting features using statistical models of the traffic distributions, such as α-stable distributions, which can properly model highly variable network traffic.
(2) Using techniques like the Kalman filter to analyze traffic volume changes at different time scales and detect both short-term and long-term anomalies.
(3) Applying the Holt-Winters forecasting technique to decompose traffic into a baseline, trend,
Wormhole attack detection algorithms in wireless network coding systemsPvrtechnologies Nellore
This document proposes algorithms to detect wormhole attacks in wireless network coding systems. It first discusses how wormhole attacks can severely impact network coding protocols by disrupting routing and introducing unfair workload distributions. It then presents a centralized algorithm that uses a central node to detect wormholes by measuring changes in expected transmission counts. For distributed systems without a central node, it proposes DAWN, a distributed algorithm that examines the order nodes receive innovative packets and their expected transmission counts to detect wormholes. The algorithms aim to detect wormholes using only local information available from regular network coding protocols to keep overhead low. Extensive testing validated the effectiveness and efficiency of the proposed approaches.
This document summarizes an article about intrusion detection systems (IDS) for secure mobile ad hoc networks (MANETs). It discusses the distributed and cooperative architecture of IDS for MANETs, where each node runs an IDS agent to detect intrusions locally and cooperate with other nodes. It describes several IDS approaches for MANETs including the Watchdog technique to detect misbehaving nodes, the Pathrater technique to find routes without those nodes, and the CORE technique which uses a collaborative reputation system. The document concludes that considering these IDS techniques can help make MANETs more secure.
The document proposes a label-based secure localization scheme to defend against wormhole attacks in wireless sensor networks. It analyzes the impact of wormhole attacks on DV-Hop localization and describes a three-phase approach to label beacon and sensor nodes to identify and remove illegal connections introduced by wormholes. Simulation results show the scheme is effective at detecting wormholes and minimizing their impact on localization accuracy.
This document summarizes a research paper that proposes WRSR, a routing protocol for wireless mesh networks that is resistant to wormhole attacks. WRSR can detect and prevent routes containing wormhole links during the route discovery process. It does not require specialized hardware like GPS or synchronized clocks. WRSR uses the unit disk graph model to determine that for a path to be wormhole-free, any two-hop sub-path must have an alternate shorter sub-path. This allows WRSR to identify route requests traversing wormhole links and quarantine those routes before they can be established. The key features of WRSR are its ability to defend against hidden and Byzantine wormhole attacks without relying on extra hardware or computationally intensive cryptography.
This document summarizes a research paper that proposes a new solution to detect and prevent selfish attacks in mobile ad hoc networks (MANETs). The solution uses a watchdog technique to monitor node behavior and a varying threshold-based policy to avoid falsely accusing nodes in dense networks. It describes how the Ad Hoc On-Demand Distance Vector (AODV) routing protocol works in MANETs and related work on detecting and preventing selfish attacks. The proposed technique aims to safely monitor, detect, and isolate misbehaving nodes through dynamic learning without falsely accusing correct nodes.
A Security Mechanism Against Reactive Jammer Attack In Wireless Sensor Netwo...ijsptm
Providing an efficient security for wireless sensor network is a crucial challenge which is made more
difficult due to its broadcast nature and restrictions on resources such as energy, power memory usage,
computation and communication capabilities. The Reactive Jammer Attack is a major security threat to
wireless sensor networks because reactive jammer attack is a light weight attack which is easy to launch
but difficult to detect .This work suggest a new scheme to neutralize malicious reactive jammer nodes by
changing the characteristic of trigger nodes to act as only receiver. Here the current approach attempts to
identify the trigger nodes using the group testing technique, which enhances the identification speed and
reduces the message complexity of the status report sent periodically between the sensor nodes and the
base station.
NetSim Webinar on Network Attacks and DetectionDESHPANDE M
Webinar Contents:
Why use a Network Simulator
Introduction to NetSim
Introduction to Sinkhole Attack : Attack scenario in MANET using NetSim
Intrusion Detection System: Detection mechanism in MANET using NetSim
Analyzing Metrics
Areas of R & D in MANET
Q & A
The document describes an intrusion detection system for cluster-based wireless sensor networks. It proposes using MAC address-based intruder tracking to detect intruders early. The system divides the network into clusters, with cluster heads monitoring members. It uses port numbers, IP addresses and MAC addresses to authenticate nodes and detect intruders pretending to be valid nodes. If intruder behavior is detected, an alarm is raised. The approach aims to securely transmit data in the network by identifying and preventing malicious intrusions and attacks.
A novel approach for a secured intrusion detection system in maneteSAT Publishing House
This document proposes a novel intrusion detection system (IDS) for mobile ad hoc networks (MANETs) that promotes complete unlinkability and conceals packet contents to add privacy preservation. The proposed scheme uses a combination of group IDs and digital signatures for encrypted route discovery. This allows malicious nodes to be detected during route discovery and avoided for data transmission. Compared to existing approaches, the proposed scheme has lower end-to-end delay and improved packet delivery ratio.
Now a day the technology is improving day by day. The wired network has been changed to wireless network. There are many advantages of wireless network over wired network. One of the main advantage is we can walk around freely in a network area and accesses internet. Security is one of the challenging issues. Intrusion Detection System is one of the systematic ways to detect malicious node in a mobile ad hoc network MANET and it is driven by battery power. This paper gives a survey on various intrusion detection systems in MANET. Praveen Mourya | Prof. Avinash Sharma ""Review on Intrusion Detection in MANETs"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-2 , February 2020, URL: https://www.ijtsrd.com/papers/ijtsrd29970.pdf
Paper Url : https://www.ijtsrd.com/engineering/computer-engineering/29970/review-on-intrusion-detection-in-manets/praveen-mourya
This document proposes a hybrid intrusion detection system (HIDS) for wireless sensor networks. The HIDS combines cluster-based and rule-based intrusion detection techniques. It is designed to address the limited resources of sensor networks while achieving high detection rates and low false positives. The system works by using cluster heads to detect intrusions based on both anomaly detection and comparing activities to known attack behaviors. A simulation evaluated the HIDS and found it performed intrusion detection efficiently while being energy efficient and having a high detection rate.
PERUSAL OF INTRUSION DETECTION AND PREVENTION SYSTEM ON A MANET WITH BLACK HO...ijsptm
MANET is a self configuring network of nodes which is a wireless . The nodes in this network move
randomly .Mobility of nodes is more. The nodes are dynamic and infrastructure less ,self maintainable. In
MANET there are many types of security attacks like Blackhole, greyhole attack, wormhole, jellyfish etc.
When the MANET is under blackhole attack there is a loss of energy which is high at the node resulting in
loss of battery backup and also excess of bandwidth may be consumed by the attacker. The attacker is an
insider. Among various mobility models to generate mobility patterns the Random waypoint mobility
model is used .To solve these issues an IDPS framework for MANET using image processing techniques
under blackhole attack is proposed to detect the blackhole attack RREP by providing security services like
authentication and confidentiality.
Admission control and routing in multi hop wireless networksambitlick
This document summarizes a research paper about admission control and routing algorithms for multi-hop wireless networks that provide quality of service guarantees for flows requesting a pre-specified bandwidth. The paper develops an optimal admission control and routing algorithm that has performance close to an offline algorithm with complete future knowledge. The algorithm makes no assumptions about flow arrival patterns and can be implemented in a distributed manner. It also proves this algorithm is asymptotically optimal with respect to competitive ratio, a metric that measures performance compared to an offline algorithm. Finally, the paper discusses how the algorithm can be modified to allow use of standard shortest-path algorithms for distributed implementation.
A novel pause count backoff algorithm for channel accessambitlick
The document summarizes a proposed novel backoff algorithm called Pause Count Backoff (PCB) for channel access in IEEE 802.11 wireless networks. PCB observes the number of pauses in a node's backoff procedure to estimate the number of active stations and set an appropriate contention window size. Simulation results show PCB outperforms other algorithms like DCF, EIED, and AEDCF in terms of goodput, fairness index, and end-to-end delay under different network conditions.
Hoe rijk is eurocommissaris Marianne Thyssen?Thierry Debels
Nieuwbakken eurocommissaris Marianne Thyssen moet een verklaring afleggen over haar vermogen. Uit dat document blijkt dat ze een aanzienlijk roerend en onroerend vermogen heeft.
Architecture for reliable service discoveryambitlick
The authors provide an overview of standardized service discovery and delivery solutions for mobile ad hoc networks (MANETs). They propose a novel architecture that allows selecting a service provider based on metrics like the power supply of the provider and the path to the destination. This architecture is based on a decentralized approach using Service Location Protocol (SLP) extensions. It aims to provide reliable service discovery and delivery in MANETs by considering energy constraints affecting the network topology and connectivity.
TCP Fairness for Uplink and Downlink Flows in WLANsambitlick
The document discusses simulation parameters for a wireless network simulation in NS2 including the simulator used, simulation time, packet interval, background data traffic types, packet size, transmission range, routing protocol, and MAC protocol. It also briefly discusses queue management for wireless networks and how it differs from wired networks by not being visible. Client-server computing and networking is defined as well as packet scheduling policies and comparing FIFO to RENO scheduling. Bandwidth sharing approaches are examined for heterogeneous congestion control protocols. Finally, end-to-end throughput is defined and its decrease with more nodes in a chain topology is explained due to relaying overhead at intermediate nodes.
Energy efficient cluster-based service discovery in wireless sensor networksambitlick
1) The document proposes an energy-efficient service discovery protocol for wireless sensor networks that exploits a cluster-based network overlay.
2) Clusterhead nodes form a distributed service registry to minimize communication costs during service discovery and maintenance.
3) The performance of the proposed integrated clustering and service discovery solution is evaluated through simulations under different network conditions.
A collaborative wireless sensor network routingambitlick
This document proposes a new routing scheme called node reliance for wireless sensor networks. Node reliance rates how much each node is relied upon for routing data from sources to sinks. Sources will route through nodes with low reliance ratings to avoid overusing critical nodes and maximize network lifetime. The scheme is evaluated using an example network and compared to other routing methods. Node reliance aims to reduce energy waste from disconnected sources by encouraging collaboration between sources in path selection.
On Multihop Distances in Wireless Sensor Networks with Random Node Locationsambitlick
The document analyzes the distribution of maximum multihop distances in wireless sensor networks with random node locations. It proposes a greedy method to maximize the multihop distance in 2D networks by restricting propagation direction outward from the source in each hop and searching for the furthest neighbor. This differs from prior work modeling 1D networks that used a Gaussian distribution, which is shown to not accurately model 2D distances. The paper transforms the Gamma distribution to effectively approximate maximum distances in 2D and provides a more consistent representation of the multihop distance distribution compared to the Gaussian model. It derives the expected value and standard deviation of distances using the Gamma approximation and compares to simulation results.
Stichting van Jacques van Ypersele kreeg geld van rijke AmerikanenThierry Debels
Op 24 september 2013 richt Jacques van Ypersele de stichting Centres Ste-Thérèse op.
Uit een officieel document van de VS blijkt dat de stichting een geldsom kreeg van rijke Amerikaanse geldschieters.
Het gaat meer bepaald om The Stephen F & Camilla T Brauer Charitable Trust.
Hieruit blijkt dat Van Ypersele nog steeds erg goede relaties onderhoudt met onderdanen uit de Verenigde Staten.
The document lists 23 networking and mobile computing projects implemented in NS2. It includes projects on topics like mobility in wireless networks, intrusion detection, neighbor discovery, energy renewal with wireless power transfer, load balancing, and spectrum access control. Contact information is provided for those interested in the project reports, presentations, source code, or implementing new projects.
Onder het mom van COREPER worden door de Europese Unie diverse snoepreisjes georganiseerd. OPvallend is dat de leden van COREPER hun partner kunnen meenemen op een dergelijke snoepreis.
An efficient hybrid peer to-peersystemfordistributeddatasharingambitlick
The document proposes a hybrid peer-to-peer system that combines the advantages of structured and unstructured networks. It consists of two parts: 1) a structured core network that forms the backbone and provides efficient data lookup; 2) multiple unstructured networks attached to each core node, allowing flexible peer joining/leaving. This two-tier design decouples efficiency and flexibility. Simulation results show the hybrid system balances these properties better than single-approach networks.
The document proposes an energy-efficient service discovery protocol for wireless sensor networks. It uses a lightweight clustering algorithm to build a distributed directory of service registrations. Each cluster head maintains information about services in its cluster. The protocol aims to minimize communication costs during service discovery and maintenance of the distributed directory. It constructs disjoint tree clusters where high-capability nodes become cluster heads and advertise their roles, while other nodes select parents based on capability grades.
Waarom proces van Delphine wellicht met sisser aflooptThierry Debels
Op 23 september 2014 wordt het proces van Delphine Boël verdergezet. Hierop krijgt de rechtbank een maand de tijd om een uitspraak te doen. Tegen deze uitspraak kan vervolgens door alle partijen hoger beroep aangetekend worden.
De rechtszaak met dossiernummer 2013 / A / 9225 bevat enkele merkwaardige elementen.
Jean-Jacques De Gucht heeft een passie voor kunst. In interviews heeft hij al eens gezegd dat hij er stiekem van droomt om galeriehouder te worden.
Die droom heeft hij nu waargemaakt. In het voorjaar van 2014 heeft De Gucht met zijn echtgenote de bvba De filatuur opgericht, een kunstgalerie.
An intrusion detection mechanism for manets based on deep learning artificial...IJCNCJournal
Mobile Ad-hoc Network (MANET) is a distributed, decentralized network of wireless portable nodes connecting directly without any fixed communication base station or centralized administration. Nodes in MANET move continuously in random directions and follow an arbitrary manner, which presents numerous challenges to these networks and make them more susceptible to different security threats. Due to this decentralized nature of their overall architecture, combined with the limitation of hardware resources, those infrastructure-less networks are more susceptible to different security attacks such as black hole attack, network partition, node selfishness, and Denial of Service (DoS) attacks. This work aims to present, investigate, and design an intrusion detection predictive technique for Mobile Ad hoc networks using deep learning artificial neural networks (ANNs). A simulation-based evaluation and a deep ANNs modelling for detecting and isolating a Denial of Service (DoS) attack are presented to improve the overall security level of Mobile ad hoc networks.
AN INTRUSION DETECTION MECHANISM FOR MANETS BASED ON DEEP LEARNING ARTIFICIAL...IJCNCJournal
Mobile Ad-hoc Network (MANET) is a distributed, decentralized network of wireless portable nodes
connecting directly without any fixed communication base station or centralized administration. Nodes in
MANET move continuously in random directions and follow an arbitrary manner, which presents
numerous challenges to these networks and make them more susceptible to different security threats. Due
to this decentralized nature of their overall architecture, combined with the limitation of hardware
resources, those infrastructure-less networks are more susceptible to different security attacks such as
black hole attack, network partition, node selfishness, and Denial of Service (DoS) attacks. This work aims
to present, investigate, and design an intrusion detection predictive technique for Mobile Ad hoc networks
using deep learning artificial neural networks (ANNs). A simulation-based evaluation and a deep ANNs
modelling for detecting and isolating a Denial of Service (DoS) attack are presented to improve the overall
security level of Mobile ad hoc networks.
Different Prediction Methods For Route Recovery In MANETJasmine Culbreth
This document discusses different prediction methods for route recovery in mobile ad hoc networks (MANETs). It begins with an abstract discussing multiple path routing infrastructures in various networks. The document then provides background on ad hoc networks and discusses features of MANETs such as dynamic topologies and variable capacity links. It also introduces the Ad Hoc On-Demand Distance Vector (AODV) routing protocol and discusses topics like route discovery, link availability, and distributed hash tables in MANETs.
IMPACT ANALYSIS OF BLACK HOLE ATTACKS ON MOBILE AD HOC NETWORKS PERFORMANCEijgca
A Mobile Ad hoc Network (MANET) is a collection of mobile stations with wireless interfaces which form a temporary network without using any central administration. MANETs are more vulnerable to attacks because
they have some specific characteristics as complexity of wireless communication and lack of infrastructure. Hence security is an important requirement in mobile ad hoc networks. One of the attacks against network integrity
in MANETs is the Black Hole Attack. In this type of attack all data packets are absorbed by malicious node, hence data loss occurs. In this paper we investigated the impacts of Black Hole attacks on the network
performance. We have simulated black hole attacks using Network Simulator 2 (NS-2) and have measured the packet loss in the network without and with a black hole attacks. Also, we measured the packet loss when the
number of black hole attacks increases.
IMPACT ANALYSIS OF BLACK HOLE ATTACKS ON MOBILE AD HOC NETWORKS PERFORMANCEijgca
A Mobile Ad hoc Network (MANET) is a collection of mobile stations with wireless interfaces which form a temporary network without using any central administration. MANETs are more vulnerable to attacks because they have some specific characteristics as complexity of wireless communication and lack of infrastructure. Hence security is an important requirement in mobile ad hoc networks. One of the attacks against network integrity in MANETs is the Black Hole Attack. In this type of attack all data packets are absorbed by malicious node, hence data loss occurs. In this paper we investigated the impacts of Black Hole attacks on the network performance. We have simulated black hole attacks using Network Simulator 2 (NS-2) and have measured the packet loss in the network without and with a black hole attacks. Also, we measured the packet loss when the number of black hole attacks increases.
This document summarizes a study on the impact of black hole attacks on the performance of mobile ad hoc networks (MANETs). The study used the Network Simulator 2 (NS-2) to simulate black hole attacks on MANETs using the Ad Hoc On-Demand Distance Vector (AODV) routing protocol. It found that the packet delivery ratio decreased significantly when black hole nodes were introduced that dropped packets instead of forwarding them as they should. Increasing the number of black hole nodes caused an even more dramatic decrease in the packet delivery ratio.
This document summarizes a study on the impact of black hole attacks on the performance of mobile ad hoc networks (MANETs). The study used the Network Simulator 2 (NS-2) to simulate black hole attacks in MANETs using the Ad hoc On-Demand Distance Vector (AODV) routing protocol. It was found that the packet delivery ratio decreased significantly when black hole attacks were introduced. Additionally, the packet delivery ratio decreased dramatically as the number of black hole nodes increased.
Detecting Various Black Hole Attacks by Using Preventor Node in Wireless Sens...IRJET Journal
This document discusses detecting black hole attacks in wireless sensor networks. It begins with an abstract that introduces black hole attacks as a security threat in mobile ad hoc networks (MANETs) where malicious nodes drop packets. The document then reviews previous work on defending against black hole attacks, including using trust values, dummy nodes, and sequence number verification. It proposes using a "preventor node" to create a secure environment and detect black hole attacks in MANETs to improve network performance and security.
The mobile ad hoc network is an infrastructure less system of mobility appliance connected by wireless.
The system protection violate cannot be prohibited using access and information flow control. This violate may
be outcome system software and hardware failures interrelate system organizational actions or disappointment
of the system verification module. The required for generate the existing methods into more difficult is in
addition rising, because it result into fresh and other useful resolution. Intrusion detection is a significant part in
the detection system abuse in many cases in current research works. An intrusion detection system is the
capability to sense intruders and abuser actions in the system in a competent and sensible fashion. An Intruder
that collaborate a mobile node in MANET eliminates the communication between the nodes. By distribution
fake routing information, provided that false link status information, and plentiful other nodes with superfluous
routing traffic information. The dependency and decentralized of MANET facilitate a challenger to enlarge
innovative type of attacks that are measured to demolish the cooperative algorithms used in ad hoc networks.
MANET is mostly susceptible to several kinds of attacks like inactive eavesdropping, dynamic impersonation,
and denial of services. An Intruder that collaborate a mobile node in MANET obliterate the communication
between the nodes by dissemination fake routing information. If inaccurate link state information, and abundant
other nodes with superfluous routing traffic information. Therefore, successful implementation of MANET
based on user’s poise in its security. The security research in MANET has paying attention on key managing,
routing protocol and intrusion detection techniques. Assessment on intrusion detection and supportive layer in
MANET endow with resolution to extend their real world applications. In this paper, aspire to revision the
various intrusion detections and prevention systems that were anticipated for Mobile Ad hoc Networks
(MANETs). And then compare the latest techniques Intrusion Detection dependent on their architecture and
data gathering techniques
A two tier approach for preventing black hole attack and improving efficiencyeSAT Journals
Abstract One of the most emerging and trending in the field of networking is secure routing to overcome many hindrances that are occurring in day to day lives. Thus providing efficient mechanisms for such networks is the most challenging one. MANET’s (Mobile Adhoc Networks) are a combination of several independent nodes without any fixed infrastructure, dynamic topology, battery constraints, and lack of centralized mechanism, because of its architecture/outlier they are more vulnerable to various kinds of passive and active attacks, such as black hole attack, grey hole attack, wormhole attack. Providing/Implementing a multi tier/two tier security mechanism helps in elevating such kinds of active attacks to some extent. Keywords: Black Hole attack, MANET, Clustering, Encryption.
MANETs (Mobile Ad hoc Network) is a self-governing system in which different mobile nodes are connected by wireless links. MANETs comprise of mobile nodes that are independent for moving in and out over the network. Nodes are the devices or systems that is laptops, mobile phone etc. those are participating in the network. These nodes can operate as router/host or both simultaneously. These nodes can form uninformed topologies as per their connectivity among nodes over the network. Security in MANETs is the prime anxiety for the fundamental working of network. MANETs frequently will be ill with security threats because of it having features like altering its topology dynamically, open medium, lack of central management & monitoring, cooperative algorithms and no apparent security mechanism. These factors draw an attention for the MANETs against the security intimidation. In this paper we have studied about security attack in MANET and its consequences, proposed technique for black hole detection is hybrid in nature which combines the benefit of proactive and reactive protocol and proposed technique is compared with AODV.
A Novel Approach for Detection of Routes with Misbehaving Nodes in MANETsIDES Editor
Network nodes in MANET’s are free to move randomly.
Therefore, the network topology may change rapidly.
Routing protocol for MANET’s are used for delivery of data
packets from source to the desired destination, Routing protocols
are also designed based on the assumption that all the
participating nodes are fully cooperative. However, due to the
scarcely available battery based energy, node behaviours may
exist. One such routing misbehaviours is that some nodes may
be selfish by participating in route discovery and maintenance
process, but refuse to forward the packet in order to save its
energy. To solve this problem we propose a reputation based
scheme where the watch dog uses a passive overhearing of
nodes and assign a value to it as an appreciation or add nuggets
to them. In this proposal, nodes with highest value are
highly recommended for data forwarding and allow nodes to
avoid the use of misbehaving nodes in future route selection.
AdHoc On Demand Distance vector routing protocol may be
used to get the recommendation details of the node intended
to forward the packet from the neighbouring nodes. This paper
proposes a novel method to mitigate the route with misbehaving
nodes and also suggests a way to find if any intruder is
present in the cluster of participating nodes using security
aware AODV protocol.
AN IMPROVED WATCHDOG TECHNIQUE BASED ON POWER-AWARE HIERARCHICAL DESIGN FOR I...IJNSA Journal
This document proposes an improved watchdog technique for intrusion detection in wireless sensor networks. The technique uses a hierarchical model with cluster head nodes acting as watchdogs to monitor network activity within each cell. This is intended to overcome issues with the original watchdog mechanism and reduce power consumption, extending the lifetime of sensor nodes. The algorithm for malicious node detection involves the cluster head eavesdropping on transmissions, comparing messages to a buffer, and raising warnings if messages do not match. Simulation results showed this approach increased network lifetime by around 2611 seconds compared to a non-hierarchical model.
This document discusses security issues and attacks in mobile ad hoc networks (MANETs). It provides an introduction to MANETs and their characteristics. It outlines the general objectives of analyzing flooding attacks on MANETs and preventing such attacks for networks with high node mobility. It describes common attacks on MANETs such as flooding attacks, blackhole attacks, wormhole attacks, and Byzantine attacks. The document also discusses security mechanisms for MANETs including preventive cryptography-based approaches and reactive intrusion detection system approaches. It stresses the need for comprehensive security solutions to deal with the diverse attacks that are facilitated by the open and dynamic nature of MANETs.
Generating images from a text description is as challenging as it is interesting. The Adversarial network
performs in a competitive fashion where the networks are the rivalry of each other. With the introduction of
Generative Adversarial Network, lots of development is happening in the field of Computer Vision. With
generative adversarial networks as the baseline model, studied Stack GAN consisting of two-stage GANS
step-by-step in this paper that could be easily understood. This paper presents visual comparative study of
other models attempting to generate image conditioned on the text description. One sentence can be related
to many images. And to achieve this multi-modal characteristic, conditioning augmentation is also
performed. The performance of Stack-GAN is better in generating images from captions due to its unique
architecture. As it consists of two GANS instead of one, it first draws a rough sketch and then corrects the
defects yielding a high-resolution image.
Black hole Attack Avoidance Protocol for wireless Ad-Hoc networksijsrd.com
A Mobile Ad-Hoc Network is a collection of mobile nodes or a temporary network set up by wireless mobile nodes moving arbitrary in the places that have no network infrastructure in such a manner that the interconnections between nodes are capable of changing on continual basis. Thus the nodes find a path to the destination node using routing protocols. However, due to security vulnerabilities of the routing protocols, wireless ad-hoc networks are unprotected to attacks of the malicious nodes. Various attacks and one of those attacks is the Black Hole Attack against network integrity absorbing all data packets in the network. Since the data packets do not reach the destination node on account of this attack, data loss will occur. Therefore, it is a severe attack that can be easily employed against routing in mobile ad hoc networks. There are lots of detection and defense mechanisms to eliminate the intruder that carry out the black hole attack. . Virtual Infrastructure achieves reliable transmission in Mobile Ad Hoc Network. Black Hole Attack is the major problem to affect the Virtual Infrastructure. In this paper, approach on analyzing and improving the security of AODV, which is one of the popular routing protocols for MANET. Our aim is to ensuring the avoidance against Black hole attack.
Alinteri Journal of Agriculture Sciences The journal is an open access, international, double-blind peer-reviewed journal publishing research articles, Invited reviews, short communications, and letters to the Editor in the field of agriculture, fisheries, veterinary, biology, and closely related disciplines. We adopt the policy of providing open access to readers who may be interested in recent developments. Is being published online biannually as of 2007.
Analyze and Detect Packet Loss for Data Transmission in WSNIJERA Editor
An emerging technology is Wireless Sensor Network where sensors are deployed at extreme geographical
locations where human intervention is not possible. The data transferred through the sensor nodes are majorly
used in crucial decision making process. Since WSN is a wireless infrastructure it tempts the attackers to
tamper/misuse the data. Privacy-preserving routing is important for some ad hoc networks that require stronger
privacy protection. Hence a routing protocol to achieve total unobservability by anonymous key establishment
using secret session keys and group signature is used. The unobservable routing protocol is divided into two
main phases. First phases define an anonymous key establishment process to construct secret session keys.
Second phase consist of unobservable route discovery process to find appropriate as well as secure route to the
destination. A node establishes a key with its direct neighbour and uses the same key to encrypt the packet
before transferring.
International Journal of Computer Science and Security Volume (3) Issue (2)CSCJournals
The document discusses a behavior-based anomaly detection technique to mitigate routing misbehavior in mobile ad hoc networks (MANETs). It proposes using a negative selection algorithm (NSA) inspired by the biological immune system. The NSA approach uses detectors generated by a structured genetic algorithm to learn and distinguish between well-behaving and misbehaving nodes. Simulation results are presented to evaluate the performance of the proposed technique when applied to different underlying routing protocols in MANETs like DSR, AODV, and DSDV. The technique aims to minimize false alarms and detect misbehavior accurately with low overhead.
This document summarizes a student's research proposal titled "Investigating the effects of black hole attack in MANET under 802.11b and TDMA Protocols". The student, Muhammad Saleh Bhutto, proposes to use the Network Simulator 2 (NS2) to simulate a mobile ad-hoc network (MANET) under black hole attacks using different MAC protocols (TDMA and 802.11b) with the AODV routing protocol. The objectives are to study the impacts of black hole attacks on network performance metrics like network load, throughput, packet loss and delay, and to determine which MAC protocol is more vulnerable. Literature on black hole and other attacks in MANETs will be reviewed. NS2
Bulk Projects For sale
IEEE 2009-10-11-12-13 PAPERS AVILABLE.
We are providing low cost project for final year student projects.
Solved 2010 -2011 -2012 - 2013 IEEE in all the domain
Mobile : 8940956123
E-Mail : ambitlick@gmail.com,
INNOVATIVE TITLES ARE ALSO WELLCOME TO DO WITH US
For All BE/BTech, ME/MTech, MSC/MCA/MS , and diplamo graduates
PROJECT SUPPORTS & DELIVERABLES
•Project Abstract
•IEEE Paper
•PPT / Review Details
•Project Report
•Working Procedure in Video
•Screen Shots
•Materials & Books in CD
•Project Certification
This document lists 15 potential 2013 IEEE NS2 project titles related to wireless networks and sensor networks. It includes projects on topics like capacity of hybrid wireless mesh networks, delay-optimal broadcast in multihop wireless networks, detection of spoofing attackers, and harvesting-aware energy management for wireless sensor networks. The document provides contact information for a company called Ambitlick Solutions that offers support and deliverables for IEEE projects, including project abstracts, papers, presentations, reports, and certification.
This document lists over 40 potential 2013 IEEE Java Dotnet project titles across various domains including wireless networks, mobile computing, network security, data mining, cloud computing, parallel and distributed computing, and multimedia/image processing. The projects focus on technical topics such as wireless sensor networks, wireless mesh networks, cognitive radio networks, mobile ad hoc networks, network coding, video streaming, machine learning, data warehousing, and more. Project deliverables include an abstract, IEEE paper, presentation, report, working prototype or proof of concept, and certification. Bulk older and new projects can be provided at a low cost.
Handling selfishness in replica allocationambitlick
The document discusses techniques for handling selfish nodes in replica allocation over mobile ad hoc networks. It aims to reduce traffic overhead while maintaining high data accessibility. The techniques include a selfish node detection algorithm that considers partial selfishness and novel replica allocation methods to address issues caused by selfish nodes hoarding replicas for their own benefit instead of sharing memory space. Simulations are used to evaluate the performance of these techniques in improving data delivery rates.
Mutual Distance Bounding Protocols enable entities to determine an upper bound on their physical distance and authenticate each other. They have been actively researched due to distance-based attacks on wireless systems like RFID. While most protocols provide unilateral authentication of a tag to a reader, one was proposed to provide mutual authentication with a lower false acceptance rate. However, this analysis is shown to overestimate security, as a new attack achieves a higher false acceptance rate. A method is also introduced to modify existing unilateral authentication protocols into mutual authentication protocols.
Moderated group authoring system for campus wide workgroupsambitlick
This paper describes a distributed authoring system for campus workgroups that allows group members to modify any document type using their own devices. Each member maintains an updatable copy of shared content, and read-only copies are distributed asynchronously based on wireless availability. Group members manually reconcile updates through moderation, merging changes from others into their copy. Over time, successive moderation converges all copies into a single version. An evaluation found the asynchronous update model effective and the moderation process intuitive for students.
Efficient spread spectrum communication without pre shared secretsambitlick
This document proposes a new mechanism called Time Reversed Message Extraction and Key Scheduling (TREKS) that allows for efficient spread spectrum communication without pre-shared secrets. TREKS is four orders of magnitude faster than previous solutions to this problem. It enables long-term spread spectrum communication with optimal energy costs, minimal storage overhead, and a computation cost at most twice traditional spread spectrum. The approach was evaluated through simulations and experiments sustaining 1Mbps communication spread over 100 Megachips per second using modest hardware.
Adaptive weight factor estimation from user review 1ambitlick
This document proposes a novel technique called Adjacent Pair Priorities (APP) to estimate weight factors for quality of service parameters in vertical handoff decision algorithms. The APP technique allows users to set relative priority levels for adjacent pairs of QoS parameters in descending order using an exponential mapping. This adaptive approach controls the width of the weight distribution to provide flexibility for users. The document outlines the system requirements, block diagram, modules and references several research papers on vertical handoff decision schemes and network selection algorithms.
The document proposes an Integrated Institutional Portal that allows all colleges and institutions within a university or district to share information. [1] The portal would allow students and staff from different colleges to discuss and request information from one another through blogs, forums and by publishing notices. [2] Currently, each college maintains separate portals without a common forum for communication. [3] The proposed centralized portal managed by a super administrator would make all college information like results, events and departments accessible to benefit students and staff across institutions.
This document describes an Embassy Administration portal that aims to centralize and automate manual processes at a college. [1] The portal allows separate login access for staff, parents, students and other members of the college. [2] It displays student results, attendance, and performance for parents to view as well as enables communication between parents and faculty. [3] The system conducts model and unit examinations.
The document proposes a customer relationship management system (CRMS) to help space marketing executives, managers, and management interact and share information online. The existing CRMS is manual and DOS-based, which has disadvantages like a distributed database, obsolete technology, and low efficiency. The proposed system is a web-based online CRMS designed for the space marketing department. It allows monitoring executive calls, tracking performance, and sharing information among departments to improve customer relationships and business operations. The system has modules for corporate administration, regional management, center management, and executives to organize work and monitor progress at different levels.
Mutual Distance Bounding Protocols enable entities to determine an upper bound on their physical distance and authenticate each other. They have been actively researched due to distance-based attacks on wireless systems like RFID. While most protocols provide unilateral authentication of a tag to a reader, one was proposed to provide mutual authentication with a lower false acceptance rate. However, this analysis is shown to overestimate security, as a new attack achieves a higher false acceptance rate. A method is also introduced to modify existing unilateral authentication protocols into mutual authentication protocols.
Moderated group authoring system for campus wide workgroupsambitlick
This paper describes a distributed authoring system for campus workgroups that allows group members to modify any document type using their own devices. Each member maintains an updatable copy of shared content, and read-only copies are distributed based on wireless availability. Group members manually reconcile updates through moderation, merging changes from others into their copy. Over time, successive moderations converge the multiple versions into a single version. An evaluation found the asynchronous update propagation and moderation process intuitive for students.
Efficient spread spectrum communication without pre shared secretsambitlick
This document proposes a new mechanism called Time Reversed Message Extraction and Key Scheduling (TREKS) that allows for efficient spread spectrum communication without pre-shared secrets. TREKS is four orders of magnitude faster than previous solutions to this problem and enables long-term spread spectrum communication without establishing keys. It was evaluated through simulation and on a testbed and can sustain 1Mbps communication spread over a 100 Megachips bandwidth in real-time, with provably optimal energy cost and minimal storage overhead.
Comments on “mabs multicast authentication based on batch signature”ambitlick
This document summarizes and critiques the MABS-DSA protocol proposed by Zhou et al. for multicast authentication using batch verification. While MABS-DSA was intended to increase efficiency and security over other implementations, the author finds through reexamination of the arithmetic that the algorithm is actually incorrect and batch signature verification would fail almost always, even when individual packets were properly signed by an honest sender. The key issue is a flaw in protocol correctness rather than the intended security improvements.
Energy-Efficient Protocol for Deterministic and Probabilistic Coverage In Sen...ambitlick
The document proposes a new probabilistic coverage protocol (PCP) for sensor networks that can employ different sensing models. PCP aims to address the costly task of designing and testing different coverage protocols for each sensing model. It works with common disk sensing models as well as probabilistic sensing models with minimal changes. Simulation results show that PCP outperforms other deterministic and probabilistic protocols in terms of number of activated sensors, total energy consumed, and network lifetime while being robust against failures and inaccuracies.
Energy efficient protocol for deterministicambitlick
The document describes a new probabilistic coverage protocol (PCP) for sensor networks that can employ both deterministic and probabilistic sensing models. PCP works by activating sensors to construct an approximate triangular lattice over the monitored area. It is more energy efficient than previous protocols by reducing the number of activated sensors needed for coverage. Simulation results show PCP outperforms other protocols in terms of energy consumption and network lifetime while maintaining coverage under various conditions.
Estimating Parameters of Multiple Heterogeneous Target Objects Using Composit...ambitlick
This article proposes a method for estimating parameters of multiple heterogeneous target objects (objects with different sizes and shapes) using networked binary sensors. The sensors are simple and only report detections, but no individual sensor location is known. The method introduces "composite sensor nodes" containing multiple sensors in a fixed arrangement. This provides relative location information to help distinguish individual target objects. As an example, the article considers a composite node with two sensors on a line segment. Measures from these nodes can identify target shapes and estimate object parameters like radius and side lengths. Numerical tests demonstrate networked composite sensors can estimate parameters of multiple target objects.
A Privacy-Preserving Location Monitoring System for Wireless Sensor Networksambitlick
This document proposes a privacy-preserving location monitoring system for wireless sensor networks. The system uses two in-network location anonymization algorithms:
1) A resource-aware algorithm that aims to minimize communication and computational costs by having each sensor node find a cloaked area containing at least k persons and report only aggregate location information.
2) A quality-aware algorithm that aims to maximize accuracy by iteratively refining cloaked areas reported by the resource-aware algorithm to minimize their size, while still maintaining k-anonymity.
The system collects anonymous aggregate location information to build a spatial histogram for estimating person distributions and answering queries about aggregate locations, while preserving individuals' location privacy against potential attacks from untrusted
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPRAHUL
This Dissertation explores the particular circumstances of Mirzapur, a region located in the
core of India. Mirzapur, with its varied terrains and abundant biodiversity, offers an optimal
environment for investigating the changes in vegetation cover dynamics. Our study utilizes
advanced technologies such as GIS (Geographic Information Systems) and Remote sensing to
analyze the transformations that have taken place over the course of a decade.
The complex relationship between human activities and the environment has been the focus
of extensive research and worry. As the global community grapples with swift urbanization,
population expansion, and economic progress, the effects on natural ecosystems are becoming
more evident. A crucial element of this impact is the alteration of vegetation cover, which plays a
significant role in maintaining the ecological equilibrium of our planet.Land serves as the foundation for all human activities and provides the necessary materials for
these activities. As the most crucial natural resource, its utilization by humans results in different
'Land uses,' which are determined by both human activities and the physical characteristics of the
land.
The utilization of land is impacted by human needs and environmental factors. In countries
like India, rapid population growth and the emphasis on extensive resource exploitation can lead
to significant land degradation, adversely affecting the region's land cover.
Therefore, human intervention has significantly influenced land use patterns over many
centuries, evolving its structure over time and space. In the present era, these changes have
accelerated due to factors such as agriculture and urbanization. Information regarding land use and
cover is essential for various planning and management tasks related to the Earth's surface,
providing crucial environmental data for scientific, resource management, policy purposes, and
diverse human activities.
Accurate understanding of land use and cover is imperative for the development planning
of any area. Consequently, a wide range of professionals, including earth system scientists, land
and water managers, and urban planners, are interested in obtaining data on land use and cover
changes, conversion trends, and other related patterns. The spatial dimensions of land use and
cover support policymakers and scientists in making well-informed decisions, as alterations in
these patterns indicate shifts in economic and social conditions. Monitoring such changes with the
help of Advanced technologies like Remote Sensing and Geographic Information Systems is
crucial for coordinated efforts across different administrative levels. Advanced technologies like
Remote Sensing and Geographic Information Systems
9
Changes in vegetation cover refer to variations in the distribution, composition, and overall
structure of plant communities across different temporal and spatial scales. These changes can
occur natural.
Chapter wise All Notes of First year Basic Civil Engineering.pptxDenish Jangid
Chapter wise All Notes of First year Basic Civil Engineering
Syllabus
Chapter-1
Introduction to objective, scope and outcome the subject
Chapter 2
Introduction: Scope and Specialization of Civil Engineering, Role of civil Engineer in Society, Impact of infrastructural development on economy of country.
Chapter 3
Surveying: Object Principles & Types of Surveying; Site Plans, Plans & Maps; Scales & Unit of different Measurements.
Linear Measurements: Instruments used. Linear Measurement by Tape, Ranging out Survey Lines and overcoming Obstructions; Measurements on sloping ground; Tape corrections, conventional symbols. Angular Measurements: Instruments used; Introduction to Compass Surveying, Bearings and Longitude & Latitude of a Line, Introduction to total station.
Levelling: Instrument used Object of levelling, Methods of levelling in brief, and Contour maps.
Chapter 4
Buildings: Selection of site for Buildings, Layout of Building Plan, Types of buildings, Plinth area, carpet area, floor space index, Introduction to building byelaws, concept of sun light & ventilation. Components of Buildings & their functions, Basic concept of R.C.C., Introduction to types of foundation
Chapter 5
Transportation: Introduction to Transportation Engineering; Traffic and Road Safety: Types and Characteristics of Various Modes of Transportation; Various Road Traffic Signs, Causes of Accidents and Road Safety Measures.
Chapter 6
Environmental Engineering: Environmental Pollution, Environmental Acts and Regulations, Functional Concepts of Ecology, Basics of Species, Biodiversity, Ecosystem, Hydrological Cycle; Chemical Cycles: Carbon, Nitrogen & Phosphorus; Energy Flow in Ecosystems.
Water Pollution: Water Quality standards, Introduction to Treatment & Disposal of Waste Water. Reuse and Saving of Water, Rain Water Harvesting. Solid Waste Management: Classification of Solid Waste, Collection, Transportation and Disposal of Solid. Recycling of Solid Waste: Energy Recovery, Sanitary Landfill, On-Site Sanitation. Air & Noise Pollution: Primary and Secondary air pollutants, Harmful effects of Air Pollution, Control of Air Pollution. . Noise Pollution Harmful Effects of noise pollution, control of noise pollution, Global warming & Climate Change, Ozone depletion, Greenhouse effect
Text Books:
1. Palancharmy, Basic Civil Engineering, McGraw Hill publishers.
2. Satheesh Gopi, Basic Civil Engineering, Pearson Publishers.
3. Ketki Rangwala Dalal, Essentials of Civil Engineering, Charotar Publishing House.
4. BCP, Surveying volume 1
This document provides an overview of wound healing, its functions, stages, mechanisms, factors affecting it, and complications.
A wound is a break in the integrity of the skin or tissues, which may be associated with disruption of the structure and function.
Healing is the body’s response to injury in an attempt to restore normal structure and functions.
Healing can occur in two ways: Regeneration and Repair
There are 4 phases of wound healing: hemostasis, inflammation, proliferation, and remodeling. This document also describes the mechanism of wound healing. Factors that affect healing include infection, uncontrolled diabetes, poor nutrition, age, anemia, the presence of foreign bodies, etc.
Complications of wound healing like infection, hyperpigmentation of scar, contractures, and keloid formation.
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
Gender and Mental Health - Counselling and Family Therapy Applications and In...PsychoTech Services
A proprietary approach developed by bringing together the best of learning theories from Psychology, design principles from the world of visualization, and pedagogical methods from over a decade of training experience, that enables you to: Learn better, faster!
हिंदी वर्णमाला पीपीटी, hindi alphabet PPT presentation, hindi varnamala PPT, Hindi Varnamala pdf, हिंदी स्वर, हिंदी व्यंजन, sikhiye hindi varnmala, dr. mulla adam ali, hindi language and literature, hindi alphabet with drawing, hindi alphabet pdf, hindi varnamala for childrens, hindi language, hindi varnamala practice for kids, https://www.drmullaadamali.com
Leveraging Generative AI to Drive Nonprofit InnovationTechSoup
In this webinar, participants learned how to utilize Generative AI to streamline operations and elevate member engagement. Amazon Web Service experts provided a customer specific use cases and dived into low/no-code tools that are quick and easy to deploy through Amazon Web Service (AWS.)
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumMJDuyan
(𝐓𝐋𝐄 𝟏𝟎𝟎) (𝐋𝐞𝐬𝐬𝐨𝐧 𝟏)-𝐏𝐫𝐞𝐥𝐢𝐦𝐬
𝐃𝐢𝐬𝐜𝐮𝐬𝐬 𝐭𝐡𝐞 𝐄𝐏𝐏 𝐂𝐮𝐫𝐫𝐢𝐜𝐮𝐥𝐮𝐦 𝐢𝐧 𝐭𝐡𝐞 𝐏𝐡𝐢𝐥𝐢𝐩𝐩𝐢𝐧𝐞𝐬:
- Understand the goals and objectives of the Edukasyong Pantahanan at Pangkabuhayan (EPP) curriculum, recognizing its importance in fostering practical life skills and values among students. Students will also be able to identify the key components and subjects covered, such as agriculture, home economics, industrial arts, and information and communication technology.
𝐄𝐱𝐩𝐥𝐚𝐢𝐧 𝐭𝐡𝐞 𝐍𝐚𝐭𝐮𝐫𝐞 𝐚𝐧𝐝 𝐒𝐜𝐨𝐩𝐞 𝐨𝐟 𝐚𝐧 𝐄𝐧𝐭𝐫𝐞𝐩𝐫𝐞𝐧𝐞𝐮𝐫:
-Define entrepreneurship, distinguishing it from general business activities by emphasizing its focus on innovation, risk-taking, and value creation. Students will describe the characteristics and traits of successful entrepreneurs, including their roles and responsibilities, and discuss the broader economic and social impacts of entrepreneurial activities on both local and global scales.
2. 2472 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 58, NO. 5, JUNE 2009
network state may not correctly represent the state of the current network performance, as well as on the connectivity among the
network. This problem indeed influences the accuracy of the nodes in the targeted MANET.
anomaly detection method. Deng et al. [29] proposed an approach that requires the
Due to the fact that the MANET environment dynamically intermediate nodes to send a route reply (RREP) packet with
keeps evolving, envisioning a robust anomaly detection method the next hop information. When a source node receives the
becomes imperative to thwart the malicious attacks against it. In RREP packet from an intermediate node, it sends a “Further
this paper, we propose a new anomaly detection scheme based Request” packet to the next hop to verify that it has a route
on a dynamic learning method. The MANET hosts are mobile to the intermediate node and a route to the destination. As a
on their own so that the MANET environment is dynamically response to this request, the intermediate node will send another
changing. Our dynamic learning method is based on a statistical RREP packet. When the next hop receives a “Further Request”
decision theory that calculates the multidimensional projection packet, it sends a “Further Reply” packet that includes the
distance between the current and normal states of the targeted verified result to the source node. Based on the information in
host. We propose to use weighted coefficients with a forgetting the “Further Reply” packet, the source node judges the validity
curve as its mathematical property has been proved [11], [12] of the route. Again, the method in [30] requires the intermediate
to suit our requirements. We conduct network simulations with node to send the route confirmation request (CREQ) to the next
five types of attacks in [13]–[15] as a case study that concerns hop node toward the destination, and then, the next hop node
one of the most popular MANET routing protocols, i.e., the ad receives the CREQ and looks into its cache for a route to the
hoc on-demand distance vector (AODV) [16]. The simulation destination. If it has such a route to the destination, then it sends
results of the network simulator 2 (ns-2) [17] demonstrate a route confirmation reply (CREP) message to the source node
the effectiveness of the proposed technique, regardless of the with its route information. The source judges whether the path
number of nodes in the considered MANET. in RREP is valid by comparing the information with CREP.
The remainder of this paper is organized as follows. In In these methods, the routing protocol has to be modified.
Section II, we present the problems of conventional detection These modifications may increase the routing overheads, which
schemes in attacks against MANETs. In Section III, we present results in the performance degradation of the bandwidth-limited
an overview of AODV. Section IV describes the proposed MANETs.
detection scheme and the derivation of the essential parameters.
In Section V, the simulation results concerning the performance
B. Network Monitoring-Based Attack Detection
of the proposed scheme are provided. Section VI presents the
conclusions and future research scopes. In addition to the aforementioned techniques, an attack
detection by network monitoring, which can detect attacks
II. R ELATED W ORKS from inside MANETs, has also been proposed. For instance,
Kachirski and Guha [31] proposed a method that detects attacks
A. Secure Schemes for Routing Procedures
by employing distributed mobile agents. Network monitor-
Secure ad hoc routing protocols have been proposed as a ing nodes are selected to be able to collect all the packets
technique to enhance the security in MANETs. For example, within a cluster, and the decision agents in the nodes are
the secure AODV (SAODV) [18], which uses signed rout- used to detect and classify the security violations. The concern
ing messages, is proposed to add security to AODV [16]. of this method is that the monitoring nodes will consume
A-SAODV [19], [20] is a mild implementation of SAODV that a large amount of energy. Vigna et al. [32] detect attacks
uses the RSA [21] as an asymmetric cryptographic algorithm by placing AODV-based State Transition Analysis Technique
and the SHA1 [22] as a hash algorithm. The survey conducted (AODVSTAT) sensors within the network and by either ob-
by Yih-Chun and Perrig [23] overviewed the various secure serving solely contiguous nodes or trading information with
routing protocols and pointed out their drawbacks and advan- other sensors. However, it is necessary to deploy a large number
tages. They also proposed a secure on-demand ad hoc network of AODVSTAT sensors on the nodes for detecting a varied
routing protocol (Ariadne) [24], which prevents the compro- range of attacks. In addition, a large number of UPDATE mes-
mised nodes from tampering with the uncompromised routes, sages may cause an overwhelming congestion in the network.
and the secure efficient ad hoc distance (SEAD) [25], which Tseng et al. [33] introduced a method that places a network
is a secure routing protocol, using efficient one-way hashing monitor (NM) inside the network. In this method, the NM
functions and not using asymmetric cryptographic operations. constantly monitors the packet flow in the network within a
In addition, Zhou and Haas proposed a distributed certification certain range to detect any attacks. However, placing effective
authority mechanism in which the authentication uses threshold detectors, i.e., mobile agents, sensors, or NMs, is considered to
cryptography [2]. In [26], a MANET is divided into clusters, be difficult when the MANET topology dynamically changes.
and a certification authority is appointed to each cluster. In [27], One solution to this problem is to observe the packet flow on
a method called key predistribution (KPD) scheme is applied. In each node and to detect any potential attack.
[28], the authenticated routing for ad hoc networks (ARAN) is
proposed by using public-key cryptographic mechanisms based
C. Anomaly Detection
on the AODV. These methods can only guard against external
attacks. However, the internal attacks mounted by the malicious Huang et al. [34] proposed a method in which the packet
or compromised hosts may still have a severe impact on the flow is observed at each node. In this method, 141 features that
Authorized licensed use limited to: Arulmigu Kalasalingam College of Engineering. Downloaded on August 04,2010 at 09:46:45 UTC from IEEE Xplore. Restrictions apply.
3. NAKAYAMA et al.: DYNAMIC ANOMALY DETECTION SCHEME FOR AODV-BASED MOBILE AD HOC NETWORKS 2473
Fig. 2. Transferring RERR messages on AODV.
Fig. 1. Route-discovery process on AODV.
every time node S sends an RREQ message. Nodes A and B,
are both traffic and topology related are defined. Huang et al.
which have received the RREQ message, generate and renew
suggested an anomaly detection mechanism with interrela-
the route to its previous hop. They also evaluate if this is a
tion between features. Moreover, in [35], they constructed an
repeated RREQ message and accordingly discard it. If A and
extended finite-state automaton (EFSA) according to the
B have a valid route to the destination D, then they send an
specification of the AODV routing protocol, envisioned nor-
RREP message to node S. In the case where the node has no
mal condition modeling, and detected attacks with both
valid route, they send an RREQ message using broadcasting.
specification-based and anomaly-based detection schemes. In
The exchange of route information will be repeated until an
specification-based detection, the attacks were detected as de-
RREQ message reaches node D. When node D receives the
viant packets from the conditions defined by EFSA. In addition,
RREQ, it sends an RREP message to node S. When node S
in anomaly detection, the normal conditions are defined as
receives the RREP message, a route is established. In case of
the baseline with which the condition of EFSA and also the
multiple RREPs received, a node selects an RREP message,
amounts of transition statistics are compared. The deviations
the Destination Sequence number (Dst_Seq) of which is the
from those conditions are then used to detect the potential
largest among all the previously received RREPs. However,
attacks. For determining the baseline profiles, in both methods,
if the Dst_Seqs were the same, then it will select the RREP
the training data are extracted beforehand from the same net-
message whose hop count is the smallest.
work environment where the test data are applied. However, we
In Fig. 2, when node B detects a disconnection of route, it
note that the MANET topology can rather easily be changed,
generates route error (RERR) messages and puts the invalidated
and the differences in network states grow larger with time. Fur-
address of node D into its list and then sends RERR to node A.
thermore, these methods cannot be applied to a network where
When node A receives the RERR message, it refers to its route
the learning phase has been conducted in another network.
Sun et al. [36] proposed an anomaly detection method in map and the current list of RERR messages. If there was a route
which mobility is considered. This method computes the recent to the destination for node D included in its map, and the next
link change rate (LCRrecent ) and can select the training data, hop in the routing table is a neighboring node B, it invalidates
the link change rates of which have the smallest Euclidean the route and sends an RERR message to node S. This way, the
distance to LCRrecent . However, the change of network states RERR message can finally be sent to the source node S.
can be caused not only by mobility; it may also occur due to the
sudden participation and disappearance of nodes in a MANET. B. Classification of Attacks
When the nodes in the current MANET differ from those in
the training data, the defined baseline profile cannot express the According to the aforementioned features, the malicious
current network state. As a result, these methods are rendered nodes can misuse the AODV by forging source IP addresses,
inadequate and considered difficult in a MANET environment. destination IP addresses, RREQ IDs, hop counts, Destina-
To solve this problem, a normal state needs to be defined by tion Sequence numbers (Dst_Seqs), Source Sequence numbers
using the data reflecting the trend of the current situation, and (Src_Seqs), and also by flooding the network with routing pack-
this leads to the idea of updating the learning process within a ets. According to prior works (e.g., [13]–[15]), we can classify
time interval. By doing so, the attack detection can adaptively the attacks against AODV into routing disruption attacks and
be conducted even in a changing network scenario. resource consumption attacks.
1) Routing Disruption Attacks: These attacks interrupt the
III. A TTACKS ON AODV P ROTOCOL establishment of a route or destroy an existing route. The
most common attacks of this type are the modification of
A. Overview of AODV Protocol RREP (same as the Blackhole Attack) and the modifica-
The AODV [16] is a reactive routing protocol in which the tion of RREQ.
network generates routes at the start of communication. Each 2) Resource Consumption Attack: This attack wastes re-
node has its own sequence number, and this number increases sources of a specific node and the network as a whole. The
whenever a link changes. According to its sequence number, most common attack of this type is malicious flooding.
each node judges whether the channel information is recent. A short explanation of the preceding three attacks is
Fig. 1 illustrates the route-discovery process of the AODV. given here.
In this figure, node S attempts to establish a connection to 1) Modification of RREP: The Dst_Seq represents the fresh-
destination D. First, the source node S refers to the route map ness of routing information in the network. When a
at the start of communication. In the case where there is no source node receives multiple RREP messages, it selects
route to destination node D, it sends a route request (RREQ) the node that has the largest Dst_Seq value and accord-
message by using broadcasting. The RREQ ID increases by one ingly constructs a route. Therefore, a malicious node may
Authorized licensed use limited to: Arulmigu Kalasalingam College of Engineering. Downloaded on August 04,2010 at 09:46:45 UTC from IEEE Xplore. Restrictions apply.
4. 2474 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 58, NO. 5, JUNE 2009
intentionally attempt to modify the RREP packet and
increase the Dst_Seq value of the RREP message. As a
result, a false route will be established, and the legitimate
data traffic will be interrupted. In addition, the victim
nodes will further spread the false routing information to
others, and thus, the damage will propagate throughout
the network. In this case, we can consider two types of
forged packets. In the first type, the source and destination
IP addresses are spoofed or forged to the destination node.
In the second type, the destination IP address is forged to
the destination node, and the source IP address is spoofed Fig. 3. Feature definition. The traffic features in a time slot are expressed by
to a randomly selected node. We call the “Modification of the elements of the p-dimensional vector x.
RREP (1)” as an attack that uses the first packet type and
we obtain p = 14. According to [10], [34], and [35], a small
the “Modification of RREP (2)” as an attack that uses the
value for the time slot is preferred, and therefore, Δτ is set to a
second packet type.
constant small value of 5 s.
2) Modification of RREQ: The RREQ ID represents the
Furthermore, in the learning process shown in Fig. 3, a time
freshness of an RREQ message in the network. Based
interval ΔT is defined. It contains several time slots. In other
on the RREQ ID, each node decides whether to forward
words, the number of time slots is equal to the number of all
an RREQ message. Therefore, a malicious node attempts
training samples at a given time interval. Note that if we use a
to intentionally increase the RREQ ID when an RREQ
shorter time interval ΔT , the data sets contained in one time
packet is received. Additionally, when a forged packet
interval will decrease. On the other hand, a larger value of ΔT
with a false source address in the IP header is sent, the
slows down the learning process.
route will never be established.
The statistics for a time interval define a state in the network,
3) Malicious Flooding: Generally, the RREQ messages are
and a further explanation about the statistics is described in
broadcasted to select new routes. If a malicious node
Section IV-B.
sends an excess number of RREQ messages, then the
1) Path Finding Features (Nine Dimensions): The path find-
network will become congested with a huge amount of
ing features comprise the following:
RREQ traffic. In our preliminary experimental results,
when a malicious node sends more than 20 RREQ packets 1) number of received RREQ messages (three types);
per second, the congestion occurs, which leads to signif- 2) number of forwarded RREQ messages;
icant unnecessary delays and packet drops. In this case, 3) number of outbound RREQ messages;
we can consider two forged packet types. In the first type, 4) number of outbound RREP messages (two types);
the source IP address is forged to a randomly selected 5) number of received RREP messages (two types).
node. In the second type, the source IP address is forged For each node, the number of received RREQ messages
to a destination node, and the RREQ ID is intentionally includes three types, i.e., messages with their own source IP
increased at the same time. We define the “Malicious addresses, messages with their own destination IP addresses,
Flooding (1)” as an attack that uses the first packet type and messages with neither source nor destination IP addresses
and the “Malicious Flooding (2)” as an attack that uses of their own. When counting the number of received RREP
the second packet type. messages, the packets with a matching destination IP address,
See [13]–[15] for detailed information on these attacks. source IP address, RREQ ID, or Src_Seq in the training data
are recorded once for each time slot. Similarly, the number of
outbound RREP messages includes two types, for which the
IV. D YNAMIC A NOMALY D ETECTION destination node is itself, and for which it holds the path toward
In this section, we first introduce the features that are es- the destination node. The number of received RREP messages
sential for our envisioned anomaly detection scheme, and then includes two types: the first type is a packet, both source and
delineate the module of the detection scheme based on the destination addresses of which exist in the training data. All
projection distances. of the other packets are classified as the second type (with
either one or no matching features). As an example, when a
node is under attack by the “Malicious flooding,” it receives
A. Definition of Features a tremendous amount of RREQ messages, and therefore, the
Each node observes its own traffic and uses a time slot to number of received RREQ messages increases. This indicates
record the number of packets (messages) according to their the presence of anomaly in the network.
types (see Fig. 3). In time slot Δτ , the instantaneous value 2) Path Abnormality Features (Four Dimensions): The path
of the network state is expressed by a p-dimension vector abnormality features comprise the following:
x = [x1 , x2 , . . . , xp ]T , where each feature xk (k = 1, . . . , p) 1) number of received RERR messages;
is measured. In this paper, we define nine features related to 2) number of outbound RERR messages;
path finding, four features related to path abnormality, and one 3) number of dropped RREQ messages;
feature related to a major characteristic of AODV. Therefore, 4) number of dropped RREP messages.
Authorized licensed use limited to: Arulmigu Kalasalingam College of Engineering. Downloaded on August 04,2010 at 09:46:45 UTC from IEEE Xplore. Restrictions apply.
5. NAKAYAMA et al.: DYNAMIC ANOMALY DETECTION SCHEME FOR AODV-BASED MOBILE AD HOC NETWORKS 2475
Fig. 4. Distance of sample x to the first principal element φi . d(x) is the
projection distance.
When counting the number of received RREQ messages, the
packets with the same destination IP address and Dst_Seq are
recorded only once for each time slot. As an example, when a Fig. 5. Example of the division by using the projection distance.
node is under attack of the “Modification of RREQ” messages
caused by packets with a forged source address in the IP header, From (1) and (2), we use the principal component analysis
a large number of RREP messages will not successfully be (PCA) [37] to analyze the statistical nature of the current time
able to be sent out. As a result, the number of dropped RREP interval. The PCA is the method that explores the correlations
messages will increase, and this acts as a sign of abnormality in between each feature and finds the most important axis to
the network. express the scattering of data. Here, the most important axis
3) AODV Characteristic Feature (One Dimension): The denotes the baseline profile of network activity. When an attack
AODV characteristic feature comprise the average of the dif- takes place, it generates the deviation sample from this axis.
ferences of Dst_Seq in each time slot between the number of By using PCA, the first principal element φi , which reflects the
received RREP messages and the one held in the list. approximate distribution of the training data sets, is calculated.
When sending or forwarding an RREQ message, each node Here, we consider the projection distance of an input data
keeps the destination IP address and the Dst_Seq in its list. sample x as
When an RREP message is received, the node looks over the
d(x; D i ) = x − xi
¯ 2
− φT (x − xi ).
i ¯ (3)
list to see if there is the same destination IP address. If it does
exist, the difference of Dst_Seq is calculated, and this operation When the projection distance is larger than the threshold MI ,
is executed for every received RREP message. The average of it is evaluated as
this difference is finally calculated for each time slot as the
feature. Due to the link error in the ad hoc networks, sometimes d(x; D i ) > MI : attack
(4)
the nodes might receive an old RREP message. In this case, d(x; D i ) ≤ MI : normal.
the newly received Dst_Seq in RREP is smaller than the one Here, when Mi is the maximum value of projection distance
already kept in the list. When this happens, the calculation for node i in the training data sets D i , the suffix I of MI is
is excluded. In a normal state, the Dst_Seq increases in a extracted from all the nodes (N ) as
relatively stable pace. On the contrary, when a node is receiving
“Modification of RREP” attacks, this value drastically changes, I = arg max Mi
i i=1,...,N
and thus, we may recognize this particular abnormality.
where
B. Detection Module by Projection Distance Mi = max d(x; D i ). (5)
x∈D i
In pattern recognition, based on statistical decision theory,
Fig. 5 shows a rough image of determining the normal or at-
the distance measure is an effective way to formulate the differ-
tack states by using the projection distances in two dimensions.
ent types of categories because the same category is distributed
in the close area in a multidimensional feature space [37]. Here,
the normal and attack states as two different categories can be C. Proposal of Dynamic Anomaly Detection
considered. In this section, we describe the detection module by
Since the network topology easily changes in MANET, the
using the projection distance (see Fig. 4).
current state may not appropriately be expressed over time.
Let us consider a training data set D i = {x} collected by
Therefore, by only using the method described in Section IV-B
each node i (i = 1, . . . , N ), where N is the number of all nodes
to define the normal state, it is rather insufficient to reflect the
participating in MANET, and the current time interval consists
changing situation of MANET, and a learning method that can
of Di time slots (Di = |D i |, in case of using all training
follow these changes is indispensable. We explain the idea of
samples). First, we calculate the mean vector and the covariance
dynamically updating the training data sets in the remainder of
matrix at node i as
this section.
1 Let T0 be the current time interval, and let T1 be the first
¯
xi = x. (1)
Di time interval. By using the data collected in T1 , initially, the
x∈D i
first principal element is calculated, and then the calculated first
1 principal element is used in the following time interval T0 for
Σi = (x − xi )(x − xi )T .
¯ ¯ (2)
Di anomaly detection. If the state in T0 is judged as normal, then
x∈D i
Authorized licensed use limited to: Arulmigu Kalasalingam College of Engineering. Downloaded on August 04,2010 at 09:46:45 UTC from IEEE Xplore. Restrictions apply.
6. 2476 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 58, NO. 5, JUNE 2009
Here, we consider all the training data sets
U i = {D i (1) ∪ D i (2) ∪ · · · ∪ D i (mi )} . (10)
By using PCA, the first principal element φi (0) is calculated.
As a general scheme, the distance d(x; U i ) of the input data
sample x can be computed from (3) and then evaluated as
d(x; U i ) > MI : attack
(11)
d(x; U i ) ≤ MI : normal.
Here, when Mi is a maximum value of the projection distance
for node i in all the training data sets U i , the suffix I of MI is
extracted from all the nodes (N ) as
Fig. 6. Flow chart of the proposed method for learning and evaluation.
I = arg max Mi
the corresponding data set will be used as the training data set. i i=1,...,N
Otherwise, it will be treated as the data including attack, and it
where
will consequently be discarded. This way, we keep on learning
the normal states of the network. This procedure is shown Mi = max d (x(0); U i ) . (12)
in Fig. 6. x(0)∈U i
As mentioned earlier, when updating the database, it is
possible to use the most recent data set. However, since the
most recent data set is easily affected by the sudden change D. Derivation Algorithm of Parameters
in the network, it is necessary to take the time series model into According to [38], the mobility metric of the MANETs is
consideration to keep the database from being too sensitive to expressed by using the number of neighbor nodes. Using the
the changes in the network topology. Here, we use the forgetting number of neighbors, the number of training data sets mi
curve [11], [12] as the weighting function to adjust the degree used in the learning process and the parameter ai in (6) can
of importance of the time slot. The forgetting curve aims at dynamically be determined. Assume that for a given node i, at
reducing the weight when the data become old and of less time t, its neighbor set is S i (t), t = 0, 1, 2, . . . , mi , mi+1 . If
significance. S i (0) ∩ S i (mi + 1) = ∅, then we can recognize that the net-
Suppose using mi data sets as the training data. Fig. 7 work state has considerably changed, and then mi is determined
shows how to weigh the data sets while learning. λi (t), t = as the number of training data sets. Next, we consider ai in (6).
1, 2, . . . , mi , are the forgetting coefficients that correspond to ai represents the change in the size of the considered network.
each training data set, respectively. As shown in Fig. 8, the The change in size of a network is expressed by the change in
forgetting curve is expressed as the number of its neighboring nodes. Assume that for a given
λi (t) = λi (0)e−ai Tt node, at the first time interval (t = 1), its neighbor set is S i (1).
= λi (0) · exp(−ai ΔT · t), i = 1, . . . , N (6) |S i (0) − S i (1)| is the number of new neighbors during ΔT ,
and |S i (1) − S i (0)| is the number of neighbors that moved
where the current coefficient λi (0) and the common time away. Then, ai can be calculated as
interval ΔT are constants. λi (t) are constrained by
mi |S i (0) − S i (1)| |S i (1) − S i (0)|
ai = + . (13)
1= λi (t), i = 1, . . . , N. (7) N N
t=1
Here, ai is normalized by N (the number of all nodes partici-
Additionally, we describe the derivation algorithm of determin- pating in MANET). Next, we give an example of the simulation
ing the parameters mi , ai in Section IV-D. Using the number of data. Fig. 9 shows the changes of the number of training data
data sets mi and the forgetting coefficients λi (t), the statistics sets mi . We can see that mi dynamically varies as the time
of the current state “0” can be calculated from (1) and (2) as elapsed.
mi
¯
xi (0) = λi (t)¯ i (t)
x
V. P ERFORMANCE E VALUATION
t=1
mi
λi (t) In this section, we describe the details to evaluate the pro-
= x(t) (8) posed method.
t=1
Di (t)
x(t)∈D i
mi
Σi (0) = λi (t)Σi (t) A. Simulation Environment
t=1
mi The experiments were carried out by using ns-2 (ver. 2.27)
λi (t)
= (x(t)− xi (t)) (x(t)− xi (t))T . (9)
¯ ¯ [17]. We assume that the simulation network being used is in a
t=1
Di (t) place where various events in a MANET can occur [39], [40]. In
x(t)∈D i
Authorized licensed use limited to: Arulmigu Kalasalingam College of Engineering. Downloaded on August 04,2010 at 09:46:45 UTC from IEEE Xplore. Restrictions apply.
7. NAKAYAMA et al.: DYNAMIC ANOMALY DETECTION SCHEME FOR AODV-BASED MOBILE AD HOC NETWORKS 2477
Fig. 7. Renewing training data using the forgetting coefficients.
Fig. 8. Ebbinghaus’ forgetting curve.
Fig. 10. Mobility pattern for RWP in 5 s.
between 0 and 5 m/s. The pause time was set to 10, 50, 100,
200, and 500 s, respectively. For example, Fig. 10 shows the
moving pattern within 5 s.
To start the learning process, the first normal state, which
excludes the attack data, was manually preextracted from the
training data. This is because our proposed method detects the
possibility of attacks according to the degree of which a state
deviates from the normal state. Here, the first time interval is
set to 300 s. This is a period in which enough normal state
samples can be collected. We also deemed that it necessary
Fig. 9. Example of the number of training data sets, dynamically updated. to shorten the updating interval as the mobility rates increase.
However, the shorter the updating interval, the more processing
this simulation, the run time is 10 000 s, and five types of attacks
overhead is required. Therefore, more battery power will be
were randomly executed from 2500 to 5000 s. All of the nodes,
consumed. From these facts, it is necessary to take into account
except the attack node, employed the proposed method to detect
the MANET environment and the available battery power to
attacks. The simulations were performed for the following two
determine the time interval of updating. In our results, the time
scenarios: 1) a 50-node network with a network topology of
interval of updating ΔT was set to 600 s.
1000 m × 1000 m and 2) a 100-node network with a network
topology of 2000 m × 2000 m. The traffic loads were constant
bit rate flows with a data packet size of 512 B. In 1), the load B. Simulation Results
was varied by using 40 flows (at four packets per second). In
2), the load was varied by using 80 flows (at four packets per To evaluate our proposed methods, we assume the following
second). The 802.11 Media Access Control (MAC) layer was three ways of using the training data sets:
used with a transmission range of 250 m, and it was set for a 1) M-1: method of using only the initial training data set;
2-Mb/s throughput. As for the moving pattern for each node, we 2) M-2: method of using the most recent training data set at
use a random waypoint (RWP) model [41] in which each node every time interval;
randomly selects the destinations in the designated simulation 3) M-3: method of using the training data sets dynamically
area with random speeds. Here, the node velocity was set decided at every time interval.
Authorized licensed use limited to: Arulmigu Kalasalingam College of Engineering. Downloaded on August 04,2010 at 09:46:45 UTC from IEEE Xplore. Restrictions apply.
8. 2478 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 58, NO. 5, JUNE 2009
Fig. 11. Detection module by projection distance against modification of RREP(1), N = 50. (a) M-1 (conventional method). (b) M-2 (reference method).
(c) M-3 (proposed method).
Fig. 12. Detection module by projection distance against modification of RREP(1), N = 100. (a) M-1 (conventional method). (b) M-2 (reference method).
(c) M-3 (proposed method).
“M-1” is the conventional method, and “M-3” is our proposed rapid changes of network topology, this point is incorrectly
method. For reference, we also show the result of “M-2,” which evaluated and produces a false positive. As a whole, we can
is the simplest case of our proposed method. see that, in the proposed method, there are fewer parts where
Figs. 11 and 12 show the projection distances of the first the projection distances exceed the threshold than those in the
principal element of a node in the conventional scheme “M-1,” other methods. This implies that we can obtain a lower number
in the reference method “M-2,” and in the proposed method of false detections in the proposed method. Next, from Fig. 12,
“M-3.” From these figures, we can see that, as a general where N = 100, similar to the case of N = 50, during the
trend, the value of the projection distance increases during the attack period, we can see that the proposed method can detect
time period of 2500–5000 s, when the attacks were executed. the anomaly. However, different from the case of N = 50, in
In particular, in the proposed method “M-3,” the value of case of “M-1,” the projection distances increase.
the projection distance rapidly increases at 2500 s and then This is because, in case of N = 100, there are significant
sharply decreases at 5000 s as well. On the contrary, for the changes in the network environment. This causes the predefined
conventional method “M-1,” the large projection distances can baseline profile and the present network state to dramatically
be found through the whole period, and they do not descend at differ. Therefore, compared with the case of N = 50 during
the time when attacks stop. This is the reason behind the lower the normal period, we can see that “M-1” produces more false
detection rates (DRs) and a large number of false positives detections. Meanwhile, compared with the case of N = 50 in
of the conventional method “M-1.” For the method “M-2,” “M-3,” we can see that although there is a number of parts
comparing with “M-3”, the values of the projection distance that exceed the threshold, it generates less false detection than
are relatively small and are scattered in a wide range; the result the other methods. From these facts, we can see that “M-1”
is better than “M-1” and worse in contrast with “M-3.” cannot adapt with the changing environment. “M-1” does not
As evident from Fig. 11, where the value of N is 50 during reflect the whole network state since it only represents the
the attack period, “M-3” yields a higher projection distance and temporary state of the network. For “M-2,” by updating the
can detect the current anomaly compared to the other methods. training data set, it can adapt to the changing environment to
During the normal period, it should be noted that there are some extent. Note that, in “M-3,” the false detection in the case
many points that exceed the threshold in “M-1” and “M-2.” of N = 100 is higher than that of N = 50. This is caused by
On the other hand, there is a significant peak at around 9000 s, the increase in the RERR packets when the link is disconnected
and this peak largely exceeds the threshold in “M-3.” Despite due to the network mobility and size, in addition to the sudden
being a normal period when there is no attack, because of the increase of the RREQ packets when a large number of route
Authorized licensed use limited to: Arulmigu Kalasalingam College of Engineering. Downloaded on August 04,2010 at 09:46:45 UTC from IEEE Xplore. Restrictions apply.
9. NAKAYAMA et al.: DYNAMIC ANOMALY DETECTION SCHEME FOR AODV-BASED MOBILE AD HOC NETWORKS 2479
TABLE I
PERFORMANCE OF DETECTION MODULE BY PROJECTION DISTANCE: N = 50
TABLE II
PERFORMANCE OF DETECTION MODULE BY PROJECTION DISTANCE: N = 100
requests occur at the same time. These trends become more (Pentium 4, 2.4 GHz), this computation time of “M-3” is
apparent as the scale of the network becomes larger. Same below 10 ms. Considering the importance of network security
reasons can be found for the increase of the false positives. and the increasing power of ad hoc nodes, we believe that
Increasing the dimensionality may be effective to reduce these our proposed method can be a possible choice for performing
false detections. anomaly detection in MANETs.
In greater detail, Tables I and II display the average of the DR
and the false positive rate (FPR) about the projection distance,
VI. C ONCLUSION
respectively. Based on the results shown in these two tables, we
can see that the proposed method “M-3” provides the highest In this paper, a new dynamic anomaly detection system
average DR and the lowest FPR. Compared to the conventional for MANETs has been proposed. For enhancing the security
method “M-1,” the proposed method “M-3” increases the av- in MANETs, which are vulnerable to attacks, robust learning
erage DR by more than 25%. In addition, the average FPR methods against these attacks are required. To differentiate an
is decreased by more than 10% in “M-1.” Furthermore, as an attack state from the normal state, we have defined multidi-
effectiveness of dynamic learning, “M-3” increases the average mensional features based on the characteristics of these attacks
DR by more than 15% compared to “M-2” in our simulation. and utilized the projection distance using PCA based on sta-
On the other hand, the FPR of “M-3” is only marginally better tistical theory. Our proposed system demonstrates an effective
than that of “M-2.” This is because we approximately fixed the performance in terms of high DRs and low FPRs against five
FPR in the range of 10%–20% for clearly understanding the simulated attacks, in addition to the scalability of the proposed
difference of the DR between “M-2” and “M-3.” scheme clarified by the simulation results obtained from two
Now, we evaluate the computational complexities of these distinct network topologies of varying sizes.
three methods. The computational complexity of “M-1” using Future works will be focused on the various routing proto-
the initial data is the lowest, and its order is O(1). “M-2” and cols in the MANET architecture. Although AODV is a major
“M-3” compute the principal elements using PCA, which needs routing protocol in MANETs, new protocols are emerging,
to compute the mean and the covariance. The order is O(p2 ) e.g., dynamic MANET on-demand protocol (DYMO) [43].
for computing both the mean and covariance, where p is the We will evaluate these protocols and give an analysis for the
number of features described in Section IV-A. The order of additional types of attacks to further improve the accuracy
finding the first principal element depends on the technique of the overall system. Moreover, in [44] and [45], Yan et al.
of finding the first eigenvalue end eigenvector. For example, reported an interesting scheme with the context of studies on the
the complexity of the power method [42] is O(k × p2 ) for intrusion detection system (IDS). The proposed IDS autonomic
finding the first k eigenvalues and eigenvectors. The “M-2” event analysis system that is represented by description logics
is O(p2 ), where k = 1. Because “M-3” has mi times more allows inferring the attack scenarios and enabling the attack
learning processes than those of “M-2,” the complexity of knowledge semantic queries. To cite a case, first, using our
“M-3” is O(mi × p2 ) in total. Apparently, there is a tradeoff proposed system to detect attacks and then rigorously applying
between the computational complexity and the accuracy of the this IDS to analyze these attacks may bring about a reliable
DRs. We actually tested the computation time of our proposed approach. Our future works will comprise of feasibility studies
method by considering p = 14. Using a Linux-based computer on these more intelligent detection schemes in MANETs.
Authorized licensed use limited to: Arulmigu Kalasalingam College of Engineering. Downloaded on August 04,2010 at 09:46:45 UTC from IEEE Xplore. Restrictions apply.
10. 2480 IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 58, NO. 5, JUNE 2009
R EFERENCES [32] G. Vigna, S. Gwalani, K. Srinivasan, E. Belding-Royer, and R. Kemmerer,
“An intrusion detection tool for AODV-based ad hoc wireless networks,”
[1] P. Argyroudis and D. O’Mahony, “Secure routing for mobile ad hoc
in Proc. 20th ACSAC, Dec. 2004, pp. 16–27.
networks,” Commun. Surveys Tuts., vol. 7, no. 3, pp. 2–21, Third Quarter,
[33] C. Tseng, P. Balasubramanyam, C. Ko, R. Limprasittiporn, J. Rowe, and
2005.
K. Levitt, “A specification-based intrusion detection system for AODV,”
[2] L. Zhou and Z. Haas, “Securing ad hoc networks,” IEEE Netw., vol. 13,
in Proc. 1st ACM Workshop SASN, Oct. 2003, pp. 125–134.
no. 6, pp. 24–30, Nov./Dec. 1999.
[34] Y. Huang, W. Fan, W. Lee, and P. Yu, “Cross-feature analysis for detecting
[3] M. Zapata and N. Asokan, “Securing ad hoc routing protocols,” in Proc.
ad-hoc routing anomalies,” in Proc. 23rd ICDCS, May 2003, pp. 478–487.
3rd ACM Workshop WiSE, Sep. 2002, pp. 1–10.
[35] Y. Huang and W. Lee, “Attack analysis and detection for ad hoc routing
[4] P. Papadimitratos and Z. Haas, “Secure data transmission in mobile ad hoc
protocols,” in Proc. 7th Int. Symp. RAID, Sep. 2004, pp. 125–145.
networks,” in Proc. ACM Workshop WiSE, Sep. 2003, pp. 41–50.
[36] B. Sun, K. Wu, and U. Pooch, “Towards adaptive intrusion detection
[5] W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE
in mobile ad hoc networks,” in Proc. IEEE Global Telecommun. Conf.
Trans. Inf. Theory, vol. IT-22, no. 6, pp. 644–654, Nov. 1976.
GLOBECOM, Nov./Dec. 2004, pp. 3551–3555.
[6] A. J. Menezes, S. A. Vanstone, and P. C. V. Oorschot, Handbook of
[37] R. Duda, P. Hart, and D. Stork, Pattern Classification and Scene Analysis.
Applied Cryptography. Boca Raton, FL: CRC, 1996.
New York: Wiley, 1973.
[7] J. Edney and W. Arbaugh, Real 802.11 Security: Wi-Fi Protected Access
[38] J. Tsumochi, K. Masayama, H. Uehara, and M. Yokoyama, “Impact of
802.11i. Upper Saddle River, NJ: Pearson, 2004.
mobility metric on routing protocols for mobile ad hoc networks,” in Proc.
[8] C.-K. Toh, Ad Hoc Mobile Wireless Networks—Protocol and Systems.
IEEE Pacific Rim Conf. Commun., Comput. Signal Process. PACRIM,
Upper Saddle River, NJ: Pearson, 2002.
Aug. 2003, pp. 322–325.
[9] A. Mishra, K. Nadkarni, and A. Patcha, “Intrusion detection in wireless
[39] D. Maltz, J. Broch, J. Jetcheva, and D. Johnson, “The effects of on-
ad hoc networks,” IEEE Wireless Commun., vol. 11, no. 1, pp. 48–60,
demand behavior in routing protocols for multihop wireless ad hoc net-
Feb. 2004.
works,” IEEE J. Sel. Areas Commun., vol. 17, no. 8, pp. 1439–1453,
[10] Y. Waizumi, Y. Sato, and Y. Nemoto, “A network-based anomaly detection
Aug. 1999.
system using multiple network features,” in Proc. 3rd Int. Conf. WEBIST,
[40] C. Perkins, E. Royer, S. Das, and M. Marina, “Performance comparison
Mar. 2007, pp. 410–413.
of two on-demand routing protocols for ad hoc networks,” IEEE Pers.
[11] H. Ebbinghaus, Memory: A Contribution to Experimental Psychology.
Commun., vol. 8, no. 1, pp. 16–28, Feb. 2001.
New York: Teachers College, 1913.
[41] T. Camp, J. Boleng, and V. Davies, “A survey of mobility models for
[12] I. London, “An ideal equation derived for a class of forgetting curves,”
ad hoc network research,” Wirel. Commun. Mob. Comput., vol. 2, no. 5,
Psychol. Rev., vol. 57, no. 5, pp. 295–302, Sep. 1950.
pp. 483–502, Sep. 2002.
[13] P. Ning and K. Sun, “How to misuse AODV: A case study of insider
[42] G. Golub and C. V. Loan, “Matrix computations,” in Johns Hopkins Stud-
attacks against mobile ad-hoc routing protocols,” in Proc. 4th Annu. IEEE
ies in Mathematical Sciences, 3rd ed. Baltimore, MD: Johns Hopkins
Inf. Assurance Workshop, Jun. 2003, pp. 60–67.
Univ. Press, 1996.
[14] W. Wang, Y. Lu, and B. Bhargava, “On vulnerability and protection of ad
[43] I. Chakeres and C. Perkins, Dynamic MANET on-demand (DYMO)
hoc on-demand distance vector protocol,” in Proc. 10th ICT, Feb. 2003,
routing, Jul. 2007. IETF Internet Draft, draft-ietf-manet-dymo-10.txt.
pp. 375–382.
[44] W. Yan, E. Hou, and N. Ansari, “Description logics for an autonomic ids
[15] M. Hollick, J. Schmitt, C. Seipl, and R. Steinmetz, “On the effect of node
event analysis system,” Comput. Commun., vol. 29, no. 15, pp. 2841–
misbehavior in ad hoc networks,” in Proc. IEEE Global Telecommun.
2852, Sep. 2006.
Conf. GLOBECOM, Jun. 2004, pp. 3759–3763.
[45] W. Yan, E. Hou, and N. Ansari, “Extracting and querying network attack
[16] C. Perkins, E. Belding-Royer, and S. Das, Ad hoc On-Demand Distance
scenarios knowledge in IDS using PCTCG and alert semantic networks,”
Vector (AODV) Routing, Jul. 2003. IETF RFC 3561 (Experimental).
in Proc. IEEE ICC, May 2005, pp. 1512–1517.
[17] Network Simulator—NS (ver. 2). [Online]. Available: http://nsnam.isi.
edu/nsnam/
[18] M. Zapata, Secure ad hoc on-demand distance vector (SAODV) routing,
Sep. 2006. IETF Internet Draft, draft-guerrero-manet-saodv-06.txt.
[19] A-SAODV Homepage. [Online]. Available: http://saodv.cefriel.it/
[20] D. Cerri and A. Ghioni, “Securing AODV: the A-SAODV secure rout- Hidehisa Nakayama (M’05) received the B.E.,
ing prototype,” IEEE Commun. Mag., vol. 46, no. 2, pp. 120–125, M.S., and Ph.D. degrees in information sciences
Feb. 2008. from Tohoku University, Sendai, Japan, in 2000,
[21] R. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital 2002, and 2005, respectively.
signatures and public key cryptosystems,” Commun. ACM, vol. 21, no. 2, He is currently a Senior Assistant Professor with
pp. 120–126, Feb. 1978. Tohoku Institute of Technology, Sendai. He has been
[22] D. Eastlake, III and P. Jones, US Secure Hash Algorithm 1 (SHA1), engaged in research on intelligent sensor technology,
Sep. 2001. IETF RFC 3174 (Informational). wireless mobile ad hoc networks, computer network-
[23] H. Yih-Chun and A. Perrig, “A survey of secure wireless ad hoc routing,” ing, character string analysis, pattern recognition,
IEEE Security Privacy, vol. 2, no. 3, pp. 28–39, May/Jun. 2004. and image processing.
[24] H. Yih-Chun, A. Perrig, and D. Johnson, “Ariadne: A secure on-demand Dr. Nakayama is a member of the IEEE Commu-
routing protocol for ad hoc networks,” Wirel. Netw., vol. 11, no. 1/2, nications Society, the Institute of Electronics, Information, and Communication
pp. 21–38, Jan. 2005. Engineers (IEICE), and the Information Processing Society of Japan (IPSJ). He
[25] H. Yih-Chun, D. Johnson, and A. Perrig, “SEAD: Secure efficient distance received the Paper Award for Young Researchers from the IPSJ Tohoku Chapter
vector routing for mobile wireless ad hoc networks,” Ad Hoc Netw., vol. 1, in 2000 and the Best Paper of Pattern Recognition Award at SCI 2003.
no. 1, pp. 175–192, Jul. 2003.
[26] M. Bechler, H.-J. Hof, D. Kraft, F. Pahlke, and L. Wolf, “A clusterbased
security architecture for ad hoc networks,” in Proc. 23rd Annu. Joint Conf.
IEEE Comput. Commun. Soc. INFOCOM, Mar. 2004, pp. 2393–2403.
[27] M. Ramkumar and N. Memon, “An efficient key predistribution scheme
for ad hoc network security,” IEEE J. Sel. Areas Commun., vol. 23, no. 3, Satoshi Kurosawa received the B.E. degree from
pp. 611–621, Mar. 2005. Miyagi University of Education, Sendai, Japan, in
[28] K. Sanzgiri, D. LaFlamme, B. Dahill, B. N. Levine, C. Shields, and 2004 and the M.S. degree from Tohoku University,
E. M. Belding-Royer, “Authenticated routing for ad hoc networks,” IEEE Sendai, in 2006.
J. Sel. Areas Commun., vol. 23, no. 3, pp. 598–610, Mar. 2005. He is currently with the Information Technol-
[29] H. Deng, W. Li, and D. Agrawal, “Routing security in ad hoc networks,” ogy R&D Center, Mitsubishi Electric Corporation,
IEEE Commun. Mag., vol. 40, no. 10, pp. 70–75, Oct. 2002. Kamakura, Japan. His recent work has focused on ad
[30] S. Lee, B. Han, and M. Shin, “Robust routing in wireless ad hoc net- hoc routing protocols and sensor network security.
works,” in Proc. 31st ICPP Workshops, Aug. 2002, pp. 73–78. His research interests lie in the field of wireless
[31] O. Kachirski and R. Guha, “Effective intrusion detection using multi- networking, particularly ad hoc network security.
ple sensors in wireless ad hoc networks,” in Proc. 36th Annu. HICSS, Mr. Kurosawa received the Dean of the Graduate
Jan. 2003, pp. 57–64. School of Information Sciences Award in 2005.
Authorized licensed use limited to: Arulmigu Kalasalingam College of Engineering. Downloaded on August 04,2010 at 09:46:45 UTC from IEEE Xplore. Restrictions apply.
11. NAKAYAMA et al.: DYNAMIC ANOMALY DETECTION SCHEME FOR AODV-BASED MOBILE AD HOC NETWORKS 2481
Abbas Jamalipour (S’90–M’96–SM’00–F’07) re- Nei Kato (M’03–A’04–SM’05) received the M.S.
ceived the Ph.D. degree from Nagoya University, and Ph.D. degrees from Tohoku University, Sendai,
Nagoya, Japan. Japan, in 1988 and 1991, respectively.
He is currently with the School of Electrical Infor- Since 1991, he has been with Tohoku Univer-
mation Engineering, University of Sydney, Sydney, sity, where he is currently a Full Professor with
Australia. He is the author of the first book on the Graduate School of Information Sciences. He
wireless IP, as well as two other books, and has has published more than 120 papers in journals and
coauthored five books and over 180 technical papers, peer-reviewed conference proceedings. He has been
all in the field of mobile communications networks. engaged in research on computer networking, wire-
He is also the author of several invited papers. His less mobile communications, image processing, and
areas of research are wireless data communication neural networks.
networks, wireless IP networks, next-generation mobile networks, traffic con- Dr. Kato is a member of the Institute of Electronics, Information, and
trol, network security and management, and satellite systems. He was one Communication Engineers (IEICE). He has served as a Symposium Cochair
of the first researchers to disseminate the fundamental concepts of next- at GLOBECOM’07 and ChinaCom’08 and as a Technical Program Committee
generation mobile networks and broadband convergence networks, as well as member on a large number of IEEE international conferences, including
the integration of wireless local area networks and cellular networks, some of ICC, GLOBECOM, WCNC, and HPSR. He was a Co-Guest Editor for the
which are being gradually deployed by industry and included in the ITU-T Journal of Communications and Networks (JCN) Special Issue on Broadband
standards. Convergence Networks (BcNs) in 2005. Since 2006, he has been the Technical
Dr. Jamalipour is a Fellow of the Institute of Engineers Australia, Editor of IEEE WIRELESS COMMUNICATIONS. Since 2008, he has been
an IEEE Distinguished Lecturer, the Editor-in-Chief of IEEE WIRELESS the Editor of the IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS.
COMMUNICATIONS, and a Technical Editor of several scholarly journals, He is the corecipient of the 2005 Distinguished Contributions to Satellite
including IEEE COMMUNICATIONS, the Wiley International Journal of Com- Communications Award from the IEEE Communications Society, Satellite and
munication Systems, Journal of Communication Networks, etc. He has been a Space Communications Technical Committee, the corecipient of the FUNAI
keynote speaker at many prestigious conferences. He served as the Chair of the Information Science Award in 2007, and the corecipient of the 2008 TELCOM
Satellite and Space Communications Technical Committee (TC) from 2004 to System Technology Award from the Foundation for Electrical Communications
2006 and is currently the Vice Chair of Communications Switching and Routing Diffusion. He is serving as an expert member of the Telecommunications
TC and the Chair of Chapters Coordinating Committee, Asia-Pacific Board, all Council, Ministry of Internal Affairs and Communications, Japan.
with the IEEE Communications Society. He is a voting member of the IEEE
GITC and IEEE WCNC Steering Committees. He was the Vice Chair of the
IEEE WCNC from 2003 to 2006, the Program Chair of SPECTS2004, the Chair
of symposiums at IEEE GLOBECOM 2005 to 2007 and IEEE ICC 2005 to
2008, as well as many other conferences. He has received several prestigious
awards, such as the 2005 Telstra Award for Excellence in Teaching, the 2006
IEEE Communications Society Best Tutorial Paper Award, and the 2006 IEEE
Distinguished Contribution to Satellite Communications Award.
Yoshiaki Nemoto (S’72–M’73–SM’05) received the
B.E., M.E., and Ph.D. degrees from Tohoku Uni-
versity, Sendai, Japan, in 1968, 1970, and 1973,
respectively.
He is a Full Professor with the Graduate School
of Information Sciences, Tohoku University, where
he has also been an Executive Vice President since
2008. He has been engaged in research on microwave
networks, communication systems, computer net-
work systems, image processing, and handwritten
character recognition.
Dr. Nemoto is a Fellow of the Institute of Electrical, Information, and
Communication Engineers (IEICE) and the Information Processing Society of
Japan (IPSJ). He is a corecipient of the 1982 Microwave Prize from the IEEE
Microwave Theory and Techniques Society, the 2005 Distinguished Contri-
butions to Satellite Communications Award from the IEEE Communications
Society, and the FUNAI information Science Award.
Authorized licensed use limited to: Arulmigu Kalasalingam College of Engineering. Downloaded on August 04,2010 at 09:46:45 UTC from IEEE Xplore. Restrictions apply.