The document proposes a risk-aware response mechanism for mitigating routing attacks in mobile ad hoc networks (MANETs). It introduces the concept of importance factors to extend the Dempster-Shafer theory of evidence. This allows the mechanism to differentiate the importance of different evidence sources when assessing risk. The mechanism uses the extended evidence model to determine adaptive, time-wise isolation of compromised nodes based on potential damages of attacks and countermeasures. Experiments demonstrate the effectiveness of the risk-aware approach.
An Efficient Mechanism of Handling MANET Routing Attacks using Risk Aware Mit...IJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Risk-Aware Response Mechanism with Extended D-S theoryEditor IJCATR
Mobile Ad hoc Networks (MANET) are having dynamic nature of its network infrastructure and
it is vulnerable to all types of attacks. Among these attacks, the routing attacks getting more attention
because its changing the whole topology itself and it causes more damage to MANET. Even there are lot of
intrusion detection Systems available to diminish those critical attacks, existing causesunexpected network
partition, and causes additional damages to the infrastructure of the network , and it leads to uncertainty in
finding routing attacks in MANET. In this paper, we propose a adaptive risk-aware response mechanism with
extended Dempster-Shafer theory in MANET to identify the routing attacks and malicious node. Our
techniques find the malicious node with degree of evidence from the expert knowledge and detect the
important factors for each node.It creates black list and all those malicious nodes so that it may not enter the
network again
THE NASH’S BALANCE IN THE THEORY OF GAMES FOR A SECURE MODEL MECHANISM IN ROU...ijcisjournal
The present work is dedicated to study attacks and countermeasure in MANET. After a short introduction to what the Mobile Ad hoc Networks (MANETs) are and network security we present a survey of various attacks in MANETs pertaining to fail routing protocols. We present the different tools used by these attacks and the mechanisms used by the secured routing protocols to counter them. We also study a mechanism of security, named the reputation, proposed for the MANETs and the protocol which implements it. We also propose a secure mechanism which is based on the reputation. Our work ends with a proposal analytical model to the modules of our mechanism and the equilibrium states of our model.
A mobile Ad-hoc network (MANET) is an impulsive network that can be recognized with no predetermined infrastructure. To achieve safe path selection cryptographic key exchange was implemented mostly in turn of huge computational cost. Confidence based coordination in MANET focuses on routing challenges created by selfish nodes, as energy utilization & time factor are key issues in this aspect. The present protocol is focused on fuzzy optimization-based node confidence estimation and path selection with minimum energy utilization. The node with maximum confidence value will give high priority to include in the path for transmission. In the implemented protocol to build a novel confidence-based model multidimensional factors like confidence value, link cost, degree of node and node energy are included as decision-making factors. The proposed protocol CLBNSRM estimates confidence level in four steps to decide a trustworthiness of neighboring node. To estimate the efficiency of the present confidence model various protocols are compared by using attributes like the number of nodes, node speed, malicious node variation, etc. Moreover, different parameters like Packet delivery ratio, Throughput, Residual energy, and Packet dropped are considered with these attribute variations. Experimental results indicate that PDR and Throughput increase although in presence of malicious nodes, along with the utilization of minimal energy. Statistical analysis is carried out for mathematical modeling. This analysis shows that a linear model of an implemented protocol is better than compared protocol with all the aspects.
PERFORMANCE ANALYSIS OF THE NEIGHBOR WEIGHT TRUST DETERMINATION ALGORITHM IN ...IJNSA Journal
Mobile ad-hoc networks (MANETs) are susceptible to attacks by malicious nodes that could easily bring
down the whole network. Therefore, it is important to have a reliable mechanism for detecting and isolating
malicious nodes before they can do any harm to the network. One of the possible mechanisms is by using
trust-based routing protocols. One of the main requirements of such protocols is to have a cost-effective
trust determination algorithm. This paper presents the performance analysis of a recently developed trust
determination algorithm, namely, the neighbor-weight trust determination (NWTD) algorithm. The
performance of the algorithm is evaluated through simulation using the MANET simulator (MANSim). The
simulation results demonstrated the reliability and effectiveness of the algorithm in identifying and
isolating any maliciously behaving node(s) in a timely manner.
An Efficient Mechanism of Handling MANET Routing Attacks using Risk Aware Mit...IJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Risk-Aware Response Mechanism with Extended D-S theoryEditor IJCATR
Mobile Ad hoc Networks (MANET) are having dynamic nature of its network infrastructure and
it is vulnerable to all types of attacks. Among these attacks, the routing attacks getting more attention
because its changing the whole topology itself and it causes more damage to MANET. Even there are lot of
intrusion detection Systems available to diminish those critical attacks, existing causesunexpected network
partition, and causes additional damages to the infrastructure of the network , and it leads to uncertainty in
finding routing attacks in MANET. In this paper, we propose a adaptive risk-aware response mechanism with
extended Dempster-Shafer theory in MANET to identify the routing attacks and malicious node. Our
techniques find the malicious node with degree of evidence from the expert knowledge and detect the
important factors for each node.It creates black list and all those malicious nodes so that it may not enter the
network again
THE NASH’S BALANCE IN THE THEORY OF GAMES FOR A SECURE MODEL MECHANISM IN ROU...ijcisjournal
The present work is dedicated to study attacks and countermeasure in MANET. After a short introduction to what the Mobile Ad hoc Networks (MANETs) are and network security we present a survey of various attacks in MANETs pertaining to fail routing protocols. We present the different tools used by these attacks and the mechanisms used by the secured routing protocols to counter them. We also study a mechanism of security, named the reputation, proposed for the MANETs and the protocol which implements it. We also propose a secure mechanism which is based on the reputation. Our work ends with a proposal analytical model to the modules of our mechanism and the equilibrium states of our model.
A mobile Ad-hoc network (MANET) is an impulsive network that can be recognized with no predetermined infrastructure. To achieve safe path selection cryptographic key exchange was implemented mostly in turn of huge computational cost. Confidence based coordination in MANET focuses on routing challenges created by selfish nodes, as energy utilization & time factor are key issues in this aspect. The present protocol is focused on fuzzy optimization-based node confidence estimation and path selection with minimum energy utilization. The node with maximum confidence value will give high priority to include in the path for transmission. In the implemented protocol to build a novel confidence-based model multidimensional factors like confidence value, link cost, degree of node and node energy are included as decision-making factors. The proposed protocol CLBNSRM estimates confidence level in four steps to decide a trustworthiness of neighboring node. To estimate the efficiency of the present confidence model various protocols are compared by using attributes like the number of nodes, node speed, malicious node variation, etc. Moreover, different parameters like Packet delivery ratio, Throughput, Residual energy, and Packet dropped are considered with these attribute variations. Experimental results indicate that PDR and Throughput increase although in presence of malicious nodes, along with the utilization of minimal energy. Statistical analysis is carried out for mathematical modeling. This analysis shows that a linear model of an implemented protocol is better than compared protocol with all the aspects.
PERFORMANCE ANALYSIS OF THE NEIGHBOR WEIGHT TRUST DETERMINATION ALGORITHM IN ...IJNSA Journal
Mobile ad-hoc networks (MANETs) are susceptible to attacks by malicious nodes that could easily bring
down the whole network. Therefore, it is important to have a reliable mechanism for detecting and isolating
malicious nodes before they can do any harm to the network. One of the possible mechanisms is by using
trust-based routing protocols. One of the main requirements of such protocols is to have a cost-effective
trust determination algorithm. This paper presents the performance analysis of a recently developed trust
determination algorithm, namely, the neighbor-weight trust determination (NWTD) algorithm. The
performance of the algorithm is evaluated through simulation using the MANET simulator (MANSim). The
simulation results demonstrated the reliability and effectiveness of the algorithm in identifying and
isolating any maliciously behaving node(s) in a timely manner.
PERFORMANCE ANALYSIS OF THE NEIGHBOR WEIGHT TRUST DETERMINATION ALGORITHM IN ...IJNSA Journal
Mobile ad-hoc networks (MANETs) are susceptible to attacks by malicious nodes that could easily bring down the whole network. Therefore, it is important to have
a reliable mechanism for detecting and isolating malicious nodes before they can do any harm to the network. One of the possible mechanisms is by using trust-based routing protocols. One of the main requirements of such protocols is to have a cost-effective trust determination algorithm. This paper presents the performance analysis of a recently developed trust determination algorithm, namely, the neighbor-weight trust determination (NWTD) algorithm. The performance of the algorithm is evaluated through simulation using the MANET simulator (MANSim). The simulation results demonstrated the reliability and effectiveness of the algorithm in identifying and isolating any maliciously behaving node(s) in a timely manner.
Modelling of A Trust and Reputation Model in Wireless Networksijeei-iaes
Security is the major challenge for Wireless Sensor Networks (WSNs). The sensor nodes are deployed in non controlled environment, facing the danger of information leakage, adversary attacks and other threats. Trust and Reputation models are solutions for this problem and to identify malicious, selfish and compromised nodes. This paper aims to evaluate varying collusion effect with respect to static (SW), dynamic (DW), static with collusion (SWC), dynamic with collusion (DWC) and oscillating wireless sensor networks to derive the joint resultant of Eigen Trust Model. An attempt has been made for the same by comparing aforementioned networks that are purely dedicated to protect the WSNs from adversary attacks and maintain the security issues. The comparison has been made with respect to accuracy and path length and founded that, collusion for wireless sensor networks seems intractable with the static and dynamic WSNs when varied with specified number of fraudulent nodes in the scenario. Additionally, it consumes more energy and resources in oscillating and collusive environments.
A COMBINATION OF TEMPORAL SEQUENCE LEARNING AND DATA DESCRIPTION FOR ANOMALYB...IJNSA Journal
Through continuous observation and modelling of normal behavior in networks, Anomaly-based Network Intrusion Detection System (A-NIDS) offers a way to find possible threats via deviation from the normal model. The analysis of network traffic based on time series model has the advantage of exploiting the relationship between packages within network traffic and observing trends of behaviors over a period of time. It will generate new sequences with good features that support anomaly detection in network traffic and provide the ability to detect new attacks. Besides, an anomaly detection technique, which focuses on the normal data and aims to build a description of it, will be an effective technique for anomaly detection in imbalanced data. In this paper, we propose a combination model of Long Short Term Memory (LSTM) architecture for processing time series and a data description Support Vector Data Description (SVDD) for anomaly detection in A-NIDS to obtain the advantages of them. This model helps parameters in LSTM and SVDD are jointly trained with joint optimization method. Our experimental results with KDD99 dataset show that the proposed combined model obtains high performance in intrusion detection, especially DoS and Probe attacks with 98.0% and 99.8%, respectively.
A Novel Approach To Detect Trustworthy Nodes Using Audit Based Scheme For WSNIJERDJOURNAL
ABSTRACT: In multi-hop ad hoc networks there exists a problem of identifying and isolating misbehaving nodes which refuses to forward packets. Audit-based Misbehavior Detection (AMD) is a comprehensive system that effectively and efficiently isolates both continuous and selective packet droppers. The AMD system integrates reputation management, trustworthy route discovery, and identification of misbehaving nodes based on behavioral audits. Compared to previous methods, AMD evaluates node behavior on a per-packet basis, without employing energy-expensive overhearing techniques or intensive acknowledgment schemes. Moreover, AMD can detect selective dropping attacks even if end-to-end traffic is encrypted and can be applied to multichannel networks or networks consisting of nodes with directional antennas. This work implements the AMD approach by considering the rushing attack. The analysis of the results confirms that AMD based method with rushing attack performs better as compared to the non rushing attack.
The working of MANET protocol, may compromise the security in it. In this paper, we propose a new key
exchange method to improve the security of MANETs. In this proposed mechanism we send the key through the
control packets instead data packets. By using this mechanism we can ensure that even if the intruder gets access to
the data packet he cannot decrypt it because there is no key associated with the packet. Brute force attack also
becomes infeasible because the packet is alive in the network for a less time
Anew approach to broadcast in wormhole routed three-dimensional networks is proposed. One of the most
important process in communication and parallel computer is broadcast approach.. The approach of this
case of Broadcasting is to send the message from one source to all destinations in the network which
corresponds to one-to-all communication. Wormhole routing is a fundamental routing mechanism in
modern parallel computers which is characterized with low communication latency. We show how to apply
this approach to 3-D meshes. Wormhole routing is divided the packets into set of FLITS (flow control
digits). The first Flit of the packet (Header Flit) is containing the destination address and all subsets flits
will follow the routing way of the header Flit. In this paper, we consider an efficient algorithm for
broadcasting on an all-port wormhole-routed 3D mesh with arbitrary size. We introduce an efficient
algorithm, Y-Hamiltonian Layers Broadcast(Y-HLB). In this paper the behaviors of this algorithm were
compared to the previous results, our paradigm reduces broadcast latency and is simpler. In this paper our
simulation results show the average of our proposed algorithm over the other algorithms that presented.
DESIGN AND IMPLEMENTATION OF A TRUST-AWARE ROUTING PROTOCOL FOR LARGE WSNSIJNSA Journal
The domain of Wireless Sensor Networks (WSNs) applications is increasing widely over the last few years. As this new type of networking is characterized by severely constrained node resources, limited network resources and the requirement to operate in an ad hoc manner, implementing security functionality to protect against adversary nodes becomes a challenging task. In this paper, we present a trust-aware, location-based routing protocol which protects the WSN against routing attacks, and also supports large-scale WSNs deployments. The proposed solution has been shown to efficiently detect and avoid malicious nodes and has been implemented in state-of-the-art sensor nodes for a real-life test-bed. This work focuses on the assessment of the implementation cost and on the lessons learned through the design, implementation and validation process.
Secure multipath routing scheme using keyijfcstjournal
Multipath routing in WSN has been a long wish in security scenario where nodes on next-hop may be
targeted to compromise. Many proposals of Multipath routing has been proposed in ADHOC Networks but
under constrained from keying environment most seems ignorant. In WSN where crucial data is reported by
nodes in deployment area to their securely located Sink, route security has to be guaranteed. Under
dynamic load and selective attacks, availability of multiple secure paths is a boon and increases the
attacker efforts by many folds. We propose to build a subset of neighbors as our front towards destination
node. We also identified forwarders for query by base station. The front is optimally calculated to maintain
the security credential and avail multiple paths. According to our knowledge ours is a novel secure
multipath routing protocol for WSN. We established effectiveness of our proposal with mathematical
analysis.
UTILIZING XAI TECHNIQUE TO IMPROVE AUTOENCODER BASED MODEL FOR COMPUTER NETWO...IJCNCJournal
Machine learning (ML) and Deep Learning (DL) methods are being adopted rapidly, especially in computer network security, such as fraud detection, network anomaly detection, intrusion detection, and much more. However, the lack of transparency of ML and DL based models is a major obstacle to their implementation and criticized due to its black-box nature, even with such tremendous results. Explainable Artificial Intelligence (XAI) is a promising area that can improve the trustworthiness of these models by giving explanations and interpreting its output. If the internal working of the ML and DL based models is understandable, then it can further help to improve its performance. The objective of this paper is to show that how XAI can be used to interpret the results of the DL model, the autoencoder in this case. And, based on the interpretation, we improved its performance for computer network anomaly detection. The kernel SHAP method, which is based on the shapley values, is used as a novel feature selection technique. This method is used to identify only those features that are actually causing the anomalous behaviour of the set of attack/anomaly instances. Later, these feature sets are used to train and validate the autoencoderbut on benign data only. Finally, the built SHAP_Model outperformed the other two models proposed based on the feature selection method. This whole experiment is conducted on the subset of the latest CICIDS2017 network dataset. The overall accuracy and AUC of SHAP_Model is 94% and 0.969, respectively.
Efficient security approaches in mobile ad hoc networks a surveyeSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Privacy Preserving Reputation Calculation in P2P Systems with Homomorphic Enc...IJCNCJournal
In this paper, we consider the problem of calculating the node reputation in a Peer-toPeer (P2P) system from fragments of partial knowledge concerned with the trustfulness of nodes which are subjectively given by each node (i.e., evaluator) participating in the system. We are particularly interested in the distributed processing of the calculation of reputation scores while preserving the privacy of evaluators. The basic idea of the proposed method is to extend the EigenTrust reputation management system with the notion of homomorphic cryptosystem. More specifically, it calculates the main eigenvector of a linear system which models the trustfulness of the users (nodes) in the P2P system in a distributed manner, in such a way that: 1) it blocks accesses to the trust value by the nodes to have the secret key used for the decryption, 2) it improves the efficiency of calculation by offloading a part of the task to the participating nodes, and 3) it uses different public keys during the calculation to improve the robustness against the leave of nodes. The performance of the proposed method is evaluated through numerical calculations.
Routing and Security Issues for Trust Based Framework in Mobile Ad Hoc Networksiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Different Approaches for Secure and Efficient Key Management in Mobile Ad-Hoc...Editor IJMTER
A Mobile Ad-hoc Network (MANET) is a self configuring infrastructure less network of
mobile devices conducted by wireless. Each device in a MANET is free to move independently in any
direction and its change the link to other devices frequently. MANET includes both challenges and
opportunities in achieving security goals such as confidentiality, integrity and non repudiation. Key
management is a central component in MANAET security, the purpose of key management is to provide
secure procedures for handling cryptography key materials. Distributed key management is proposed
and deduces the condition under which the key sets distributed to the network nodes to provide MANET
security. Various key management schemes are discussed for secure wireless sensor network
communication. Peer Intermediaries for Key Establishment (PIKE), a class of key establishment
protocols that involves using one or more sensor nodes as a trusted intermediary to facilitate key
establishment. Pike protocols scale sub linearity with the number of nodes in the network and achieving
higher security against node compromise than other protocols. Authenticated Routing for Ad-hoc
Networks (ARAN) is proposed to detect and protect against malicious actions by third parties. ARAN
has minimal Performance costs for the increased security in terms of processing and networking
overhead. Self-organized Key Management is to propose cryptography procedures to make secure
transactions.
FUZZY LOGIC-BASED EFFICIENT MESSAGE ROUTE SELECTION METHOD TO PROLONG THE NET...IJCNCJournal
Recently, sensor networks have been used in a wide range of applications, and interest in sensor node
performance has increased. A sensor network is composed of tiny nodes with limited resources. The sensor
network communicates between nodes in a configured network through self-organization. An energyefficient security protocol with a hierarchy structure with various advantages has been proposed to
prolong the network lifetime of sensor networks. But due to structural problems in traditional protocols,
nodes located upstream tend to consume relatively high energy compared to other nodes. A network
protocol should be considered to provide minimal security and efficient allocation of energy consumption
by nodes to increase the network lifetime. In this paper, we introduce a solution to solve the bottleneck
problem through an efficient message route selection method. The proposed method selects an efficient
messaging path using GA and fuzzy logic composed of multiple rules. Message route selection plays an
important role in controlling the load balancing of nodes. A principal benefit of the proposed scheme is the
potential portability of the clustering-based protocol. In addition, the proposed method is updated to find
the optimal path through the genetic algorithm to respond to various environments. We demonstrated the
effectiveness of the proposed method through an experiment in which the proposed method is applied to a
probabilistic voting-based filtering scheme that is one of the cluster-based security schemes.
Enhancing performance using TOHIP in MANETIJTET Journal
Abstract— Mobile Ad hoc Network (MANET) is a special self-describing wireless ad hoc network which consists of additional number of nodes that can move randomly and erratically. Due to this infrastructure it enables numerous kinds of attacks and establish topology-exposure problem. Many of the existing multipath protocols may ignore the topology-exposure problem. In this, we proposed a TOpology-HIding multipath routing Protocol (TOHIP) for preventing attacks in topology-exposure. In TOHIP, the link connection information is hidden in route messages, so that the malicious nodes cannot conclude the network topology. In Route Reply phase, the protocol TOHIP can also be used to establish multiple node-disjoint routes and eliminate the unreliable route before transmitting packets in Route Probe phase. With facilitate of a newly designed protocol, security was assured and earned superior capability of finding routes in MANET. The simulation result shows that TOHIP has given recovered performance when compared with Ad hoc On-demand Multipath Distance Vector (AOMDV) routing protocol.
PERFORMANCE ANALYSIS OF THE NEIGHBOR WEIGHT TRUST DETERMINATION ALGORITHM IN ...IJNSA Journal
Mobile ad-hoc networks (MANETs) are susceptible to attacks by malicious nodes that could easily bring down the whole network. Therefore, it is important to have
a reliable mechanism for detecting and isolating malicious nodes before they can do any harm to the network. One of the possible mechanisms is by using trust-based routing protocols. One of the main requirements of such protocols is to have a cost-effective trust determination algorithm. This paper presents the performance analysis of a recently developed trust determination algorithm, namely, the neighbor-weight trust determination (NWTD) algorithm. The performance of the algorithm is evaluated through simulation using the MANET simulator (MANSim). The simulation results demonstrated the reliability and effectiveness of the algorithm in identifying and isolating any maliciously behaving node(s) in a timely manner.
Modelling of A Trust and Reputation Model in Wireless Networksijeei-iaes
Security is the major challenge for Wireless Sensor Networks (WSNs). The sensor nodes are deployed in non controlled environment, facing the danger of information leakage, adversary attacks and other threats. Trust and Reputation models are solutions for this problem and to identify malicious, selfish and compromised nodes. This paper aims to evaluate varying collusion effect with respect to static (SW), dynamic (DW), static with collusion (SWC), dynamic with collusion (DWC) and oscillating wireless sensor networks to derive the joint resultant of Eigen Trust Model. An attempt has been made for the same by comparing aforementioned networks that are purely dedicated to protect the WSNs from adversary attacks and maintain the security issues. The comparison has been made with respect to accuracy and path length and founded that, collusion for wireless sensor networks seems intractable with the static and dynamic WSNs when varied with specified number of fraudulent nodes in the scenario. Additionally, it consumes more energy and resources in oscillating and collusive environments.
A COMBINATION OF TEMPORAL SEQUENCE LEARNING AND DATA DESCRIPTION FOR ANOMALYB...IJNSA Journal
Through continuous observation and modelling of normal behavior in networks, Anomaly-based Network Intrusion Detection System (A-NIDS) offers a way to find possible threats via deviation from the normal model. The analysis of network traffic based on time series model has the advantage of exploiting the relationship between packages within network traffic and observing trends of behaviors over a period of time. It will generate new sequences with good features that support anomaly detection in network traffic and provide the ability to detect new attacks. Besides, an anomaly detection technique, which focuses on the normal data and aims to build a description of it, will be an effective technique for anomaly detection in imbalanced data. In this paper, we propose a combination model of Long Short Term Memory (LSTM) architecture for processing time series and a data description Support Vector Data Description (SVDD) for anomaly detection in A-NIDS to obtain the advantages of them. This model helps parameters in LSTM and SVDD are jointly trained with joint optimization method. Our experimental results with KDD99 dataset show that the proposed combined model obtains high performance in intrusion detection, especially DoS and Probe attacks with 98.0% and 99.8%, respectively.
A Novel Approach To Detect Trustworthy Nodes Using Audit Based Scheme For WSNIJERDJOURNAL
ABSTRACT: In multi-hop ad hoc networks there exists a problem of identifying and isolating misbehaving nodes which refuses to forward packets. Audit-based Misbehavior Detection (AMD) is a comprehensive system that effectively and efficiently isolates both continuous and selective packet droppers. The AMD system integrates reputation management, trustworthy route discovery, and identification of misbehaving nodes based on behavioral audits. Compared to previous methods, AMD evaluates node behavior on a per-packet basis, without employing energy-expensive overhearing techniques or intensive acknowledgment schemes. Moreover, AMD can detect selective dropping attacks even if end-to-end traffic is encrypted and can be applied to multichannel networks or networks consisting of nodes with directional antennas. This work implements the AMD approach by considering the rushing attack. The analysis of the results confirms that AMD based method with rushing attack performs better as compared to the non rushing attack.
The working of MANET protocol, may compromise the security in it. In this paper, we propose a new key
exchange method to improve the security of MANETs. In this proposed mechanism we send the key through the
control packets instead data packets. By using this mechanism we can ensure that even if the intruder gets access to
the data packet he cannot decrypt it because there is no key associated with the packet. Brute force attack also
becomes infeasible because the packet is alive in the network for a less time
Anew approach to broadcast in wormhole routed three-dimensional networks is proposed. One of the most
important process in communication and parallel computer is broadcast approach.. The approach of this
case of Broadcasting is to send the message from one source to all destinations in the network which
corresponds to one-to-all communication. Wormhole routing is a fundamental routing mechanism in
modern parallel computers which is characterized with low communication latency. We show how to apply
this approach to 3-D meshes. Wormhole routing is divided the packets into set of FLITS (flow control
digits). The first Flit of the packet (Header Flit) is containing the destination address and all subsets flits
will follow the routing way of the header Flit. In this paper, we consider an efficient algorithm for
broadcasting on an all-port wormhole-routed 3D mesh with arbitrary size. We introduce an efficient
algorithm, Y-Hamiltonian Layers Broadcast(Y-HLB). In this paper the behaviors of this algorithm were
compared to the previous results, our paradigm reduces broadcast latency and is simpler. In this paper our
simulation results show the average of our proposed algorithm over the other algorithms that presented.
DESIGN AND IMPLEMENTATION OF A TRUST-AWARE ROUTING PROTOCOL FOR LARGE WSNSIJNSA Journal
The domain of Wireless Sensor Networks (WSNs) applications is increasing widely over the last few years. As this new type of networking is characterized by severely constrained node resources, limited network resources and the requirement to operate in an ad hoc manner, implementing security functionality to protect against adversary nodes becomes a challenging task. In this paper, we present a trust-aware, location-based routing protocol which protects the WSN against routing attacks, and also supports large-scale WSNs deployments. The proposed solution has been shown to efficiently detect and avoid malicious nodes and has been implemented in state-of-the-art sensor nodes for a real-life test-bed. This work focuses on the assessment of the implementation cost and on the lessons learned through the design, implementation and validation process.
Secure multipath routing scheme using keyijfcstjournal
Multipath routing in WSN has been a long wish in security scenario where nodes on next-hop may be
targeted to compromise. Many proposals of Multipath routing has been proposed in ADHOC Networks but
under constrained from keying environment most seems ignorant. In WSN where crucial data is reported by
nodes in deployment area to their securely located Sink, route security has to be guaranteed. Under
dynamic load and selective attacks, availability of multiple secure paths is a boon and increases the
attacker efforts by many folds. We propose to build a subset of neighbors as our front towards destination
node. We also identified forwarders for query by base station. The front is optimally calculated to maintain
the security credential and avail multiple paths. According to our knowledge ours is a novel secure
multipath routing protocol for WSN. We established effectiveness of our proposal with mathematical
analysis.
UTILIZING XAI TECHNIQUE TO IMPROVE AUTOENCODER BASED MODEL FOR COMPUTER NETWO...IJCNCJournal
Machine learning (ML) and Deep Learning (DL) methods are being adopted rapidly, especially in computer network security, such as fraud detection, network anomaly detection, intrusion detection, and much more. However, the lack of transparency of ML and DL based models is a major obstacle to their implementation and criticized due to its black-box nature, even with such tremendous results. Explainable Artificial Intelligence (XAI) is a promising area that can improve the trustworthiness of these models by giving explanations and interpreting its output. If the internal working of the ML and DL based models is understandable, then it can further help to improve its performance. The objective of this paper is to show that how XAI can be used to interpret the results of the DL model, the autoencoder in this case. And, based on the interpretation, we improved its performance for computer network anomaly detection. The kernel SHAP method, which is based on the shapley values, is used as a novel feature selection technique. This method is used to identify only those features that are actually causing the anomalous behaviour of the set of attack/anomaly instances. Later, these feature sets are used to train and validate the autoencoderbut on benign data only. Finally, the built SHAP_Model outperformed the other two models proposed based on the feature selection method. This whole experiment is conducted on the subset of the latest CICIDS2017 network dataset. The overall accuracy and AUC of SHAP_Model is 94% and 0.969, respectively.
Efficient security approaches in mobile ad hoc networks a surveyeSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Privacy Preserving Reputation Calculation in P2P Systems with Homomorphic Enc...IJCNCJournal
In this paper, we consider the problem of calculating the node reputation in a Peer-toPeer (P2P) system from fragments of partial knowledge concerned with the trustfulness of nodes which are subjectively given by each node (i.e., evaluator) participating in the system. We are particularly interested in the distributed processing of the calculation of reputation scores while preserving the privacy of evaluators. The basic idea of the proposed method is to extend the EigenTrust reputation management system with the notion of homomorphic cryptosystem. More specifically, it calculates the main eigenvector of a linear system which models the trustfulness of the users (nodes) in the P2P system in a distributed manner, in such a way that: 1) it blocks accesses to the trust value by the nodes to have the secret key used for the decryption, 2) it improves the efficiency of calculation by offloading a part of the task to the participating nodes, and 3) it uses different public keys during the calculation to improve the robustness against the leave of nodes. The performance of the proposed method is evaluated through numerical calculations.
Routing and Security Issues for Trust Based Framework in Mobile Ad Hoc Networksiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Different Approaches for Secure and Efficient Key Management in Mobile Ad-Hoc...Editor IJMTER
A Mobile Ad-hoc Network (MANET) is a self configuring infrastructure less network of
mobile devices conducted by wireless. Each device in a MANET is free to move independently in any
direction and its change the link to other devices frequently. MANET includes both challenges and
opportunities in achieving security goals such as confidentiality, integrity and non repudiation. Key
management is a central component in MANAET security, the purpose of key management is to provide
secure procedures for handling cryptography key materials. Distributed key management is proposed
and deduces the condition under which the key sets distributed to the network nodes to provide MANET
security. Various key management schemes are discussed for secure wireless sensor network
communication. Peer Intermediaries for Key Establishment (PIKE), a class of key establishment
protocols that involves using one or more sensor nodes as a trusted intermediary to facilitate key
establishment. Pike protocols scale sub linearity with the number of nodes in the network and achieving
higher security against node compromise than other protocols. Authenticated Routing for Ad-hoc
Networks (ARAN) is proposed to detect and protect against malicious actions by third parties. ARAN
has minimal Performance costs for the increased security in terms of processing and networking
overhead. Self-organized Key Management is to propose cryptography procedures to make secure
transactions.
FUZZY LOGIC-BASED EFFICIENT MESSAGE ROUTE SELECTION METHOD TO PROLONG THE NET...IJCNCJournal
Recently, sensor networks have been used in a wide range of applications, and interest in sensor node
performance has increased. A sensor network is composed of tiny nodes with limited resources. The sensor
network communicates between nodes in a configured network through self-organization. An energyefficient security protocol with a hierarchy structure with various advantages has been proposed to
prolong the network lifetime of sensor networks. But due to structural problems in traditional protocols,
nodes located upstream tend to consume relatively high energy compared to other nodes. A network
protocol should be considered to provide minimal security and efficient allocation of energy consumption
by nodes to increase the network lifetime. In this paper, we introduce a solution to solve the bottleneck
problem through an efficient message route selection method. The proposed method selects an efficient
messaging path using GA and fuzzy logic composed of multiple rules. Message route selection plays an
important role in controlling the load balancing of nodes. A principal benefit of the proposed scheme is the
potential portability of the clustering-based protocol. In addition, the proposed method is updated to find
the optimal path through the genetic algorithm to respond to various environments. We demonstrated the
effectiveness of the proposed method through an experiment in which the proposed method is applied to a
probabilistic voting-based filtering scheme that is one of the cluster-based security schemes.
Enhancing performance using TOHIP in MANETIJTET Journal
Abstract— Mobile Ad hoc Network (MANET) is a special self-describing wireless ad hoc network which consists of additional number of nodes that can move randomly and erratically. Due to this infrastructure it enables numerous kinds of attacks and establish topology-exposure problem. Many of the existing multipath protocols may ignore the topology-exposure problem. In this, we proposed a TOpology-HIding multipath routing Protocol (TOHIP) for preventing attacks in topology-exposure. In TOHIP, the link connection information is hidden in route messages, so that the malicious nodes cannot conclude the network topology. In Route Reply phase, the protocol TOHIP can also be used to establish multiple node-disjoint routes and eliminate the unreliable route before transmitting packets in Route Probe phase. With facilitate of a newly designed protocol, security was assured and earned superior capability of finding routes in MANET. The simulation result shows that TOHIP has given recovered performance when compared with Ad hoc On-demand Multipath Distance Vector (AOMDV) routing protocol.
Defending against collaborative attacks byranjith kumar
Dear Student,
DREAMWEB TECHNO SOLUTIONS is one of the Hardware Training and Software Development centre available in
Trichy. Pioneer in corporate training, DREAMWEB TECHNO SOLUTIONS provides training in all software
development and IT-related courses, such as Embedded Systems, VLSI, MATLAB, JAVA, J2EE, CIVIL,
Power Electronics, and Power Systems. It’s certified and experienced faculty members have the
competence to train students, provide consultancy to organizations, and develop strategic
solutions for clients by integrating existing and emerging technologies.
ADD: No:73/5, 3rd Floor, Sri Kamatchi Complex, Opp City Hospital, Salai Road, Trichy-18
Contact @ 7200021403/04
phone: 0431-4050403
EXPOSURE AND AVOIDANCE MECHANISM OF BLACK HOLE AND JAMMING ATTACK IN MOBILE A...ijcseit
Mobile ad hoc network (MANETs) is an infrastructure-less/self-configurable system in which every node
carries on as host or router and every node can participate in the transmission of packets. Because of its
dynamic behaviour such system is more susceptible against various sorts of security threats, for example,
Black hole, Wormhole , Jamming , Sybil, Byzantine attack and so on which may block the transmission of
the system. Black hole attack and Jamming attack is one of them which promote itself has shortest or new
fresh route to the destination while jamming attack which make activity over the system. This paper
introduces the thorough literature study for the Black hole attack and jamming attack of both the attack by
various researchers.
EXPOSURE AND AVOIDANCE MECHANISM OF BLACK HOLE AND JAMMING ATTACK IN MOBILE A...ijcseit
Mobile ad hoc network (MANETs) is an infrastructure-less/self-configurable system in which every node
carries on as host or router and every node can participate in the transmission of packets. Because of its
dynamic behaviour such system is more susceptible against various sorts of security threats, for example,
Black hole, Wormhole , Jamming , Sybil, Byzantine attack and so on which may block the transmission of
the system. Black hole attack and Jamming attack is one of them which promote itself has shortest or new
fresh route to the destination while jamming attack which make activity over the system. This paper
introduces the thorough literature study for the Black hole attack and jamming attack of both the attack by
various researchers.
An Optimal Risk- Aware Mechanism for Countering Routing Attacks in MANETsIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
A COMBINATION OF TEMPORAL SEQUENCE LEARNING AND DATA DESCRIPTION FOR ANOMALYB...IJNSA Journal
Through continuous observation and modelling of normal behavior in networks, Anomaly-based Network Intrusion Detection System (A-NIDS) offers a way to find possible threats via deviation from the normal model. The analysis of network traffic based on time series model has the advantage of exploiting the relationship between packages within network traffic and observing trends of behaviors over a period of
time. It will generate new sequences with good features that support anomaly detection in network traffic and provide the ability to detect new attacks. Besides, an anomaly detection technique, which focuses on the normal data and aims to build a description of it, will be an effective technique for anomaly detection in imbalanced data. In this paper, we propose a combination model of Long Short Term Memory (LSTM)
architecture for processing time series and a data description Support Vector Data Description (SVDD) for anomaly detection in A-NIDS to obtain the advantages of them. This model helps parameters in LSTM and SVDD are jointly trained with joint optimization method. Our experimental results with KDD99 dataset show that the proposed combined model obtains high performance in intrusion detection, especially DoS and Probe attacks with 98.0% and 99.8%, respectively.
Analyzing the Impact of Blackhole Attacks on AODV and DSR Routing Protocols’ ...IJCSEA Journal
Mobile Ad-Hoc Networks (MANETs) are wireless networks characterized by their lack of a fixed infrastructure, allowing nodes to move freely and serve as both routers and hosts. These nodes establish virtual links and utilize routing protocols such as AODV, DSR, and DSDV to establish connections. However, security is a significant concern, with the Blackhole attack posing a notable threat, wherein a malicious node drops packets instead of forwarding them. To investigate the impact of Blackhole nodes and assess the performance of AODV and DSR protocols, the researchers employed the NS-2.35 ns-allinone2.35 version for simulation purposes. The study focused on several metrics, including average throughput, acket delivery ratio, and residual energy. The findings revealed that AODV demonstrated better energy efficiency and packet delivery compared to DSR, but DSR outperformed AODV in terms of throughput. Additionally, environmental factors and data sizes were taken into account during the analysis.
ANALYZING THE IMPACT OF BLACKHOLE ATTACKS ON AODV AND DSR ROUTING PROTOCOLS’ ...IJCSEA Journal
Mobile Ad-Hoc Networks (MANETs) are wireless networks characterized by their lack of a fixed
infrastructure, allowing nodes to move freely and serve as both routers and hosts. These nodes establish
virtual links and utilize routing protocols such as AODV, DSR, and DSDV to establish connections.
However, security is a significant concern, with the Blackhole attack posing a notable threat, wherein a
malicious node drops packets instead of forwarding them. To investigate the impact of Blackhole nodes and
assess the performance of AODV and DSR protocols, the researchers employed the NS-2.35 ns-allinone2.35 version for simulation purposes. The study focused on several metrics, including average throughput,
packet delivery ratio, and residual energy. The findings revealed that AODV demonstrated better energy
efficiency and packet delivery compared to DSR, but DSR outperformed AODV in terms of throughput.
Additionally, environmental factors and data sizes were taken into account during the analysis.
ANALYZING THE IMPACT OF BLACKHOLE ATTACKS ON AODV AND DSR ROUTING PROTOCOLS’ ...IJCSEA Journal
Mobile Ad-Hoc Networks (MANETs) are wireless networks characterized by their lack of a fixed
infrastructure, allowing nodes to move freely and serve as both routers and hosts. These nodes establish
virtual links and utilize routing protocols such as AODV, DSR, and DSDV to establish connections.
However, security is a significant concern, with the Blackhole attack posing a notable threat, wherein a
malicious node drops packets instead of forwarding them. To investigate the impact of Blackhole nodes and
assess the performance of AODV and DSR protocols, the researchers employed the NS-2.35 ns-allinone2.35 version for simulation purposes. The study focused on several metrics, including average throughput,
packet delivery ratio, and residual energy. The findings revealed that AODV demonstrated better energy
efficiency and packet delivery compared to DSR, but DSR outperformed AODV in terms of throughput.
Additionally, environmental factors and data sizes were taken into account during the analysis.
Secure Multicast Communication using Behavioural Measurement Technique in MANET Editor Jacotech
In MANET communication between two mobile nodes are carried out by routing protocol. In MANET each mobile node can directly communicate with other mobile node if both mobile nodes are within transmission range. Otherwise the nodes present in between have to forward the packets for them on network. dynamic and cooperative nature of ad hoc networks presents substantial challenges in securing and detecting attacks in these networks. In this paper we proposed a novel Intrusion Detection and Prevention Scheme (IDPS) for protecting network against Blackhole attack. During the attack, a malicious node captures the data after the positive reply of route existence. Routing in Ad hoc networks has been a challenging task ever since the wireless networks came into existence. In multicasting the sender and communicated with multiple receivers. The routing misbehavior in multicast ODMRP is secured by proposed scheme. The proposed IDPS scheme first to detect the malicious nodes and after that block the activities of malicious nodes. The performance of proposed scheme is evaluated through performance metrics that shows the attacker routing misbehavior and proposed security scheme is provides secure and
vigorous performance in presence blackhole attacker.
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Elevating Tactical DDD Patterns Through Object Calisthenics
Proj264
1. Risk-Aware Mitigation for
MANET Routing Attacks
Ziming Zhao, Student Member, IEEE, Hongxin Hu, Student Member, IEEE,
Gail-Joon Ahn, Senior Member, IEEE, and Ruoyu Wu, Student Member, IEEE
Abstract—Mobile Ad hoc Networks (MANET) have been highly vulnerable to attacks due to the dynamic nature of its network
infrastructure. Among these attacks, routing attacks have received considerable attention since it could cause the most devastating
damage to MANET. Even though there exist several intrusion response techniques to mitigate such critical attacks, existing solutions
typically attempt to isolate malicious nodes based on binary or naı¨ve fuzzy response decisions. However, binary responses may result
in the unexpected network partition, causing additional damages to the network infrastructure, and naı¨ve fuzzy responses could lead to
uncertainty in countering routing attacks in MANET. In this paper, we propose a risk-aware response mechanism to systematically
cope with the identified routing attacks. Our risk-aware approach is based on an extended Dempster-Shafer mathematical theory of
evidence introducing a notion of importance factors. In addition, our experiments demonstrate the effectiveness of our approach with
the consideration of several performance metrics.
Index Terms—Mobile ad hoc networks, intrusion response, risk aware, dempster-shafer theory.
Ç
1 INTRODUCTION
MOBILE Ad hoc Networks (MANET) are utilized to set up
wireless communication in improvised environments
without a predefined infrastructure or centralized adminis-
tration. Therefore, MANET has been normally deployed in
adverse and hostile environments where central authority
point is not necessary. Another unique characteristic of
MANET is the dynamic nature of its network topology
which would be frequently changed due to the unpredict-
able mobility of nodes. Furthermore, each mobile node in
MANET plays a router role while transmitting data over the
network. Hence, any compromised nodes under an adver-
sary’s control could cause significant damage to the
functionality and security of its network since the impact
would propagate in performing routing tasks.
Several work [1], [2] addressed the intrusion response
actions in MANET by isolating uncooperative nodes based
on the node reputation derived from their behaviors. Such a
simple response against malicious nodes often neglects
possible negative side effects involved with the response
actions. In MANET scenario, improper countermeasures
may cause the unexpected network partition, bringing
additional damages to the network infrastructure. To
address the above-mentioned critical issues, more flexible
and adaptive response should be investigated.
The notion of risk can be adopted to support more
adaptive responses to routing attacks in MANET [3].
However, risk assessment is still a nontrivial, challenging
problem due to its involvements of subjective knowledge,
objective evidence, and logical reasoning. Subjective knowl-
edge could be retrieved from previous experience and
objective evidence could be obtained from observation while
logical reasoning requires a formal foundation. Wang et al.
[4] proposed a naı¨ve fuzzy cost-sensitive intrusion response
solution for MANET. Their cost model took subjective
knowledge and objective evidence into account but omitted
a seamless combination of two properties with logical
reasoning. In this paper, we seek a way to bridge this gap
by using Dempster-Shafer mathematical theory of evidence
(D-S theory), which offers an alternative to traditional
probability theory for representing uncertainty [5].
D-S theory has been adopted as a valuable tool for
evaluating reliability and security in information systems
and by other engineering fields [6], [7], where precise
measurement is impossible to obtain or expert elicitation is
required. D-S theory has several characteristics. First, it
enables us to represent both subjective and objective
evidences with basic probability assignment and belief
function. Second, it supports Dempster’s rule of combination
(DRC) to combine several evidences together with probable
reasoning. However, as identified in [8], [9], [10], [11],
Dempster’s rule of combination has several limitations, such
as treating evidences equally without differentiating each
evidence and considering priorities among them. To address
these limitations in MANET intrusion response scenario, we
introduce a new Dempster’s rule of combination with a
notion of importance factors (IF) in D-S evidence model.
In this paper, we propose a risk-aware response
mechanism to systematically cope with routing attacks in
MANET, proposing an adaptive time-wise isolation meth-
od. Our risk-aware approach is based on the extended
D-S evidence model. In order to evaluate our mechanism,
we perform a series of simulated experiments with a
250 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 9, NO. 2, MARCH/APRIL 2012
. The authors are with the Security Engineering for Future Computing
Laboratory, School of Computing, Informatics, and Decision Systems
Engineering, Ira A. Fulton Schools of Engineering, Arizona State
University (ASU), PO Box 878809, Tempe, AZ 85287-8809.
E-mail: {zmzhao, hxhu, gahn, ruoyu.wu}@asu.edu.
Manuscript received 21 Jan. 2011; revised 4 Sept. 2011; accepted 12 Sept.
2011; published online 30 Sept. 2011.
For information on obtaining reprints of this article, please send e-mail to:
tdsc@computer.org, and reference IEEECS Log Number TDSC-2011-01-0013.
Digital Object Identifier no. 10.1109/TDSC.2011.51.
1545-5971/12/$31.00 ß 2012 IEEE Published by the IEEE Computer Society
2. proactive MANET routing protocol, Optimized Link State
Routing Protocol (OLSR) [12]. In addition, we attempt to
demonstrate the effectiveness of our solution.
The major contributions of this paper are summarized
as follows:
. We formally propose an extended D-S evidence
model with importance factors and articulate ex-
pected properties for Dempster’s rule of combina-
tion with importance factors (DRCIF). Our Dempster’s
rule of combination with importance factors is
nonassociative and weighted, which has not been
addressed in the literature.
. We propose an adaptive risk-aware response me-
chanism with the extended D-S evidence model,
considering damages caused by both attacks and
countermeasures. The adaptiveness of our mechan-
ism allows us to systematically cope with MANET
routing attacks.
. We evaluate our response mechanism against
representative attack scenarios and experiments.
Our results clearly demonstrate the effectiveness
and scalability of our risk-aware approach.
The rest of this paper is organized as follows: Section 2
overviews a MANET routing protocol OLSR and routing
attacks against OLSR. Section 3 describes how our extended
D-S evidence model can be integrated with importance
factors. Section 4 presents the details of our risk-aware
response mechanism. The evaluations of our approach are
discussed in Section 5. Section 6 provides the related work
in MANET intrusion detection and response systems, also
reviews risk-aware approaches in different fields. Section 7
concludes this paper.
2 BACKGROUND
In this section, we overview the OLSR and routing attacks
on OLSR.
2.1 OLSR Protocol
The major task of the routing protocol is to discover the
topology to ensure that each node can acquire a recent map
of the network to construct routes to its destinations.
Several efficient routing protocols have been proposed for
MANET. These protocols generally fall into one of two
major categories: reactive routing protocols and proactive
routing protocols. In reactive routing protocols, such as Ad
hoc On Demand Distance Vector (AODV) protocol [13],
nodes find routes only when they must send data to the
destination node whose route is unknown. In contrast, in
proactive routing protocols, such as OLSR, nodes obtain
routes by periodic exchange of topology information with
other nodes and maintain route information all the time.
OLSR protocol is a variation of the pure Link-state
Routing (LSR) protocol and is designed specifically for
MANET. OLSR protocol achieves optimization over LSR
through the use of multipoint relay (MPR) to provide an
efficient flooding mechanism by reducing the number of
transmissions required. Unlike LSR, where every node
declares its links and forward messages for their neighbors,
only nodes selected as MPR nodes are responsible for
advertising, as well as forwarding an MPR selector list
advertised by other MPRs.
2.2 Routing Attack on OLSR
Based on the behavior of attackers, attacks against MANET
can be classified into passive or active attacks. Attacks can
be further categorized as either outsider or insider attacks.
With respect to the target, attacks could be also divided into
data packet or routing packet attacks. In routing packet
attacks, attackers could not only prevent existing paths
from being used, but also spoof nonexisting paths to lure
data packets to them. Several studies [14], [15], [16], [17]
have been carried out on modeling MANET routing
attacks. Typical routing attacks include black hole, fabrica-
tion, and modification of various fields in routing packets
(route request message, route reply message, route error
message, etc.). All these attacks could lead to serious
network dysfunctions.
In terms of attack vectors, a malicious node can disrupt
the routing mechanism in the following simple ways: first,
it changes the contents of a discovered route, modifies a
route reply message, and causes the packet to be dropped
as an invalid packet; then, it validates the route cache in
other nodes by advertising incorrect paths, and refuses to
participate in the route discovery process; and finally, it
modifies the contents of a data packet or the route via which
the data packet is supposed to travel or behave normally
during the route discovery process but is dropped.
In OLSR, any node can either modify the protocol
messages before forwarding them, or create false messages
or spoof an identity. Therefore, the attacker can abuse the
properties of the selection algorithm to be selected as MPR.
The worst case is the possible selection of the attacker as
the only MPR of a node. Or, the attackers can give wrong
information about the topology of a network (TC message)
in order to disturb the routing operation.
3 EXTENDED DEMPSTER-SHAFER THEORY OF
EVIDENCE
The Dempster-Shafer mathematical theory of evidence is
both a theory of evidence and a theory of probable
reasoning. The degree of belief models the evidence, while
Dempster’s rule of combination is the procedure to
aggregate and summarize a corpus of evidences. However,
previous research efforts identify several limitations of the
Dempster’s rule of combination
1. Associative. For DRC, the order of the information in
the aggregated evidences does not impact the result.
As shown in [10], a nonassociative combination rule
is necessary for many cases.
2. Nonweighted. DRC implies that we trust all evidences
equally [11]. However, in reality, our trust on
different evidences may differ. In other words, it
means we should consider various factors for each
evidence.
Yager [10] and Yamada and Kudo [18] proposed rules to
combine several evidences presented sequentially for the
first limitation. Wu et al. [11] suggested a weighted
combination rule to handle the second limitation. However,
ZHAO ET AL.: RISK-AWARE MITIGATION FOR MANET ROUTING ATTACKS 251
3. the weight for different evidences in their proposed rule is
ineffective and insufficient to differentiate and prioritize
different evidences in terms of security and criticality. Our
extended Dempster-Shafer theory with importance factors
can overcome both of the aforementioned limitations.
3.1 Importance Factors and Belief Function
In D-S theory, propositions are represented as subsets of a
given set. Suppose  is a finite set of states, and let 2Â
denote the set of all subsets of Â. D-S theory calls Â, a frame
of discernment. When a proposition corresponds to a subset
of a frame of discernment, it implies that a particular frame
discerns the proposition. First, we introduce a notion of
importance factors.
Definition 1. Importance factor (IF) is a positive real number
associated with the importance of evidence. IFs are derived
from historical observations or expert experiences.
Definition 2. An evidence E is a 2-tuple hm; IFi, where m
describes the basic probability assignment [5]. Basic prob-
ability assignment function m is defined as follows:
mðÞ ¼ 0 ð1Þ
and
X
AÂ
mðAÞ ¼ 1: ð2Þ
According to [5], a function Bel : 2Â
! ½0; 1Š is a belief
function over  if it is given by (3) for some basic
probability assignment m : 2Â
! ½0; 1Š
BelðAÞ ¼
X
BA
mðBÞ; ð3Þ
for all A 2 2Â
, BelðAÞ describes a measure of the total beliefs
committed to the evidence A.
Given several belief functions over the same frame of
discernment and based on distinct bodies of evidence,
Dempster’s rule of combination, which is given by (4),
enables us to compute the orthogonal sum, which describes
the combined evidence.
Suppose Bel1 and Bel2 are belief functions over the same
frame Â, with basic probability assignments m1 and m2.
Then, the function m : 2Â
! ½0; 1Š defined by mðÞ ¼ 0 and
mðCÞ ¼
P
AiBj¼C m1ðAiÞm2ðBjÞ
1 À
P
AiBj¼ m1ðAiÞm2ðBjÞ
; ð4Þ
for all nonempty C Â, mðCÞ is a basic probability
assignment which describes the combined evidence.
Suppose IF1 and IF2 are importance factors of two
independent evidences named E1 and E2, respectively. The
combination of these two evidences implies that our total
belief to these two evidences is 1, but in the same time, our
belief to either of these evidences is less than 1. This is
straightforward since if our belief to one evidence is 1, it
would mean our belief to the other is 0, which models a
meaningless evidence. And we define the importance
factors of the combination result equals to ðIF1 þ IF2Þ=2.
Definition 3. Extended D-S evidence model with importance
factors: Suppose E1 ¼ hm1; IF1i and E2 ¼ hm2; IF2i are two
independent evidences. Then, the combination of E1 and E2 is
E ¼ hm1 È m2; ðIF1 þ IF2Þ=2i, where È is Dempster’s rule
of combination with importance factors.
3.2 Expected Properties for Our Dempster’s Rule of
Combination with Importance Factors
The proposed rule of combination with importance factors
should be a superset of Dempster’s rule of combination. In
this section, we describe four properties that a candidate
Dempster’s rule of combination with importance factors
should follow. Properties 1 and 2 ensure that the combined
result is a valid evidence. Property 3 guarantees that the
original Dempster’s Rule of Combination is a special case of
Dempster’s Rule of Combination with importance factors,
where the combined evidences have the same priority.
Property 4 ensures that importance factors of the evidences
are also independent from each other.
Property 1. No belief ought to be committed to in the result of
our combination rule
m0
ðÞ ¼ 0: ð5Þ
Property 2. The total belief ought to be equal to 1 in the result of
our combination rule
X
AÂ
m0
ðAÞ ¼ 1: ð6Þ
Property 3. If the importance factors of each evidence are
equal, our Dempster’s rule of combination should be equal to
Dempster’s rule of combination without importance factors
m0
ðA; IF1; IF2Þ ¼ mðAÞ; if IF1 ¼ IF2 ð7Þ
for all A 2 Â, where mðAÞ is the original Dempster’s
Combination Rule.
Property 4. Importance factors of each evidence must not be
exchangeable
m0
ðA; IF1; IF2Þ 6¼ m0
ðA; IF2; IF1Þ if ðIF1 6¼ IF2Þ: ð8Þ
3.3 Dempster’s Rule of Combination with
Importance Factors
In this section, we propose a Dempster’s rule of combina-
tion with importance factors. We prove our combination rule
follows the properties defined in the previous section.
Theorem 1. Dempster’s Rule of Combination with Importance
Factors: Suppose Bel1 and Bel2 are belief functions over the
same frame of discernment Â, with basic probability assign-
ments m1 and m2. The importance factors of these evidences
are IF1 and IF2. Then, the function m0
: 2Â
! ½0; 1Š defined by
m0
ðÞ ¼ 0
and
m0
ðC; IF1; IF2Þ
¼
P
AiBj¼C m1ðAiÞ
IF1
IF2 Á m2ðBjÞ
IF2
IF1
h i
P
CÂ;C6¼
P
AiBj¼C m1ðAiÞ
IF1
IF2 Á m2ðBjÞ
IF2
IF1
h i ;
252 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 9, NO. 2, MARCH/APRIL 2012
4. for all nonempty C Â, m0
is a basic probability assignment
for the combined evidence.
Proof. It is obvious that our proposed DRCIF holds
Properties 1 and 4. We prove that our proposed
DRCIF also holds Properties 2 and 3 here.
Property 2.
X
AÂ
m0
ðA; IF1; IF2Þ
¼
X
AÂ;A6¼
P
AiBj¼A m1ðAiÞ
IF1
IF2 Á m2ðBjÞ
IF2
IF1
h i
P
AÂ;A6¼
P
AiBj¼A m1ðAiÞ
IF1
IF2 Á m2ðBjÞ
IF2
IF1
h i
¼
P
AÂ;A6¼
P
AiBj¼A m1ðAiÞ
IF1
IF2 Á m2ðBjÞ
IF2
IF1
h i
P
AÂ;A6¼
P
AiBj¼A m1ðAiÞ
IF1
IF2 Á m2ðBjÞ
IF2
IF1
h i
¼ 1:
Property 3.
m0
ðA; IF1; IF1Þ
¼
P
AiBj¼A m1ðAiÞ
IF1
IF1 Á m2ðBjÞ
IF1
IF1
h i
P
AÂ;A6¼
P
AiBj¼A m1ðAiÞ
IF1
IF1 Á m2ðBjÞ
IF1
IF1
h i
¼
P
AiBj¼A½m1ðAiÞ Á m2ðBjÞŠ
P
AÂ;A6¼
P
AiBj¼A½m1ðAiÞ Á m2ðBjÞŠ
¼
P
AiBj¼A m1ðAiÞm2ðBjÞ
1 À
P
AiBj¼ m1ðAiÞm2ðBjÞ
¼ mðAÞ:
ut
Our proposed DRCIF is nonassociative for multiple
evidences. Therefore, for the case in which sequential
information is not available for some instances, it is
necessary to make the result of combination consistent
with multiple evidences. Our combination algorithm sup-
ports this requirement and the complexity of our algorithm
is OðnÞ, where n is the number of evidences. It indicates that
our extended Dempster-Shafer theory demands no extra
computational cost compared to a naı¨ve fuzzy-based
method. The algorithm for combination of multiple evi-
dences is constructed as follows:
Algorithm 1. MUL-EDS-CMB
INPUT: Evidence pool Ep
OUTPUT: One evidence
1 jEpj ¼ sizeof(Ep);
2 While jEpj 1 do
3 Pick two evidences with the least IF in Ep,
named E1 and E2;
4 Combine these two evidences,
E ¼ hm1 È m2; ðIF1 þ IF2Þ=2i;
5 Remove E1 and E2 from Ep;
6 Add E to Ep;
7 end
8 return the evidence in Ep
4 RISK-AWARE RESPONSE MECHANISM
In this section, we articulate an adaptive risk-aware
response mechanism based on quantitative risk estimation
and risk tolerance. Instead of applying simple binary
isolation of malicious nodes, our approach adopts an
isolation mechanism in a temporal manner based on the
risk value. We perform risk assessment with the extended
D-S evidence theory introduced in Section 3 for both
attacks and corresponding countermeasures to make more
accurate response decisions illustrated in Fig. 1.
4.1 Overview
Because of the infrastructure-less architecture of MANET,
our risk-aware response system is distributed, which
means each node in this system makes its own response
decisions based on the evidences and its own individual
benefits. Therefore, some nodes in MANET may isolate
the malicious node, but others may still keep in coopera-
tion with due to high dependency relationships. Our risk-
aware response mechanism is divided into the following
four steps shown in Fig. 1.
Evidence collection. In this step, Intrusion Detection
System (IDS) gives an attack alert with a confidence value,
and then Routing Table Change Detector (RTCD) runs to
figure out how many changes on routing table are caused
by the attack.
Risk assessment. Alert confidence from IDS and the routing
table changing information would be further considered as
independent evidences for risk calculation and combined
with the extended D-S theory. Risk of countermeasures is
calculated as well during a risk assessment phase. Based on
the risk of attacks and the risk of countermeasures, the entire
risk of an attack could be figured out.
Decision making. The adaptive decision module provides
a flexible response decision-making mechanism, which
takes risk estimation and risk tolerance into account. To
adjust temporary isolation level, a user can set different
thresholds to fulfill her goal.
ZHAO ET AL.: RISK-AWARE MITIGATION FOR MANET ROUTING ATTACKS 253
Fig. 1. Risk-aware response mechanism.
5. Intrusion response. With the output from risk assessment
and decision-making module, the corresponding response
actions, including routing table recovery and node isola-
tion, are carried out to mitigate attack damages in a
distributed manner.
4.2 Response to Routing Attacks
In our approach, we use two different responses to deal
with different attack methods: routing table recovery and
node isolation.
Routing table recovery includes local routing table
recovery and global routing recovery. Local routing
recovery is performed by victim nodes that detect the
attack and automatically recover its own routing table.
Global routing recovery involves with sending recovered
routing messages by victim nodes and updating their
routing table based on corrected routing information in real
time by other nodes in MANET.
Routing table recovery is an indispensable response and
should serve as the first response method after successful
detection of attacks. In proactive routing protocols like
OLSR, routing table recovery does not bring any additional
overhead since it periodically goes with routing control
messages. Also, as long as the detection of attack is positive,
this response causes no negative impacts on existing
routing operations.
Node isolation may be the most intuitive way to prevent
further attacks from being launched by malicious nodes
in MANET. To perform a node isolation response, the
neighbors of the malicious node ignore the malicious node
by neither forwarding packets through it nor accepting any
packets from it. On the other hand, a binary node isolation
response may result in negative impacts to the routing
operations, even bringing more routing damages than the
attack itself.
For example, in Fig. 2, Node 1 behaves like a malicious
node. However, if every other node simply isolate Node 1,
Node 6 will be disconnected from the network. Therefore,
more flexible and fine-grained node isolation mechanism are
required. In our risk-aware response mechanism, we adopt
two types of time-wise isolation responses: temporary isolation
and permanent isolation, which are discussed in Section 4.4.
4.3 Risk Assessment
Since the attack response actions may cause more damages
than attacks, the risks of both attack and response should be
estimated. We classify the security states of MANET into two
categories: {Secure, Insecure}. In other words, the frame of
discernment would be {, {Secure}, {Insecure}, {Secure,
Insecure}}. Note that {Secure, Insecure} means the security
state of MANET could be either secure or insecure, which
describes the uncertainty of the security state. BelfInsecureg
is used to represent the risk of MANET.
4.3.1 Selection of Evidences
Our evidence selection approach considers subjective
evidence from experts’ knowledge and objective evidence
from routing table modification. We propose a unified
analysis approach for evaluating the risks of both attack
ðRiskAÞ and countermeasure ðRiskCÞ.
We take the confidence level of alerts from IDS as the
subjective knowledge in Evidence 1. In terms of objective
evidence, we analyze different routing table modification
cases. There are three basic items in OLSR routing table
(destination, next hop, distance). Thus, routing attack can
cause existing routing table entries to be missed, or any item
of a routing table entry to be changed. We illustrate the
possible cases of routing table change and analyze the
degrees of damage in Evidences 2 through 5.
Evidence 1: Alert confidence. The confidence of attack
detection by the IDS is provided to address the possibility of
the attack occurrence. Since the false alarm is a serious
problem for most IDSs, the confidence factor must be
considered for the risk assessment of the attack. The basic
probability assignments of Evidence 1 are based on three
equations given below:
mðInsecureÞ ¼ c; c is confidence given by IDS ð9Þ
mðSecureÞ ¼ 1 À c ð10Þ
mðSecure; InsecureÞ ¼ 0: ð11Þ
Evidence 2: Missing entry. This evidence indicates the
proportion of missing entries in routing table. Link with-
holding attack or node isolation countermeasure can cause
possible deletion of entries from routing table of the node.
Evidence 3: Changing entry I. This evidence represents the
proportion of changing entries in the case of next hop being
the malicious node. In this case, the malicious node builds a
direct link to this node. So, it is highly possible for this node
to be the attacker’s target. Malicious node could drop all the
packages to or from the target node, or it can behave as a
normal node and wait for future attack actions. Note that
isolating a malicious node cannot trigger this case.
Evidence 4: Changing entry II. This evidence shows the
proportion of changed entries in the case of different next hop
(not the malicious node) and the same distance. We believe the
impacts on the node communication should be very
minimal in this case. Both attacks and countermeasures
could cause this case.
Evidence 5: Changing entry III. This evidence points out
the proportion of changing entries in the case of different
next hop (not the malicious node) and the different distance.
Similar to Evidence 4, both attacks and countermeasures
could result in this evidence. The path change may also
affect routing cost and transmission delay of the network.
254 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 9, NO. 2, MARCH/APRIL 2012
Fig. 2. Example scenario.
6. Basic probability assignments of Evidences 2 to 5 are
based on (12-14). Equations (12-14) are piecewise linear
functions, where a, b, c, and d are constants and determined
by experts. d is the minimum value of the belief that implies
the status of MANET is insecure. On the other hand, 1-d is
the maximum value of the belief that means the status of
MANET is secure. a, b, and c are the thresholds for
minimum belief or maximum belief for each respective
mass function
mðInsecureÞ ¼
d x 2 ½0; aŠ
ð1À2d
cÀa Þðx À aÞ x 2 ða; cŠ
1 À d x 2 ðc; 1Š;
8
:
ð12Þ
mðSecureÞ ¼
1 À d þ ð2dÀ1
b Þx x 2 ½0; bŠ
d x 2 ðb; 1Š;
ð13Þ
mðSecure; InsecureÞ ¼
1À2d
b x x 2 ½0; aŠ
d À 2dÀ1
b x À
ð1À2d
cÀa Þðx À aÞ x 2 ða; bŠ
1 À b À
ð1À2d
cÀa Þðx À aÞ x 2 ðb; cŠ
0 x 2 ðc; 1Š:
8
:
ð14Þ
4.3.2 Combination of Evidences
For simplicity, we call the combined evidence for an attack,
EA and the combined evidence for a countermeasure, EC.
Thus, BelAðInsecureÞ and BelCðInsecureÞ represent risks of
attack (RiskA) and countermeasure (RiskC), respectively.
The combined evidences, EA and EC are defined in (15) and
(16). The entire risk value derived from RiskA and RiskC is
given in (17)
EA ¼ E1 È E2 È E3 È E4 È E5; ð15Þ
EC ¼ E2 È E4 È E5; ð16Þ
where È is Dempster’s rule of combination with important
factors defined in Theorem 1
Risk ¼ RiskA À RiskC ¼ BelAðInsecureÞ À BelCðInsecureÞ:
ð17Þ
4.4 Adaptive Decision Making
Our adaptive decision-making module is based on quanti-
tative risk estimation and risk tolerance, which is shown in
Fig. 3. The response level is additionally divided into
multiple bands. Each band is associated with an isolation
degree, which presents a different time period of the
isolation action. The response action and band boundaries
are all determined in accordance with risk tolerance and can
be changed when risk tolerance threshold changes. The
upper risk tolerance threshold (UT) would be associated
with permanent isolation response. The lower risk tolerance
threshold (LT) would remain each node intact. The band
between the upper tolerance threshold and lower tolerance
threshold is associated with the temporary isolation
response, in which the isolation time (T) changes dynami-
cally based on the different response level given by (18) and
(19), where n is the number of bands and i is the
corresponding isolation band
i ¼
Risk À LT
UT À LT
 n
; Risk 2 ðLT; UTÞ; ð18Þ
T ¼ 100 Â i ðmillisecondsÞ: ð19Þ
We recommend the value of lower risk tolerance thresh-
old be 0 initially if no additional information is available. It
implies when the risk of attack is greater than the risk of
isolation response, the isolation is needed. If other informa-
tion is available, it could be used to adjust thresholds. For
example, node reputation is one of important factors in
MANET security, our adaptive decision-making module
could take this factor into account as well. That is, if the
compromised node has a high or low reputation level,
the response module can intuitively adjust the risk tolerance
thresholds accordingly. In the case that LT is less than 0,
even if the risk of attack is not greater than the risk of
isolation, the response could also perform an isolation task
to the malicious nodes.
The risk tolerance thresholds could also be dynamically
adjusted by another factors, such as attack frequency. If the
attack frequency is high, more severe response action
should be taken to counter this attack. Our risk-aware
response module could achieve this objective by reducing
the values of risk tolerance threshold and narrowing the
range between two risk tolerance thresholds.
5 CASE STUDY AND EVALUATION
In this section, we first explain the methodology of our
experiments and the metrics considered to evaluate the
effectiveness of our approach. Then, we demonstrate the
detailed process of our solution with a case study and also
compare our risk-aware approach with binary isolation. In
addition, we evaluate our solution with five random network
topologies considering different size of nodes. The results
show the effectiveness and scalability of our approach.
5.1 Methodology and Metrics
The experiments were carried out using NS-2 as the
simulation tool from VINT Project [19] with UM-OLSR
[20]. NS-2 is a discrete event network simulator which
provides a detailed model of the physical and link layer
behavior of a wireless network and allows arbitrary
movement of nodes within the network. UM-OLSR is an
ZHAO ET AL.: RISK-AWARE MITIGATION FOR MANET ROUTING ATTACKS 255
Fig. 3. Adaptive decision making.
7. implementation of Optimized Link State Routing protocol
for the NS-2, which complies with [12] and supports all core
functionalities of OLSR plus the link-layer feedback option.
In our experiments, we constructed MANET scenarios in a
topology of 1;000 m  1;000 m area. The total simulation
time was set to 1,200 seconds, and the bandwidth was set to
2 Mbps. Constant Bit Rate (CBR) traffic was used to send
512 byte-UDP packets between nodes. The queuing capacity
of every node was set to 15. We adopted a random traffic
generator in the simulation that chose random pairs of
nodes and sent packets between them. Every node kept
track of all packets sent by itself and the entire packet
received from other nodes in the network.
In order to evaluate the effectiveness of our adaptive
risk-aware response solution, we divided the simulation
process into three stages and compared the network
performance in terms of six metrics. The following de-
scribes the activities associated with each stage:
Stage 1—Before attack. Random packets were generated
and transmitted among nodes without activating any of
them as attackers. This simulation can present the traffic
patterns under the normal circumstance.
Stage 2—After attack. Specific nodes were set as attackers
which conducted malicious activities for their own profits.
However, any detection or response is not available in
this stage. This simulation process can present the traffic
patterns under the circumstance with malicious activities.
Stage 3—After response. Response decisions for each node
were made and carried out based on three different
mechanisms.
We computed six metrics [21] for each simulation run:
. Packet delivery radio. The ratio between the number of
packets originated by the application layer CBR
sources and the number of packets received by the
CBR sink at the final destination.
. Routing cost. The ratio between the total bytes of
routing packets transmitted during the simulation
and the total bytes of packets received by the CBR
sink at the final destination.
. Packet overhead. The number of transmitted routing
packets; for example, a HELLO or TC message sent
over four hops would be counted as four packets in
this metric.
. Byte overhead. The number of transmitted bytes by
routing packets, counting each hop similar to
Packet Overhead.
. Mean latency. The average time elapsed from “when
a data packet is first sent” to “when it is first
received at its destination.”
. Average path length. This is the average length of the
paths discovered by OLSR. It was calculated by
averaging the number of hops taken by each data
packet to reach the destination.
5.2 Case Study
Fig. 2 shows our case study scenario, where packets from
Nodes 5 to 0 are supposed to go through Nodes 2 and 4.
Suppose a malicious Node 1 advertises it has a direct link
(fake link) to Node 0 and it would cause every node to
update its own routing table accordingly. As a result, the
packets from Nodes 5 to 0 traverse Node 1 rather than
Nodes 2 and 4. Hence, Node 1 can drop and manipulate
the traffic between Nodes 5 and 0. We assume, as Node 1’s
one-hop neighbors, both Node 0, Node 4, and Node 6 get
the intrusion alerts with 80 percent confidence from their
respective IDS modules. Figs. 4a, 4b 4c show the routing
tables of Nodes 0, 4, and 6 before the attack, after the
attack and after the isolation, respectively. We set a ¼ 0:2,
b ¼ 0:7, c ¼ 0:8, d ¼ 0:05, IF1 ¼ 5, IF2 ¼ 7, IF3 ¼ 10,
IF4 ¼ 3, IF5 ¼ 3, LT ¼ À0:0017, UT ¼ 1, and n ¼ 5 in
our experiments.
We examine binary isolation approach, risk-aware
approach with DRC, and risk-aware approach with DRCIF
to calculate the response decisions for Nodes 0, 4, and 6.
As shown in Table 1, binary isolation suggests all nodes to
isolate the malicious one since it does not take counter-
measure risk into account. With our risk-aware response
mechanism based on our extended D-S theory, Node 1
should be isolated only by Node 0 while the original D-S
theory would suggest that both Nodes 0 and 4 isolate
Node 1.
In Fig. 5a, due to routing attacks, the packet delivery
ratio decreases in Stage 2. After performing binary isolation
and DRC risk-aware response in Stage 3, the packet delivery
ratio even decreases more. This is because these two
256 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 9, NO. 2, MARCH/APRIL 2012
Fig. 4. Routing tables.
TABLE 1
Risk Assessment and Decision Making
8. response mechanisms largely destroy the topology of
network. However, the packet delivery ratio using our
DRCIF risk-aware response in Stage 3 is higher than those of
the former two response mechanisms.
In Fig. 5b, the routing attacks increase the routing cost in
Stage 2. Rather than recovering the routing cost in Stage 3,
binary isolation and DRC risk-aware responses increase the
routing cost. DRCIF risk-aware response, however, de-
creases the routing cost. Compared with other two response
mechanisms, it indicates that our DRCIF risk-aware
response effectively handles the attack.
Figs. 5c and 5d show the packet and byte overhead,
respectively. Since the routing attacks do not change the
network topology further in the given case, the packet
overhead and byte overhead remain almost the same in
Stage 2. In Stage 3, however, they are higher when our DRCIF
risk-aware response mechanism is applied. This result meet
our expectation, because the number of nodes which isolate
malicious node using binary isolation and DRC risk-aware
response are greater than those of our DRCIF risk-aware
response mechanism. As shown in Table 1, the number of
isolated nodes for each mechanism varies.
In Fig. 5e, as a consequence of the routing attacks, the
mean latency increases in Stage 2. After response, we notice
the mean latencies in Stage 3 for three different response
mechanisms have approximately the same results.
In Fig. 5f, the average path length decreases in Stage 2
due to the malicious action claiming a shorter path
performed by Node 1. After response, the average path
length using binary isolation is higher than those of the
other two response mechanisms because more nodes
isolated the malicious node based on the nature of binary
isolation. Hence, some packets may be retransmitted by
more hops than before.
5.3 Evaluation with Random Network Topologies
In order to test the effectiveness and scalability of our
solution, we evaluated our risk-aware approach with
DRCIF on five random network topologies. These five
topologies have 10, 20, 30, 40, and 50 nodes respectively.
Fig. 6 shows the performance results in these random
network topologies of our risk-aware approach with
DRCIF, risk-aware approach with DRC and binary isolation
approach. In Fig. 6a, as the number of nodes increases, the
packet delivery ratio also increases because there are more
route choices for the packet transmission. Among these
three response mechanisms, we also notice the packets
delivery ratio of our DRCIF risk-aware response is higher
than those of the other two approaches.
In Fig. 6b, we can observe that the routing cost of our
DRCIF risk-aware response is lower than those of the other
two approaches. Note that the fluctuations of routing cost
shown in Fig. 6b are caused by the random traffic
generation and random placement of nodes in our realistic
simulation.
In our DRCIF risk-aware response, the number of nodes
which isolate the malicious node is less than the other two
response mechanisms. As shown in Figs. 6c and 6d, that’s
the reason why we can also notice that as the number of
nodes increases, the packet overhead and the byte overhead
using our DRCIF risk-aware response are slightly higher
than those of the other two response mechanisms.
In Fig. 6e, the mean latency using our DRCIF risk-aware
response is higher than those of the other two response
mechanisms, when the number of nodes is smaller than 20.
However, when the number of nodes is greater than 20, the
mean latency using our approach is less than those of the
other two response mechanisms.
ZHAO ET AL.: RISK-AWARE MITIGATION FOR MANET ROUTING ATTACKS 257
Fig. 5. Performance results in three stages comparing DRCIF with binary isolation and DRC.
9. 6 RELATED WORK
Intrusion detection and response in MANET. Some
research efforts have been made to seek preventive
solutions [21], [22], [23], [24] for protecting the routing
protocols in MANET. Although these approaches can
prevent unauthorized nodes from joining the network, they
introduce a significant overhead for key exchange and
verification with the limited intrusion elimination. Besides,
prevention-based techniques are less helpful to cope with
malicious insiders who possess the legitimate credentials to
communicate in the network.
Numerous IDSs for MANET have been recently intro-
duced. Due to the nature of MANET, most IDS are
structured to be distributed and have a cooperative
architecture. Similar to signatured-based and anomaly-
based IDS models for the wired network, IDSs for MANET
use specification-based or statistics-based approaches.
Specification-based approaches, such as DEMEM [25] and
[26], [27], [28], monitor network activities and compare
them with known attack features, which are impractical to
cope with new attacks. On the other hand, statistics-based
approaches, such as Watchdog [29], and [30], compare
network activities with normal behavior patterns, which
result in higher false positives rate than specification-based
ones. Because of the existence of false positives in both
MANET IDS models, intrusion alerts from these systems
always accompany with alert confidence, which indicates
the possibility of attack occurrence.
Intrusion response system (IRS) [31] for MANET is
inspired by MANET IDS. In [1] and [2], malicious nodes are
isolated based on their reputations. Their work fails to take
advantage of IDS alerts and simple isolation may cause
unexpected network partition. Wang et al. [4] brought the
concept of cost-sensitive intrusion response which consid-
ers topology dependency and attack damage. The advan-
tage of our solution is to integrate evidences from IDS, local
routing table with expert knowledge, and countermeasures
with a mathematical reasoning approach.
Risk-aware approaches. When it comes to make re-
sponse decisions [32], [33], there always exists inherent
uncertainty which leads to unpredictable risk, especially in
security and intelligence arena. Risk-aware approaches are
introduced to tackle this problem by balancing action
benefits and damage trade-offs in a quantified way. Cheng
et al. [3] presented a fuzzy logic control model for adaptive
risk-based access control. Teo et al. [34] applied dynamic
risk-aware mechanism to determine whether an access to
the network should be denied or permitted.
However, risk assessment is still a nontrivial challenging
problem due to its involvements of subjective knowledge,
objective evidence, and logical reasoning. Wang et al. [4]
proposed a naı¨ve fuzzy cost-sensitive intrusion response
solution for MANET. Their cost model took subjective
knowledge and objective evidence into account but omitted
a seamless combination of two properties with logical
reasoning. Mu et al. [7] adopted Dempster-Shafer theory to
measure the risk of attacks and responses. However, as
identified in [8], their model with Dempster’s rule treats
evidences equally without differentiating them from each
other. To address this limitation, we propose a new
Dempster’s rule of combination with a notion of importance
factors in D-S evidence model.
258 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 9, NO. 2, MARCH/APRIL 2012
Fig. 6. Performance results in five random topologies comparing DRCIF with binary isolation and DRC.
10. 7 CONCLUSION
We have proposed a risk-aware response solution for
mitigating MANET routing attacks. Especially, our approach
considered the potential damages of attacks and counter-
measures. In order to measure the risk of both attacks and
countermeasures, we extended Dempster-Shafer theory of
evidence with a notion of importance factors. Based on several
metrics, we also investigated the performance and practi-
cality of our approach and the experiment results clearly
demonstrated the effectiveness and scalability of our risk-
aware approach. Based on the promising results obtained
through these experiments, we would further seek more
systematic way to accommodate node reputation and attack
frequency in our adaptive decision model.
ACKNOWLEDGMENTS
This work was partially supported by the grants from the US
National Science Foundation (NSF-IIS-0900970 and NSF-
CNS-0831360) and the US Department of Energy (DOE) (DE-
SC0004308). All correspondence should be addressed to:
Dr. Gail-Joon Ahn, ASU, PO Box 878809, Tempe, AZ 85287.
REFERENCES
[1] Y. Sun, W. Yu, Z. Han, and K. Liu, “Information Theoretic
Framework of Trust Modeling and Evaluation for Ad Hoc
Networks,” IEEE J. Selected Areas in Comm., vol. 24, no. 2,
pp. 305-317, Feb. 2006.
[2] M. Refaei, L. DaSilva, M. Eltoweissy, and T. Nadeem, “Adaptation
of Reputation Management Systems to Dynamic Network Condi-
tions in Ad Hoc Networks,” IEEE Trans. Computers, vol. 59, no. 5,
pp. 707-719, May 2010.
[3] P. Cheng, P. Rohatgi, C. Keser, P. Karger, G. Wagner, and A.
Reninger, “Fuzzy Multi-Level Security: An Experiment on
Quantified Risk-Adaptive Access Control,” Proc. 28th IEEE Symp.
Security and Privacy, 2007.
[4] S. Wang, C. Tseng, K. Levitt, and M. Bishop, “Cost-Sensitive
Intrusion Responses for Mobile Ad Hoc Networks,” Proc. 10th Int’l
Symp. Recent Advances in Intrusion Detection (RAID ’07), pp. 127-
145, 2007.
[5] G. Shafer, A Mathematical Theory of Evidence. Princeton Univ., 1976.
[6] L. Sun, R. Srivastava, and T. Mock, “An Information Systems
Security Risk Assessment Model under the Dempster-Shafer
Theory of Belief Functions,” J. Management Information Systems,
vol. 22, no. 4, pp. 109-142, 2006.
[7] C. Mu, X. Li, H. Huang, and S. Tian, “Online Risk Assessment of
Intrusion Scenarios Using D-S Evidence Theory,” Proc. 13th
European Symp. Research in Computer Security (ESORICS ’08),
pp. 35-48, 2008.
[8] K. Sentz and S. Ferson, “Combination of Evidence in Dempster-
Shafer Theory,” technical report, Sandia Nat’l Laboratories, 2002.
[9] L. Zadeh, “Review of a Mathematical Theory of Evidence,” AI
Magazine, vol. 5, no. 3, p. 81, 1984.
[10] R. Yager, “On the Dempster-Shafer Framework and New
Combination RulesÃ
1,” Information Sciences, vol. 41, no. 2, pp. 93-
137, 1987.
[11] H. Wu, M. Siegel, R. Stiefelhagen, and J. Yang, “Sensor Fusion
Using Dempster-Shafer Theory,” Proc. IEEE Instrumentation and
Measurement Technology Conf., vol. 1, pp. 7-12, 2002.
[12] T. Clausen and P. Jacquet, “Optimized Link State Routing
Protocol,” Network Working Group, 2003.
[13] C. Perkins, E. Belding-Royer, and S. Das, “Ad Hoc On-Demand
Distance Vector Routing,” Mobile Ad-Hoc Network Working Group,
vol. 3561, 2003.
[14] H. Deng, W. Li, and D. Agrawal, “Routing Security in Wireless
Ad Hoc Networks,” IEEE Comm. Magazine, vol. 40, no. 10, pp. 70-
75, Oct. 2002.
[15] Y. Hu and A. Perrig, “A Survey of Secure Wireless Ad Hoc
Routing,” IEEE Security and Privacy Magazine, vol. 2, no. 3, pp. 28-
39, May/June 2004.
[16] B. Kannhavong, H. Nakayama, Y. Nemoto, N. Kato, and A.
Jamalipour, “A Survey of Routing Attacks in Mobile Ad Hoc
Networks,” IEEE Wireless Comm. Magazine, vol. 14, no. 5, pp. 85-
91, Oct. 2007.
[17] C. Karlof and D. Wagner, “Secure Routing in Wireless Sensor
Networks: Attacks and Countermeasures,” Ad Hoc Networks,
vol. 1, nos. 2/3, pp. 293-315, 2003.
[18] M. Yamada and M. Kudo, “Combination of Weak Evidences by
D-S Theory for Person Recognition,” Knowledge-Based Intelligent
Information and Engineering Systems, pp. 1065-1071, Springer, 2004.
[19] K. Fall and K. Varadhan, “The NS Manual,” 2010.
[20] F. Ros, “UM-OLSR Implementation (version 0.8.8) for NS2,” 2007.
[21] Y. Hu, A. Perrig, and D. Johnson, “Ariadne: A Secure On-Demand
Routing Protocol for Ad Hoc Networks,” Wireless Networks,
vol. 11, no. 1, pp. 21-38, 2005.
[22] B. Levine, C. Shields, and E. Belding-Royer, “A Secure Routing
Protocol for Ad Hoc Networks,” Proc. 10th IEEE Int’l Conf. Network
Protocols (ICNP ’02), pp. 78-88, 2002.
[23] Y. Hu, D. Johnson, and A. Perrig, “SEAD: Secure Efficient
Distance Vector Routing for Mobile Wireless Ad Hoc Networks,”
Ad Hoc Networks, vol. 1, no. 1, pp. 175-192, 2003.
[24] B. Awerbuch, R. Curtmola, D. Holmer, C. Nita-Rotaru, and H.
Rubens, “ODSBR: An On-Demand Secure Byzantine Resilient
Routing Protocol for Wireless Ad Hoc Networks,” ACM Trans.
Information and System Security, vol. 10, no. 4, pp. 1-35, 2008.
[25] C. Tseng, S. Wang, C. Ko, and K. Levitt, “DEMEM: Distributed
Evidence-Driven Message Exchange Intrusion Detection Model
for Manet,” Proc. Ninth Int’l Symp. Recent Advances in Intrusion
Detection (RAID ’06), pp. 249-271, 2006.
[26] C. Tseng, T. Song, P. Balasubramanyam, C. Ko, and K. Levitt, “A
Specification-Based Intrusion Detection Model for OLSR,” Proc.
Ninth Int’l Symp. Recent Advances in Intrusion Detection (RAID ’06),
pp. 330-350, 2006.
[27] N. Mohammed, H. Otrok, L. Wang, M. Debbabi, and P.
Bhattacharya, “Mechanism Design-Based Secure Leader Election
Model for Intrusion Detection in MANET,” IEEE Trans. Dependable
and Secure Computing, vol. 8, no. 1, pp. 89-103, Jan./Feb. 2011.
[28] J. Felix, C. Joseph, B.-S. Lee, A. Das, and B. Seet, “Cross-Layer
Detection of Sinking Behavior in Wireless Ad Hoc Networks
Using SVM and FDA,” IEEE Trans. Dependable and Secure
Computing, vol. 8, no. 2, pp. 233-245, Mar./Apr. 2011.
[29] S. Marti, T. Giuli, K. Lai, and M. Baker, “Mitigating Routing
Misbehavior in Mobile Ad Hoc Networks,” Proc. ACM MobiCom,
pp. 255-265, 2000.
[30] S. Kurosawa, H. Nakayama, N. Kato, and A. Jamalipour,
“Detecting Blackhole Attack on AODV-Based Mobile Ad Hoc
Networks by Dynamic Learning Method,” Int’l J. Network Security,
vol. 105, no. 627, pp. 65-68, 2006.
[31] Y. Hu, A. Perrig, and D. Johnson, “Packet Leashes: A Defense
against Wormhole Attacks in Wireless Networks,” Proc. IEEE
INFOCOM, vol. 3, pp. 1976-1986, 2004.
[32] T. Toth and C. Kruegel, “Evaluating the Impact of Automated
Intrusion Response Mechanisms,” Proc. 18th Ann. Computer
Security Applications Conf. (ACSAC ’02), pp. 9-13, 2002.
[33] C. Strasburg, N. Stakhanova, S. Basu, and J. Wong, “Intrusion
Response Cost Assessment Methodology,” Proc. Fourth ACM
Symp. Information, Computer, and Comm. Security (ASIACCS ’09),
pp. 388-391, 2009.
[34] L. Teo, G. Ahn, and Y. Zheng, “Dynamic and Risk-Aware
Network Access Management,” Proc. Eighth ACM Symp. Access
Control Models and Technologies (SACMAT ’03), pp. 217-230, 2003.
Ziming Zhao received the BE and MS degrees
from the Beijing University of Posts and Tele-
communications, China, in 2006 and 2009,
respectively. He is currently working toward the
PhD degree in the School of Computing, Infor-
matics, and Decision Systems Engineering, Ira
A. Fulton School of Engineering, Arizona State
University, Tempe. He is also a member of the
Security Engineering for Future Computing La-
boratory, Arizona State University. His research
interests include malicious code analysis, web and browser security, and
wireless system security. He is a student member of the IEEE.
ZHAO ET AL.: RISK-AWARE MITIGATION FOR MANET ROUTING ATTACKS 259
11. Hongxin Hu is currently working toward the PhD
degree in the School of Computing, Informatics,
and Decision Systems Engineering, Ira A. Fulton
School of Engineering, Arizona State University,
Tempe. He is also a member of the Security
Engineering for Future Computing Laboratory,
Arizona State University. His current research
interests include access control models and
mechanisms, security in social network and
cloud computing, network and distributed sys-
tem security, and secure software engineering. He is a student member
of the IEEE.
Gail-Joon Ahn received the PhD degree in
information technology from George Mason
University, Fairfax, Virginia, in 2000. He is an
associate professor in the School of Computing,
Informatics, and Decision Systems Engineering,
Ira A. Fulton School of Engineering and the
Director of Security Engineering for Future
Computing Laboratory at Arizona State Univer-
sity. His research interests include information
and systems security, vulnerability and risk
management, access control, and security architecture for distributed
systems, which has been supported by the US National Science
Foundation, US National Security Agency, US Department of Defense,
US Department of Energy, Bank of America, Hewlett Packard, Microsoft,
and Robert Wood Johnson Foundation. He is a recipient of the US
Department of Energy CAREER Award and the Educator of the Year
Award from the Federal Information Systems Security Educators
Association. He was an associate professor at the College of Computing
and Informatics and the founding director of the Center for Digital Identity
and Cyber Defense Research and Laboratory of Information Integration,
Security, and Privacy, University of North Carolina, Charlotte. He is a
senior member of the IEEE and the IEEE Computer Society.
Ruoyu Wu is currently working toward the PhD
degree in the School of Computing, Informatics,
and Decision Systems Engineering, Ira A. Fulton
School of Engineering, Arizona State University,
Tempe. He is also a member of the Security
Engineering for Future Computing Laboratory,
Arizona State University. His current research
interests include access control models and
mechanisms, security and privacy in cloud
computing, and especially the health cloud
domain. He is a student member of the IEEE.
. For more information on this or any other computing topic,
please visit our Digital Library at www.computer.org/publications/dlib.
260 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 9, NO. 2, MARCH/APRIL 2012