This document proposes algorithms to detect wormhole attacks in wireless network coding systems. It first discusses how wormhole attacks can severely impact network coding protocols by disrupting routing and introducing unfair workload distributions. It then presents a centralized algorithm that uses a central node to detect wormholes by measuring changes in expected transmission counts. For distributed systems without a central node, it proposes DAWN, a distributed algorithm that examines the order nodes receive innovative packets and their expected transmission counts to detect wormholes. The algorithms aim to detect wormholes using only local information available from regular network coding protocols to keep overhead low. Extensive testing validated the effectiveness and efficiency of the proposed approaches.
Ki-Tech Solutions IEEE PROJECTS DEVELOPMENTS WE OFFER IEEE PROJECTS MCA FINAL YEAR STUDENT PROJECTS, ENGINEERING PROJECTS AND TRAINING, PHP PROJECTS, JAVA AND J2EE PROJECTS, ASP.NET PROJECTS, NS2 PROJECTS, MATLAB PROJECTS AND IPT TRAINING IN RAJAPALAYAM, VIRUDHUNAGAR DISTRICTS, AND TAMILNADU. Mail to: kitechsolutions.in@gmail.com
NetSim Webinar on Network Attacks and DetectionDESHPANDE M
Webinar Contents:
Why use a Network Simulator
Introduction to NetSim
Introduction to Sinkhole Attack : Attack scenario in MANET using NetSim
Intrusion Detection System: Detection mechanism in MANET using NetSim
Analyzing Metrics
Areas of R & D in MANET
Q & A
MANETs have unique characteristics like dynamic topology, wireless radio medium, limited resources and lack of centralized administration; as a result, they are vulnerable to different types of attacks in different layers of protocol stack. wormhole attack detection in wireless sensor networks
Black hole Attack Avoidance Protocol for wireless Ad-Hoc networksijsrd.com
A Mobile Ad-Hoc Network is a collection of mobile nodes or a temporary network set up by wireless mobile nodes moving arbitrary in the places that have no network infrastructure in such a manner that the interconnections between nodes are capable of changing on continual basis. Thus the nodes find a path to the destination node using routing protocols. However, due to security vulnerabilities of the routing protocols, wireless ad-hoc networks are unprotected to attacks of the malicious nodes. Various attacks and one of those attacks is the Black Hole Attack against network integrity absorbing all data packets in the network. Since the data packets do not reach the destination node on account of this attack, data loss will occur. Therefore, it is a severe attack that can be easily employed against routing in mobile ad hoc networks. There are lots of detection and defense mechanisms to eliminate the intruder that carry out the black hole attack. . Virtual Infrastructure achieves reliable transmission in Mobile Ad Hoc Network. Black Hole Attack is the major problem to affect the Virtual Infrastructure. In this paper, approach on analyzing and improving the security of AODV, which is one of the popular routing protocols for MANET. Our aim is to ensuring the avoidance against Black hole attack.
Ki-Tech Solutions IEEE PROJECTS DEVELOPMENTS WE OFFER IEEE PROJECTS MCA FINAL YEAR STUDENT PROJECTS, ENGINEERING PROJECTS AND TRAINING, PHP PROJECTS, JAVA AND J2EE PROJECTS, ASP.NET PROJECTS, NS2 PROJECTS, MATLAB PROJECTS AND IPT TRAINING IN RAJAPALAYAM, VIRUDHUNAGAR DISTRICTS, AND TAMILNADU. Mail to: kitechsolutions.in@gmail.com
NetSim Webinar on Network Attacks and DetectionDESHPANDE M
Webinar Contents:
Why use a Network Simulator
Introduction to NetSim
Introduction to Sinkhole Attack : Attack scenario in MANET using NetSim
Intrusion Detection System: Detection mechanism in MANET using NetSim
Analyzing Metrics
Areas of R & D in MANET
Q & A
MANETs have unique characteristics like dynamic topology, wireless radio medium, limited resources and lack of centralized administration; as a result, they are vulnerable to different types of attacks in different layers of protocol stack. wormhole attack detection in wireless sensor networks
Black hole Attack Avoidance Protocol for wireless Ad-Hoc networksijsrd.com
A Mobile Ad-Hoc Network is a collection of mobile nodes or a temporary network set up by wireless mobile nodes moving arbitrary in the places that have no network infrastructure in such a manner that the interconnections between nodes are capable of changing on continual basis. Thus the nodes find a path to the destination node using routing protocols. However, due to security vulnerabilities of the routing protocols, wireless ad-hoc networks are unprotected to attacks of the malicious nodes. Various attacks and one of those attacks is the Black Hole Attack against network integrity absorbing all data packets in the network. Since the data packets do not reach the destination node on account of this attack, data loss will occur. Therefore, it is a severe attack that can be easily employed against routing in mobile ad hoc networks. There are lots of detection and defense mechanisms to eliminate the intruder that carry out the black hole attack. . Virtual Infrastructure achieves reliable transmission in Mobile Ad Hoc Network. Black Hole Attack is the major problem to affect the Virtual Infrastructure. In this paper, approach on analyzing and improving the security of AODV, which is one of the popular routing protocols for MANET. Our aim is to ensuring the avoidance against Black hole attack.
WDA: Wormhole Attack Detection Algorithm based on measuring Round Trip Delay ...ijsrd.com
The recent advancements in the wireless arena and their wide-spread utilization have introduced new security vulnerabilities. The wireless media being shared is exposed to outside world, so it is susceptible to various attacks at different layers of OSI network stack. For example, jamming and device tampering at the physical layer; disruption of the medium access control (MAC) layer; routing attacks like Blackhole, rushing, wormhole; targeted attacks on the transport protocol like session hijacking, SYN flooding or even attacks intended to disrupt specific applications through viruses, worms and Trojan Horses. Wormhole attack is one of the serious routing attacks amongst all the network layer attacks launched on MANET. Wormhole attack is launched by creation of tunnels and it leads to total disruption of the routing paths on MANET. In this paper, Wormhole detection algorithm (WDA) is proposed based on modifying the forwarding packet process that detects and isolates wormhole nodes in ad hoc on demand distance vector (AODV) routing protocol.
Mobile Ad-Hoc Networks are most usefully in current environments. It’s required high performance, networks load and Throughput. In Mobile Ad-hoc Networks Routing is the hot topic for research. Basically two types routing protocols are work in the mobile Ad-hoc Networks: 1) Proactive and 2) Reactive. Researchers have projected different routing algorithm. Important work has been done on routing in ad hoc networks, some of the important works so far were the destination-sequence distance vector (DSDV) protocol, the temporally ordered routing protocol (TORA), dynamic source routing protocol (DSR) and ad hoc on demand routing protocol (AODV). These algorithms use Open Shortest Path First (OSPF) for find optimum route source to destination.ThesisScientist.com
1- Mobile ad hoc networks are formed dynamically by an
autonomous system of mobile nodes that are connected
via wireless links.
2- Multihop communication- node communicate with the
help of two or more node from source to destination.
3- No existing fixed infrastructure or centralized administration –No base station.
4- Mobile nodes are free to move randomly-Network topology changes frequently
5- May Operate as standalone fashion or also can be connected to the larger internet.
6- Each node work as router
Primary Goals of Security in MANET
To assure a reliable data transfer over the communication networks and to protect the system resources a number of security services are classified in five categories:-
1-Authentication:- The process of identifying an individual , usually based on a username and password.
2- Confidentially:- Confidentiality aims at protecting the data from disclosure to unauthorized person.
Network attacks against confidentiality
* Packet capturing
Password attack
Port scanning
Dumpster Diving
Wiretapping
Phishing and Pharming
2-Non repudiation:- Integrity guarantees that a message being transferred is never corrupted.
3- Integrity:- Integrity guarantees that a message being transferred is never corrupted.
network attack against integrity
Salami attack
trust relationship attacks
Man in the middle attack
Session hijacking attacks
4- Availability:- Its ensure that data ,network resources or network services are available to legitimate user when required.
network attack against availability
Denial of services attacks
Distributed denial of services attack
SYN flood attacks and ICMP flood attacks
Electrical power attacks
Server Room environment attacks
Key management
The security in networking is in many cases dependent on proper key management.
Key management consists of various services, of which each is vital for the security
of the networking systems
* Trust model:-Its must determine how much different element in the network can trust each other.
* Cryptosystem:- Public and symmetric key mechanism can be applied .
* Key creation:- It must determine which parties are allowed to generate key to themselves.
* Key storage :- In adhoc network any network element may have to store its own key and possibly key of other element as well.
* Key distribution:- The key management service must ensure that the generated keys are securely distributed to their owners.
A SYMMETRIC TOKEN ROUTING FOR SECURED COMMUNICATION OF MANET cscpconf
The communication should be much secured in Mobile Adhoc Networks in the
protective environment such as Military atmosphere and in a disaster relief. Due to the attackers,
Mobile Adhoc Networks resulting in denial of Service attacks modify packets, Error packets,
Missing Packets, Theft of Nodes, etc. To overcome this problem, We propose a new Symmetric
Token Routing Protocol (STRP) for mobile ad hoc networks provides much security against
MANET. The proposed protocol distributed a secured shared symmetric token for each node to
provide security against hackers and attackers. Simulation results shows the better delivery against
the existing protocol in MANET.
Black Hole Attack:
A malicious node advertises the wrong paths as good paths to the source node during the pathfinding process.
When the source selects the path including the attacker node, the traffic starts passing through the adversary node and this node starts dropping the packets selectively or in whole.
Black hole region is the entry point to a large number of harmful attacks.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
Energy efficient node deployment for target coverage in wireless sensor networkGaurang Rathod
Network lifetime plays an integral role in setting up an efficient wireless sensor network. Coverage in a network needs to guarantee that the region is monitored with the required degree of reliability. Locations of sensor nodes constitute the basic input for the algorithms that examine coverage of the network. Coverage problems can be broadly classified as area coverage problem and target coverage problem. Area coverage focuses on monitoring the entire region of interest, whereas target coverage concerns monitoring only certain specific points in a given region. Target coverage can be categorized as simple coverage, k-coverage and Q-coverage.
Lower coverage level (simple coverage) is enough for environmental or habitat monitoring or applications like home security. Higher degree of coverage (k-coverage) will be required for some applications like target tracking to track the targets accurately, or if sensors work in a hostile environment such as battle fields or chemically polluted areas. More reliable results are produced for higher degree of coverage which requires multiple sensor nodes to monitor the region/targets. An example of Q-coverage is video surveillance systems deployed for monitoring hostile territorial area where some sensitive targets like a nuclear plant may need more sensors cooperate to ensure source redundancy for precise data. Sensor nodes deterministically deployed by using artificial bee colony algorithm, so as to achieve the required target coverage level and maximize the network lifetime.
WDA: Wormhole Attack Detection Algorithm based on measuring Round Trip Delay ...ijsrd.com
The recent advancements in the wireless arena and their wide-spread utilization have introduced new security vulnerabilities. The wireless media being shared is exposed to outside world, so it is susceptible to various attacks at different layers of OSI network stack. For example, jamming and device tampering at the physical layer; disruption of the medium access control (MAC) layer; routing attacks like Blackhole, rushing, wormhole; targeted attacks on the transport protocol like session hijacking, SYN flooding or even attacks intended to disrupt specific applications through viruses, worms and Trojan Horses. Wormhole attack is one of the serious routing attacks amongst all the network layer attacks launched on MANET. Wormhole attack is launched by creation of tunnels and it leads to total disruption of the routing paths on MANET. In this paper, Wormhole detection algorithm (WDA) is proposed based on modifying the forwarding packet process that detects and isolates wormhole nodes in ad hoc on demand distance vector (AODV) routing protocol.
Mobile Ad-Hoc Networks are most usefully in current environments. It’s required high performance, networks load and Throughput. In Mobile Ad-hoc Networks Routing is the hot topic for research. Basically two types routing protocols are work in the mobile Ad-hoc Networks: 1) Proactive and 2) Reactive. Researchers have projected different routing algorithm. Important work has been done on routing in ad hoc networks, some of the important works so far were the destination-sequence distance vector (DSDV) protocol, the temporally ordered routing protocol (TORA), dynamic source routing protocol (DSR) and ad hoc on demand routing protocol (AODV). These algorithms use Open Shortest Path First (OSPF) for find optimum route source to destination.ThesisScientist.com
1- Mobile ad hoc networks are formed dynamically by an
autonomous system of mobile nodes that are connected
via wireless links.
2- Multihop communication- node communicate with the
help of two or more node from source to destination.
3- No existing fixed infrastructure or centralized administration –No base station.
4- Mobile nodes are free to move randomly-Network topology changes frequently
5- May Operate as standalone fashion or also can be connected to the larger internet.
6- Each node work as router
Primary Goals of Security in MANET
To assure a reliable data transfer over the communication networks and to protect the system resources a number of security services are classified in five categories:-
1-Authentication:- The process of identifying an individual , usually based on a username and password.
2- Confidentially:- Confidentiality aims at protecting the data from disclosure to unauthorized person.
Network attacks against confidentiality
* Packet capturing
Password attack
Port scanning
Dumpster Diving
Wiretapping
Phishing and Pharming
2-Non repudiation:- Integrity guarantees that a message being transferred is never corrupted.
3- Integrity:- Integrity guarantees that a message being transferred is never corrupted.
network attack against integrity
Salami attack
trust relationship attacks
Man in the middle attack
Session hijacking attacks
4- Availability:- Its ensure that data ,network resources or network services are available to legitimate user when required.
network attack against availability
Denial of services attacks
Distributed denial of services attack
SYN flood attacks and ICMP flood attacks
Electrical power attacks
Server Room environment attacks
Key management
The security in networking is in many cases dependent on proper key management.
Key management consists of various services, of which each is vital for the security
of the networking systems
* Trust model:-Its must determine how much different element in the network can trust each other.
* Cryptosystem:- Public and symmetric key mechanism can be applied .
* Key creation:- It must determine which parties are allowed to generate key to themselves.
* Key storage :- In adhoc network any network element may have to store its own key and possibly key of other element as well.
* Key distribution:- The key management service must ensure that the generated keys are securely distributed to their owners.
A SYMMETRIC TOKEN ROUTING FOR SECURED COMMUNICATION OF MANET cscpconf
The communication should be much secured in Mobile Adhoc Networks in the
protective environment such as Military atmosphere and in a disaster relief. Due to the attackers,
Mobile Adhoc Networks resulting in denial of Service attacks modify packets, Error packets,
Missing Packets, Theft of Nodes, etc. To overcome this problem, We propose a new Symmetric
Token Routing Protocol (STRP) for mobile ad hoc networks provides much security against
MANET. The proposed protocol distributed a secured shared symmetric token for each node to
provide security against hackers and attackers. Simulation results shows the better delivery against
the existing protocol in MANET.
Black Hole Attack:
A malicious node advertises the wrong paths as good paths to the source node during the pathfinding process.
When the source selects the path including the attacker node, the traffic starts passing through the adversary node and this node starts dropping the packets selectively or in whole.
Black hole region is the entry point to a large number of harmful attacks.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
Energy efficient node deployment for target coverage in wireless sensor networkGaurang Rathod
Network lifetime plays an integral role in setting up an efficient wireless sensor network. Coverage in a network needs to guarantee that the region is monitored with the required degree of reliability. Locations of sensor nodes constitute the basic input for the algorithms that examine coverage of the network. Coverage problems can be broadly classified as area coverage problem and target coverage problem. Area coverage focuses on monitoring the entire region of interest, whereas target coverage concerns monitoring only certain specific points in a given region. Target coverage can be categorized as simple coverage, k-coverage and Q-coverage.
Lower coverage level (simple coverage) is enough for environmental or habitat monitoring or applications like home security. Higher degree of coverage (k-coverage) will be required for some applications like target tracking to track the targets accurately, or if sensors work in a hostile environment such as battle fields or chemically polluted areas. More reliable results are produced for higher degree of coverage which requires multiple sensor nodes to monitor the region/targets. An example of Q-coverage is video surveillance systems deployed for monitoring hostile territorial area where some sensitive targets like a nuclear plant may need more sensors cooperate to ensure source redundancy for precise data. Sensor nodes deterministically deployed by using artificial bee colony algorithm, so as to achieve the required target coverage level and maximize the network lifetime.
IMPLEMENTATION OF DYNAMIC REMOTE OPERATED USING BAT ALGORITHMNAVIGATION EQUIP...AlameluPriyadharshini
To deliver the things without human requirement but with full safety and to detect the place path and persons using RF controller by implementing concept of drone for a smaller and to implement the same for a larger network by implementing the Bat Algorithm in Wireless Sensor Network.
Fault Node Recovery Algorithm for a Wireless Sensor NetworkYogesh Vk
The WSN is made of nodes from a few to several hundred, where each node is connected to one or several sensors.
The basic components of a node are
o Sensor and actuator - an interface to the physical world designed to sense the environmental parameters like pressure and temperature.
o Controller - is to control different modes of operation for processing of data
o Memory - storage for programming data.
o Communication - a device like antenna for sending and receiving data over a wireless channel.
o Power Supply- supply of energy for smooth operation of a node like battery.
Selfish Node Isolation & Incentivation using Progressive ThresholdsIDES Editor
The problems associated with selfish nodes in
MANET are addressed by a collaborative watchdog approach
which reduces the detection time for selfish nodes thereby
improves the performance and accuracy of watchdogs[1]. In
the related works they make use of credit based systems, reputation
based mechanisms, pathrater and watchdog mechanism
to detect such selfish nodes. In this paper we follow an approach
of collaborative watchdog which reduces the detection
time for selfish nodes and also involves the removal of such
selfish nodes based on some progressively assessed thresholds.
The threshold gives the nodes a chance to stop misbehaving
before it is permanently deleted from the network.
The node passes through several isolation processes before it
is permanently removed. Another version of AODV protocol
is used here which allows the simulation of selfish nodes in
NS2 by adding or modifying log files in the protocol.
Limiting Self-Propagating Malware Based on Connection Failure Behavior csandit
Self-propagating malware (e.g., an Internet worm) exploits security loopholes in software to
infect servers and then use them to scan the Internet for more vulnerable servers. While the
mechanisms of worm infection and their propagation models are well understood, defense
against worms remains an open problem. One branch of defense research investigates the
behavioral difference between worm-infected hosts and normal hosts to set them apart. One
particular observation is that a worm-infected host, which scans the Internet with randomly
selected addresses, has a much higher connection-failure rate than a normal host. Rate-limit
algorithms have been proposed to control the spread of worms by traffic shaping based on
connection failure rate. However, these rate-limit algorithms can work properly only if it is
possible to measure failure rates of individual hosts efficiently and accurately. This paper points
out a serious problem in the prior method and proposes a new solution based on a highly
efficient double-bitmap data structure, which places only a small memory footprint on the
routers, while providing good measurement of connection failure rates whose accuracy can be
tuned by system parameters.
On-line Fault diagnosis of Arbitrary Connected NetworksIDES Editor
This paper proposes an on-line two phase fault
diagnosis algorithm for arbitrary connected networks. The
algorithm addresses a realistic fault model considering crash
and value faults in the nodes. Fault diagnosis is achieved by
comparing the heartbeat message generated by neighboring
nodes and dissemination of decision made at each node.
Theoretical analysis shows that time and message complexity
of the diagnosis scheme is O(n) for a n-node network. The
message and time complexity are comparable to the existing
state of art approaches and thus well suited for design of
different fault tolerant wireless communication networks
Self-propagating malware (e.g., an Internet worm) exploits security loopholes in software to infect servers and then use them to scan the Internet for more vulnerable servers. While the mechanisms of worm infection and their propagation models are well understood, defense against worms remains an open problem. One branch of defense research investigates the behavioral difference between worm-infected hosts and normal hosts to set them apart. One particular observation is that a worm-infected host, which scans the Internet with randomly selected addresses, has a much higher connection-failure rate than a normal host. Rate-limit algorithms have been proposed to control the spread of worms by traffic shaping based on connection failure rate. However, these rate-limit algorithms can work properly only if it is possible to measure failure rates of individual hosts efficiently and accurately. This paper points out a serious problem in the prior method. To address this problem, we first propose a solution based on a highly efficient double-bitmap data structure, which places only a small memory footprint on the routers, while providing good measurement of connection failure rates whose accuracy can be tuned by system parameters. Furthermore, we propose another solution based on shared register array data structure, achieving better memory efficiency and much larger estimation range than our double-bitmap solution.
JPD1423 A Probabilistic Misbehavior Detection Scheme toward Efficient Trust ...chennaijp
We have best 2014 free dot not projects topics are available along with all document, you can easy to find out number of documents for various projects titles.
For More Details:
http://jpinfotech.org/final-year-ieee-projects/2014-ieee-projects/dot-net-projects/
Dear Student,
DREAMWEB TECHNO SOLUTIONS is one of the Hardware Training and Software Development centre available in
Trichy. Pioneer in corporate training, DREAMWEB TECHNO SOLUTIONS provides training in all software
development and IT-related courses, such as Embedded Systems, VLSI, MATLAB, JAVA, J2EE, CIVIL,
Power Electronics, and Power Systems. It’s certified and experienced faculty members have the
competence to train students, provide consultancy to organizations, and develop strategic
solutions for clients by integrating existing and emerging technologies.
ADD: No:73/5, 3rd Floor, Sri Kamatchi Complex, Opp City Hospital, Salai Road, Trichy-18
Contact @ 7200021403/04
phone: 0431-4050403
Privacy-Preserving and Truthful Detection of Packet Dropping Attacks in Wirel...1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
Privacy-Preserving and Truthful Detection of Packet Dropping Attacks in Wirel...1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
Fault Diagonosis Approach for WSN using Normal Bias TechniqueIDES Editor
In wireless sensor and actor networks (WSAN), the
sensor nodes have a limitation on lifetime as they are equipped
with non-chargeable batteries. The failure probability of the
sensor node is influenced by factors like electrical dynamism,
hardware disasters, communication inaccuracy and undesired
environment situations, etc. Thus, fault tolerant is a very
important and critical factor in such networks. Fault tolerance
also ensures that a system is available for use without any
interruption in the presence of faults. In this paper an
improved fault tolerance scheme is proposed to find the
probability of correctly identifying a faulty node for three
different types of faults based on normal bias. The nodes fault
status is declared based on its confidence score that depends
on the threshold valve. The aim is to find the Correct
Recognition Rate (CRR) and the False Fear Rate (FFR) with
respect to the different error probability (pe) introduced. The
techniques, neighboring nodes, fault calculations, range and
CRR for existing algorithm and proposed algorithm is also
presented.
Malicious attack detection and prevention in ad hoc network based on real tim...eSAT Journals
Abstract This paper deals with Real Time Operating System (RTOS) based secure wormhole detection and prevention in ad hoc networks. The wormhole attack can form a serious threat to wireless networks, especially against many ad hoc network routing protocols and location based wireless security systems. A wormhole is created in the ad hoc network by introducing two malicious nodes. These two nodes form a worm hole link and message is transmitted through this link. The next part of the work is to detect the wormhole link by defining worm hole detection and prevention algorithm. After detecting suspicious links, one node performs a verification procedure for each suspicious link. The detection procedure and verifying procedure of suspicious worm link are used for further prevention of wormhole attack in the ad hoc network.
Malicious attack detection and prevention in ad hoc network based on real tim...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Similar to Wormhole attack detection algorithms in wireless network coding systems (20)
Retiming of digital circuits is conventionally based on the estimates of propagation delays across different paths in the data-flow graphs (DFGs) obtained by discrete component
timing model, which implicitly assumes that operation of a node can begin only after the completion of the operation(s) of its preceding node(s) to obey the data dependence requirement. Such a discrete component timing model very often gives much higher
estimates of the propagation delays than the actuals particularly when the computations in the DFG nodes correspond to fixed point arithmetic operations like additions and multiplications
Vaccine management system project report documentation..pdfKamal Acharya
The Division of Vaccine and Immunization is facing increasing difficulty monitoring vaccines and other commodities distribution once they have been distributed from the national stores. With the introduction of new vaccines, more challenges have been anticipated with this additions posing serious threat to the already over strained vaccine supply chain system in Kenya.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
Courier management system project report.pdfKamal Acharya
It is now-a-days very important for the people to send or receive articles like imported furniture, electronic items, gifts, business goods and the like. People depend vastly on different transport systems which mostly use the manual way of receiving and delivering the articles. There is no way to track the articles till they are received and there is no way to let the customer know what happened in transit, once he booked some articles. In such a situation, we need a system which completely computerizes the cargo activities including time to time tracking of the articles sent. This need is fulfilled by Courier Management System software which is online software for the cargo management people that enables them to receive the goods from a source and send them to a required destination and track their status from time to time.
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Automobile Management System Project Report.pdfKamal Acharya
The proposed project is developed to manage the automobile in the automobile dealer company. The main module in this project is login, automobile management, customer management, sales, complaints and reports. The first module is the login. The automobile showroom owner should login to the project for usage. The username and password are verified and if it is correct, next form opens. If the username and password are not correct, it shows the error message.
When a customer search for a automobile, if the automobile is available, they will be taken to a page that shows the details of the automobile including automobile name, automobile ID, quantity, price etc. “Automobile Management System” is useful for maintaining automobiles, customers effectively and hence helps for establishing good relation between customer and automobile organization. It contains various customized modules for effectively maintaining automobiles and stock information accurately and safely.
When the automobile is sold to the customer, stock will be reduced automatically. When a new purchase is made, stock will be increased automatically. While selecting automobiles for sale, the proposed software will automatically check for total number of available stock of that particular item, if the total stock of that particular item is less than 5, software will notify the user to purchase the particular item.
Also when the user tries to sale items which are not in stock, the system will prompt the user that the stock is not enough. Customers of this system can search for a automobile; can purchase a automobile easily by selecting fast. On the other hand the stock of automobiles can be maintained perfectly by the automobile shop manager overcoming the drawbacks of existing system.
Democratizing Fuzzing at Scale by Abhishek Aryaabh.arya
Presented at NUS: Fuzzing and Software Security Summer School 2024
This keynote talks about the democratization of fuzzing at scale, highlighting the collaboration between open source communities, academia, and industry to advance the field of fuzzing. It delves into the history of fuzzing, the development of scalable fuzzing platforms, and the empowerment of community-driven research. The talk will further discuss recent advancements leveraging AI/ML and offer insights into the future evolution of the fuzzing landscape.
Event Management System Vb Net Project Report.pdfKamal Acharya
In present era, the scopes of information technology growing with a very fast .We do not see any are untouched from this industry. The scope of information technology has become wider includes: Business and industry. Household Business, Communication, Education, Entertainment, Science, Medicine, Engineering, Distance Learning, Weather Forecasting. Carrier Searching and so on.
My project named “Event Management System” is software that store and maintained all events coordinated in college. It also helpful to print related reports. My project will help to record the events coordinated by faculties with their Name, Event subject, date & details in an efficient & effective ways.
In my system we have to make a system by which a user can record all events coordinated by a particular faculty. In our proposed system some more featured are added which differs it from the existing system such as security.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Wormhole attack detection algorithms in wireless network coding systems
1. Wormhole Attack Detection Algorithms
in Wireless Network Coding Systems
Shiyu Ji, Tingting Chen, and Sheng Zhong
Abstract—Network coding has been shown to be an effective approach to improve the wireless system performance. However, many
security issues impede its wide deployment in practice. Besides the well-studied pollution attacks, there is another severe threat, that of
wormhole attacks, which undermines the performance gain of network coding. Since the underlying characteristics of network coding
systems are distinctly different from traditional wireless networks, the impact of wormhole attacks and countermeasures are
generally unknown. In this paper, we quantify wormholes’ devastating harmful impact on network coding system performance through
experiments. We first propose a centralized algorithm to detect wormholes and show its correctness rigorously. For the distributed
wireless network, we propose DAWN, a Distributed detection Algorithm against Wormhole in wireless Network coding systems, by
exploring the change of the flow directions of the innovative packets caused by wormholes. We rigorously prove that DAWN guarantees
a good lower bound of successful detection rate. We perform analysis on the resistance of DAWN against collusion attacks. We find that
the robustness depends on the node density in the network, and prove a necessary condition to achieve collusion-resistance. DAWN
does not rely on any location information, global synchronization assumptions or special hardware/middleware. It is only based on the
local information that can be obtained from regular network coding protocols, and thus the overhead of our algorithms is tolerable.
Extensive experimental results have verified the effectiveness and the efficiency of DAWN.
Index Terms—Wireless networks, random linear network coding, wormhole attack, expected transmission count
Ç
1 INTRODUCTION
IN the efforts to improve the system performance of wire-
less networks, network coding has been shown to be an
effective and promising approach (e.g., [1], [2], [3], [4], [5])
and it constitutes a fundamentally different approach com-
pared to traditional networks, where intermediate nodes
store and forward packets as the original. In contrast, in wire-
less network coding systems, the forwarders are allowed to
apply encoding schemes on what they receive, and thus they
create and transmit new packets. The idea of mixing packets
on each node takes good advantages of the opportunity
diversity and broadcast nature of wireless communications,
and significantly enhances system performance.
However, practical wireless network coding systems face
new challenges and attacks, whose impact and counter-
measures are still not well understood because their under-
lying characteristics are different from well-studied
traditional wireless networks. The wormhole attack is one
of these attacks. In a wormhole attack, the attacker can
forward each packet using wormhole links and without
modifies the packet transmission by routing it to an unau-
thorized remote node. Hence, receiving the rebroadcast
packets by the attackers, some nodes will have the illusion
that they are close to the attacker. With the ability of chang-
ing network topologies and bypassing packets for further
manipulation, wormhole attackers pose a severe threat to
many functions in the network, such as routing and locali-
zation [6], [7], [8], [9], [10]. To investigate wormhole attacks
in wireless network coding systems, we focus on their
impact and countermeasures in a class of popular network
coding scheme—the random linear network coding (RLNC)
system [2]. In this system, in order to best utilize resources,
before data transmissions, routing decisions (i.e., how many
times of transmissions a forwarder should make for each
novel packet) are made based on local link conditions by
some test transmissions.
Since in wireless network coding systems the routing
and packet forwarding procedures are different from those
in traditional wireless networks, the first question that we
need to answer is: Will wormhole attacks cause serious
interruptions to network functions and downgrade system
performance? Actually no matter what procedures are
used, wormhole attacks severely imperil network coding
protocols. In particular, if wormhole attacks are launched
in routing, the nodes close to attackers will receive more
packets than they should and be considered as having a
good capability in help forwarding packets. Thus they will
be assigned with more responsibility in packet forwarding
than what they can actually provide. Furthermore, other
nodes will be correspondingly contributing less. This
unfair distribution of workload will result in an inefficient
resource utilization and reduce system performance.
Wormhole attacks launched during the data transmission
phase can also be very harmful. First, wormhole attacks
can be used as the first step towards more sophisticated
attacks, such as man-in-the-middle attacks and entropy
attacks [11]. For example, by retransmitting the packets
from the wormhole links, some victim nodes will have to
process much more non-innovative packets that will waste
their resources; these constitute entropy attacks. Second,
the attackers can periodically turn on and off the worm-
hole links in data transmissions, confusing the system with
fake link condition changes and making it unnecessarily
S. Ji and T. Chen are with the Oklahoma State University.
E-mail: {shiyu, tingtic}@cs.okstate.edu.
S. Zhong is with the Nanjing University. E-mail: zhongsheng@nju.edu.cn.
Manuscript received 14 Feb. 2014; revised 7 May 2014; accepted 7 May 2014.
Date of publication 15 May 2014; date of current version 29 Jan. 2015.
For information on obtaining reprints of this article, please send e-mail to:
reprints@ieee.org, and reference the Digital Object Identifier below.
Digital Object Identifier no. 10.1109/TMC.2014.2324572
660 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 14, NO. 3, MARCH 2015
1536-1233 ß 2014 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
2. rerun the routing process. To further quantify the impact
of wormhole attacks in wireless network coding systems,
we perform extensive experiments and investigate the
results in Section 3.
The main objective of this paper is to detect and localize
wormhole attacks in wireless network coding systems. The
major differences in routing and packet forwarding rule out
using existing countermeasures in traditional networks [6],
[7], [8], [9], [10], [11], [12], [13], [14], [15], [16]. In network
coding systems like MORE[5], the connectivity in the net-
work is described using the link loss probability value
between each pair of nodes, while traditional networks use
connectivity graphs with a binary relation (i.e., connected
or not) on the set of nodes. For this reason, prior works
based on graph analysis [6], [8], [10], [14] cannot be applied.
Some other existing works rely on the packet round trip
time difference introduced by wormhole attacks to detect
them [13], [15], [16]. Unfortunately, this type of solutions
cannot work with network coding either. They require
either to use an established route that does not exist with
network coding, or to calculate the delay between every
two neighboring nodes which will introduce a huge
amount of error in network coding systems.
In this paper, we first propose a centralized algorithm to
detect wormholes leveraging a central node in the network.
For the distributed scenarios, we propose a distributed algo-
rithm, DAWN, to detect wormhole attacks in wireless intra-
flow network coding systems. The main idea of our solu-
tions is that we examine the order of the nodes to receive
the innovative packets in the network, and explore its rela-
tion with a widely used metric, expected transmission count
(ETX), associated with each node [5], [17]. Our algorithms
do not rely on any location information, global synchroniza-
tion assumption or special hardware/middleware. Our sol-
utions only depend on the local information that can be
obtained from regular network coding protocols, and thus
the overhead that our algorithms introduce is acceptable for
most applications.
Different wireless networks have different characteris-
tics and requirements. Some wireless networks have
central controller, while others are highly distributed
without any centralized authority. It is desirable to apply
different solutions based on the network types. Our cen-
tralized algorithm is inspired by the fact that the worm-
hole link can significantly change the network topology,
which can be measured by ETX. This idea is also heuristic
to our distributed solution DAWN, which emphasizes on
the scenario where no central administration node exists.
Thus, our algorithms can address different scenarios. We
first present the centralized solution and then discuss the
distributed one, for a clear logic flow. On the other hand,
compared with our distributed algorithm DAWN, our
centralized algorithm also owns several advantages. The
centralized algorithm concentrates the computation work-
load to the central node, and thus each normal node will
suffer much less workload than DAWN. Since the trans-
missions between each node and the central node are uni-
cast, the caused communication overheads of the
centralized algorithm are lower than DAWN, which
broadcasts the reports. The centralized algorithm lever-
ages the global information of the flows, and thus it can
detect the wormhole link efficiently, and the resulted
warnings can be delivered to each node more quickly
than DAWN.
We summarize the contributions of this paper as follows:
We are the first to study the impact and counter-
measures of wormhole attacks in wireless network
coding systems.
We investigate the harmful impact of wormholes on
system performance and regional nodes’ resource
utilization. We demonstrate the results via simula-
tions on various scenarios.
We propose a centralized algorithm to detect worm-
holes. In this algorithm, a central node collects the
information from all the nodes in the network and
analyzes whether there exists a wormhole link. The
algorithm leverages the order of the nodes to receive
the innovative packet, and utilizes machine learning
techniques to distinguish the wormhole cases.
We also give rigorous analysis of the centralized
algorithm and find the condition of its effectiveness.
For distributed network without centralized author-
ity, we propose DAWN, a Distributed detection
Algorithm against Wormhole in wireless Network
coding systems. In DAWN, during regular data
transmissions, each node records the abnormal
arrival of innovative packets and share this informa-
tion with its neighbors. This algorithm is efficient
and practical without strong assumptions. Further-
more, we theoretically prove that DAWN guarantees
a good lower bound of successful detection rate.
We perform analysis on the resistance of DAWN
against collusion attacks. We find that the robustness
depends on the node density in the network, and
prove a necessary condition to achieve collusion-
resistance.
We use extensive experiments in various network
settings, to verify that DAWN is effective (with over
89.43 percent detection rate), and efficient.
The rest of this paper is organized as follows. Section 2
will introduce related technical preliminaries. Then we will
demonstrate the detrimental influences of wormhole attack
in Section 3. Section 4 will explain how to determine the
ETX of each node, and Section 5 will propose a centralized
algorithm to detect the wormhole attack. In Section 6, we
will describe our wormhole attack detection algorithm, and
we will show the effectiveness and robustness of our solu-
tions. Our experiments and the related analysis will be dis-
cussed in Section 7. After the Related Work Section 8 we
will conclude this paper in Section 9.
2 TECHNICAL PRELIMINARIES
In this section, we describe the technical preliminaries
needed in this paper.
2.1 Random Linear Network Coding
Linear network coding (LNC), especially random linear net-
work coding, owns numerous applications [18], [19], [20].
Linear network coding permits each node in the network to
JI ET AL.: WORMHOLE ATTACK DETECTION ALGORITHMS IN WIRELESS NETWORK CODING SYSTEMS 661
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
3. pass on the combinations of the received data, in order to
optimize the information capacity. Let r1; r2; . . . ; rn denote
the received data, and s be the encoded data to be passed to
another node. We can obtain the combination f based on
the received data based on Equation (1):
s ¼ fðr1; r2; . . . ; rnÞ: (1)
For RLNC, f in Equation (1) is a random linear combination
in the field GFð2k
Þ:
fðr1; r2; . . . ; rnÞ ¼
Xn
i¼1
iri: (2)
Here, i is a randomly generated coefficient.
In network coding, every node except the recipient
applies a random linear mapping from the inputs to outputs
over the field GFð2k
Þ. Each packet contains a vector in the
m-dimensional code vector space V . Particularly, each
packet sent by the source node contains a basis of the code
vector space V . If one intermediate node receives a packet
which is linearly independent from previous packets, this
packet is called an innovative packet. Essentially, an innova-
tive packet must contain at least one basis that the node has
not received, and the arrival of an innovative packet will
increase the rank of the received packets by one. When the
destination receives m innovative packets, whose vectors
are linearly independent from each other, it can restore the
source information S based on the received data R:
S ¼ CÀ1
R: (3)
Here C is the matrix of the coefficients of the received pack-
ets. Since each received packet is essentially a linear combi-
nation of the original packets from the source, we can
perfectly restore the original messages by multiplying the
inverse of C. The capacity of RLNC converges to the opti-
mum in probability [2], and owns an ideal performance on
the compression of the transmitted data. However, since the
packet can derive various forms during the transmissions in
network coding, when the wormhole attack is initiated, it is
difficult to apply some traditional solutions (i.e., tracing the
timestamps of a particular packet) to defend. Thus, the
wide applications of network coding push us to find
another way to defend against wormhole attack.
2.2 Expected Transmission Count
ETX has extensive applications in network coding systems
[3], [4], [5], [21]. In this paper, the ETX of a node u in the net-
work coding system denotes the expected total number of
transmissions (including retransmissions) that the source
node should make, in order to make the node u receive one
innovative packet successfully. A node of high ETX means
it is difficult to make it heard from the source, usually
because the node is far from the source and the links
between them are very lossy. Thus, the metric of the ETXs is
a good representation of the network structure.
In existing works (e.g., [5], [17]), the ETXs are calculated
based on the probabilities of packet loss between each pair
of the nodes in the network. Let u and v be two nodes, and
pðu; vÞ be the probability of successful transmission between
nodes u and v. For the simplest case, if the network only has
a sender u and a recipient v, then the ETX of the sender u is
1.0, and the ETX of v is shown as Equation (4):
ETXðvÞ ¼
1
pðu; vÞ
: (4)
The probability pðu; vÞ can be estimated based on the previ-
ous transmission record, using some statistical models like
weighted means and window-based observation [5]. Based
on (4), if the link between the nodes is very lossy, the ETX of
v can be very high, indicating that it is difficult to deliver
messages through the link. Usually too many hops might
contribute to the high link loss probability. As we will talk
about, the wormhole link connects two distant nodes with
one hop of very low loss probability, and thus reduces the
ETXs significantly. This fact is heuristic to our algorithms.
2.3 Our System Model
In this paper, we consider a wireless network with a set of
homogeneous nodes running network coding protocols
(including routing protocols like [5] to calculate the number
of per-packet transmissions for each node, and data trans-
mission protocols). Nodes are connected via lossy wireless
links. For any two nodes u and v in the network such that
the successful transmission rate between u and v,
pðu; vÞ 0, then we say u and v are neighbors. We assume
that ETXs are calculated to describe the network topology,
and are measured periodically to support routing functions.
Each node knows its own ETXs and its neighbors’ ETXs.
In the wireless network systems, we consider that public
key infrastructure (PKI) is in place to implement the public
key cryptographic techniques. For the wireless network, we
regard each node1
as a user who has a pair of public and
private keys. The identity and the public key of each user
are managed by the certificate authority (CA), which is a
trusted entity. If any node A wants to safely communicate
with node B, A has to request B’s public key from the CA
first. After the transmission, node B has to request A’s pub-
lic key from the CA in order to verify the message from A.
CA is also responsible to predistribute and revoke the key
pairs of the nodes. The nodes and the CA together form the
PKI, which can guarantee that no node can forge reports
from other nodes.
2.4 Wormhole Attack Model
In wormhole attacks, the attackers between distant
locations transmit packets using a out-of-band tunnel.
The transmission tunnel is called a wormhole link. The
packet loss rate on the wormhole link is negligible. The
kinds of the wormhole links can be various, such as an
Ethernet cable, an optical link, or a secured long-range
wireless transmission [8]. When the wormhole attack is
initiated, the attackers can capture data packets on either
side, forward them through the wormhole link and
rebroadcast them on the other node.
1. Here each node includes the normal nodes in the wireless net-
work, and the central administrator, which presents in our centralized
algorithm.
662 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 14, NO. 3, MARCH 2015
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
4. 3 IMPACT OF THE WORMHOLE LINKS ON RLNC
SYSTEMS
As we have mentioned earlier in Section 1, wormhole
attacks have severe impact on wireless network coding sys-
tems. Depending on different launching time, wormhole
attacks can seriously downgrade the system performance
(by forging link states and thus generating inefficient rout-
ing assignment), and cause individual nodes to deal with
many non-innovative packets and waste their resources.
We now examine these negative impact via simulations.
We configure a RLNC network with seven nodes ran-
domly distributed as Fig. 1. In the network coding system,
MORE [5] is running (including the routing phase). The link
loss probability p0
ðu; vÞ between two nodes u and v is calcu-
lated as pðu; vÞ ¼ PB Á fðdðu; vÞÞ, where PB is the baseline
loss probability, and fðÁÞ is a coefficient function based on
the transmission distance dðu; vÞ. A data flow is established
between node 1 (the source), and node 7 (the destination).
The default data sending rate is 40 kbps.
We first examine wormholes’ impact on network
throughput if launched in the routing phase. In particular,
we let the wormhole link be established between node 2
and 6, in the routing procedure. The wormhole link discon-
nects 1 minute after the network starts to transmit the pack-
ets from the source to the destination. The simulation runs
for 10 minutes, and we measure the average network
throughput and compare it with the case without the worm-
hole attack.
Fig. 2 shows the wormhole attack brings great negative
influence on the network throughput. The throughputs of
normal network are always greater than twice of those with
wormhole link for the same setting. Similar results can be
found in Fig. 3 when we test the network with different
data sending rates and PB ¼ 30%. The reason is that the
existence of wormhole link cheats each node in the topology
sensing, making the ETXs of the surrounding nodes lower
than the actual values. Thus, in the packet forwarding
phase, when the wormhole link disconnects, the through-
puts will decrease due to the insufficient times of packet
forwarding.
We then investigate the wormhole links’ impact on
local nodes’ resource consumption if launched during
data transmission phase. Fig. 4 shows the number of
transmissions of node 3 in different scenarios, with and
without wormhole link respectively. The result demon-
strates that Node 3 suffers a significant increment of
transmissions and thus energy consumption for redun-
dancy due to the wormhole link.
4 CHARACTERIZING WORMHOLE ATTACKS IN
WIRELESS NETWORK CODING SYSTEMS
As we have mentioned, detecting wormhole attacks in wire-
less network coding systems is difficult compared with tra-
ditional networks, due to the different nature of topology
description and different principle of packet transmission.
In order to facilitate the design of countermeasures, in this
section we investigate the unique characteristics of network
coding system behavior with wormhole links.
Unlike traditional networks, packet round trip time is not
a valid metric for wireless network coding to distinguish the
system under attack and the normal case. The fundamental
Fig. 1. We show the coordinates of each node. In our simulation, the
wormhole link between node 2 and 6 is valid when the topology sensing
is going on. The wormhole link will disconnect one minute after the net-
work starts to transmit the packets, giving a huge reduction in the net-
work performance.
Fig. 2. The average throughput for different baseline link loss probabili-
ties with or without wormhole link.
Fig. 3. The average throughput for different source sending rates with or
without wormhole link.
Fig. 4. The No. of local transmissions (node 3) in RLNC network with or
without wormhole attack.
JI ET AL.: WORMHOLE ATTACK DETECTION ALGORITHMS IN WIRELESS NETWORK CODING SYSTEMS 663
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
5. reason is that with network coding, the packets being trans-
mitted on each hop are different, and thus it is difficult to
track down packets and record their trip time. Therefore,
this packet-centric idea does not work for network coding.
Instead, in this paper, our method is node-centric, i.e., we
focus on the metrics that can be naturally obtained by nodes
in the existing network coding protocols. In particular, we
explore the relationship between the innovative packet
transmission direction and ETX.
General result. In wireless network coding systems, pack-
ets are transmitted from source to destination not in their
original form. Actually, given fixed source and destination
nodes, for a pair of intermediate neighbor nodes, it is diffi-
cult to tell whether the information flow directions are
always the same. To figure out this question, we leverage
one widely used metric, ETX. In wireless network coding
systems, where no fixed routes exist, ETX, the expected
number of the packets for the source node to transmit so
that the target node (intermediate node or recipient)
receives the packet, provides a way to portray the topologi-
cal structure of the network and the relations among nodes.
On the other hand, to describe the information flow direc-
tion, one important concept to explore is innovative packet,
i.e., the packet received by a node containing new informa-
tion that cannot be derived from already received packets.
In particular, for systems without wormhole links, we
quantify the probability of the packet transmission direc-
tions between a pair of neighbor nodes, based on the con-
cept of innovative packet and ETX, as shown in Theorem 1.
Theorem 1. For any two neighbor nodes u and v in the network
satisfying ETXðuÞ ETXðvÞ, the probability that v will
receive an innovative packet from u is ETXðvÞÀ1
ETXðuÞþETXðvÞÀ1.
Proof. ETX is the expected number of the sent packets to
make sure the forwarding node or recipient receives the
innovative packet. Let p ¼ 1=ETXðuÞ and q ¼ 1=ETXðvÞ,
and then p and q are the probabilities to deliver the novel
packet from the source node to u and v, respectively.
Since ETXðuÞ ETXðvÞ, p q. We set up two random
variables X and Y , that X ¼ x is the event it takes x pack-
ets to make u hear the innovative packet, and Y ¼ y is the
event y packets make the novel packet arrive at v success-
fully. In fact, X and Y apply to geometric distribution
and they are independent from each other. We calculate
the probability of the event X Y as Equation (5):
PðX Y Þ ¼
X1
x¼1
X1
y¼xþ1
PðX ¼ xÞPðY ¼ yÞ ¼
p À pq
p þ q À pq
¼
ETXðvÞ À 1
ETXðuÞ þ ETXðvÞ À 1
:
(5)
tu
The basic idea of this theorem is that in general informa-
tion flows are more likely to be transmitted from the nodes
of low ETXs to those of high ETXs.
When the network contains wormhole links, they will
change the overall topological structure of the network. The
actual ETX (with wormhole links) metric suffers a huge
change as well, and then the transmissions of the novel
packets are distinguishable from the expected.
Algorithm to determine ETX. Since ETX is an important
metric to characterize wormhole attacks, below we describe
how to determine the ETX of each node based on the proba-
bility of successful transmission Pði; jÞ between every two
nodes vi and vj. Each Pði; jÞ between two nodes can be mea-
sured by sending and receiving small packets and getting
the statistical result. All the probabilities of successful trans-
mission PðÁ; ÁÞ together form the network adjacency matrix
P. We assume the matrix P is known for the network. We
propose Algorithm 1 EDA to calculate the ETX for each node.
Algorithm 1. ETX-Determining Algorithm (EDA)
Input: the entire network G with nodes V and their
locations L, and the source node vs
Output: the ETXs for all the nodes in the network G
1: ETXðvsÞ 1:0
2: for each node vi in V , except vs do
3: ETXðviÞ þ1
4: end for
5: repeat
6: ETXupdated false
7: for each node vi in the network G, other than vs do
8: Let N be the set of the neighbors of vi s.t.
ETXðvkÞ þ1 for any vk 2 N
9: If ETXðviÞ 1
1À
Q
vk2N
1
ETXðvkÞ
ð1ÀPðvk;viÞÞ
then
10: ETXðviÞ 1
1À
Q
vk2N
1
ETXðvkÞ
ð1ÀPðvk;viÞÞ
11: ETXupdated true
12: end if
13: end for
14: until ETXupdated = false
15: return the ETXs for all the nodes
In Algorithm 1, we make the ETXs depict the difficulty of
delivering the innovative packet to each node. For each
transmission of innovative packet, any node can receive it
as long as at least one of its neighbors has received the
packet and successfully transmit it to the node. That gives
rise to lines 9 to 11 in Algorithm 1. Another important reve-
lation is any node can derive its own ETX given the ETXs of
its neighbors and the relevant loss probabilities. That is, it is
not necessary for each node to know the global ETXs or any
location information of other nodes. Thus, our algorithms
are independent on location information. In Theorem 2, we
can show that Algorithm 1 can determine the ETXs with a
unique answer.
Theorem 2. The returned solution of Algorithm 1 is unique.
Proof. We first study the scenario of connected network.
The outer loop from line 5 to 14 keeps decreasing the
ETXs based on the successful transmission probabilities
between each pair of nodes. Note that if the ETX of any
node decreases, the ETXs of all its neighbor nodes will
remain the same according to the conditional branch at
line 9. That is, if ETXðviÞ decreases, and let vj be any one
of vi’s neighbors and let N be the set of vj’s neighbors,
we have the value T ¼ 1
1À
Q
vk2N
1
ETXðvkÞ
ð1ÀPðvk;viÞÞ
increases
and thus ETXðvjÞ T . Then the value of ETXðvjÞ
664 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 14, NO. 3, MARCH 2015
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
6. cannot change. Thus, there is no pair of nodes whose
ETX values are directly dependent on each other.
Algorithm 1 can halt in definite steps and output a
unique solution. If the network is not connected, all the
ETXs of the nodes that are not connected with the source
node will be infinite, and the solution is also unique.
Proof completes. tu
Since our wormhole detection algorithm will rely on the
values of ETXs, it is important to ensure that the system has
appropriate defense against possible attacks on ETXs. In
practice link loss probabilities used in ETXs calculation are
measured and reported using small control packets sent
among nodes and these packets are transmitted under con-
ventional protocols instead of network coding. To protect
these protocols from wormhole attacks, existing counter-
measures of wormholes in conventional wireless networks
can be leveraged such as [13], [15], [16]. To defend against
other cheating and malicious behavior in measuring link
loss probabilities, e.g., submitting untruthful reports, both
cryptographic and incentive-mechanism approaches can be
used [22].
5 THE CENTRALIZED ALGORITHM
In this section, we propose the centralized algorithm, which
utilizes the ETX metric and the order of rank increment to
detect wormhole attacks. In order to protect the validity of
our method, we also introduce the public cryptographic
scheme for the network. For the proposed algorithm, we not
only perform the analysis of its correctness, but also discuss
its technical details in this section.
5.1 Algorithm Design
As what we have presented in Section 2.1, for each forward-
ing node in RLNC network, receiving the innovative packet
will cause the rank of the previously received packets
increases by one. We also find that the nodes with lower
ETXs will be more likely to receive innovative packets (i.e.,
increase the rank) earlier than other nodes. On the other
hand, wormhole links will make some nodes receive inno-
vative packets (i.e., increase the rank) much earlier that they
should. Thus, in the proposed centralized algorithm, we
explore the order of rank increments in order to detect the
wormhole links.
Basically, in RLNC, when an innovative packet is sent
from the source node, the nodes near the source node are
more likely to receive the innovative packets earlier than
the nodes that are far from the source node. In Section 4,
we have demonstrated ETX is a proper metric to measure
the distances between each node and the source node.
Thus, the nodes with low ETXs can probably receive the
innovative packets earlier. However, the existence of worm-
hole link intuitively changes the normal network topology
since the innovative packets can be transmitted through the
wormhole link directly and safely, and thus the nodes
around the remote side of the wormhole link can receive the
novel packets earlier than expected. With a wormhole link,
the order of the rank increments among the nodes will be
significantly changed.
To illustrate the significant changes, we have a RLNC
simulation and Figs. 5 and 6 demonstrate the orders of rank
increments with and without wormhole link. Here we have
100 nodes in the network, and we run Algorithm 1 to calcu-
late the ETXs. In the figures, the red curve denotes the
ascending ETXs of the nodes. Then we start the network
coding transmission. The source node sends out an innova-
tive packet, and for each node, receiving the innovative
packet will result in rank increment from 0 to 1. We collect
the time stamps of rank increments on the nodes during the
whole transmission, and find out the time order of rank
increments. That is the blue line, which denotes the ETXs of
the nodes based on the ascending time order of rank incre-
ments. We find that the blue line deviates from the red line
when the wormhole link exists. That is, the wormhole link
truly changes the network topology as well as the transmis-
sion flows. Therefore, we can observe the time order of rank
increments, and release alerts when the deviation of the
order exceeds the bound, which is set by the administrator.
We can even determine the range of the nodes who may be
involved in wormhole attack. For example, in Fig. 6, the
nodes whose ETXs are from 6.0 to 10.0 may be involved
with wormhole attack, since they contribute majorly to the
deviation of the blue curve.
For the centralized algorithm, we set up a central node,
which owns the authority to gather information from all the
nodes in the network, and we run a wormhole detection
algorithm based on the rank increasing information on the
central node. Each node is responsible to record the time
Fig. 5. Node rank increment order of normal RLNC network. Fig. 6. Node rank increment order of network under wormhole attack.
JI ET AL.: WORMHOLE ATTACK DETECTION ALGORITHMS IN WIRELESS NETWORK CODING SYSTEMS 665
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
7. when the rank of the received packets increases and then
generates a report, which includes the details such as the
time, the node address, and the rank. Each node delivers
the reports to the central node via common unicast.
Based on the intuitions above, we propose Algorithm 2,
the centralized algorithm to detect wormhole attacks on the
central node. In Algorithm 2, the central node chooses an
event of rank change, i.e., the rank increment from i to i þ 1,
and then searches the received reports to find all the related
ones. Then we compare the time order of ETXs with the
ascending ETX sequence and calculate the distance between
them. If the distance exceeds the threshold, we decide there
exists wormhole attack, and release the warning. At last, we
update the bound of the distance for the next detection, in
order to make our algorithm adaptive. We apply k-means
[23] to determine the bound, since k-means is powerful to
learn the bound distinguishing two opposite samples.2
Algorithm 2. The Centralized Algorithm
Input: T: the reports from all the nodes V in the network G;
D: the number of dimensions of the code vector space;
Normal: the normal distance; Threshold: the threshold of
alert
Output: whether there exists a wormhole attack in the
network G; the updated Normal
1: Randomly select a rank r s.t. r ! 1 and r should be
small enough, i.e., 1 r 5.
2: Let Tr be the set of the reports whose rank increments
are from r À 1 to r.
3: Sort Tr into a sequence Te
r s.t. the values of ETX in Te
r
are ascending.
4: Let Le be the sequence of ascending ETXs in Te
r .
5: Sort Tr into a sequence Tt
r s.t. the values of time in Tt
r
are ascending.
6: Let Lt be the sequence of ETXs in Tt
r while preserving
the order.
7: Distance Calculate À DistanceðLe; Lt; jV jÞ
8: if Distance À Normal Threshold then
9: Find out the addresses of the nodes with the most
aberrant ETXs.
10: Release a warning of wormhole attack.
11: end if
12: Update the value of Normal using k-means.
In Algorithm 2, each report t is a tuple as Equation (6):
t ¼ ðtime; addr; ETX; rank; Kpub; sigÞ (6)
Here, time denotes the time stamp of the rank increment;
addr denotes the address of the node who sends the
report; ETX is the ETX of the reporting node; the value
rank means the rank increased from rank À 1 to rank.
Kpub is the public key of the reporting node. sig is the dig-
ital signature of the report. The signature can be calcu-
lated by Equation (16). In Equation (16), we adopt a
hashing function to obtain the abstract of the plain data
P ¼ ðtime; addr; ETX; rank; KpubÞ, and then encrypt the
abstract using secret key Ksec of the local node. The result
is the signature sig. In Algorithm 2, Tr denotes the set of
the reports of rank increment from r À 1 to r.
Algorithm 3. Calculate-Distance
Input: L1; L2: two lists; n: the number of nodes
Output: the distance between L1 and L2
1: Set up two n-dimensional vectors X and Y .
2: d 0
3: for i from 1 to n do
4: d d þ ðL1½iŠ À L2½iŠÞ2
5: end for
6: return
ffiffiffi
d
p
5.2 Analysis
We now perform the analysis of the correctness of Algo-
rithm 2. That is, the wormhole link can remarkably aggra-
vate the Distance in Algorithm 2 so that we can leverage
some learning mechanisms to distinguish whether worm-
hole links exist with high accuracy. The Distance essen-
tially illustrates the euclidean distance between the two
ETX orders. One order owns ascending ETXs, and the
other applies the order of rank increments. We now ana-
lyze the Distance in quantitative way. We denote by dðlÞ
the set of the ETX differences between two nodes, and the
location distance between the two nodes is l. For instance,
in the network there is a node a with ETX 2.0, and there
is a node b with ETX 5.0. The location distance between a
and b is 10 units. Thus, the ETX difference 5:0 À 2:0 ¼ 3:0
is in the set dð10Þ. We denote by maxl rdðlÞ the maximum
ETX difference when the location distance is no longer
than r, and minl!rdðlÞ denotes the minimum ETX differ-
ence when the location distance is no shorter than r. Let
R be the radius of neighborhood, and let L be the length
of wormhole link, if any. Then we have the lower bound
of Distance.
Theorem 3. If there exists a wormhole link with length L in the
connected RLNC network, we have
Distance ! min
l!L
dðlÞ À max
l R
dðlÞ: (7)
Proof. Let the wormhole link connect the nodes a and b. With-
out loss of generality, we assume ETXðaÞ ETXðbÞ. The
order of the nodes with ascending ETXs should be
. . . ; a; c1; c2; . . . ; ck; b; . . . (8)
The ETX difference between a and c1 has to be no larger
than maxl RdðlÞ. Otherwise, in (8) no node before a
(including a) can be neighbor of any node after a. Thus
the RLNC network is not connected, with at least two
separated components. The wormhole link can directly
deliver the innovative packet from a to b. Thus, with the
wormhole link, the order will be
Á Á Á ; a; b; Á Á Á (9)
2. Here the scenario is unsupervised learning since we do not know
whether there exists wormhole link temporarily after each transmis-
sion. If we have the knowledge of some historic wormhole attacks, we
can utilize the supervised learning algorithms, such as support vector
machine [24].
666 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 14, NO. 3, MARCH 2015
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
8. We next estimate the lower bound of Distance based on
(8) and (9). That is
Distance
! ETXðbÞ À ETXðc1Þ
¼ ETXðbÞ À ETXðaÞ À ðETXðc1Þ À ETXðaÞÞ
! ETXðbÞ À ETXðaÞ À max
l R
dðlÞ
! min
l!L
dðlÞ À max
l R
dðlÞ:
(10)
Here to obtain the first inequality, we consider the mini-
mal difference between (8) and (9). That is, the change
from (8) to (9) is only the swap between b and c1. The
above inequality finishes the proof. tu
Since the length of wormhole link L is much longer than
the neighborhood radius R, for most cases the ETX
difference for L is much larger than that for R, and thus
minl!LdðlÞ is much larger than maxl RdðlÞ.3
That is, we can
guarantee a sufficiently large lower bound for the Distance
given the long enough wormhole link. Since the estimation
of the lower bound in the proof of Theorem 3 is quite rough,
the actual Distance is much larger than the lower bound
here. Thus, the wormhole link can guarantee a large enough
Distance to make it recognizable.
5.3 Discussions
We now discuss the technical details in Algorithm 2. We
first explain why we have the bounds (Normal and
Threshold) on Distance, a value describing the deviation of
ETX order, at line 8 of Algorithm 2. The main reason is that
the Distance owns uncertainty in nature. In order to study
the uncertainty in Distance, we need to analyze the trans-
missions of each innovative packet. Let p be the successful
transmission probability over one hop. From the source
node to the destined node, the number of the sent packets
until the transmission succeeds is a random variable X
which conforms to geometric distribution. Denoted by TX
the ETX value of the destined node, and then TX is the
expected value of X.4
Thus, we have
TX ¼ E½XŠ ¼
X1
k¼1
kpð1 À pÞkÀ1
¼
1
p
: (11)
In RLNC, since the transmissions over the hops are inde-
pendent from each other, the successful transmission proba-
bility p between two nodes is the product of all the
probabilities of the hops that together connect both nodes:
p ¼
Y
hk2H
pk; (12)
where H denotes the set of the hops that connect the source
and destination, and pk denotes the successful transmission
probability over the hop hk. In RLNC, each innovative
packet can be transmitted through different sequences of
hops H. Among the hop-sequences, there exists one that can
transmit the packets in the shortest time. To make sure that
the packets through the fastest hop-sequence arrive earlier
than others in a high probability, the variance of X over the
fastest hop-sequence should be as low as possible. We cal-
culate the variance as follows:
VarðXÞ ¼ E½X2
Š À E2
½XŠ ¼
1 À p
p2
: (13)
Applying Equation (11), we obtain Equation (14):
VarðXÞ ¼ E½XŠðE½XŠ À 1Þ ¼ TXðTX À 1Þ: (14)
As the ETX value TX increases, the variance VarðXÞ
becomes even larger and it increases much faster than ETX.
That means if the ETX of the target node is high (that is, the
target node is far from the source node), it is difficult to pre-
dict the time when the innovative packet arrives at the tar-
get node. In Fig. 5, there are obvious deviations on the
nodes of high ETXs (around 8.0 to 12.0), even though there
is no wormhole link. Thus we have to give tolerance to such
deviations. We define a deviation Normal for the normal
case at line 8 of Algorithm 2, and we leverage some unsu-
pervised learning techniques to obtain the bounds Normal
and Threshold. Since wormhole links contribute more devi-
ation by redirecting innovative packet flows, the centralized
algorithm can correctly detect the wormhole links with
proper learning algorithms.
We next explain why we choose a relatively small rank at
line 1 of Algorithm 2. The essential reason is about the corre-
spondence between the order of rank increments and the
innovative packet sent by the source node. In RLNC, each
innovative packet sent by the source contains a basis of the
code vector space. For each forwarding node, an innovative
packet must have at least one basis that the node has not
received. Thus, the order of rank increments is essentially
the order of receiving the basis from the source. However, if
there are pervading undelivered innovative packets in the
network, it is difficult to guarantee that the rank increment
of each node is due to the latest basis sent by the source.
Thus, it is desirable to observe the rank increments when
there are relatively a small number of innovative packets
pervading the whole network. In other words, the rank of
the sent innovative packets should be small enough. Thus,
we choose a relatively small rank at line 1 of Algorithm 2. A
small enough rank can guarantee the correspondence
between the order of rank increments and the basis, and
thus the centralized algorithm can effectively distinguish
whether there exists wormhole link based on the order of
rank increments.
6 THE DISTRIBUTED DETECTION ALGORITHM
In this section, we consider a practical scenario where cen-
tralized authority cannot be found. We propose DAWN, a
distributed algorithm to detect wormhole attacks in wireless
network coding systems. We will perform rigorous analysis
on the detection rate of our algorithm and its resistance
against collusions.
6.1 Algorithm Design
The basic idea of DAWN is based on the result of
Theorem 1. For any two nodes in the neighborhood, the
3. There are some cases that the ETX difference is very small even if
L is much longer than R. To circumvent such scenarios, we may choose
another pair of source and destination, and recalculate the ETXs to
make the ETXs distinguishable.
4. According to [17], ETX denotes the expected number of the pack-
ets to send until one packet successfully arrives at the destination.
JI ET AL.: WORMHOLE ATTACK DETECTION ALGORITHMS IN WIRELESS NETWORK CODING SYSTEMS 667
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
9. one with lower ETX is supposed to receive novel packets
earlier than the other one with high probabilities. In other
words, innovative packets are transmitted from low ETX
nodes to high ETX nodes with high probabilities. In order
to monitor the innovative packets transmission direction,
nodes will work collaboratively. In particular, DAWN has
two phases on each node: 1) Report packets direction
observation results to its neighbors (Algorithm 4) and 2)
Detect whether any attackers exist (Algorithm 5). The
Detect phase is based on the received results from neigh-
bors during the Report phase. Both of the algorithms
are running on every node in the network. Algorithm 4
runs simultaneously while passing on the packets, and
Algorithm 5 should be asynchronous for different nodes
and run at random time slots.
Algorithm 4. ReportFunction
Input: NðuÞ: the set of u’s neighbors; the number of
the novel packets u received from each neighbor in
the last batch; d: the threshold on ETX difference.
Output: sv: the local observation result for each
neighbor v 2 NðuÞ ; Report messages if any.
1: for v 2 NðuÞ do
2: Denote pv the number of novel packets that u
received from v during the last batch
3: if ETX(v) À ETX(u) d AND pv 0g then
4: u broadcasts the report rðu; v; 0Þ;
5: Note: rðu; v; 0Þ represents the report sent
from u about suspicious wormhole behavior of v,
with hop count 0.
6: sv ¼ 1;
7: else
8: sv ¼ 0;
9: end if
10: end for
Report phase. As shown in Algorithm 4, for each node, it
will suspect that one neighbor is an attacker if it receives
novel packets from the neighbor but the ETX of this neigh-
bor is much higher than that of itself (i.e., the distance
between the ETXs is greater than the threshold d). It sends
its judgment as a report to its neighbors (line 3-5). A node is
called a judge node of a neighbor if the distance between their
ETXs is greater than the threshold. Each report r is a tuple as
Equation (15):
r ¼ ðtime; Asuspect; Aself ; Kpub; Snovel; sigÞ: (15)
Here, time is when the reporting node discovers the abnor-
mal transmission. Asuspect is the address of the suspected
node, which sends out a novel packet and owns a higher
ETX than the recipient’s. Aself is the address of the reporting
local node. Since any node can modify the report when for-
warding it, we need to apply cryptographic techniques to
protect the integrity of the reports. We use digital signatures
of the reports to defend against malicious modification, and
abstract of the novel packet for administrative verification.
Thus, we introduce symmetric cryptographic scheme
into our system to make it more robust against attacks. In
Equation 15 Kpub is the public key of the reporting node.
Snovel is the set of the signatures of the received novel pack-
ets. sig is the signature of the report. The signatures are pro-
duced as Equation (16):
sig ¼ EncryptðKsec; ðHashðPÞÞ: (16)
Here Ksec is the secret key of the reporting node. P is the
novel packet that was received from the target.
Algorithm 5. The Distributed Detection Algorithm for
Wormholes in Wireless Network Coding Systems
(DAWN) on Node u
Input: R: the set of reports received in the last batch;
NðuÞ: the set of u’s neighbors; sj: the local observation
result of each neighbor j 2 NðuÞ; d: the threshold.
Output: Detected wormhole attackers in NðuÞ, if any.
1: for Each report rði; j; kÞ 2 R do
2: if ETX(j) À ETX(i) d OR i =2 NðjÞ then
3: Discard this report;
4: else
5: if j 2 NðuÞ then
6: sj sj þ 1;
7: end if
8: if k 2 then
9. Forward this report rði; j; k þ 1Þ;
10: end if
11: end if
12: end for
13: for each v 2 NðuÞ do
14: Let CðvÞ ¼ fi ji 2 NðvÞ s.t. ETX(v) À ETX(i) d
15: if sv ! djCðvÞjþ1
2 e then
16: Mark v as a detected wormhole attacker, and block
any traffic from or to node v in future batches.
17: end if
18: end for
Detect phase. Algorithm 5 presents the pseudocode of the
Detect phase of DAWN. For each node in the Detect phase, it
receives reports from the judge nodes of any potential
attackers. It first examines whether a report is from a valid
judge node. If so, it will forward the report unless it has
already been forwarded twice. Three-hops of the reports
make sure that more (reachable) neighbors of the potential
attacker will hear this report (line 8). Fig. 7 illustrates an
Fig. 7. An illustration of report forwarding.
668 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 14, NO. 3, MARCH 2015
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
10. example that a report is forwarded twice to make sure more
neighbors receive it.
The detection algorithm on each node accumulates
and calculates the number of its judge nodes who send
report about the reported potential attacker in the cur-
rent batch. If the number of judge nodes compose the
majority (line 15), the node will make the decision that
the attacker is involved in a wormhole attack and block
it from future communications.
6.2 Lower Bound of Detection Rate
In this section, we will show our proposed distributed
algorithm DAWN can perform well with a high lower
bound on detection rate. In particular, we have obtain
the result in Theorem 4.
Theorem 4. For an individual node v to be detected, let NðvÞ
denote the set of the neighbors of v, and SðvÞ is the subset of
NðvÞ s.t.
8w 2 SðvÞ; ETXðwÞ À ETXðvÞ d: (17)
Here d is the threshold. Let n ¼ jSðvÞj, then the lower bound of
the success rate of the algorithm is
B ¼ 1 À exp À
2ðnp À bn
2cÞ2
n
!
: (18)
Here p is specified as Equation (19):
p ¼
ETXðvÞ þ d À 1
2ETXðvÞ þ d À 1
: (19)
Proof. Based on Theorem 1, one lower bound of the
probabilities that one node in SðvÞ will receive the
novel packet earlier than v equals to p in Equation (19)
by introducing the threshold d. Thus, the success rate
R satisfies
R !
Xn
k¼dnþ1
2 e
n
k
pk
ð1 À pÞnÀk
: (20)
The lower bound B can be determined by applying
Hoeffding’s inequality [25]:
R ! 1 À
Xbn
2c
k¼0
n
k
pk
ð1 À pÞnÀk
(21)
! 1 À exp À
2ðnp À bn
2cÞ2
n
!
¼ B: (22)
tu
To illustrate the lower bound more clearly, we now show
some numerical results with different settings. Fig. 8 dem-
onstrates the lower bound of the detection rate of DAWN
with various number of judge nodes and threshold (i.e., n
and d in Equations (18) and (19) respectively). We may
set proper n and d for each node (i.e. n ¼ 41, d ¼ 10:0,
ETX ¼ 5:0) in order to address the attackers successfully
with a high probability near 1, as what Table 1 indicates. As
the simulations in Section 7, the real detection rate is much
higher than the lower bound.
6.3 Collusion Resistance of DAWN
The distributed detection algorithm DAWN requires the
collaboration of the wormhole attackers’ neighbor nodes,
i.e., monitoring attackers’ behavior, sending, forwarding
and analyzing reports. It is possible that although these
nodes do not participate in wormhole links, they collude
with wormhole attackers by making false reports against
honest nodes or other misbehavior in the report procedure
to make the detection algorithm malfunction.
In this section, we analyze the resistance of DAWN
against collusions in the report procedure. In particular, we
obtain a condition on the number of colluding nodes, under
which DAWN is resistant against colluding attacks, as
stated in Theorem 5.
Theorem 5. Let M be the set of the colluding nodes in the whole
network. Then a necessary condition for DAWN to be resistant
against colluding attacks is that Equation (23) holds for any
node v:
jM SðvÞj
jSðvÞj þ 1
2
: (23)
Here SðvÞ is the same as in Theorem 4.
Proof. Sketch: We prove by contrapositive, i.e., if Equa-
tion (23) does not hold, the decision error rate is not
bounded. Suppose that DAWN is making a decision
whether any node v is a wormhole attacker. If v is inno-
cent, all the malicious nodes in SðvÞ can send false
reports claiming v is involved in the wormhole attack.
However, the number of the good nodes in SðvÞ who can
send reports indicating v is innocent is specified as
Fig. 8. The lower bound of the success probability of the proposed dis-
tributed algorithm, with variables n and d. The ETX of the node to be
detected is 5.
TABLE 1
Lower Bounds B for Different Scenarios
ETXðvÞ d n B
5.0 9.0 39 98.66
5.0 8.0 49 98.97
5.0 10.0 41 99.38
JI ET AL.: WORMHOLE ATTACK DETECTION ALGORITHMS IN WIRELESS NETWORK CODING SYSTEMS 669
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
11. Equation (24):
jSðvÞ n Mj
jSðvÞj À 1
2
jM SðvÞj: (24)
Because it is the same with the scenario that most nodes
of SðvÞ is honest while v is malicious, it is impossible to
judge whether v is malicious. For the case where v is a
wormhole attacker and Equation (23) does not hold, sim-
ilar conclusion can be drawn. tu
For other scenarios where the colluding nodes dominate
the neighborhood of wormholes attackers, since it falls out
of the main scope of this paper, we omit the detailed solu-
tions here and leave it to future work.
6.4 Attackers Can Be Smarter
Above discussions have covered the ordinary wormhole
attack and the collusion attack. However, the attacker can
manipulate the wormhole link more intellectually. For
example, the attacker may cheat its neighbors about its ETX
by misreporting the link loss probabilities. The attacker can
also initiate the wormhole link opportunistically. The ulti-
mate objective of the attacker is to avoid being detected by
the judge nodes. In this section, we discuss the defending
solutions against these intellectual strategies.
The attacker can successfully forge its ETX only by misre-
porting the distances between its neighbors and itself. Oth-
erwise, its neighbors, which are good nodes and can share
correct information with each other, can find the attacker’s
claimed ETX is incorrect. Moreover, we can eliminate such
misreporting behaviors by letting at least three of its neigh-
bors work collaboratively to discover that the attacker’s
claimed position (based on its claimed distances) does not
exist. Thus, we can make it impractical for the attacker to
forge its ETX given the threshold and others’ ETXs.
It is still possible for the attacker to apply a opportunistic
policy on initiating the wormhole link, in order to avoid
being detected. That is, the attacker only initiates the worm-
hole link when there is no judge node in its neighborhood,
assuming the wireless network is dynamic (i.e., some mesh
networks or sensor networks). For this scenario, we can
assign some trusted nodes along the network boundary5
to
ensure that there are always enough judge nodes for each
node. Even though this solution is a little expensive, we
believe it is efficient when the network is deployed within a
not too large area.
7 EVALUATIONS
To evaluate the effectiveness and efficiency of our Central-
ized Algorithm and DAWN, we have developed a C based
discrete event simulator for network coding systems and
implemented our algorithms in the simulator.
7.1 Simulation Setup
We run our simulations on a Linux workstation (2.0 GHz
CPU and 32 GB memory). We use the cryptography library
Beecrypt [26] to implement the encryption and signature
algorithms. We adopt RSA [27] and MD5 [28] algorithms
with 4,096-bit key size. We also simulate a certificate author-
ity, which manages the public keys and identities of the
nodes. That is, a public key infrastructure is applied in our
simulations. When we calculate the time cost and communi-
cation overhead, we also include the contribution of PKI.
Performance metrics. The main performance metrics in our
evaluations include true positive rate (TPR), false positive
rate (FPR), extra computation time and the ratio of extra
communication over the total data transmissions. We define
TPR and FPR as follows:
1) TPR, the true positives out of the positives, is defined
as Equation (25):
TPR ¼
TP
P
u2M jNðuÞj
: (25)
Here TP denotes the number of the attackers’ neigh-
bors, who correctly detect the attack.
P
u2M jNðuÞj is
the total number of attackers’ neighbors.
2) FPR is false positives out of the negatives, as
Equation (26):
FPR ¼
FP
P
u62M jNðuÞj
: (26)
Here FP denotes the total number of the false detection
alarms initiated by any node.
7.2 True Positive Rate versus False Positive Rate
To take a closer look at the effectiveness of our algorithms,
our first simulation is on the network with a fixed topology.
Hundred nodes are distributed uniformly within the area of
1,000 Â 1,000 length units, as Fig. 9 illustrates. Two nodes,
whose addresses are 21 and 22, are involved in the worm-
hole link. The attackers can initiate the wormhole link at
any time during the simulation. We consider the unicast
and broadcast. For the unicast case, the source node’s
address is 1 and the destination node’s is 31. When node 31
receives each innovative packet, it sends an ACK message
to node 1 in unicast. For broadcast, the destination node is
not specified. We will test random topologies later, when
Fig. 9. Deployment of the 100 nodes. Malicious node 21 and 22 are con-
nected by a wormhole link. The attackers can enable or disable the
wormhole link at any time.
5. There are very few nodes near the network boundary, indicating
some nodes may have insufficient judge nodes.
670 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 14, NO. 3, MARCH 2015
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
12. we will choose the source and destined nodes randomly as
well. For unicast, if the source and destination are not con-
nected by the network, we eliminate this trial when we cal-
culate the measurements.
Fig. 10 presents the ROC diagram of Centralized
Algorithm and DAWN with the fixed deployment of Fig. 9.
The points in the ROC diagram are drawn using the pairs of
TPR and FPR with different thresholds, i.e., Threshold in
Algorithm 2 and d in Algorithm 5. Too low threshold (i.e.,
Threshold 10 or d 0:5) will make both TPR and FPR
near 100 percent. That is, the system is over sensitive and
always gives false alarms. Reversely, too high threshold
(i.e., Threshold 100 or d 2:0) will make both TPR and
FPR near 0 percent. That is, the system seldom releases
warnings about attacks, because the Centralized Algorithm
is too tolerant, and for DAWN there will be few judge nodes
of the target due to the strict requirement brought by high
threshold. If we choose proper threshold (i.e., Threshold
around 50 and d 2 ð1:4; 1:6Þ), for Centralized Algorithm the
TPR is over 92.00 percent and the FPR is less than 11.50 per-
cent, and for DAWN the TPR is over 91.10 percent and the
FPR is less than 12.01 percent. It verifies both Centralized
Algorithm and DAWN can detect the attackers accurately.
The second set of simulations is on multiple networks
with various topologies. We deploy 100 different topologies,
and calculate the average TPR and FPR. For each topology,
we run 100 instances. The TPR and FPR for each topology
are averaged over the 100 instances. Fig. 11 presents the
ROC diagram of Centralized Algorithm and DAWN on
networks with different topologies. The TPRs of both the
algorithms still remain over 89.43 percent for multiple
topologies and the FRPs can be less than 11.10 percent.
The performance is a little worse than that in Section 7.2 as
there are some scenarios where the wormhole link con-
nected two nodes whose ETXs are close. It verifies that
Centralized Algorithm and DAWN can detect the malicious
nodes accurately for different scenarios.
7.3 Impact of the Amount of Judge Nodes on DAWN
To investigate the influence of the number of judge nodes
on the performance of DAWN, we conduct the following
experiments. We vary the node density in the network to
change the number of judge node around the wormhole
attackers. For different scenarios with different judge
nodes, we calculate the actual TPR in the network as well as
the theoretical lower bound (as described in Section 6.2).
Fig. 12 demonstrates the TPR with different number of
judge nodes in the unicast networks. Basically, we can see
that both the actual TPR and the theoretical lower bound
increase when the number of the judge nodes increases
from 2 to 7. Even in the scenario where there are only two
judge nodes around the wormhole attackers, the TRP can
still be over 92.32 percent. Moreover, the actual TPR is
always greater than the theoretical lower bound. It verifies
the TPR can be sufficiently high if the number of the judge
nodes is big enough.
7.4 Evaluation on Collusion Resistance of DAWN
In order to examine the capability of DAWN in resisting col-
lusions among judge nodes. We test our algorithm in the
scenarios with different numbers of colluding judge nodes.
We perform experiments in the setting where there are
seven judge nodes in total. We observe the TPRs with differ-
ent number of colluding nodes.
In Fig. 13, it shows that the TPR decreases as the num-
ber of the colluding judge nodes increases. There is an
abrupt reduction of the TPR when the number of collud-
ing nodes changes from 3 to 4. In the cases with 1, 2 and
3 colluding nodes, all the TPRs are over 87.41 percent. It
Fig. 10. The ROC diagram of Centralized Algorithm and DAWN based
on the deployment of Fig. 9.
Fig. 11. The ROC diagram of Centralized Algorithm and DAWN on net-
works with various topologies.
Fig. 12. The TPR increases as the number of the judge nodes surround-
ing the attacker increases.
Fig. 13. The ROC diagram of colluded attacks for different scenarios.
The performance reduces as the number of attackers in the judge nodes
increases. There were seven judge nodes of the attacker in total.
JI ET AL.: WORMHOLE ATTACK DETECTION ALGORITHMS IN WIRELESS NETWORK CODING SYSTEMS 671
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
13. verifies that DAWN has strong resistance against the col-
luding attacks.
7.5 Overhead
We investigate the overheads of Centralized Algorithm and
DAWN using two metrics: the computation time and com-
munication overhead in percentage.
7.5.1 Computation Cost
We measure the average computation time of the central
node in the Centralized Algorithm, as well as the average
time cost per each node in the network for DAWN. The sim-
ulation takes one batch of the data transmission.
For Centralized Algorithm, Fig. 14 shows the average
computation time cost of the central node, when we set dif-
ferent node densities of the network (with different number
of nodes in the 1,000 Â 1,000 sized area). The computation
time grows linearly with the total number of the nodes,
since more nodes can generate more reports for the central
node to process. For both unicast and broadcast, the total
time cost is several milliseconds, which is tolerable for most
RLNC systems.
For DAWN, Fig. 15 shows the average computation time
cost per node and per batch with various node densities.
We can observe that our algorithm costs more time, when
there are more nodes in the network and correspondingly
more events to monitor and report. Overall it shows the
computation time cost of DAWN is tolerable for most
RLNC applications, with a few milliseconds at most.
7.5.2 Communication Overhead
For communication overhead, the metric we use is the ratio
of the number of the extra packets generated by the worm-
hole attack defending algorithm, and the number of the
original total data packets transmitted. Tables 2 and 3 show
the communication overheads for Centralized Algorithm
and DAWN in unicast and broadcast respectively. It dem-
onstrates that both the communication overheads are tolera-
ble if the node density in the network is not too high.
8 RELATED WORKS
RLNC has extensive applications in wireless network field
as it improves the throughput and utilization of the informa-
tion capacity greatly [1], [2], such as ExOR [3], COPE [4] and
MORE [5]. It is challenging to bring these solutions to reali-
ties due to the complexity of implementation or lacking
research of the related security problems. The naive RLNC
is vulnerable to several types of attack, such as pollution
attack [29], Byzantine attack [30] and wormhole attack [9]. In
this paper, we focus on wormhole attack at RLNC network.
For traditional networks, researchers offered several sol-
utions to detect and avoid such attacks [8], [9], [10], [12],
[13], [14], [15], [31], [32], [33], and [34]. These solutions can
be divided into two major groups: utilizing temporal and
spatial information, and detecting network topology change
based on graph analysis. For example, Hu et al. use packet
leashes to detect wormhole attacks [13], by appending in
each packet the location information of the senders and
they accordingly detect the physically impossible transmis-
sions. Both [16] and [15] are based on the round-trip travel
time of packet to detect wormhole links. Khalil et al. intro-
duced the guard node to help the local node detect the mali-
cious attackers, assuming the network had a static topology
[32]. There were two limitations for the methods dependent
on time and space: the nodes in the network have to be
tightly synchronous and the node location information is
available [32]. In the second group [6], [8], [10], [14], among
others, Wang and Bhargava use visualization methods to
detect wormhole links in sensor networks, revealing the
intrinsic change of network topological structure under
attacks [14]. In [6], Dong et al. detect and locate various
wormholes and relies on observing inevitable topology
deviations introduced in the network by wormholes. As we
Fig. 14. Centralized Algorithm: the average time cost of the central node
in different scenarios.
Fig. 15. DAWN: the average time cost per each node in different
scenarios.
TABLE 2
The Communication Overhead Statistics for Unicast
# nodes Centralized Alg.
overhead (%)
DAWN overhead
(%)
30 1.32 3.54
40 1.44 3.64
50 3.01 8.22
60 3.53 10.49
70 4.11 12.72
TABLE 3
The Communication Overhead Statistics for Broadcast
# nodes Centralized Alg.
overhead (%)
DAWN overhead
(%)
30 1.45 4.34
40 1.65 3.71
50 3.41 9.43
60 3.94 12.44
70 4.32 15.90
672 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 14, NO. 3, MARCH 2015
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
14. mentioned earlier, in wireless network coding systems, the
connectivity in the network is described in different ways
than traditional networks. Unfortunately, there is no solu-
tions of the wormhole attack detection for wireless network
coding systems.
9 CONCLUSION
In this paper, we have investigated the negative impacts of
wormhole attacks on wireless network coding systems. We
have proposed two algorithms that utilize the metric ETX to
defend against wormhole attacks. We have proposed a Cen-
tralized Algorithm that assigns a central node to collect and
analyze the forwarding behaviors of each node in the net-
work, in order to react timely when wormhole attack is initi-
ated. We have proven the correctness of the Centralized
Algorithm by deriving a lower bound of the deviation in
the algorithm. We have also proposed a Distributed detec-
tion Algorithm against Wormhole in wireless Network cod-
ing systems, DAWN. DAWN is totally distributed for the
nodes in the network, eliminating the limitation of tightly
synchronized clock. DAWN is efficient and thus it fits for
wireless sensor network. For both centralized and distrib-
uted algorithms, we have utilized the digital signatures to
ensure every report is undeniable and cannot be forged by
any attackers. The simulations have shown that the pro-
posed algorithms can detect the malicious nodes participat-
ing in wormhole attack with high successful rate and the
algorithm is efficient in terms of computation and commu-
nication overhead.
ACKNOWLEDGMENTS
Some results in this paper will be in the proceedings of IEEE
INFOCOM 2014. Sheng Zhong was supported in part by
RPGE, NSFC-61321491, and NSFC-61300235. Part of the
work was done while supported in part by US NSF-0845149.
REFERENCES
[1] S. Li, R. Yeung, and N. Cai, “Linear network coding,” IEEE Trans.
Inf. Theory, vol. 49, no. 2, pp. 371–381, Feb. 2003.
[2] T. Ho, M. Medard, R. Koetter, D. R. Karger, M. Effros, J. Shi, and B.
Leong, “A random linear network coding approach to multicast,”
IEEE Trans. Inf. Theory, vol. 52, no. 10, pp. 4413–4430, Oct. 2006.
[3] S. Biswas and R. Morris, “Opportunistic routing in multihop wire-
less networks,” ACM SIGCOMM Comput. Commun. Rev., vol. 34,
pp. 69–74, Sep. 2004.
[4] S. Katti, H. Rahul, W. Hu, D. Katabi, M. Medard, and J. Crow-
croft, “XORs in the air: Practical wireless network coding,” in
Proc. Conf. Appl., Technol., Archit. Protocols Comput. Commun.,
2006, pp. 243–254.
[5] S. Chachulski, M. Jennings, S. Katti, and D. Katabi, “Trading struc-
ture for randomness in wireless opportunistic routing,” in Proc.
Conf. Appl., Technol., Archit. Protocols Comput. Commun., Aug. 2007,
pp. 169–180.
[6] D. Dong, Y. Liu, X. Li, and X. Liao, “Topological detection on
wormholes in wireless ad hoc and sensor networks,” IEEE Trans.
Netw., vol. 19, no. 6, pp. 1787–1796, Dec. 2011.
[7] J. Kim, D. Sterne, R. Hardy, R. K. Thomas, and L. Tong, “Timing-
based localization of in-band wormhole tunnels in MANETs,” in
Proc. 3rd ACM Conf. Wireless Netw. Security, 2010, pp. 1–12.
[8] S. R. D. R. Maheshwari, J. Gao, “Detecting wormhole attacks in
wireless networks using connectivity information,” in Proc. IEEE
26th Int. Conf Commun., 2007, pp. 107–115.
[9] Y.-C. Hu, A. Perrig, and D. B. Johnson, “Wormhole attacks in
wireless networks,” IEEE J. Sel. Areas Commun., vol. 24, no. 2,
pp. 370–380, Feb. 2006.
[10] R. Poovendran and L. Lazos, “A graph theoretic framework for
preventing the wormhole attack in wireless ad hoc networks,”
Wireless Netw., vol. 13, no. 1, pp. 27–59, 2007.
[11] A. J. Newell, R. Curtmola, and C. Nita-Rotaru, “Entropy
attacks and countermeasures in wireless network coding,” in
Proc. 5th ACM Conf. Security Privacy Wireless Mobile Netw.,
2012, pp. 185–196.
[12] W. Wang, B. Bhargava, Y. Lu, and X. Wu, “Defending against
wormhole attacks in mobile ad hoc networks: Research articles,”
Wireless Commun. Mobile Comput., vol. 6, no. 4, pp. 483–503, Jun.
2006.
[13] Y.-C. Hu, A. Perrig, and D. B. Johnson, “Packet leashes: A defense
against wormhole attacks in wireless networks,” in Proc. IEEE
23rd Annu. Joint Conf. IEEE Comput. Commun., Mar. 2003,
pp. 1976–1986.
[14] W. Wang and B. Bhargava, “Visualization of wormholes in sensor
networks,” in Proc. 3rd ACM Workshop Wireless Security, Oct. 2004,
pp. 51–60.
[15] J. Eriksson, S. Krishnamurthy, and M. Faloutsos, “Truelink: A
practical countermeasure to the wormhole attack in wireless
networks,” in Proc. IEEE Int. Conf. Netw. Protocols, 2006,
pp. 75–84.
[16] S. Capkun, L. Buttyan, and J.-P. Hubaux, “Sector: Secure tracking
of node encounters in multi-hop wireless networks,” in Proc. 1st
ACM Workshop Security Ad Hoc Sensor Netw., 2003, pp. 21–32.
[17] D. S. J. D. Couto, D. Aguayo, J. Bicket, and R. Morris, “A high-
throughput path metric for multi-hop wireless routing,” Wireless
Netw., vol. 11, no. 4, pp. 419–434, 2005.
[18] A. G. Dimakis, P. B. Godfrey, Y. Wu, M. J. Wainwright, and K.
Ramchandran, “Network coding for distributed storage sys-
tems,” IEEE Trans. Inf. Theory, vol. 56, no. 9, pp. 4539–4551,
Sep. 2010.
[19] A. S. Avestimehr, S. N. Diggavi, and D. N. Tse, “Wireless network
information flow: A deterministic approach,” IEEE Trans. Inf. The-
ory, vol. 57, no. 4, pp. 1872–1905, Apr. 2011.
[20] B. Nazer and M. Gastpar, “Compute-and-forward: Harnessing
interference through structured codes,” IEEE Trans. Inf. Theory,
vol. 57, no. 10, pp. 6463–6486, Oct. 2011.
[21] P. Santi, “Topology control in wireless ad hoc and sensor
networks,” ACM Comput. Surv., vol. 37, no. 2, pp. 164–194, 2005.
[22] F. Wu, T. Chen, S. Zhong, L. E. Li, and Y. R. Yang, “Incentive-com-
patible opportunistic routing for wireless networks,” in Proc. 14th
ACM Int. Conf. Mobile Comput. Netw., 2008, pp. 303–314.
[23] S. Lloyd, “Least squares quantization in PCM,” IEEE Trans. Inf.
Theory, vol. IT-28, no. 2, pp. 129–137, Mar. 1982.
[24] C. Cortes and V. Vapnik, “Support vector machine,” Mach. Learn.,
vol. 20, no. 3, pp. 273–297, 1995.
[25] W. Hoeffding, “Probability inequalities for sums of bounded ran-
dom variables,” J. Amer. Statist. Assoc., vol. 58, no. 301, pp. 13–30,
1963.
[26] Beecrypt [Online]. Available: http://sourceforge.net/projects/
beecrypt/
[27] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining
digital signatures and public-key cryptosystems,” Commun. ACM,
vol. 21, no. 2, pp. 120–126, 1978.
[28] R. Rivest, “The md5 message-digest algorithm,” RFC 1321, 1992.
[29] J. Dong, R. Curtmola, and C. Nita-Rotaru, “Practical defenses
against pollution attacks in intra-flow network coding for wireless
mesh networks,” in Proc. ACM Conf. Security Privacy Wireless
Mobile Netw., Mar. 2009, pp. 111–122.
[30] T. Ho, B. Leong, R. Koetter, M. Medard, M. Effros, and D. Karger,
“Byzantine modification detection in multicast networks using
randomized network coding,” in Proc. IEEE Int. Symp. Inf. Theory,
Jan. 2004, p. 143.
[31] Z. Li, D. Pu, W. Wang, and A. Wyglinski, “Forced collision:
Detecting wormhole attacks with physical layer network coding,”
Tsinghua Sci. Technol., vol. 16, no. 5, pp. 505–519, 2011.
[32] I. Khalil, S. Bagchi, and N. B. Shroff, “Liteworp: A lightweight
countermeasure for the wormhole attack in multihop wireless
networks,” in Proc. Int. Conf. Dependable Syst. Netw., Jul. 2005,
pp. 612–621.
[33] L. Qian, N. Song, and X. Li, “Detection of wormhole attacks in
multi-path routed wireless ad hoc network: A statistical analysis
approach,” J. Netw. Comput. Appl., vol. 30, no. 1, 2007.
[34] L. Buttyan, L. Dora, and I. Vajda, “Statistical wormhole detection
in sensor networks,” in Proc. Eur. Workshop Security Privacy Ad-
Hoc Sensor Netw., Jul. 2005, pp. 128–141.
JI ET AL.: WORMHOLE ATTACK DETECTION ALGORITHMS IN WIRELESS NETWORK CODING SYSTEMS 673
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
15. Shiyu Ji is a graduate student in the Computer
Science Department at Oklahoma State Univer-
sity. He received the BE degree in 2012 from
Harbin Institute of Technology in computer
science. He is interested in crowdsourcing,
incentives, security, and privacy.
Tingting Chen received the BS and MS degrees
in computer science from the Department of Com-
puter Science and Technology, Harbin Institute of
Technology, China, in 2004 and 2006, respec-
tively, and the PhD degree from the Computer Sci-
ence and Engineering Department, State
University of New York at Buffalo, in 2011. She is
an assistant professor with the Computer Science
Department at Oklahoma State University. Her
research interests include data privacy and eco-
nomic incentives in wireless networks.
Sheng Zhong received the BS and MS degrees in
1996 and 1999, respectively, from Nanjing Univer-
sity, and the PhD degree in 2004 from Yale Uni-
versity, all in computer science. He is interested in
incentives, security, and privacy issues.
For more information on this or any other computing topic,
please visit our Digital Library at www.computer.org/publications/dlib.
674 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 14, NO. 3, MARCH 2015
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457