The working of a Mobile Ad hoc NETwork(MANET)relies on the supportive cooperation among the network nodes.But due to its intrinsic features,a misbehaving node can easily lead to a routing disorder.This paper presents ...The working of a Mobile Ad hoc NETwork(MANET)relies on the supportive cooperation among the network nodes.But due to its intrinsic features,a misbehaving node can easily lead to a routing disorder.This paper presents two trust-based routing schemes,namely Trust-based Self-Detection Routing(TSDR)and Trust-based Cooperative Routing(TCOR)designed with an Ad hoc On-demand Distance Vector(AODV)protocol.The proposed work covers a wide range of security challenges,including malicious node identification and prevention,accurate trust quantification,secure trust data sharing,and trusted route maintenance.This brings a prominent solution for mitigating misbehaving nodes and establishing efficient communication in MANET.It is empirically validated based on a performance comparison with the current Evolutionary Self-Cooperative Trust(ESCT)scheme,Generalized Trust Model(GTM),and the conventional AODV protocol.The extensive simulations are conducted against three different varying network scenarios.The results affirm the improved values of eight popular performance metrics overcoming the existing routing schemes.Among the two proposed works,TCOR is more suitable for highly scalable networks;TSDR suits,however,the MANET application better with its small size.This work thus makes a significant contribution to the research community,in contrast to many previous works focusing solely on specific security aspects,and results in a trade-off in the expected values of evaluation parameters and asserts their efficiency.展开更多
A novel reliable routing algorithm in mobile ad hoc networks using fuzzy Petri net with its reasoning mechanism was proposed to increase the reliability during the routing selection. The algorithm allows the structure...A novel reliable routing algorithm in mobile ad hoc networks using fuzzy Petri net with its reasoning mechanism was proposed to increase the reliability during the routing selection. The algorithm allows the structured representation of network topology, which has a fuzzy reasoning mechanism for finding the routing sprouting tree from the source node to the destination node in the mobile ad boc environment. Finally, by comparing the degree of reliability in the routing sprouting tree, the most reliable route can be computed. The algorithm not only offers the local reliability between each neighboring node, but also provides global reliability for the whole selected route. The algorithm can be applied to most existing on-demand routing protocols, and the simulation results show that the routing reliability is increased by more than 80% when applying the proposed algorithm to the ad hoc on demand distance vector routing protocol.展开更多
Because the intrinsic characteristics of mobile ad hoc networks(MANETs) cause several vulnerabilities,anonymous routing protocols attract much more attention in secure mobile ad hoc networks for the purposes of secu...Because the intrinsic characteristics of mobile ad hoc networks(MANETs) cause several vulnerabilities,anonymous routing protocols attract much more attention in secure mobile ad hoc networks for the purposes of security and privacy concerns.Until recently,lots of anonymous routing protocols have been proposed.However,most of them are single path or use one path at a time,and the multipath schemes can not thwart both the passive attacks and active attacks simultaneously.Thus an anonymous multipath routing protocol based on secret sharing is proposed.The protocol provides identity anonymity,location anonymity,data and traffic anonymity by employing cryptograph technology and secret sharing in MANET communication process.Meanwhile,a hash function is introduced to detect active attacks in the data transmission process.The protocol can effectively thwart various passive attacks and reduce the successful probability of active attacks(such as interception and physical destroy attacks).Simulation results show that the proposed scheme provides a reasonably good level of network security and performance.展开更多
Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to...Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, and lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. A distributed intrusion detection approach based on timed automata is given. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then the timed automata is constructed by the way of manually abstracting the correct behaviours of the node according to the routing protocol of dynamic source routing (DSR). The monitor nodes can verify the behaviour of every nodes by timed automata, and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, the approach is much more efficient while maintaining the same level of effectiveness. Finally, the intrusion detection method is evaluated through simulation experiments.展开更多
Mobile ad hoc networks are often deployed in environments where the nodes of the networks are unattended and have little or no physical protection against tampering. The nodes of mobile ad hoc networks are thus suscep...Mobile ad hoc networks are often deployed in environments where the nodes of the networks are unattended and have little or no physical protection against tampering. The nodes of mobile ad hoc networks are thus susceptible to compromise. The networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised aodes or intruders. In this paper, we investigated the effects of flooding attacks in network simulation 2 (NS-2) and measured the packet delivery ratio and packet delay under different flooding frequencies and different numbers of attack nodes. Simulation results show that with the increase the flooding frequencies and the numbers of attack nodes, network performance drops. But when the frequency of flooding attacks is greater than a value, the performance decrease gets smooth. Meanwhile the packet delay firstly increases and then declines to a value of stability at the end.展开更多
Mobile ad hoc networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack and its defense in ad hoc networks. T...Mobile ad hoc networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack and its defense in ad hoc networks. The new DOS attack, called AA hoc Flooding Attack(AHFA), is that intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication can not be kept. After analyzed AM hoc Flooding Attack, we develop Flooding Attack Prevention (FAP), a genetic defense against the AM hoc Flooding Attack. When the intruder broadcasts exceeding packets of Route Request, the immediate neighbors of the intruder record the rate of Route Request. Once the threshold is exceeded, nodes deny any future request packets from the intruder. The results of our implementation show FAP can prevent the AM hoe Flooding attack efficiently.展开更多
Ad Hoc网络的移动特性是安全路由中不能忽略的一个重要因素.在一个频繁变化甚至高速移动的网络中,目前大部分安全路由协议难以完成可信通信方的认证,从而无法建立起安全的路由通道.这是由于认证过程是一个连续的消息交互过程,移动特性...Ad Hoc网络的移动特性是安全路由中不能忽略的一个重要因素.在一个频繁变化甚至高速移动的网络中,目前大部分安全路由协议难以完成可信通信方的认证,从而无法建立起安全的路由通道.这是由于认证过程是一个连续的消息交互过程,移动特性使得这个连续交互无法保证.文中在链路状态路由协议OLSR的基础上提出了基于信任保留的安全路由协议TPSRP,该协议采用信任保留的方式对节点进行认证,解决高速移动网络中节点认证问题.TPSRP还针对目前信任评估方法缺少有效的自适应性提出了一种新的信任评估手段,使得节点可以通过综合的信任信息,自我辨别并限制内部背叛节点的恶意行为,同时有效地检测与抵抗Ad Hoc网络中的协作攻击,如虫洞攻击等.最后的仿真显示,在网络移动特性增强的情况下,TPSRP的认证性能要优于传统认证协议,并能够有效孤立攻击节点.展开更多
文摘The working of a Mobile Ad hoc NETwork(MANET)relies on the supportive cooperation among the network nodes.But due to its intrinsic features,a misbehaving node can easily lead to a routing disorder.This paper presents two trust-based routing schemes,namely Trust-based Self-Detection Routing(TSDR)and Trust-based Cooperative Routing(TCOR)designed with an Ad hoc On-demand Distance Vector(AODV)protocol.The proposed work covers a wide range of security challenges,including malicious node identification and prevention,accurate trust quantification,secure trust data sharing,and trusted route maintenance.This brings a prominent solution for mitigating misbehaving nodes and establishing efficient communication in MANET.It is empirically validated based on a performance comparison with the current Evolutionary Self-Cooperative Trust(ESCT)scheme,Generalized Trust Model(GTM),and the conventional AODV protocol.The extensive simulations are conducted against three different varying network scenarios.The results affirm the improved values of eight popular performance metrics overcoming the existing routing schemes.Among the two proposed works,TCOR is more suitable for highly scalable networks;TSDR suits,however,the MANET application better with its small size.This work thus makes a significant contribution to the research community,in contrast to many previous works focusing solely on specific security aspects,and results in a trade-off in the expected values of evaluation parameters and asserts their efficiency.
文摘A novel reliable routing algorithm in mobile ad hoc networks using fuzzy Petri net with its reasoning mechanism was proposed to increase the reliability during the routing selection. The algorithm allows the structured representation of network topology, which has a fuzzy reasoning mechanism for finding the routing sprouting tree from the source node to the destination node in the mobile ad boc environment. Finally, by comparing the degree of reliability in the routing sprouting tree, the most reliable route can be computed. The algorithm not only offers the local reliability between each neighboring node, but also provides global reliability for the whole selected route. The algorithm can be applied to most existing on-demand routing protocols, and the simulation results show that the routing reliability is increased by more than 80% when applying the proposed algorithm to the ad hoc on demand distance vector routing protocol.
基金supported by the National Basic Research Program of China(973 Program)(2011CB302903)the Key Program of Natural Science for Universities of Jiangsu Province(10KJA510035)+2 种基金the Science and Technology Innovation Group Foundation of Jiangsu Province ("Qing and Lan" Project)the Postgraduate Innovation Project Foundation of Jiangsu Province(CX10B 194ZCX09B 152Z)
文摘Because the intrinsic characteristics of mobile ad hoc networks(MANETs) cause several vulnerabilities,anonymous routing protocols attract much more attention in secure mobile ad hoc networks for the purposes of security and privacy concerns.Until recently,lots of anonymous routing protocols have been proposed.However,most of them are single path or use one path at a time,and the multipath schemes can not thwart both the passive attacks and active attacks simultaneously.Thus an anonymous multipath routing protocol based on secret sharing is proposed.The protocol provides identity anonymity,location anonymity,data and traffic anonymity by employing cryptograph technology and secret sharing in MANET communication process.Meanwhile,a hash function is introduced to detect active attacks in the data transmission process.The protocol can effectively thwart various passive attacks and reduce the successful probability of active attacks(such as interception and physical destroy attacks).Simulation results show that the proposed scheme provides a reasonably good level of network security and performance.
基金the National High Technology Development "863" Program of China (2006AA01Z436, 2007AA01Z452)the National Natural Science Foundation of China(60702042).
文摘Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, and lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. A distributed intrusion detection approach based on timed automata is given. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then the timed automata is constructed by the way of manually abstracting the correct behaviours of the node according to the routing protocol of dynamic source routing (DSR). The monitor nodes can verify the behaviour of every nodes by timed automata, and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, the approach is much more efficient while maintaining the same level of effectiveness. Finally, the intrusion detection method is evaluated through simulation experiments.
基金the Shanghai Municipal Natural Science Foundation (No.09ZR1414900)the National High Technology Research and Development Program (863) of China (Nos.2006AA01Z436,2007AA01Z452 and 2009AA01Z118)
文摘Mobile ad hoc networks are often deployed in environments where the nodes of the networks are unattended and have little or no physical protection against tampering. The nodes of mobile ad hoc networks are thus susceptible to compromise. The networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised aodes or intruders. In this paper, we investigated the effects of flooding attacks in network simulation 2 (NS-2) and measured the packet delivery ratio and packet delay under different flooding frequencies and different numbers of attack nodes. Simulation results show that with the increase the flooding frequencies and the numbers of attack nodes, network performance drops. But when the frequency of flooding attacks is greater than a value, the performance decrease gets smooth. Meanwhile the packet delay firstly increases and then declines to a value of stability at the end.
基金This project was supported by the National"863"High Technology Development Programof China (2003AA148010) Key Technologies R&D Programof China (2002DA103A03 -07)
文摘Mobile ad hoc networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack and its defense in ad hoc networks. The new DOS attack, called AA hoc Flooding Attack(AHFA), is that intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication can not be kept. After analyzed AM hoc Flooding Attack, we develop Flooding Attack Prevention (FAP), a genetic defense against the AM hoc Flooding Attack. When the intruder broadcasts exceeding packets of Route Request, the immediate neighbors of the intruder record the rate of Route Request. Once the threshold is exceeded, nodes deny any future request packets from the intruder. The results of our implementation show FAP can prevent the AM hoe Flooding attack efficiently.
