SURVIVABILITY IN MOBILE AD HOC NETWORKS · I declare that the thesis entitled Survivability in...

SURVIVABILITY IN MOBILE AD HOC NETWORKS

A Thesis submitted to Gujarat Technological University

for the Award of

Doctor of Philosophy

in

Computer/IT Engineering

by

Pimal Khanpara

Enrollment No.: 139997107006

Under supervision of

Dr. Bhushan Trivedi

GUJARAT TECHNOLOGICAL UNIVERSITY

AHMEDABAD

September - 2018

SURVIVABILITY IN MOBILE AD HOC

NETWORKS

A Thesis submitted to Gujarat Technological University

for the Award of

Doctor of Philosophy

in

Computer/IT Engineering

by

Pimal Khanpara

Enrollment No.: 139997107006

Under supervision of

Dr. Bhushan Trivedi

Dean, Faculty of Computer Technology, GLS University, Ahmedabad


AHMEDABAD

September - 2018

iii

© Pimal S Khanpara

iv

DECLARATION

I declare that the thesis entitled Survivability in Mobile Ad hoc Networks

submitted by me for the degree of Doctor of Philosophy is the record of research work

carried out by me during the period from July 2014 to August 2018 under the supervision

of Dr. Bhushan Trivedi and this has not formed the basis for the award of any degree,

diploma, associateship, fellowship, titles in this or any other University or other

institution of higher learning.

I further declare that the material obtained from other sources has been duly

acknowledged in the thesis. I shall be solely responsible for any plagiarism or other

irregularities, if noticed in the thesis.

Signature of the Research Scholar: …………………………………………..

Name of Research Scholar: Pimal Khanpara

Date: ………………………………………..

Place: Ahmedabad

v

CERTIFICATE

I certify that the work incorporated in the thesis “Survivability in Mobile Ad hoc

Networks” submitted by Miss. Pimal S. Khanpara was carried out by the

candidate under my supervision/guidance. To the best of my knowledge: (i) the

candidate has not submitted the same research work to any other institution for

any degree/diploma, Associate ship, Fellowship or other similar titles (ii) the

thesis submitted is a record of original research work done by the Research

Scholar during the period of study under my supervision, and (iii) the thesis

represents independent research work on the part of the Research Scholar.

Signature of Supervisor: …………………………………………….

Name of Supervisor: Dr. Bhushan Trivedi

Date: …………………………………….

Place: Ahmedabad

vi

Course-work Completion Certificate

This is to certify that Ms. Pimal Khanpara enrolment no. 139997107006 is a PhD

scholar enrolled for PhD program in the branch Computer/IT Engineering of Gujarat

Technological University, Ahmedabad.

(Please tick the relevant option(s))

He/She has been exempted from the course-work (successfully completed during M.Phil Course)

He/She has been exempted from Research Methodology Course only (successfully completed during M.Phil Course)

He/She has successfully completed the PhD course work for the partial requirement for the award of PhD Degree. His/ Her performance in the course work is as follows-

Grade Obtained in Research Methodology

(PH001)

Grade Obtained in Self Study Course (Core Subject)

(PH002)

AB AA

Supervisor’s Sign (Name of Supervisor)

vii

Originality Report Certificate

It is certified that PhD Thesis titled “Survivability in Mobile Ad hoc

Networks” submitted by Ms. Pimal S. Khanpara has been examined by

me. I undertake the following:

1. Thesis has significant new work / knowledge as compared already published

or are under consideration to be published elsewhere. No sentence, equation,

diagram, table, paragraph or section has been copied verbatim from

previous work unless it is placed under quotation marks and duly

referenced.

2. The work presented is original and own work of the author (i.e. there is no

plagiarism). No ideas, processes, results or words of others have been

presented as Author own work.

3. There is no fabrication of data or results which have been compiled /

analyzed.

4. There is no falsification by manipulating research materials, equipment or

processes, or changing or omitting data or results such that the research is

not accurately represented in the research record.

5. The thesis has been checked using Turnitin (copy of originality report

attached) and found within limits as per GTU Plagiarism Policy and

instructions issued from time to time (i.e. permitted similarity index

<=25%).

Signature of Research Scholar: Date:


Place: Ahmedabad

Signature of Supervisor: Date:


Place: Ahmedabad

ix

PhD THESIS Non-Exclusive License to


In consideration of being a PhD Research Scholar at GTU and in the interests of the

facilitation of research at GTU and elsewhere, I, Pimal S. Khanpara having

Enrollment No. 139997107006 hereby grant a non- exclusive, royalty free and

perpetual license to GTU on the following terms:

1. GTU is permitted to archive, reproduce and distribute my thesis, in whole or in

part, and/or my abstract, in whole or in part ( referred to collectively as the

Work) anywhere in the world, for non-commercial purposes, in all forms of

media;

2. GTU is permitted to authorize, sub-lease, sub-contract or procure any of the

acts mentioned in paragraph (1);

3. GTU is authorized to submit the Work at any National / International Library,

under the authority of their Thesis Non-Exclusive License;

4. The Universal Copyright Notice © shall appear on all copies made under the

authority of this license;

5. I undertake to submit my thesis, through my University, to any Library and

Archives. Any abstract submitted with the thesis will be considered to form part

of the thesis.

6. I represent that my thesis is my original work, does not infringe any rights of

others, including privacy rights, and that I have the right to make the grant

conferred by this non-exclusive license.

7. If third party copyrighted material was included in my thesis for which, under

the terms of the Copyright Act, written permission from the copyright owners

is required, I have obtained such permission from the copyright owners to do

the acts mentioned in paragraph (1) above for the full term of copyright

protection.

8. I retain copyright ownership and moral rights in my thesis, and may deal with

the copyright in my thesis, in any way consistent with rights granted by me to

my University in this non-exclusive license.

x

9. I further promise to inform any person to whom I may hereafter assign or

license my copyright in my thesis of the rights granted by me to my University

in this non- exclusive license.

10. I am aware of and agree to accept the conditions and regulations of PhD

including all policy matters related to authorship and plagiarism.

Signature of Research Scholar: Date:


Place: Ahmedabad

Signature of Supervisor: Date:


Place: Ahmedabad

Seal:

xi

Thesis Approval Form

The viva-voce of the PhD Thesis submitted by Miss. Pimal S. Khanpara

(Enrollment No. 139997107006) entitled “Survivability in Mobile Ad hoc

Networks” was conducted on Date: ___________, at Gujarat

Technological University.

(Please tick any one of the following option)

The performance of the candidate was satisfactory. We recommend that she

be awarded the PhD degree.

Any further modifications in research work recommended by the panel after

3 months from the date of first viva-voce upon request of the Supervisor or

request of Independent Research Scholar after which viva-voce can be re-

conducted by the same panel again.

The performance of the candidate was unsatisfactory. We recommend that

she should not be awarded the PhD degree.

Name & Signature of Supervisor with Seal External Examiner-1 Name & Signature

External Examiner-2 Name & Signature External Examiner-3 Name & Signature

xii

Abstract

In disaster scenarios, the infrastructure of conventional communication networks can be

overloaded or damaged severely. In such situations, infrastructure-less Mobile Ad hoc

Networks (MANETs) can be deployed to provide communication services in an ad hoc

manner. MANETs are challenging due to their fundamental characteristics such as dynamic

topology, mobility of nodes, limited network resources and the absence of any centralized

authority for network administration. Due to the mobility of nodes in MANETs,

communication links may not be available after a short while and the number and identity of

participating nodes cannot be assumed. MANETs use air as the communication medium and

hence, wireless links available between networks nodes are not secure and susceptible to many

attacks. In such environments, where little or no physical protection is available against a

variety of attacks, attackers may attempt to disrupt communication process and other network

functionalities. To keep the normal operation of the network intact, researchers have proposed

the idea of survivability, the ability of the network to continue functioning despite attacks and

consequences of attacks.

Survivability is defined as the ability of a system to fulfil its mission in a timely manner, even

in the presence of attacks, accidents or failures. To apply this concept in MANETs, the

requirements of survivability are defined based on the characteristics of ad hoc networks.

Resistance, recognition, recovery and adaptability are the key properties of a survivable

system. A survivability framework for MANETs consisting of three defense lines- Preventive,

Reactive and Tolerance can be implemented taking into account survivability key properties

and requirements for ad hoc networks. Most of the existing survivable initiatives for MANETs

either do not use all three defense lines or focus on only specific survivability properties and

requirements, which makes such solutions attack or application specific. Our research attempts

to develop a survivability framework for general applications of MANETs. The proposed

survivability framework consists of three lines of defense with all important properties and

requirements of survivability. Prevention, detection, diagnosis, mitigation and tolerance of

attacks are implemented as the functional blocks of the proposed survivability framework. The

performance of this framework has been evaluated with a well-known routing protocol AODV

and various possible forms of flooding attacks in ad hoc networks. Different parameters

affecting the performance of the network are also varied in a range for assessing the

xiii

effectiveness of the proposed framework. According to the results obtained, a MANET with

the functionalities of the proposed survivability framework can survive the effects of attacks

at a great extent if our framework is deployed. A network with survivability outperforms the

network without survivability.

xiv

Acknowledgement

Any journey cannot be accomplished without the able support of people who

directly or indirectly lend their time or resources, in order to reach our goal. First

and foremost, I would like to convey my heartfelt gratitude to my parents, my

brother, and my friends for their continuous motivation and adjustments. Words

can never be enough in expressing how grateful I am to these people who made this

thesis possible.

I would like to thank from the bottom of my heart to my supervisor Dr. Bhushan

Trivedi, for believing in me, even when I gave up from time to time. His blessings,

motivation and constant support in worst and best times, has finally paid off in

terms of our research. It would not have been possible for me to constantly strive

for better performance without his extraordinary vision. As a teacher and a guide,

he never leaves the hands of his students. He is with you like a shadow during good

and bad. He has always believed in me more than anyone else.

I would also like to sincerely thank the Doctoral Progress Committee (DPC) members

Dr. Devesh Jinwala and Dr. Darshan Choksi for their frank reviews and precious

suggestions which made our journey a lot easier. The completion of this work would

not have been possible without their able inputs and technical guidance.

I would like to address special thanks to the unknown reviewers of my thesis, for

accepting to read and review this thesis. I wish to thank the authors, developers and

maintainers of the open source used in this work. I would like to appreciate all the

researchers whose works I have used, initially in understanding my field of research

and later for updates. I would like to thank the many people who have taught me

starting with my school teachers, my undergraduate teachers, and my post graduate

teachers.

Last but not the least; I would like to thank my colleagues at Nirma University for

their constant support and help.

xv

Table of Content

Chapter-1 Introduction 1

1.1 Background 1

1.2 Mobile Ad hoc Networks 1

1.3 Security Issues in MANETs 2

1.4 Network Layer Attacks 2

1.5 Security Mechanisms for MANETs 5

1.5.1 Preventive Security Mechanisms for MANETs

1.5.2 Reactive Security Mechanisms for MANETs

1.5.3 Intrusion Detection Systems

1.5.4 Why implementation of IDS is challenging in

MANETs?

1.6 Research Gap 13

1.7 Survivability 13

1.7.1 Intrusion Tolerance

1.7.2 Need for Intrusion Tolerance


1.8 Motivation and Objectives 15

1.9 Keywords 16

1.10 Contributions of the Study 17

1.11 Research Methodology utilized for Research

Work

17

1.12 Organization of the reminder of the thesis 19

Chapter-2 Literature Survey 20

2.1 Security Issues in MANETs 21

2.2 Preventive Security Mechanisms for MANETs 23

2.2.1 Existing Cryptography based

Schemes

2.3 Reactive Security Mechanisms for MANETs 28

2.4 Survivability in MANETs 35

2.4.1 Requirements of Survivability

2.4.2 Key Properties of Survivability

2.4.3 Existing Survivable Initiatives

2.5 Survey Conclusions 43

xvi

Chapter-3 Proposed Survivability Framework 46

3.1 Problem Statement 46

3.2 Scope of Research 46

3.3 Objectives of Research 46

3.4 Original Contribution by the thesis 47

3.5 Threat Model 48

3.5.1 DoS Attacks

3.6 Proposed Survivability Framework 50

Chapter-4 Functional blocks of the Proposed Framework 54

4.1 Preventive Defense 54

4.1.1 Prevention Block

4.1.2 Algorithm of Prevention Block

4.2 Reactive Defense 62

4.2.1 Detection Block

4.2.2 Algorithm of Detection Block

4.2.3 Diagnosis Block

4.2.4 Algorithm of Diagnosis Block

4.2.5 Mitigation Block

4.2.6 Algorithm of Mitigation Block

4.3 Tolerance 68

4.3.1 Overlay Routing

4.3.2 Algorithm of Tolerance Block

4.4 Workflow of the Proposed Framework 69

Chapter-5 Experimental Setup and Results 73

5.1 Simulation Setup 73

5.2 Performance Parameters 75

5.3 Experimental Results 77

5.3.1 Prevention

5.3.2 Detection

5.3.3 Diagnosis

5.3.4 Mitigation

5.3.5 Tolerance

xvii

Chapter-6 Conclusions and Future Enhancements 107

6.1 Objectives Achieved 107

6.2 Conclusion 109

6.3 Possible Future Scope 110

xviii

List of Abbreviations

MANET : Mobile Ad hoc Network

AODV : Ad hoc On-Demand Distance Vector

DSR : Dynamic Source Routing

IDS : Intrusion Detection System

PKI : Public Key Infrastructure

KBID : Knowledge based Intrusion Detection

ABID : Anomaly based Intrusion Detection

SBID : Signature based Intrusion Detection

IT : Intrusion Tolerance

GlomoSim : Global Mobile Information System Simulator

DoS : Denial of Service

QoS : Quality of Service

CA : Certificate Authority

IBC : Identity Based Cryptography

HIDS : Host based Intrusion Detection System

NIDS : Network based Intrusion Detection System

BFTR : Best Effort Fault Tolerant Routing

CLA : Cross Layer Approach

SMT : Secure Message Transmission

SA : Security Association

APS : Active Path Set

SDMP : Secure Data based MultiPath

WEP : Wired Equivalent Privacy

Ex-OR : Exclusive – OR

SPREAD : Secure Protocol for Reliable Data Delivery

TIARA : Techniques for Intrusion-resistant Ad hoc Routing Algorithm

FLAC : Flow based Route Access Control

FSREQ : Flow Sending Request

FAREP : Flow Acceptance Reply

RREQ : Route Request

RREP : Route Reply

RERR : Route Error

DR : Detection Rate

FPR : False Positive Rate

xix

List of Figures

Figure – 1.1 Security Mechanisms in MANETs

Figure - 1.2 Network Layer Classification

Figure - 1.3 Knowledge based Intrusion Detection Systems

Figure - 1.4 Anomaly Based Intrusion Detection Systems

Figure – 1.5 Specification Based Intrusion Detection Systems

Figure – 2.1 Defense Lines

Figure – 2.2 Classification of Key-based Preventive Security Mechanisms

Figure – 3.1 Classification of DoS Attacks

Figure – 3.2 Three Defense Lines for Survivability

Figure – 3.3 Proposed Survivability Framework

Figure – 3.4 Functional Blocks of the Proposed Survivability Framework

Figure – 4.1 Complete workflow of the proposed survivability framework

Figure – 5.1 Effect of Prevention Logic on Routing Overhead

Figure – 5.2 Routing Overhead with and without Prevention for 20 traffic sources



Figure – 5.5 Effect of Prevention on Percentage of Data Packets Dropped

Figure – 5.6 % of Data Packets Dropped with and without Prevention for 20 traffic

sources


sources


sources

Figure – 5.9 Effect of Attack Aggregation Interval on Detection Rate

Figure – 5.10 Detection Rate with varying Attack Aggregation Interval for 20 traffic

sources

xx

Figure – 5.11 Detection Rate with varying Attack Aggregation Interval for 40 traffic

sources

Figure – 5.12 Effect of Attack Aggregation Interval on False Positive Rate

Figure – 5.13 False Positive Rate with varying Attack Aggregation Interval for 20

traffic sources

Figure – 5.14 False Positive Rate with varying Attack Aggregation Interval for 40

traffic sources

Figure – 5.15 Effect of Attack Aggregation Interval on Diagnosis

Figure – 5.16 Attack Aggregation Interval vs. Diagnosis

Figure – 5.17 Attack Aggregation Interval vs. Routing Overhead for 20 traffic sources


Figure – 5.19 Attack Aggregation Interval vs. % of Data Packets Dropped for 20

traffic sources

Figure – 5.20 Attack Aggregation Interval vs. % of Data Packets Dropped for 40

traffic sources

Figure – 5.21 Effect of tolerance logic on Routing Overhead for 20 traffic sources



Figure – 5.24 Effect of tolerance logic on % of Data Packets Dropped for 20 traffic

sources


sources


sources

xxi

List of Tables

Table – 2.1 Layer-wise attacks in MANETs

Table – 2.2 Contributory Security Mechanisms

Table – 2.3 Distributive Security Mechanisms

Table – 2.4 Comparison of Point Detection Mechanisms

Table – 2.5 Comparison of Intrusion Detection Systems

Table – 2.6 Requirements of Survivability in MANETs

Table – 2.7 Survivability Key Properties and Requirements achieved in

Existing Survivable Initiatives

Table – 4.1 IF-THEN Fuzzy Rules for β

Table – 4.2 IF-THEN Fuzzy Rules for γ

Table – 4.3 IF-THEN Fuzzy Rules for λ

Table – 5.1 Protocols Available at Different Network Layers in GloMoSim

Table – 5.2 Simulation Parameters

Chapter – 1 Introduction

1

CHAPTER – I

Introduction

1.1 Background

Nowadays, due to the spread of mobile devices and Internet service facilities, mobile ad

hoc networking and ubiquitous computing have become popular. Many people employ

wireless networking for their personal and professional activities, by using various wireless

devices such as mobile phones, laptops, wireless sensors, and PDAs.

1.2 Mobile Ad hoc Networks

A Mobile Ad hoc NETwork (MANET) is a set of mobile nodes that communicate with

each other using the wireless medium of the air. In a MANET, there is no fixed

infrastructure and participating nodes also act as routers for forwarding packets without

any central administration. MANETs have a dynamic topology and any node can enter or

leave the network anytime [1]. Initially, MANETs were used in military applications and

battlefield communications but nowadays their use has been enlarged and they have been

used for various applications such as information sharing during a presentation or lecture,

emergency disaster relief, controlling or sensing a region, military communication and so

on [2].

Participating nodes in MANETs must perform basic network functions such as routing,

authentication and access control. MANET nodes are mobile and have limited resources

(energy, bandwidth, memory and computing capabilities). Due to small, portable devices

with constrained resources and open wireless communication medium, network

management becomes a difficult task in ad hoc networks. The absence of support

infrastructure, dynamic topology, and fully decentralized network control make ad hoc

networks vulnerable to different types of attacks or intrusions [3]. Many attacks such as

flooding, blackhole, wormhole, impersonation, and others [4] [5] target the basic

characteristics of ad hoc networks.


2

1.3 Security Issues in MANETs

The basic operations of MANETs can be compromised by attacking different layers of the

network model [6]. Most of the attackers target the network layer as routing is one of the

most important services to be provided by a MANET. Functionalities implemented by

various routing protocols at the network layer are vulnerable because of the fundamental

characteristics of MANETs such as limited battery and computational power, a lack of the

centralized control entity, participation of network nodes in the routing process, dynamic

topology, mobility and short-term network services.

The following section describes network layer vulnerabilities and the existing solutions.

1.4 Network Layer Attacks

There are two main categories of Network Layer attacks in Mobile Ad hoc Networks:

Passive attacks and Active attacks [6]. In passive attacks, the attacker does not try to affect

the normal operation of the routing protocol but tries to get some valuable information about

the network. In such attacks, the attacker attempts to know about the topology of the

network, traffic pattern and identity, and location of the network nodes. Passive attacks in

MANETs are categorized as:

Eavesdropping [7]:

In MANETs, because of wireless links, a node can listen to a message transmitted by

another node without its consent if they are in the same radio range. The eavesdropper can

get useful information if the message is not encrypted. Eavesdropping does not affect the

operation of the network and therefore it is not considered to be a severe attack though the

attacker could get some confidential information using eavesdropping. Geographical

distribution of the network nodes and their transmission range are the main parameters of

the eavesdropping attack.

Traffic Analysis [7]:

Attackers analyze the traffic pattern to get some useful information about the particular

nodes in the network. Even if the messages are encrypted, attackers can extract some useful


3

information using traffic analysis. Though it is a passive attack, in some MANET

applications, the disclosure of important information through traffic analysis could not be

permitted.

Location Disclosure [7]:

The location of a node can be discovered by an attacker by listening to the traffic on

wireless links. In this attack, attackers gather the node location information like route map

to know which route is situated on the target route. The location of the target node can be

found by the attackers by analyzing the traffic pattern and the packets transmitted by that

node.

In the active attacks in MANETs, attackers try to disrupt the functioning of the network by

altering, forging, dropping, fabricating or injecting data or control packets in the network.

These attacks can be launched in the network by a single intruder or colluding attackers

performing a sequence of activities. Active attacks are more severe compared to passive

attacks as they can degrade the performance of the network significantly or bring down the

network. Active attacks are mainly categorized as routing attacks and packet dropping

attacks.

Packet Dropping [8]:

In packet dropping attack, the malicious node drops the data packets instead of forwarding

them. This attack is also known as data forwarding misbehavior. In some cases, the nodes

drop the data packets because of their low battery power or heavy load or selfish behavior.

The nodes’ behavior is sometimes selfish to save their resources to process their own

operations.

Routing Attacks [9]:

The routing protocols are vulnerable to routing attacks because all the nodes in the network

participate cooperatively in the routing process to find the best route. Attackers can use this

feature and another characteristic of MANETs such as the absence of a centralized

controlling entity to launch the routing attacks. The standard on-demand routing protocols

such as AODV and DSR can be targeted by intruders to launch a wide range of attacks.


4

Routing attacks are further classified as black hole, gray hole, Sybil, rushing and sleep

deprivation attacks.

Sleep Deprivation Attack [10]

In this attack, the attacker tries to communicate with the target node so that it cannot enter

into sleep mode to conserve its battery power. It is a distributed denial of service attack.

The malicious node uses route request flooding technique in which it broadcasts a route

request packet with a destination address that does not exist in the network. As the

corresponding destination node does not exist, the route reply packet cannot be generated

and after waiting for a fixed time interval, the malicious node re-broadcasts the route

request packet. This process continues and the nodes have to forward the request packets

as no one will have the route to the destination.

Black Hole Attack [11]

This attack targets the route discovery procedure of on-the-fly routing protocols such as

AODV and DSR. When a node sends a route request packet, an attacker advertises itself as

having the fresh route. The attacker repeats this for route requests received from other nodes

and becomes a part of many routes in the network. For all such routes, where the intruder

is an intermediate node does not forward or process the packets but drops them, causing a

black hole in the network. In different routing protocols, the intruder may use different

techniques to initiate the black hole attack. The attack is more severe when the intruder

becomes a part of many routes in the network.

Grey Hole Attack [12]

As with the Black Hole attack, in a grey hole attack, an intruder first becomes a part of the

paths in the network and captures the paths. The intruder then drops the selective packets.

The intruder may drop packets from specific source nodes or uses some other specific

pattern for dropping or choose the packets probabilistically for dropping. Thus, a grey hole

attack is a special form of black hole attack. They differ in packet dropping pattern. If the


5

attacker drops all the packets then it is considered a black hole attack; if it drops selective

packets then the attack is called grey hole attack.

Sybil Attack [13]

In MANETs, there is a lack of centralized control authority to verify the identities of the

network nodes. An attacker can take the advantage of this property to send control packets

using different identities. This attack is known as a Sybil attack or an impersonation attack.

In this attack, the intruder uses the identity of another network node or random identity to

mislead the routing protocol. An intruder may implement this attack to establish the basis

for some other severe attack.

Rushing Attack [14]

The reactive routing protocols require the nodes to forward only the first route request

packet that arrives for each path discovery. An attacker can make use of this characteristic

to spread route request packets quickly throughout the network to prevent any later valid

route request packets. Because of this, the routes having the intruder can be discovered

instead of other legitimate routes. This attack was first described by Hu et al. [14]. They

also proposed different mechanisms such as randomized route request forwarding, secure

route delegation and detection of secure neighbors to prevent this attack.

1.5 Security Mechanisms for MANETs

Many researchers have proposed techniques for securing ad hoc networks. Most of these

techniques either try to prevent attacks or intrusions from targeting networks and their

functionalities; or they apply detection mechanisms to attempt to identify a specific type of

attack [15]. Whether these techniques are preventive or reactive, their goal is to protect ad

hoc networks and their basic applications. As shown in Figure – 1.1, these conventional

security solutions use different mechanisms such as cryptography, path diversity protocols,

designated hardware, overhearing neighbor communication and others [16].


6

Figure – 1.1 Security Mechanisms in MANETs

1.5.1 Preventive Security Mechanisms for MANETs

The main objective of preventive security mechanisms is to prevent attacks from targeting

the network. In conventional wired or wireless networks, preventive mechanisms are

implemented using firewalls. Firewalls are placed at ingress/egress points of the network

and thus, they control the traffic which can pass through the network. Implementation of

firewall-based prevention mechanisms is difficult in MANETs due to the fundamental

characteristics of such networks [17]. There is no centralized authority in MANETs and all

nodes are treated at the same level. Moreover, nodes can move freely in the network terrain

and they can enter or leave the network anytime. In such environment, it is very difficult to

define ingress/egress point of the network. Hence, the conventional concept of using

firewalls to prevent attacks is not possible to implement in MANETs [18].

Due to this limitation, many researchers have proposed cryptography based prevention

mechanisms for MANETs [19]. As described in our literature survey section, most of these

prevention mechanisms use Public Key Infrastructure (PKI) based cryptographic

techniques. Though the use of PKI increases the level of security in the network, it has

some major drawbacks. Most of the public key cryptographic techniques require a large

number of computations to encrypt and decrypt messages. A reliable authority is needed in

the network to issue correct certificates for public keys. Conventional cryptographic

systems generally use a trusted third party as a certificate authority who digitally signs

public key certificates. However, it is difficult to do so in MANETs, as all network nodes

are at the same level. Also, the certification authority can be compromised by attackers.


7

Attackers can also target the encryption/decryption algorithms used by cryptographic

mechanisms. As computers have become more powerful, brute-force attacks on

cryptographic systems are practical to implement [20]. The major problem with

cryptographic solutions is that they only protect what they are designed to protect. The

main objective of cryptography based prevention mechanisms to protect communication

data from attackers. These mechanisms do not aim at defending the other essential services

in the network [21].

Modification in the traditional concept of firewalls has been proposed by a few researchers

to make firewalls implementable in the ad hoc environment. However, our literature review

shows that none of such solutions are full-proof. They are designed for specific attacks and

hence, they fail to protect the basic network services when some other attack targets the

network.

1.5.2 Reactive Security Mechanisms for MANETs

As shown in Figure – 1.2, Network Layer protection mechanisms are classified based on

the number of attacks they can detect. Point detection algorithms can detect only a single

type of attack at Network Layer. The other category, intrusion detection systems can

identify a range of attacks [22]. Point detection algorithms are further classified according

to the type of attack they detect. Classification of Intrusion Detection Systems is done based

on the techniques they employ for detection.

It is more complex and difficult to implement IDS in MANETs than in wired networks.

The main objective of the intrusion detection system in MANETs is to collect audit data

from the network to detect intrusion and provide an effective response to the intrusion.

Following characteristics of MANETs cause challenges for intrusion detection systems.

Nodes in MANETs have limited battery life and computational ability, and therefore,

resource consumption by IDS must be low.

Dynamic topology and mobility of the nodes in MANET make the implementation of

IDS more challenging. The behavior of IDS must be adjusted according to mobility

impacts in the network. IDSs without properly considering mobility are less effective

and result into a high false positive ratio. It is necessary to derive common features

among different mobility models to tune system parameters accurately in detection

engines.


8

There are no centralized entities in MANET. The nodes also act as routers. In the

absence of centralized audit points, it is difficult to perform monitoring and audit data

can be collected only locally. Hence, MANETs need distributed and cooperative IDSs.

Figure-1.2 Network Layer Classification

1.5.3 Intrusion Detection Systems

Intrusion Detection Systems [23] can detect a range of attacks. This section describes the

basic idea of IDSs and reviews the existing IDSs and challenges faced by them in MANETs.

There are three main categories of Intrusion Detection Systems [24]:

i) Knowledge based Intrusion Detection Systems

ii) Anomaly based Intrusion Detection Systems

iii) Specification based Intrusion Detection Systems

In MANETs, some IDSs are combinations of two or more types of intrusion detection

techniques and are known as Hybrid Intrusion Detection Systems.

i) KBIDS (Knowledge Based Intrusion Detection Systems):

Knowledge based IDSs [25] are also known as misuse detection systems. They use and

maintain a knowledge base consisting of patterns or signatures of well-known attacks. At


9

the time of detecting the attacks, they use their knowledge about specific attacks and check

for the signatures of the attacks. An alarm is generated when a KBIDS find a match of

patterns in the knowledge base. Figure – 1.3 shows the block diagram view of KBIDS.

Figure-1.3 Knowledge based Intrusion Detection Systems

KBIDS rely on the existing knowledge about the attacks available in the knowledge base.

If the knowledge base does not have any matching pattern for a suspicious activity then

KBIDS considers it as a non-intrusive or legitimate activity. However, if some processes

or activities are degrading the performance of the network then KBIDS considers them as

unknown attacks and adds new rules for them. Following are the different methods KBIDSs

use for constructing the knowledge base:

Expert systems

Expert systems are used by some Knowledge Based Intrusion Detection Systems. An expert

system uses a knowledge base to maintain the information about known attacks as a set of

rules. A monitoring network records audit data which is then translated into facts. To detect

an intrusion, these facts and a set of rules from the knowledge base are used by the inference

engine.

State transition models

Another method used for constructing a knowledge base is state transition modeling. In this

method, an attack is represented as a series of state transitions and defined attack states. A

knowledge base is used to store and maintain the state transition models which represent

attacks.


10

Signature Analysis

In this method, the attacks are modeled through a sequence of patterns or events. They are

then matched with the generated audit traces to identify an intrusion.

Rule based approach

In rule based approach, the knowledge of known attacks is represented as a set of rules that

is obtained by considering attack scenarios or through observations.

The Knowledge Based Intrusion Detection Systems apply the rules of known attacks to

check the audit data. To detect an attack, KBIDSs check for the match in the knowledge

base using forward or backward chaining. Compared to other intrusion detection systems,

KBIDSs have very low false positive rates of detection. This is because an intrusion is

detected only when there is an exact match of a known attack pattern, signature or sequence

of event occurs. This type of intrusion detection system is best suited when the network is

highly vulnerable to certain known attacks. The limitation of KBIDSs is that they are able

to detect only those attacks whose signatures or patterns are available in the knowledge

base. Moreover, it is tedious to keep the knowledge base up-to-date for maintaining

information about attacks.

ii) Anomaly Based Intrusion Detection Systems:

Anomaly Based Intrusion Detection Systems (ABIDS) [26] are also known as behavior

based intrusion detection systems. These systems observe the anomalous activities to detect

the intrusion. In ABIDSs, the current behavior of the network is compared with the

expected normal behavior of the network.


11

Figure - 1.4 Anomaly Based Intrusion Detection Systems

As shown in Figure – 1.4, ABIDS works in two phases: the Training Phase and Testing

Phase. The training phase is used to model the normal expected behavior of the network

nodes or the network. This model is then considered as a profile of the network or of the

users that contains information about the parameters which are required to be monitored

and important for intrusion detection. An effective profile is the one that maintains all

information about the acceptable or normal behavior of the network. The second phase,

testing phase, compares the current behavior model of the network or users with the

expected behavior model which is extracted during the training phase. Different

statistical and probabilistic methods such as Markov chains, decision trees, chi-square

and Hotelling’s T2 test are generally used for comparing these two models.

Some Anomaly Based Intrusion Detection Systems also use Neural Networks for the

training phase. If any notable abnormal difference is found by the comparison, an alarm

is generated. ABID systems are said to be effective if they have low false alarm rates.

The main advantage of these intrusion detection systems is that they try to exploit

unknown attacks. They can also generate early warnings of potential threats in the

network. The drawback of ABIDSs is that they are prone to generate false alarms.

iii) Specification Based Intrusion Detection Systems:

Specification Based Intrusion Detection Systems (SBIDS) [27] use explicitly defined

specifications to monitor the operations performed at the network layer or the


12

functionality of the routing protocol to identify intrusions in the network.

Figure – 1.5 Specification Based Intrusion Detection Systems

The block diagram of a Specification Based Intrusion Detection System is shown in

Figure – 1.5. Initially, SBIDS extracts the specifications that specify the correct

functionality of the network or any other protocol using a set of constraints. In the next

step, the system monitors the execution of the operations or of the protocol with respect

to the given specification. If it finds any deviation from the specification then it detects

it as an intrusion.

1.5.4 Why is the implementation of IDSs challenging in MANETs?

Intrusion Detection Systems designed for wired networks cannot be directly used in ad

hoc networks. Due to the basic characteristics of MANETs, the implementation of an

intrusion detection system becomes challenging.

In MANETs, it is difficult to collect audit data by monitoring as there are no

concentration points. In wired networks, the traffic can be observed at network gateways

while in MANETs, a node can monitor other nodes which are within its radio range. If

the intruder node is not in the radio range of the observing node, it cannot be detected.

Because of this problem, different approaches are proposed in the literature to collect the

audit data cooperatively.

The routing protocols used in the ad hoc environment are different from those used in


13

wired networks. In MANETs, nodes have to act as routers as in routing infrastructure,

there are no explicit routers. This property creates an opportunity for the attackers to

launch malicious activities in the network.

Moreover, the attacks in MANETs are different from those in wired networks so the

detection techniques used in wired networks cannot be directly used in MANETs. Due

to the dynamic topology, it becomes difficult to capture and collect audit data and also

model the normal behavior of the network correctly and accurately.

The effectiveness of an intrusion detection system deployed in a distributed environment

on each host is limited because of the limited computational ability of the nodes.

Additionally, the limited battery power and bandwidth also make the implementation of

IDS more difficult. Thus, each phase of ID adds a challenge in its implementation.

1.6 Research Gap

Most of the existing preventive and reactive security mechanisms for MANETs, have a

specific security objective and thus can be effective for a given case, but inefficient to

others. This limitation makes such security mechanisms incapable of individually

securing MANETs against all major types of intrusions and attacks [28]. Moreover,

existing security mechanisms only aim at protecting the network and its basic

functionalities. Some essential network services such as routing and data forwarding

must always be provided even if the network is under the effect of one or more attacks.

This important requirement is almost unexplored in the existing security mechanisms for

MANETs. The network must continue functioning despite under threat and even when

the attack is going on and being dealt with. This imposes the need of considering

survivability in the security architecture, which is not investigated in most of the existing

security initiatives for MANETs.

1.7 Survivability


As described earlier, in MANETs, preventive security mechanisms attempt to prevent

any type of attack, as firewalls and cryptographic systems. On the other hand, reactive


14

mechanisms take actions on demand to mitigate the effects of attacks or intrusions, as

intrusion detection systems (IDSs). However, preventive and reactive security

mechanisms are not efficient to put all attacks and intrusions off. Thus, research groups

have focused on building security mechanisms using the third line of defense, called

intrusion tolerance (IT) [28].

1.7.2 Need for Intrusion Tolerance

The first line of defense, preventive security mechanisms are commonly implemented

using various types of cryptography techniques and firewall concepts. The reactive

defense line has the objective of detecting one or more types of attacks and can be

implemented as point detection or intrusion detection systems [29]. To provide the

essential network services in the presence of attacks or intrusions, the third line of

defense must have the ability to tolerate the effects of malicious actions and for achieving

that capability, techniques such as redundancy of information, content distribution and

replication of data can be used [29]. In general, systems having the ability to tolerate

attacks and intrusions are known as intrusion tolerant systems. Such system ability is

very important and necessary for developing a survivable system.

1.7.3 Survivable Systems

The concept of survivability is derived from dependability [30]. Dependability objectives

consist of the system ability to provide essential services and avoid the severe or most

frequent faults and failures. Survivability is considered as a special case of dependability

in which the network is capable of completing its mission in the presence of malicious

faults [29]. Thus, survivability aims to focus on security effectiveness and refers to a system

capable of fulfilling its requirements and objectives in a timely manner in face of intrusions,

attacks, accidents or failures [30]. Being a special case of dependability, survivability

requires fault tolerance mechanisms in the security domain, to achieve intrusion tolerance.

The concept of intrusion tolerant systems were proposed in [31] and emerged with the

development of MAFTIA [32] and OASIS [33] projects. The MAFTIA project was

developed to handle a wide variety of accidental and malicious faults and attacks in Internet

applications. The OASIS project was designed by DARPA (American Department of

Defense) to develop survivable high-speed networks.


15

As suggested in [34], preventive, reactive and tolerant defense lines should be used together

to make a system survivable. In a survivable network, preventive defense line tries to

prevent attackers from entering into the network. Reactive defense line attempts to identify

attacks and intrusions which could not be prevented by the preventive defense line and

succeed in targeting the network. Reactive defense line is not full proof and hence, it cannot

detect all attacks and intrusions. Thus, when preventive and reactive defense lines fail, the

system must be capable of tolerating the effects of attacks and continue providing essential

services even when the system is being targeted by threats. This can be accomplished using

the third defense line, intrusion tolerance. Therefore, the three defense lines need to be used

together for survivable MANETs. [35] also shows that preventive mechanisms should be

the first line of defense which can avoid certain types of attacks but not capable of blocking

others. When some attacks are successful in entering into the system, reactive defense lines

become active by attempting to detect and stop attacks. As reactive defense lines are usually

point detection or intrusion detection mechanisms and have their own limitations, they can

be failed in stopping attackers from compromising the system. At that time, to provide

critical network functionalities even in the presentence of intrusions or attacks, intrusion

tolerance techniques are applied by the third line of defense until the other two defense lines

adapt themselves and take corrective actions against the targeting intrusion.

The detailed description of important survivability properties and requirements is given in

Chapter – 3. The existing survivability initiatives for MANETs with their advantages and

limitations are discussed in the literature survey section.

1.8 Motivation and Objectives

With the increasing popularity of wireless mobile devices, the use of mobile ad hoc

networks has also increased. For most of the applications of MANETs, security is the main

concern. Conventional security solutions are not sufficient to defend ad hoc networks as

they do not have tolerance capacity. Hence, efforts have been made to design security

solutions for achieving network survivability. The major requirement of a survivable system

is to provide basic functionalities and services in any case. For example, a survivable

network must provide services such as routing, connectivity and data forwarding even when

the network is under attacks. Here, the term system has a broad meaning and can be used

for characterizing networks. Other desirable properties of survivability are resistance,


16

recognition, recovery, and adaptability. In addition to these properties, survivable ad hoc

networks must have system and application-specific requirements.

Survivable solutions proposed for mobile ad hoc networks by researchers mainly consider

essential services and functionalities that are required to be provided in any critical situation.

Many of these survivable solutions do not define all three lines of defense but make the use

of more than one defense line and have properties needed for tolerating the effects of attacks

[36]. However, the existing survivability initiatives mainly focus on preventive and reactive

defense lines and pay less attention to intrusion tolerance. Moreover, these solutions are

designed for specific attacks or specific network layer functionalities. Some of the important

requirements for achieving survivability such as heterogeneity, robustness, adaptability and

self-configuration are not explored. Therefore, there is a need to build a complete survivable

security solution in which all defense lines operate cooperatively. The survivability model

should be generic and should consider multi-layer functionalities and multi-attack solutions.

At the same time, the survivability model should have the capability of adapting to

unexpected situations.

Following are the major objectives of our research work:

1. To use preventive and reactive defense lines for securing MANETs from attacks.

2. To make networks capable of tolerating the effects of attacks and provide the essential

services even when the network is under attack, however with degraded performance.

3. To integrate three defense lines – Preventive, Reactive and Tolerance to develop a

complete, generic and routing protocol independent survivability framework for

MANETs considering properties and requirements of survivability and access the

amount of fault tolerance despite attacks.

1.9 Keywords

Mobile Ad hoc Networks, Security Mechanisms, Point Detection Mechanisms, Intrusion

Detection Systems, Intrusion Tolerance, Preventive Defense, Reactive Defense,

Survivability, Essential Services, Survivability Framework, Prevention, Detection,

Diagnosis, Mitigation, Tolerance, Flooding, Firewalls.


17

1.10 Contributions of the study

This thesis provides major contributions in the field of survivability in Mobile Ad hoc

Networks as discussed in the objectives above. We summarize and group the contributions

as follows:

1. In-depth study of the taxonomy of Preventive, Reactive and Tolerance defense lines and

their open research areas in today’s scenario of MANETs. This thesis addresses such

research gaps and possible solutions.

2. Detailed study of survivability concepts, properties, attributes and requirements in the

ad hoc environment. The effectiveness of existing survivability solutions for MANETs

has been analyzed during the literature review phase.

3. We have proposed, designed, implemented and tested a complete survivability

framework, which consists of three defense lines – Preventive, Reactive and Tolerance.

4. To implement the defense lines, our survivability framework uses five functional blocks

– Prevention, Detection, Diagnosis, Mitigation, and Tolerance. Preventive defense line

uses prevention block to implement the desired functionality. Detection, Diagnosis and

Mitigation blocks are used to implement the reactive defense. After detecting attacks or

intrusions, their effects are analyzed and diagnosed to determine how to mitigate them.

Intrusion Tolerance line contains tolerance functional block.

5. Our proposed survivability framework is capable of tolerating the effects of attacks and

providing essential network services even when the network is under attack, however

with degraded performance.

6. Our framework is generic and can be extended for various attacks in MANETs.

Moreover, the proposed framework is independent of underlying ad hoc routing process

and can be used with any existing routing protocol for MANETs.

7. Our framework shows a considerable reduction in routing overhead, the percentage of

data packets lost and false positive rate. Our results proved that the rate of detection and

diagnosis improves with the use of the proposed framework.

1.11 Research Methodology utilized for research work

A qualitative, empirical and exploratory approach has been used for this research work.

Several research papers and technical reports on security and survivability in ad hoc


18

networks were studied during the literature review phase. In addition to this, different

network simulators were also explored and based on our study, GloMoSim [37] simulator

was chosen to implement the proposed survivability framework. It was found in the

literature review that existing security mechanisms for MANETs focus on either preventive

or reactive defense, and fail to consider tolerance capability. A few survivability initiatives

proposed by researchers for MANETs are specific to attacks or network functionalities and

focus on providing specific services in networks. Due to these limitations, existing

survivability initiatives are not generic and can be used only under certain scenarios.

Key attributes and requirements of survivability in ad hoc environments have also been

explored in this research. Based on this study and limitations of the existing survivability

initiatives, we conclude that to make MANETs survivable, it is necessary to use three

defense lines: Preventive, Reactive and Tolerance. To develop a complete generic

survivability framework for MANETs, we have identified essential network services which

should always be provided in an ad hoc network to complete the process of communication.

The behavior of an ad hoc network is affected by the routing protocol and many times,

attackers attempt to disrupt network functionalities based on routing protocol

characteristics. Therefore, to make the proposed survivability framework independent of

ad hoc routing protocols has been considered as one of the objectives. Based on our study

and requirements for achieving survivability in MANETs, a framework consisting of five

functional blocks has been proposed. Prevention, Detection, Diagnosis, Mitigation, and

Tolerance are the function blocks used to implement three lines of defense. Routing and

data forwarding are very important network services and should always be provided by an

ad hoc network. Hence, these two essential services are considered in the design of the

proposed framework.

To evaluate the impact and effectiveness of the proposed framework, three defense lines

and their respective functional blocks are simulated individually as well as in an integrated

manner during our simulation. As attackers attempt to disrupt network functionalities by

targeting essential services at the network layer, various possible forms of Denial of Service

(DoS) attacks have been considered in the threat model [38]. The functionalities of

prevention and mitigation phases depend on the behavior of attacks and can be modified

accordingly. Parameters affecting the performance of ad hoc networks in the presence of

proposed framework have been varied in a range and the results are analyzed.


19

1.12 Organization of the remainder of the thesis

In Chapter – 2, we present our literature survey in the area of security in MANETs. We have

segregated our survey based on parameters such as types of defense lines, number of attacks

detected by reactive security mechanisms, and techniques used for detection. The detailed

study of existing survivability initiatives for MANETs with their effectiveness and

limitations is also described.

Chapter – 3 discusses our proposed survivability framework to achieve our objectives

already discussed. We also describe the threat model we have considered for our proposed

framework. The layout of the proposed framework is also presented.

Chapter – 4 details the functional blocks of the proposed survivability framework and their

aggregation.

Chapter – 5 describes important parameters that affect the performance of the proposed

survivability framework. The chapter also shows the experimental setup and simulation

results when these parameters are varied in a range. For each case, the comparison of

performance is presented with and without applying survivability techniques.

Chapter – 6 presents the conclusion of our research work with objectives achieved, and the

scope of future enhancements and extension possible in the proposed work.

Chapter – 2 Literature Survey

20

CHAPTER – II

Literature Survey

Network Survivability addresses dependability, availability, and reliability of a physical

network topology [134]. In MANETs, network survivability is a crucial aspect of reliable

communication which focuses on providing essential services to maintain network

connectivity. In a broad sense, survivability refers to the ability of a system to achieve its

mission in a timely manner even when attacks, failures or accidents are present [135]. However,

in MANETs, survivability relies on how effectively the network fulfills the requirements of

survivability. Maintaining essential services such as connectivity, routing, and data forwarding

is challenging in MANETs due to the self-organizing network topology and dynamic behavior

of network nodes which results in mobility, frequent path failures and interference.

Research on survivability in MANETs was not in the focus in the early years of the wireless

technology age. Since wireless and ad hoc networking was still new, people were more inclined

towards research in the development of routing protocols, Quality of Service (QoS)

provisioning and security architectures. As stated in [134], Exploration of survivability became

demanding with the escalation of mobile devices and wireless system applications from the

year 2006 to 2014.

As described in the previous chapter, an integrated framework is required for network

survivability to determine the strategies and network abilities to detect, diagnose and recover

from failures, attacks or accidents. This framework must also have the ability to tolerate the

effects of failures to continue providing essential services. During modeling survivability, it is

also important to identify essential network services which must be maintained during the

attacks or failures. From the literature review, it was found that existing survivability

mechanisms mainly consider theoretical aspects with limited work on specific survivability

requirements. In this chapter, we present a detailed survey of existing survivability initiatives.

According to this survey, most of the initiatives are application-specific and do not support all

important properties and requirements of survivability. As ad hoc wireless technology is a


21

growing field having a variety of applications, there is a need to develop a complete framework

which integrates functioning of different defense lines to make the network survivable. Our

objective is to make this framework generic so that it can be used with any MANET application

in which routing, data forwarding, and connectivity are the essential services to be provided

always. Moreover, we aim at making this framework independent of underlying ad hoc routing

protocols so that it can be integrated easily into an existing MANET.

It is very important to determine algorithms for implementing the preventive, reactive and

tolerance defense lines in a survivability framework. The following sub-sections present the

review and analysis of existing preventive and reactive mechanisms for different types of

attacks in MANETs. Tolerance mechanisms available in the literature are discussed along with

survivability initiatives.

2.1 Security Issues in MANETs

MANETs are vulnerable to many security problems. Fundamental characteristics such as

limited resources, node mobility, dynamic topology and decentralized infrastructure make

those networks susceptible to various active and passive attacks [39]. Passive attacks include

channel sensing and eavesdropping of confidential information. Modification of packet

contents, deletion of packets, impersonation, injection of packets to wrong destinations are

some of the possible forms of active attacks [16].

Network attacks are sometimes classified based on the layers of the network protocol stack.

Table – 2.1 lists the main attacks which target an ad hoc network at different layers. Sometimes,

participating nodes also generate malicious actions in the network. Such attacks are classified

as misbehavior or Byzantine attacks. Some common examples of Byzantine attacks are

wormhole, sinkhole, blackhole, hello packet flooding, selective forwarding, and rushing.

Sometimes, the reason of node misbehavior is selfishness of a node. A node is called selfish if

it participates in only those network activities which are beneficial to it. For all other activities,

it remains idle to save its own resources.

Many mechanisms have been proposed in the literature to secure MANETs. The design

principles behind those mechanisms are various cryptographic and authentication based

techniques, use of designated hardware, route diversity based protocols and protocols for


22

overhearing neighbor communication [40].

Cryptography and authentication based security mechanisms usually increase the network

overhead. Moreover, it is difficult to implement key management and distribution for complex

cryptographic security techniques in MANETs with limited resources and dynamic topology.

Hence, such techniques are not efficient to work against internal attacks [41]. The objective of

using route diversity techniques is to improve the robustness of paths by finding multiple routes

to provide redundancy in the transmission of information. However, many protocols based on

route diversity approach authenticate only the source and destination nodes, thus making

intermediate nodes susceptible to Sybil and impersonation attacks. To identify and minimize

the effects of misbehaving nodes, security mechanisms based on overhearing neighbor

communication need the support of promiscuous mode by wireless interfaces [42]. Using such

mechanisms, a node in the network can monitor its neighbors and can detect their misbehavior

as modifying or dropping packets. Techniques that use specialized hardware for providing

security, have a common limitation of being used to only a specific type of attack.

In general, the above mentioned security mechanisms follow either preventive or reactive

defense lines. Preventive defense lines provide mechanisms to avoid any kind of attack, as

cryptographic schemes or firewalls. Reactive defense lines enable actions on demand to detect

and mitigate intrusions, as IDS. However, these two defense lines are not efficient to put all

attacks and intrusions off [43] [44]. Hence, researchers have proposed the use of the third

defense line, called Intrusion Tolerance (IT) [44], which has the objective of tolerating the

effects of attacks to make the system survivable. The classification of security mechanisms

based on defense lines is illustrated in Figure - 2.1.

TABLE – 2.1 Layer-wise attacks in MANETs

Network Layer Attack

Physical Jamming

Data Link Collision, Mac Misbehavior, Exhaustion

Network Wormhole, Greyhole, Blackhole, Sinkhole, Sybil, Flooding, Byzantine, Rushing

Transport SYN Flooding, Session Hijacking

Application Repudiation, Virus and Worm attacks


23

Figure – 2.1 Defense Lines

2.2 Preventive Security Mechanisms for MANETs

In MANETs, preventive security mechanisms are used to prevent or avoid the attacks or

intrusions. Different key-based cryptography techniques are commonly used for implementing

preventive schemes. The classification of key management schemes for MANETs is given in

Figure – 2.2.

Figure – 2.2 Classification of Key-based Preventive Security Mechanisms


24

Key management approaches in MANETs are mainly classified as contributory and distributive

[45]. In contributory approach, the key is a result of collaborative efforts of the network nodes.

Contributory schemes are based on key agreement concept. To generate a secret key, k nodes

have to agree to generate their partial share to form the whole key. The advantage of such

schemes is that they do not require any trusted third party for key generation and management.

All communicating parties agree upon a secret symmetric key.

In distributive key management schemes, a key is generated from a single source. Distributive

schemes are further categorized as asymmetric or symmetric cryptography techniques [60]. In

asymmetric or public key cryptography, two different keys, private and public keys are used to

support confidentiality, authentication, and non-repudiation. Private keys of nodes are used to

authenticate the messages and to decrypt the confidential message received from the other

communicating party.

Private keys need not be shared among the network nodes. Researchers have used different

techniques for generating private keys for nodes. Another key, a public key is used to encrypt

the message and it is known by all the nodes in the network. In asymmetric key cryptography,

the distribution of keys is easier compared to symmetric cryptography. If a private key of one

node in the network gets compromised, it does not affect the other ongoing or future

communications as it cannot reveal messages for other communications. The drawback of

asymmetric schemes is that they are computationally expensive.

Symmetric key cryptography requires only one secret key for communication. This secret

needs to be known by both the communicating parties. So, either this key can be generated

centrally by some trusted authority or it can be generated by one of the communicating parties.

In either of the cases, it is needed to share this secret key over the susceptible links. Thus, key

distribution is not secure and easy in symmetric cryptosystems. The advantage of such schemes

is that only one key is needed for any number of transmissions in the network. But, if this one

key is compromised, all the past, ongoing and future messages can be decrypted by the

adversary.

There are two approaches used by asymmetric cryptosystems: Certificate based asymmetric

key management and Identity based asymmetric key management [51]. In certification based

schemes, a certificate authority (CA) is used which acts as a central point that everyone trusts.

CA generates certificates for network nodes which are then used for communication. A node


25

is not trusted until it presents a certificate that is not expired or revoked. CAs are responsible

for issuing, storing, validating and revoking certificates. They also provide public keys of nodes

when queried. In ad hoc networks, CA is actually a node which can be compromised or leave

the network. So, sometimes replicated CAs are used. The concept CA is actually not feasible

in MANETs due to its basic characteristics. Moreover, in certification based schemes, the

overhead of transmitting keys and certificates and storage of public key certificates must be

considered.

Another approach used by asymmetric cryptosystems is Identity based key management, which

is also called IBC (Identity Based Cryptography). IBC is a special form of public key

infrastructure and eliminates the need of CA and public key cryptography. Because of these

features, IBC is easy to deploy. In IBC, both private and public keys are based on the identity

of users. Thus, a public key of IBC is self-proving and can carry much useful information. The

main advantages of IBC schemes are lower resource (power, storage, and bandwidth)

requirement. Many IBC schemes also use threshold cryptography in which a secret is shared

among k users.

2.2.1 Existing Cryptography based Preventive Mechanisms

The analysis of various preventive security mechanisms for MANETs which use cryptography

as the basis is presented in Table – 2.2 and Table – 2.3. Table – 2.2 shows the study of existing

contributory schemes with their important characteristics. Properties and limitations of

different distributive schemes are described in Table – 2.3.

Table – 2.2 Contributory Security Mechanisms

Protocol/Author

Name

Properties Security Scalability Robustness Applicability

Diffie-Hellman

[56]

2-party

protocol

No authentication,

supports trust

management,

intrusion

tolerance,

vulnerable to man

in the middle

attack

Poor Peer availability

assumptions,

faulty nodes,

byzantine

behavior

Self-organizing,

pairwise

symmetric key


26

Ingemarsson,

Tang, and Wong

[57]

Based on Diffie-

Hellman

Scheme, uses

logical ring of

nodes during

key agreement

No authentication,

No intrusion

tolerance, No trust

management,

vulnerable to

byzantine

behavior, man in

the middle attack

Poor Rekeying when

group changes

Self-organizing,

symmetric

group key

Burmester and

Desmedt [58]

Uses reliable

multicasting to

reduce the

number of

rounds to 3

Public key

authentication, No

intrusion

tolerance,

certification

authority for trust

management,

vulnerable to

byzantine behavior

Poor Rekeying when

group changes

Symmetric

group key

Hypercube and Octopus [59]

Arrange nodes into hypercube to reduce the number of rounds from n to d (n = 2^d)

No authentication, No intrusion tolerance, No trust management, vulnerable to byzantine behavior, man in the middle attack

Poor

Rekeying when group changes

Self-organizing, symmetric group key

Password Authenticated Key Agreement [60]

Password authenticated hypercube and octopus scheme

Password authentication, No intrusion tolerance, Organizer for trust management , vulnerable to byzantine behavior

Poor



CLIQUES (CLIQ) [61]

Group changes through reliable multicast from group controller

No authentication, No intrusion tolerance, Group controller for trust management, vulnerable to byzantine behavior, man in the middle attack

Poor




27

Table – 2.3 Distributive Security Mechanisms

Protocol Characteristics PKG Online/offline

TA

Key share

distribution

Limitations

[45] Based on IBC and

threshold

cryptography

Fully

distributed

No Secure channel Threshold cryptography

weaknesses, vulnerability

of network initialization

stage to byzantine failures,

routing-security

interdependency cycle, it

is not specified how key

generation takes place

[46] Based on IBC Fully

distributed

No Temporary PKI Threshold cryptography

weaknesses, vulnerability

of network initialization

stage to byzantine failures,

routing-security

interdependency cycle

[47] Secure key

issuing protocol

based on key

privacy

authorities

Partially

distributed

Offline Not specified routing-security

interdependency cycle (

secure routing is needed

to get partial key and

signature), all KPAs are

required to be online and

available

[48] Key proxy,

multicast group

of PKGs

Partially

distributed

Offline Encrypted

multicast

routing-security

interdependency cycle,

distributes partial private

keys PKG server nodes to

network

[49]

Offline threshold D-PKG

Partially distributed

Offline

Pre-distribution

routing-security interdependency cycle, distributes shares of D-PKGs, vulnerable to mobile attacks

[50]

Lightweight IBC


Yes

Not specified

routing-security interdependency cycle, vulnerable to Sybil attacks

[51]

Generates compromise-tolerant keys


Yes

Not specified

Poor scalability, routing-security interdependency cycle, traffic overhead

[52]

Uses blind signature to issue private key shares securely


Yes

Public channel

Traffic overhead, for each node, password is stored and distributed


28

[53]

Based on IBC and threshold cryptography

Fully distributed

No

Not specified

routing-security interdependency cycle

[54]

Implements Deng’s protocol for OLSR

Fully distributed

No

Self-generated public-private key pair

routing-security interdependency cycle, does not provide security for OLSR, master public-private key collection process is not secure, each DPKG node has to store temporary public keys of other DPKG nodes

[55]

IBC based hybrid key management scheme

Fixed on cluster head

yes

PKI

Inter-cluster communication overhead

2.3 Reactive Security Mechanisms for MANETs

Reactive security mechanisms take actions on demand to detect and mitigate the effects of

attacks or intrusions. As described in the previous chapter, reactive security mechanisms

are classified based on the number of attacks they detect. Reactive security mechanisms

which are capable of detecting only a specific type of attack are called Point Detection

Mechanisms [6]. Intrusion Detection Systems, the other category of reactive security

mechanisms, can identify a range of attacks. Further categorization of point detection

schemes is done according to the type of attack they detect. Intrusion Detection Systems

are classified based on the techniques they employ for identifying attacks. Different

techniques such as knowledge based detection, anomaly based detection or signature based

detection can be used for implementing IDSs. Some of the existing IDSs are hybrid in

nature as they use a combination of detection techniques. IDSs can be deployed either at

host-level or at a central location in the network. Based on the deployment scheme, IDSs

are also classified as Host based Intrusion Detection Systems (HIDS) and Network based

Intrusion Detection Systems (NIDS) [62]. Deployment of IDSs determines what they can

monitor to detect intrusions and hence, deployment plays a vital role in the performance of

IDSs. Comparison and analysis of various point detection mechanisms which have been

proposed for securing MANETs is presented in Table – 2.4. Table – 2.5 contains the study

of existing intrusion detection systems with their advantages and limitations.


29

Table – 2.4 Comparison of Point Detection Mechanisms

Protocol

Name

Archite-

cture

Attacks

detected

Detection

Technique

Corrective

Measures

Routing

Protocol

Data

gathering

Mechanism

Remarks

FAP (Yi et

al. [63]

Distributed Sleep

Deprivatio

n caused

by

malicious

route

requests

Priority

queue of

route

requests

Exclude

attackers

AODV Single node

monitoring

May

suppress

legitimate

nodes

None (Guo

et al. [64])

Not

Specified

Distribute

d DoS

flooding

Uses a

model

based on

flow

detection

features

Not

Specified

Not

Specified

Single node

monitoring

Uses an

analytical

model to

identify

the

attackers

None

(Martin et

al. [65])

Not

Specified

Sleep

Deprivatio

n

Energy

Signature,

Multilevel

Authenticat

ion

Not

Specified

Not

Specified

Requests to

SSH server

Analyzes

the effect

of sleep

deprivatio

n attack on

real

systems

LIP (Hsu et

al. [66])

Not

Specified

Sleep

Deprivatio

n

Local

Broadcast

Authenticat

ion

Not

Specified

Not

Specified

Observation

by nodes

Lightweigh

t; helps to

prevent

packet

injection

and

impersona

tion

None (Yu et

al. [67])

Distributed Sleep

Deprivatio

n

Neighbor

Monitoring

Not

Specified

DSR Monitoring

neighbor

nodes’ route

requests

Intruders

can bypass

the check

for bad

nodes

None

(Sarkar and

Roy [10])

Hierarchica

l

Sleep

Deprivatio

n

Based on

cluster

head’s

decision

Not

Specified

Not

Specified

Observation

of packet

forwarding

It is not

specified

how to

determine

threshold

value for

packet

forwarding

TOGBAD

(Pedillia et

al. [68])

Centralized

,

Hierarchica

l

Black Hole Topology

Graph

Not

Specified

OLSR Topology

Graph

Not

feasible

for

reactive

routing

None

(Medadian

et al. [69])

Distributed Black Hole Finding safe

path

Not

Specified

AODV Neighbors’

observation

May

generate

false alarm


30

in highly

dynamic

MANETs

None

(Zhang et

al. [70])

Distributed Black Hole Verifying

sequence

number of

route reply

Not

Specified

AODV,

SAODV

Intermediate

nodes’

observation

Increased

overhead,

lack of

security

checks for

sequence

request

and reply

packets

None

(Xiaopeng

et al. [71])

Distributed Grey Hole Checkup,

Proof and

Diagnosis

Algorithms

Not

Specified

DSR Proof from

forwarded

packets

Specific to

DSR

None (Wei

et al. [72])

Distributed Grey Hole Aggregate

Signature

Algorithm

Not

Specified

Not

Specified

Aggregate

Signature

Algorithm

A

certificate

authority

is assumed

to be

present

None (Sen

et al. [73])

Hierarchica

l

Grey Hole Local

observation

based on

RTS and CTS

Exclude

attackers

AODV Local

observation

based on RTS

and CTS;

neighbors’

feedback

Specific to

AODV

None (Yang

et al. [74])

Not

Specified

Grey Hole Historical

Evidence

Not

Specified

Not

Specified

Neighbors’

observation

Historical

trust

values are

used to

make

detection

decision

None

(Douceur,

[75])

Centralized Sybil Trusted

Certificate

Not

Specified

Not

Specified

Certificates

managed by

trusted

authority

Requires

to have a

trusted

certificate

authority

PASID (Piro

et al. [76])

Distributed Sybil Passive

monitoring

of traffic

and

mobility

pattern

Not

Specified

AODV Single node

monitoring

May

falsely

detect

node

groups as

attackers

None

(Monica et

al. [77])

Not

Specified

Sybil Radio

Resource

Tests

Not

Specified

Not

Specified

Various radio

resource

tests

Different

tests are

needed for

different

network

conditions

None

(Sharma

Not

Specified

Sybil Considered

RSS, node

speed

Not

Specified

Not

Specified

Node speed

observation

Threshold

value of


31

and Garg

[78])

speed is 10

m/s

None

(Sinha et al.

[79])

Hierarchica

l

Sybil Dissimilariti

es and

similarities

between

nodes

Not

Specified

Not

Specified

Computed

using

centroids of

clusters

Probability

of same

resource

utilization

is

considered

to find

similarities

None

(Abbas et

al. [80])

Not

Specified

Sybil Localization

process

Not

Specified

Not

Specified

Localization

process

Once a

node is

registered,

no further

localizatio

n is

performed

None

(Tangpong

et al. [81])

Not

Specified

Sybil Exchanging

observed

information

Exclude

attackers

Not

Specified

Cooperative

monitoring

No central

authority

is needed

None

(Hashmi

and Brooke

[82])

Not

Specified

Sybil Authenticat

ion Agent

Not

Specified

Not

Specified

Verification

by

authenticatio

n agent

Uses

hardware

id for

authentica

tion

RAP (Hu et

al. [84])

Distributed Rushing

Attack

Mutual

Authenticat

ion

Protocol

Not

Specified

DSR Neighbors’

observation

Specific to

DSR

SRP

(Papadimit

ratos and

Haas [85])

Not

Specified

Rushing

Attack

SMT

protocol

Not

Specified

Not

Specified

SMT protocol Effectiven

ess of SRP

is not

checked

against

routing

attacks in

MANETs

SDSR

(Tamilselve

n et al. [88])

Not

Specified

Rushing

Attack

Not

Specified

Not

Specified

Not

Specified

Random

route request

forwarding

Probability

based

mechanis

m

None (Sen

et al. [89])

Distributed Packet

Dropping

Trust based

model

Exclude

attackers

Not

Specified

Collaborative

monitoring

Based on

trust

values

None

(Gonzalez

et al. [91])

Hierarchica

l

Packet

Dropping

Flow

Conservatio

n

Exclude

attackers

AODV Single node

monitoring

does not

discuss

how to

secure the

misbehavi

or

detection

and

accusation

process


32

None

(Gonzalez

et al. [92])

Distributed Packet

Dropping

Adaptive

policies

Not

Specified

Not

Specified

Distributed

management

overlay

Adaptable

protection

of routing

protocols

SCAN (Yang

et al. [93])

Distributed Packet

Dropping

Information

Cross

Validation

Exclude

attackers

AODV Collaborative

monitoring

Specific to

reactive

routing

process

HSAM

(Mamatha

and

Sharma

[94])

Not

Specified

Packet

Dropping

Ratio of

packets

transmitted

and packets

dropped

Exclude

attackers

Not

Specified

Observation

of packets

Does not

consider

packet

dropping

due to link

breaks

SCM ([95]) Not

Specified

Packet

Dropping

Based on

observation

Generate

alarm;

exclude

attackers

Not

Specified

Collaborative

monitoring

Extra

channels

are

formed

None (Shu

and Krunz

[96])

Not

Specified

Packet

Dropping

Correlation

between

lost packets

Not

Specified

Not

Specified

Public

auditing

architecture

Increased

overhead

Table – 2.5 Comparison of Intrusion Detection Systems

Algorithm

Name

Architecture Attacks

detected

Intrusion

Detection

Technique

Corrective

Measures

Routing

Protocol

Data

gathering

Mechanism

Remarks

None (Cretu

et al., [97])

Distributed,

Peer to peer

Abnormal

behavior of

devices

Anomaly

based

No

cooperatio

n with

intruders

Not

Specified

Observation

of behavior

model

Heavy

computati

on and

processing

overhead

None (Liu et

al. [98])

Distributed DoS Bayesian

game

theory

based

anomaly

detection

Not

Specified

Not

Specified

Lightweight

and

heavyweight

monitoring

systems

Use of two

IDS

None (Jiang

and Wang,

[99])

Distributed,

Zone based

DoS Morkov

Model

Not

Specified

Not

Specified

Use of

Morkov

chain model

Does not

specify

how to

calculate

threshold

value

None (Sun et

al. [100])

Distributed Routing

disruption

attacks

Anomaly

detection

using

Markov

chain

classifier

Not

Specified

Not

Specified

Audit data

sources

Can detect

local

intrusion


33

None

(Mitrocosta

et al. [101])

Collaborativ

e,

Distributed

Various

attacks

Anomaly

detection

using

neural

networks

Exclude

routes

having

intruder

nodes

Not

Specified

MAC layer

features

Test attack

scenarios

are not

given

None

(jabbehdari

et al. [102]

Not

Specified

DoS Anomaly

detection

using

neural

networks

Not

Specified

Not

Specified

Trace output Specific to

DoS

attacks

AIDP

(Nadeem

and

Howarth,

[103])

Clustered,

Hierarchical

DoS Anomaly

detection

Exclude

intruders

General;

tested on

AODV

Routing

information

Specific to

DoS

attacks

AFIDS

(Chaudhary

et al. [104])

Not

Specified

Black Hole Fuzzy

based

anomaly

detection

Exclude

intruders

AODV Network

monitoring

Performan

ce

depends

on the

accuracy

of fuzzy

inference

engine

None

(Uyyala and

Naik, [105])

Distributed Black hole,

Grey hole

Anomaly

detection

Exclude

attackers

AODV Monitoring

nodes

Monitorin

g nodes

have to

maintain

the

informatio

n about

each

ongoing

transmissi

on

IDAD (Alem

and Xuan,

[106])

Not

specified

Black hole Anomaly

detection

Exclude

attackers

AODV Single node

observation

Works

with an

assumptio

n that a

centralized

entity is

always

present in

MANETs;

requires

pre-

collected

audit data

None (Shao

et al. [107]

Clustered Packet

dropping

Back

Propagatio

n Neural

Network

Exclude

attackers

AODV Detection

nodes

In dynamic

MANETs, it

is difficult

to find a

static set

of

detection

nodes


34

None (Jain

and

Raghuvanshi

, [108])

Not

specified

Grey hole Anomaly

detection

Exclude

attackers

AODV IDS nodes Does not

specify

how to

select IDS

nodes

None (Ye

and Li,

[109])

Distributed Various

attacks

Agent

based

anomaly

detection

Exclude

attackers

Not

specified

Detection

agents

Does not

specify

how to

choose

detection

nodes; the

algorithm

is not

tested

None

(Komninos

et al. [110])

Not

specified

Not

specified

Knowledge

based

detection

Not

considered

Not

specified

Audit data

trails

Not tested

against

attacks

IDAR

(Alattar et

al. [111])

Distributed Pattern

matching

Signature

based

detection

Not

specified

OLSR Logs

generated

by OLSR

High

bandwidth

and

memory

requireme

nt

AODVSTAT

(Vigna et al.

[112])

Distributed Resource

depletion,

packet

dropping

Knowledge

based

detection

Not

specified

AODV AODV

routing

packets,

data packets

Detects

the attacks

against

AODV

routing

protocol

only

None (Tseng

et al. [114])

Distributed DoS Finite State

Machine

based SBID

Not

specified

OLSR OLSR

information

Specific to

OLSR

protocol

EFSM (Orset

et al. [115])

Distributed Sybil,

modificatio

n,

fabrication

Extended

Finite State

Machine

based SBID

Not

specified

OLSR OLSR

information

Specific to

OLSR

protocol

None

(Stakhanova

et al. [116])

Not

specified

Behavioral

specificatio

n

Specificatio

n based

detection

Not

specified

AODV,

DSR

Network

traffic flow

Specific to

AODV and

DSR

CRADS

(Joseph et

al. [117])

Not

specified

Rushing,

medication

, spoofing,

packet

dropping

Hybrid

Intrusion

detection

Not

specified

OLSR Data

collected

from

physical,

MAC,

network

layer

Cross layer

approach

GIDP

(Nadeem

and

Howarth,

[118])

Clustered,

hierarchical

Various

network

layer

attacks

Hybrid

intrusion

detection

Exclude

attackers

General Network

characteristi

cs;

performanc

e matrix

Tested

using

AODV

None (Hijazi

and Nasser,

[119])

Distributed Not

specified

Mobile

agent

Not

specified

Not

specified

Not

specified

Analyzes

the scope

of using


35

mobile

agents for

ID

None (Yi et

al. [120])

Clustered,

hierarchical

Routing

loops, DoS

Other IDS Generate

alarm

DSR DSR

specification

s

Specific to

DSR

2.4 Survivability in MANETs

To design a survivability model for an ad hoc network, it is important to identify the basic

critical network functionalities which must be provided even if the network is being targeted

by an attack. Some network services for MANETs must always be provided irrespective of its

context and applications [112]. These services are called general essential services and need to

be provided even in the presence of attacks, failures or faults. Other services which are not

general but essential are called specialized services and depend upon applications or context of

their use.

2.4.1 Requirements of Survivability

The requirements of survivability in MANETs depend upon the characteristics and scope of

the network and essential services for the given network. For any mobile ad hoc network,

general essential services are path finding, connectivity, and communication [122]. Specialized

services may vary with the context of use or application and hence cannot be used in designing

a general survivability model.

Efficient routing process, end-to-end communication, and network connectivity are the

essential services of any survivable MANET that the network is expected to provide always.

Apart from these services, a survivable MANET needs to provide efficiency, self-

configurability, heterogeneity, self-adaptation, integrity, authentication, protection,

confidentiality, access control, redundancy, robustness, self-organization, self-diagnosis, self-

healing, self-control, decentralization, and scalability. These requirements with respect to

essential network services are summarized in Table – 2.6.

Due to the scarcity of resources, it is always important for a MANET to use its energy and

resources efficiently, especially when the system is suspected to be under an attack or intrusion.

The mobility of nodes and dynamic network topology are the reasons for having self-


36

configuration requirement in an ad hoc network. If the network is self-configurable, the

parameters of connection and communication can be changed dynamically. Participating nodes

in a MANET can be of different types and this leads to a requirement of heterogeneity. The

mobility of nodes affect many parameters, services and state of the network and hence, self-

adaptation to a changed network state is must for any mobile ad hoc network. Path finding or

routing process in an ad hoc network must have the mechanisms of providing integrity,

authentication, and confidentiality of communication. As MANETs use an open wireless

communication medium, it is very important to protect the communication. Unauthorized

access must not be allowed in any network and hence, it is one of the desirable properties. To

deal with path failure problems and tolerate routing attacks, multipath routing capability must

be provided in a MANET by implementing redundancy. The process of finding routes must be

robust to different types of attacks. To build a survivable MANET, there should not be any

central point of control that can be targeted by attackers. The network must be decentralized

and self-organized. In the absence of any centralized control, a MANET must monitor itself to

find faults or malicious actions. This property is called self-diagnosis and considered very

important to achieve survivability. When faults or misbehaviors are identified, a network must

take corrective measures to recover from the disruptions by using its self-healing capacity.

Scalability is one of the basic characteristics of a MANET and hence when the network is made

survivable, this requirement must be considered to accommodate a large of number of nodes

in the network.

Table – 2.6 Requirements of Survivability in MANETs

Survivability Requirement General Essential Services

Efficiency

Routing

Robustness

Redundancy

Access Control

Integrity

Authenticity

Confidentiality

Protection

Self-Adaptation

Connectivity

Self-Configuration

Energy-Efficiency

Heterogeneity

Self-Organization

Self-Control


37

Self-Management

Communication Self-Diagnosis

Self-Healing

Self-Optimization

Decentralization

Most of the requirements listed above are connected to others and needed to be provided

together to make MANETs survivable. The effectiveness of some individual requirements can

be improved if they are provided in combination with other survivability requirements. The

general essential services for MANETs are associated with different layers of the network

protocol stack. For example, network connectivity is related to the data link layer of the

network. Path finding and routing related activities are handled by the network layer and the

communication of information is mainly controlled by the application layer. To design a

complete model of survivability, it is needed to consider the dependency of network layers and

multi-layer attacks. If multiple layers are considered for communication and attacks, it becomes

possible to improve robustness and survivability of networks. For example, to make the process

of routing robust and efficient, the network layer can use statistics of bandwidth and energy,

received from the data link layer. In this way, network layers can provide support to each other

to guarantee survivability.

2.4.2 Key Properties of Survivability

In a broad sense, the key properties of survivability are resistance, recognition, recovery, and

adaptability [121]. Resistance is the ability of a system to avoid attacks. It is commonly

implemented using cryptography, authentication, and firewalls. Recognition is the system

capability of identifying attacks and analyzing their effects. Point detection and intrusion

detection systems are examples of recognition mechanisms. Recovery is the capacity of

restoring the affected system functionalities within time constraints, to provide the critical

services and limit the damage. Redundancy and replication are used as recovery mechanisms

by many systems. Adaptability is the capability of adapting to target intrusions by quickly

incorporating lessons learned from faults and failures. Topology control and dynamic selection

of protocols based on system requirements are the conventional examples of adaptation

mechanisms. To build a survivable system, these properties are required to be followed in a

repetitive manner.


38

2.4.3 Existing Survivability Initiatives for MANETs

This section describes existing survivable initiatives for MANETs. However, many of

these initiatives do not provide the complete design of a survivable model but the

properties, objectives, and techniques used by them cannot be seen as conventional

reactive or preventive security solutions and are more correlated to requirements and

properties of survivability. Security solutions that are not using single lines of defense and

use some mechanisms for intrusion tolerance are considered for this survey. The

survivable initiatives included in this survey focus on providing one or more general

essential services in ad hoc networks.

Boudriga and Obaidat [123] proposed a mechanism for making MANETs tolerant to

intrusions. The approach was based on resource allocation and recovery mechanism

implemented at the network layer. The authors also suggested a multilevel trust model for

MANETs. According to this trust model, an ad hoc network is divided into two virtual

domains: the user’s domain and the resources’ domain. Each network activity is assigned

a unique trust value based on the location of the network where it occurs. Based on such

assigned trust levels of activities, resources are allocated to them by applications or users.

The resource allocation scheme is distributed in nature and aims at maximizing the

utilization of available resources and minimizing the costs. Each application gets only a

part of an available resource at any node. The approach implements intrusion tolerance

using a distributed firewall technique, using which path failures caused by intrusions can

be detected and recovered. This firewall is maintained in form of a table at each network

node that contains a list of packets passed through it and successfully reached to

destinations. Firewalls tables are created and maintained dynamically. The entries of

firewall tables are updated when the network detects any malicious behavior, failures or

intrusions. The main use of firewall tables is to prevent a flow of false or fake packets. To

detect misbehavior, nodes use three parameters: authentication failure rate, packet loss

rate, and duplicate packet rate. The proposed model mainly deals with flooding attacks

that is one of the forms of denial of service (DoS) attacks by using the above techniques

along with IPSec based authentication and trust relationships of participating nodes.

BFTR (Best effort Fault Tolerant Routing) is proposed by Xue and Nahrstedt [124]. It is

a source routing algorithm based on path redundancies which has the objective of

providing routing service with low overhead and high delivery ratio when malicious nodes


39

are a part of the network. This approach does not decide whether a route or any node

included in it, is good or not. BFTR uses network statistics and receiver’s feedback, to

select a path with the highest packet delivery ratio in the recent past. BFTR is able to

detect attacks such as misrouting, packet corruption and dropping. Designed based on DSR

flooding, BFTR finds paths between the end nodes and selects the shortest path for routing

data packets. When a path failure is detected, the algorithm discards the current route and

chooses the next shortest route available. The algorithm assumes that a good route is

consisting of nodes with high delivery ratio and hence discards routes with a low delivery

ratio. BFTR also assumes that the end nodes never misbehave and immediate nodes are

included in security support architecture. A prior trust relationship is needed between the

source and destination nodes.

A Cross Layer Approach (CLA) is proposed by Berman and Mukherjee in [125]. This

algorithm is based on intelligent multipath routing and uses directional antennas. Data

availability and confidentiality are the main objectives of CLA. Omni-directional antennas

receive or transmit radio signals in all directions uniformly, while directional antennas

transmit or receive radio signals in one specific direction. With this property, directional

antennas lower the area covered by packet transmission overlapping of message segments

and chances of eavesdropping. This minimizes a possibility of collecting all message

segments at the same time by an attacker. Along with directional antennas, CLA uses a

self-adaptive transmission power control mechanism to minimize the likelihood of

message interception. Using multipath routing, messages are divided based on a threshold

secret sharing algorithm that sends segments of messages by multiple paths. To achieve

the basic objective of minimized message interception probability, CLA uses two

intelligent routing schemes that reduce path-set correlation factor and physical distance of

hops.

Joshi et al. [126] proposed an approach called JA (Joshi’s Approach) for key management

and control. JA describes a complete distributed certificate authority mechanism that uses

redundancy and secret sharing. This mechanism divides the private key of the certificate

authority into segments and then distributes these segments among the network nodes.

Nodes are required to recreate the key using key segments to communicate with each other.

The private key of the certificate authority can be reformed by using a minimum number

of key segments from the total number of segments. This mechanism fails when a


40

sufficient number of nodes to reform the key are not available in the communication range

of the node that is willing to communicate. To introduce redundancy in the network, the

algorithm assigns more than one key segment to each node, lowering the number of nodes

needed to reform the key of the certificate authority and increasing the probability of

reforming the certificate authority key by a legitimate node. However, introducing

redundancy in the algorithm is challenging due to the increased probability of an attacker

compromising the key of the certificate authority. This problem becomes severe when an

attacker compromises a legitimate node in the network because that node is treated as a

good valid node. To deal with this problem, authors have proposed to use an intrusion

detection system for detecting compromised or misbehaving nodes and exclude them from

the network.

ODSBR [127] is a reactive routing protocol that is designed to deal with a variety of

Byzantine attacks. This protocol works in three sequential phases: least weight path

discovery, Byzantine fault localization, and link weight management. The first phase uses

double secure flooding to find routes with minimum cost. At the time of finding a route,

route discovery protocol uses double flooding for sending route request and response

messages. Digital signature and secure authentication are provided using cryptography.

During the Byzantine fault localization phase, faulty links on the routes are detected using

the adaptive probing method. This phase also uses cryptography to ensure the integrity of

packets based on secure acknowledgements received from intermediate node periodically.

Link weight management is the last phase of the protocol that tries to manage weights

assigned to faulty links. Based on a weight value assigned to each link, faulty links can be

discovered. Weight values are stored at every node and used by the least weight path

discovery phase. Authors have claimed that the proposed protocol can perform in different

scenarios. However, some points in the algorithm are not clearly defined. For example,

the algorithm uses digital signatures and RSA cryptography techniques but does not

consider open issues related to them such as authentication of nodes and distribution of

public keys. These points can influence the overall working of ODSBR and are essential

for the expected functionality of the algorithm. Also, secure acknowledgement based

functionalities cannot be guaranteed due to basic characteristics of ad hoc networks such

as dynamic topology and mobility of nodes.


41

Papadimitratos and Haas presented an approach called Secure Message Transmission

(SMT) [128] for providing data protection, integrity, confidentiality, and availability.

SMT is built using four mechanisms: dispersion of transmitted information, multiple

routes used simultaneously, secure end-to-end feedback and adaption to changing network

state. For implementing these mechanisms, SMT requires a security association (SA) [129]

between the source and destination nodes. The need for link encryption is eliminated using

SA. To provide secure data communication, SMT uses Active Path Set (APS) - a set of

node-disjoint paths existing between the source and destination nodes. To provide

recovery through redundancy, a message is divided into a number of small segments using

information dispersal scheme [130]. For improving confidentiality, all message segments

are transmitted using different paths which are available in APS. To form a full message

at the destination, all message pieces are first counted and if a sufficient number of

message shares are found, the message is reconstructed using dispersed segments. A

message authentication code is included in every message segment to support data

integrity. When a destination receives correct message segments, it acknowledges the

receipt to the source by providing a feedback. The feedback generated by the destination

is also secured using cryptography and dispersed to support tolerance to faults. In APS,

each path contains a rate of reliability that computed using the total number of successful

and unsuccessful transmissions on that path. This rate is used by the algorithm for

determining and managing maximally secure routes.

Choudury et al. [131] proposed a protocol named SDMP (Secure Data based MultiPath)

that offers data confidentiality and robustness. As the name suggests, this protocol uses

multiple paths between nodes of the network. SDMP provides authentication and

confidentiality of link layer frames by using wired equivalent privacy (WEP) link

encryption and decryption. SDMP is routing protocol independent and can be used with

any routing protocol that supports multipath routing with topology discovery. There are

two types of paths used by SDMP: data path and signaling path. The later type needs only

one path between the end nodes. The remaining paths can be used for transmitting data.

The proposed protocol uses the diversity coding approach to divide a message into

segments. A unique identifier is assigned to each message segment and then pairs are

formed by combining them using exclusive-or (EX-OR) operations. Different routes are

used for sending each pair and signaling paths are used to send information needed for

message reconstruction at the destination. To be successful, an attacker has to get all


42

transmitted message pairs for reconstruction. An attacker is required to be in the

eavesdropping range of the source or destination to compromise the confidentiality; or

must listen on all paths used and decrypt each encrypted transmitted message piece. The

main drawback of this protocol is that one segment of the original message is always sent

in its original form on one of the data paths and hence the probability of deducing the

original message partially from a few segments by an attacker is high.

Secure Protocol for Reliable Data Delivery (SPREAD) is a protocol proposed by Lou et.

al [132]. The objective of this protocol is to achieve data availability and confidentiality.

In this method, a source node divides messages into a number of segments based on the

threshold secret sharing scheme. Each message segment is then encrypted and transmitted

through multiple independent routes. The protocol assumes that an efficient key

management scheme is available for encryption using different keys for nodes. There are

three main operations to be performed: splitting messages into multiple segments,

selecting multiple routes and transmitting message segments using those routes. Multiple

paths are used for sending message segments to reduce the chances of an attack. To choose

multiple paths for this purpose, the proposed protocol considers various security factors.

To compromise the protocol, an attacker must access all paths to reconstruct the original

message from segments.

Techniques for Intrusion-resistant Ad hoc Routing Algorithms (TIARA) [133], proposed

by Ramanujan et. al, is a protocol to deal with denial of service attacks in ad hoc networks.

TIARA has the flexibility of applying it to any routing protocol but can be deployed easily

and effectively for reactive routing protocols such as AODV and DSR. Intrusion tolerance

to DoS attacks is achieved in TIARA by implementing the following techniques: FLAC

(Flow based route access control), distributed wireless firewall, multipath routing, source-

initiated flow routing, flow monitoring, fast authentication, use of sequence numbers and

referral based resource allocation. In the flow based route access control mechanism, a

distributed wireless firewall is used along with a limited resource allocation on a stream

of control packets in order to prevent attacks based on resource overloading. Each network

node maintains an access control list in which authorized flows are specified. For

allocating network resources for a flow in a limited manner, a threshold is def ined. To

forward data packets, the algorithm finds multiple routes but selects only one. For

detecting path failures, the flow monitoring mechanism sends control messages


43

periodically and chooses an alternative path if a failure is found. The fast authentication

technique assigns a path label to each packet in a secret position. A different secret position

for assigning a path label is chosen by each node. Table – 2.7 shows the key properties

and requirements offered by existing survivability initiatives.

Table – 2.7 Survivability Key Properties and Requirements achieved in Existing Survivable

Initiatives

BA BFTR CLA JA ODSBR SMT SDMP SPREAD TIARA

Survivability Properties

Resistance Yes Yes No Yes Yes Yes Yes Yes Yes

Recognition Yes No No Yes Yes No No No Yes

Recovery Yes Yes Yes Yes Yes Yes Yes Yes Yes

Adaptability Yes No Yes No Yes No No No No

Survivability Requirements

Efficiency No No No No No No No No No

Self-configuration

No No Yes No No Yes No No No

Heterogeneity Yes No No No No No No No Yes

Integrity Yes No No No Yes Yes Yes Yes No

Authentication Yes Yes No No Yes Yes Yes No Yes

Protection Yes No No No Yes No No No No

Confidentiality Yes No No No Yes Yes Yes Yes No

Access control Yes No No No No Yes No No Yes

Redundancy Yes Yes Yes Yes Yes Yes Yes Yes Yes

Robustness Yes No No No No No No No No

Self-organization Yes Yes No Yes Yes No No No Yes

Self-healing Yes Yes No Yes Yes No No No No

Decentralization Yes Yes No Yes Yes No No No Yes

Scalability Yes Yes No Yes Yes No No No Yes

2.5 Survey Conclusions

Our literature survey leads us to the following conclusions:

a) Preventive Security Mechanisms

Due to the fundamental characteristics of MANETs, it is difficult to

implement the conventional concept of firewalls to prevent attacks or

intrusions from entering into the network.

Cryptography based preventive mechanisms are computationally expensive.


44

Most of the existing cryptography based mechanisms need a trusted third

party or a group of reliable network nodes which can transmit certificates

securely in the network. This is difficult to implement in MANETs because

of the absence of any centralized authority and lack of node hierarchy.

Nodes in MANETs can also be compromised by attackers.

Encryption/Decryption techniques used by cryptographic mechanisms are

not full-proof and can be targeted by brute-force attacks.

Cryptographic solutions can only protect what they are designed to protect.

They do not protect other essential network services which should always be

provided.

b) Reactive Security Mechanisms

Point Detection Mechanisms are designed for only a particular type of attack

and therefore, they are not capable of dealing with other types of attacks.

Most of the existing IDSs are also designed to detect attacks of specific

types. When any other attack targets the network, they cannot defend the

network services.

Basic Characteristics of MANETs make the implementation of IDSs

challenging.

Reactive security mechanisms do not aim at tolerating the effects of ongoing

attacks. Thus, when a MANET is targeted by attackers, IDSs attempt to

detect and mitigate but fail to protect essential network services meanwhile.

c) Existing Survivability Initiatives

Existing survivability initiatives do not implement all three lines of defense

which are very important to achieve survivability. Most of the existing

solutions focus on preventive and reactive defense lines and pay less

attention to intrusion tolerance.

Some important survivability properties and requirements such as

adaptability, heterogeneity, self-management and robustness are almost

unexplored in the existing survivability solutions.

Most of the initiatives are designed for specific attacks or specific network

layer functionalities. They cannot be extended for other types of attacks or

functionalities.

To build a complete survivability model for a MANET, all defense lines


45

need to apply cooperatively. The survivability model should be generic so

that it can be used with underlying network functionalities. The

survivability model should also have the capability of adapting to

unexpected situations.

It is needed to develop an integrated survivability framework for MANETs

which uses preventive, reactive and tolerance defense mechanisms together

to achieve survivability. This framework should be able to provide general

essential network services when the network is under threats. Furthermore,

the design of this framework should be routing-protocol-independent so that

it can be used with any existing MANET, without changing its basic

architecture. The framework should provide the ability to survive the

consequences caused by different types of attacks in the ad hoc

environment.

Chapter – 3 Proposed Survivability Framework

46

CHAPTER – III

Proposed Survivability Framework

3.1 Problem Statement

To develop a complete, general, routing-protocol-independent survivability framework for

securing MANETs from different types of attacks, using three defense lines – Preventive,

Reactive and Tolerance, without compromising essential network services.

3.2 Scope of Our Research

Our proposed survivability framework is flexible enough to be used with any underlying ad

hoc routing protocol. The framework aims to provide general essential network services even

when the network is under attack. The scope of our research is defined as:

Simulate for implementation, integrate and monitor the performance of all of these

three defense lines – Preventive, Reactive and Tolerance

Design and Simulation of a routing-protocol-independent threat model to assess the

impact the of the proposed survivability framework

Prevention of attacks defined in the threat model to implement the first line of defense

On-demand identification of anomalies and intrusions using reactive defense

Diagnosis of detected anomalies to determine the type and impact of attacks

Mitigation of detected threats and anomalies by applying attack-specific mitigation

actions

Tolerating the effects of on-going attacks in the network to assure the provisioning of

essential network services regardless of specific network applications.

3.3 Objectives of Our Research

The overall objectives of our research are summarized as:


47

To use preventive and reactive defense lines for protecting MANETs from attacks.

To make networks capable of tolerating the effects of attacks and provide the essential

services even when the network is under attack, however with degraded performance.

Develop a complete, generic and routing protocol independent survivability framework

for MANETs by integrating three defense lines.

3.4 Original Contribution by the thesis

Although many researchers have worked towards enhancing existing security mechanisms for

MANETs, major breakthroughs in terms of detection and prevention of attacks are not yet

accomplished [6]. Very less work has been done for making MANETs survivable [29] [136]

[36]. Most of the existing survivability initiatives for MANETs do not define all three lines of

defense and are designed for specific attacks or specific network layer functionalities. Critical

open research areas for MANETs are Lack of full-proof security mechanisms, identifying and

analyzing attacks correctly and offering essential network services all the time despite

intrusions [6] [137] [16]. Preventing and detecting attacks in MANETs is not the only solution.

It is equally important to make the networks survive the effects of attacks. Survivability

initiatives for MANETs do not consider some of the important properties and requirements of

survivability and effective for specific attack scenarios or network situations.

We concentrate on all defense lines to secure MANETs. The first line of defense – prevention,

attempts to defend the network from attacks defined in the threat model. Detection, Diagnosis

and Mitigation components are included in the proposed survivability framework to implement

the second line of defense – reactive defense. The detection component is implemented as a

statistical anomaly detector which identifies network anomalies and generates alarms. After

receiving alarms as a possible indication of attacks, the diagnosis component attempts to

analyze the detected anomalies based on attack signatures available and specifies the type of

attack as a result. The role of the mitigation component is to identify and apply actions to be

taken for mitigating effects of attacks of specific types. This component also determines the

amount of time for which mitigations actions should be applied. The third defense line is

implemented as intrusion tolerance, having the aim of tolerating the impact of ongoing attacks

so that the network can continue providing the basic functionalities and services.

Our proposed survivability framework for MANETs is generic and does not depend on

underlying ad hoc routing protocols. It can be integrated into existing MANETs to provide


48

essential network services in the presence of various attacks at different network layers. The

fundamental characteristics of MANETs have been considered to define the list of key

properties and requirements of survivability for the proposed framework. The framework

proposed by us can be extended for different types of attacks and can be used for any MANET

application to get basic services uninterruptedly.

The simulation and analysis of prevention, detection, diagnosis, mitigation and tolerance

phases clearly indicate that our proposed framework with these phases has the capability of

surviving effects of attacks. Our framework shows the considerable reduction in routing

overhead, the percentage of data packets lost and false positive rate. As shown in the results,

the rate of detection and diagnosis improves with the use of the proposed framework. Essential

network services are always provided even if the network is under attack. According to the

results obtained, the proposed framework outperforms the network without survivability.

3.5 Threat Model

In the context of network security, a threat is a potential or actual adverse event that can be

malicious (such as a DoS attack) or incidental (such as the failure of a device) and, that can

compromise the system functionalities. Modeling threats is a method to identify and enumerate

potential threats and vulnerabilities theoretically, from an attacker’s perspective. To optimize

network security, a threat model provides a systematic analysis of the probable attacks and the

functionalities most affected by the attackers. Using this information, defenders can define

countermeasures to prevent, or mitigate the effects of threats to the network. Threat modeling

answers the following questions: What are the most vulnerable points in the network?, What

are high-value functionalities that can be targeted by attackers?, What are the most relevant

threats? and Is there an attack that might go unnoticed?

In communication networks, the important aspect of threat modeling is to determine where the

most effort should be applied to secure a system. This decision varies depending on the

applications, specific requirements and desired functionalities at different layers of the network

model. Threat modeling is an iterative approach that involves defining essential functionalities,

identifying application-specific requirements concerning these functionalities, identifying

potential threats and vulnerabilities and creating security profiles for adverse events.


49

To derive the threat model for our proposed survivability framework, we focus on the essential

services which are needed to be provided and the threats that can target such services. We

consider Routing, Data Forwarding, and Connectivity as the essential services which are to be

provided by any MANET application. Various forms of DoS attacks can target different types

of routing protocols at the network layer and thus, the above mentioned essential services also

get affected. Therefore, our threat model assesses possible forms of DoS attacks and their

impact on service provisioning. Based on this analysis, we propose the algorithms for

preventing and mitigating attacks and their effects. The following section describes how DoS

attacks might be the potential threats to the essential services identified by us.

3.5.1 Denial of Service (DoS) Attacks

As shown in Figure – 3.1, Denial of service (DoS) attacks in MANETs are categorized as i)

attacks on data traffic and ii) attacks on routing traffic [38][26]. Attacks on data traffic can be

further classified into two types: i) flow disruption attacks and ii) resource depletion attacks.

When an attacker corrupts, delays or drops data packets passing through it, it is called a flow

disruption attack. In a resource depletion attack, an intruder seizes precious network resources

such as bandwidth, energy etc. and thus these resources become unavailable for the use by the

legitimate traffic in the network.

Figure – 3.1 Classification of DoS Attacks

Researchers have proposed techniques to deal with flow disruption and resource depletion

attacks in the ad-hoc environment. Most of these techniques rely on the design of the specific

routing protocols and must be incorporated into particular ad hoc routing protocols. As we aim


50

to build a general survivability framework, our proposed intrusion tolerance component is

independent of a routing protocol and can be used with any underlying ad hoc routing

mechanism.

One very popular approach to deal with flow disruption attacks is multi-path routing [5]. In

multi-path routing, packets are routed along all communication paths which are available

between the source and the destination. Multi-path routing uses redundancy to increase packet

delivery ratio. Even if one or more paths are affected by the intruders, packets are transmitted

along the other redundant paths to achieve end-to-end communication. The major downside of

multi-path routing is the consumption of additional bandwidth to send packets along multiple

redundant paths. Thus, the overhead in a multi-path routing protocol is usually much higher

than a uni-path routing protocol. The other important drawback of multi-path routing is that

conventional routing protocols for ad hoc networks do not support multi-path routing. Either

they are modified to support the functionalities of multi-path routing or a new routing algorithm

with the required functionalities needs to be devised.

In the case of a resource depletion attack, the intruder wastes the network resources by flooding

the network with spurious packets [38]. A flow of such packets drains the energy of the nodes

through which they pass. A considerable amount of network bandwidth is also consumed to

route such spurious traffic of packets. Intruders generate fake packets or replay legitimate

packets to generate a stream of spurious traffic. To defend the network from such resource

draining attack, it is required to subdue the flow of spurious packets. The following section

describes our proposed approach for defending and tolerating the impact of flow disruption and

resource depletion attacks.

3.6 Proposed Survivability Framework

As shown in Figure – 3.2, the three defense lines need to be applied cooperatively to achieve

survivability in MANETs [36].


51

Figure – 3.2 Three Defense Lines for Survivability

We have designed and presented the following architecture, which constitutes our proposed

survivability framework:

Figure – 3.3 Proposed Survivability Framework

There are total five functional blocks defined in our approach to implement the defense lines.

These functional blocks are 1) Prevention 2) Detection 3) Diagnosis 4) Mitigation and 5)

Tolerance. Each defense line in our proposed framework requires one or more functional

blocks to achieve survivability partially. For instance, preventive defense line needs prevention

as the functional block. Detection, Diagnosis, and Mitigation processes are implemented in the

form of functional blocks for the reactive defense line. The third defense line, intrusion

tolerance executes the functionalities specified in the tolerance functional block. A detailed

description of these functional blocks is given in the next chapter.


52

Figure – 3.4 Functional Blocks of the Proposed Survivability Framework

To achieve survivability, the three defense lines must be aggregated to build a complete

survivable framework for a MANET. Figure – 3.4 describes how our framework employs

aggregation of functional blocks to utilize the functionalities of the defense lines. All three

defense lines must be enabled at the same time as these lines operate cooperatively. A brief

description of the operations performed by each functional block is shown in Figure – 3.4. The


53

specifications and working of functional blocks are discussed in detail in the next chapter.

Following paragraphs give the primary idea of operations carried out by functional blocks.

Prevention block implements a distributed wireless firewall mechanism to maintain

permissible packet flow information. Along with this information, the prevention block also

maintains dynamic thresholds β, γ, and λ to deal with different forms of flooding. The

thresholds are set based on current network conditions, using fuzzy logic rules. The complete

logic of prevention block is elaborated in Section 4.1, in the next chapter.

As shown in Figure – 3.4, functional blocks of the reactive defense line execute sequentially.

The reason is that the diagnosis of anomalies can be performed only after the detection.

Therefore, Diagnosis block requires inputs from the anomaly detector. Alarm generated by the

detection block along with the network state vector are provided as inputs to the diagnosis

block. Similarly, mitigation actions can be performed only after the type of detected attack is

identified. Hence, attack type generated by the diagnosis block is used as input by the

mitigation block. Functionalities associated with each block of the reactive defense line are

explained in Section 4.2 of Chapter – 4.

The tolerance block mainly uses an overlay routing mechanism to continue providing essential

services such as routing and data forwarding when the network is under attack. The proposed

overlay routing mechanism does not depend on underlying routing protocols for MANETs.

Upon detecting a route failure, this mechanism establishes an overlay path from the source to

the destination to complete the process of communication. The exact flow of operations for the

tolerance block is stated in the next chapter, in Section 4.3.

Chapter – 4 Functional Blocks of the Proposed Survivability Framework

54

CHAPTER – IV

Functional Blocks of the Proposed Survivability

Framework

As described in the previous chapter, our proposed framework uses three defense lines –

Preventive, Reactive and Tolerance. There are total five functional blocks defined in our

approach to implement the defense lines. These functional blocks are Prevention, Detection,

Diagnosis, Mitigation, and Tolerance. Following sections present the detailed working of each

functional block.

4.1 Preventive Defense

4.1.1 Prevention Block

i) Issues with conventional firewalls in MANETs

In traditional networks, to prevent unauthorized traffic from entering into the network, a

firewall is placed at the ingress/egress point of the network. In MANETs, the topology of the

network is highly dynamic and nodes can enter or leave the network at any time. Due to these

characteristics and absence of a centralized management authority, it is very difficult to define

the ingress/egress point for the network. Furthermore, in the ad-hoc environment, any node

participating in the network could be an intruder and an attack could originate from the network

itself. Hence, the conventional concept of firewalls does not work in MANETs. Moreover,

traditional firewalls are not designed to resist impersonation based flooding attacks where

packets are spoofed and sent as legitimate ones. Such packets can pass through the firewalls as

they satisfy the access control rules mostly based on either port level or IP address level access.

ii) Distributed Wireless Firewall – Our Approach

Our idea of defending MANETs from packet flooding attacks originating from the network

consists of the concept of a distributed wireless firewall. To make the firewall distributed, the

functionalities of it are distributed within all nodes in the network. Each node in the network

maintains an additional table, called the firewall table to maintain a list of permissible packets


55

flows which can pass through that node. A stream of packets from one node to another is

considered as a packet flow and is uniquely identified by the IP addresses of the source and

destination nodes. Along with the packet flow specifications, the firewall table also maintains

the thresholds for preventing a flood of spurious packets from draining the network resources.

The use of these thresholds is described later in this section.

The firewall tables are not static and the entries in them are generated and maintained at

runtime. This makes the design of the firewall reconfigurable. The entries of the firewall table

are updated automatically to respond to changes in the network topology or detected intrusions.

Furthermore, the firewall table entries have a finite lifetime. If the entry is not renewed within

that lifetime, it is deleted from the list of permissible packet flows. There is no centralized

authority in the network to manage or control the functionalities of the firewall. Thus, the

firewall is configured and maintained in a completely decentralized manner.

When an intruder generates a stream of spurious traffic, the distributed wireless firewall

attempts to filter out the traffic of flooding packets. As described above, all the nodes in the

network maintain a firewall table. Using the entries of these tables, the immediate one-hop

neighbors of the intruder prevent the attack traffic from flowing through the network and filter

it out. The following paragraphs describe how this is done in our framework.

iii) Maintenance of Permissible Packet Flows using Handshaking

The distributed firewall is created and maintained dynamically in the network by using

handshaking mechanism between the sender and receiver of a packet flow. Before initiating

the transmission of data packets, the sender sends a Flow Sending Request (FSREQ) message

to the receiver. The FSREQ message is sent to the receiver using the underlying routing

protocol for ad hoc networks. Upon receiving this message, if the receiver decides to accept a

flow of packets from that sender, it generates a control message Flow Acceptance Reply

(FAREP) and sends it back to the sender. The FAREP uses the reverse of the path taken by the

FSREQ to reach the sender. Such a handshake between the sender and receiver nodes needs to

be executed periodically during the lifetime of the required communication.

When an FAREP message is sent back by the receiver upon accepting the flow sending request

from a sender, the FAREP message passes through the intermediate nodes. The FAREP

message also contains the exact route to be followed by it. Each intermediate node on this route


56

reads this path and creates/refreshes a time-bound entry for it in its firewall table and marks

this entry as a permissible flow. Whenever handshake signals are exchanged between the

sender and receiver, the entries in the firewall tables are refreshed. In case of a route failure, a

new route is found according to the specifications of the underlying ad hoc routing protocol

and handshaking between the sender and receiver takes place again to obtain necessary entries

for the new route in the firewall tables. Firewall table entries for the flows which are no longer

valid would expire and be deleted from the table.

iv) Prevention using Thresholds

a. Prevention from Route-Request Flooding

During the on-demand routing process in MANETs, intruders can exploit the routing

functionality and can send a large number of route request packets. To deal with this form of

flooding attacks, the proposed mechanism uses two threshold values: β and λ. The idea is to

have a reasonable value of thresholds for attributes which indicate the flooding attack and raise

an alarm when the attribute values cross that threshold. Initially, each node defines its default

thresholds for these attributes; for all other nodes. A threshold β specifies the maximum number

of packets that can be transmitted by a node in an interval and it is determined by considering

the average number of packets transmitted in an interval by the node and the average number

of neighbors in its vicinity. γ is the maximum number of times a malicious node can exceed β

before it is blacklisted. This threshold should not generate more false positives and thus it

should be low.

If within a given time interval, a node receives more than β packets from the neighbor then the

subsequent packets from that neighbor should be dropped. If the same neighbor node exceeds

β transmissions by γ intervals then that neighbor node can be assumed to be flooding. All the

packets received from this neighbor should be discarded in the future intervals. This technique

is used for route request flooding prevention.

b. Prevention from Data Packet Flooding

The other form of flooding attack can be implemented by sending a large number of fake data

packets. Fake data packets do not carry any meaningful information in their payload field. To


57

prevent this type of flooding attack, a threshold λ is used which specifies the number of fake

data packets that the attacker node can send.

A destination node waits until it receives λ fake data packets from an attacker. When the

number of fake data packets received exceeds λ, the destination node should broadcast that the

path between it and the attacker is not available by generating an error packet. So, the path

existing between the attacker and the destination would be discarded and no new fake data

packets would be sent over that path.

c. Prevention from Duplicate/Replayed/Impersonated Packet Flooding

For each flow, the receiver monitors the duplicate packet receipt rate and the packet

authentication failure rate. The proposed framework uses IPsec based packet authentication to

achieve data integrity of data packets transmitted over the network. Using the packet sequence

number field of IPsec header, the receiver can detect duplicate or replayed packets. The sender

inserts a signed message authentication code in the authentication header field of an IP packet.

Upon receiving the packet, the receiver examines this field to verify the integrity of the received

message. At the receiver, impersonated or replayed packets would increase the rate of

authentication failure and reception of duplicate packets, abnormally. This behavior is detected

by the receiver and it is considered as an anomaly in the current flow. At that time, the receiver

stops accepting Flow Sending Requests from the sender and does not send any FAREP

messages over the existing path. Hence, the entries existing for this flow in the firewall tables

of intermediate and source nodes would not be refreshed and would expire periodically. The

sender would come to know about the path failure when it attempts to complete the required

handshaking procedure with the receiver fails after a certain number of retries.

v) Threshold Setting

In communication networks, to assess the performance, if the collected data values do not suit

the corresponding threshold values then it is an indication of the poor performance of the

network or devices [14]. A threshold value can be set to any level, such as the maximum value,

the minimum value or the equal value. Network services are liable to various types of attacks

and intrusions which could tamper the overall functionality of the network. Defensive and

preventive measures can overcome this liability to a great extent. Such measures analyze the

network traffic and obstruct the intrusions. For this analysis purpose, it is very important to


58

select a proper set of features that can affect the crucial network services [140]. If the correct

threshold values are set for these features then it can leverage the resistance capabilities of

prevention mechanisms.

To define thresholds for the prevention phase, we consider the essential services to be provided

by the network and the possible types of attacks that can target these services at the network

layer. Flooding of route request packets, data packets containing no useful information or

spoofed or replayed packets can affect the services such as routing, connectivity and data

forwarding which are the essential services for any MANET. Hence, to deal with a particular

type of attack, we select those features which greatly impact one or more essential services.

For the set of these features, threshold values are defined to identify the deviation.

To set thresholds during the prevention phase, either fixed values or fuzzy values can be used

[141]. In dynamic scenarios, it becomes difficult to determine a fixed threshold value for a

feature to analyze its impact on the changing system behavior. As MANETs have a very

dynamic behavior, the network state varies in response to different types of events in the

network. Therefore, the current statistics in the network should always be considered to decide

the correct threshold values for the selected features [140]. For such a requirement, fuzzy

thresholds are more appropriate compared to fixed thresholds. Fuzzy thresholds can deal with

imprecision and non-statistical uncertainty of the features and capture linguistic, rule-based

control strategies [142]. Fuzzy logic based threshold setting has proven effective in a variety

of applications, especially where it is difficult to characterize a system using fixed two-valued

logic [143]. Fuzzy if-then rules evaluate the network conditions using selected features and

generate a linguistic threshold value as the outcome. The following paragraphs describe how

threshold setting is done for our prevention block.

The prevention phase uses fuzzy logic to set the thresholds β, γ, and λ. Features considered for

setting β are the number of one-hop neighbors (Nn), energy level of a node (EL) and the number

of packets transmitted by a node (Np). Using these features as inputs and following labels for

fuzzy variables, fuzzy if-then rules are defined for β. Combinations of values for input features

and the corresponding output values are shown in Table – 4.1.

Nn = {S (Small), M (Medium), L (Large)}

Np = {S (Small), M (Medium), L (Large)}

EL = {L (Low), M (Medium), H (High)}

β = {S (Small), M (Medium), L (Large)}


59

Table – 4.1 IF-THEN Fuzzy Rules for β

Rule If Then

Nn Np EL

β

1 S S L S

2 S S M M

3 S S H L

4 S L L S

5 S L M S

6 S L H S

7 S M L S

8 S M M M

9 S M H M

10 M S L S

11 M S M M

12 M S H M

13 M M L S

14 M M M M

15 M M H M

16 M L L S

17 M L M S

18 M L H S

19 L S L S

20 L S M S

21 L S H S

22 L M L S

23 L M M M

24 L M H S

25 L L L S

26 L L M S

27 L L H S


60

To set γ, the energy level of a node (EL) and memory available with a node (Mem) are used as

input parameters to define fuzzy rules. Mapping of input values and output threshold values is

given in Table – 4.2.


Mem = {L (Low), M (Medium), H (High)}

γ = {S (Small), M (Medium), L (Large)}

Table – 4.2 IF-THEN Fuzzy Rules for γ

Rule If Then

EL Mem γ

1 L L S

2 L M S

3 L H S

4 M L M

5 M M S

6 M H S

7 H L L

8 H M M

9 H H S

Similarly, for setting λ, the input parameters are energy level of a destination node (EL), the

amount of memory available with the destination (Mem) and the count of fake data packets

received by the destination node from a source node (Cf). Fuzzy variable labels and if-then

rules are defined as below:


Mem = {L (Low), M (Medium), H (High)}

Cf = {S (Small), VS (Very Small)}

λ = {S (Small), M (Medium), L (Large)}


61

Table – 4.3 IF-THEN Fuzzy Rules for λ

Rule If Then

Cf EL Mem λ

1 VS L L S

2 VS L M S

3 VS L H S

4 S L L S

5 S L M S

6 S L H S

7 S M L M

8 S M M M

9 S M H S

10 S H L M

11 S H M M

12 S H H S

13 VS M M M

14 VS M L M

15 VS M H S

16 VS H L L

17 VS H M M

18 VS H H S

4.1.2 Algorithm of Prevention Block

The steps involved in the execution of prevention block are listed in the form of an algorithm

and the same is given below.

Step 1: Setup/Update Firewall Table at each node

1.1: The sender sends FSREQ message to the receiver using underlying ad hoc routing

protocol

1.2: The receiver generates FAREP message if it decides to accept a flow of packets

from that sender

1.3: FAREP message is sent to the sender, using the same route as traversed by FSREQ,

but in the reverse direction

1.4: Intermediate nodes receiving FAREP creates/refreshes a time-bound firewall table

entry for the packet flow


62

1.5: If a route failure occurs then repeat from step 1.1

Step 2: Update thresholds entry in the firewall table

2.1: Threshold β is updated based on fuzzy if-then rules which use the number of

neighbors in the vicinity of the node, number of packets transmitted by the node and

node energy level as input parameters

2.2: Threshold γ is modified using if-then fuzzy rules considering node energy level

and available node storage

2.3 Threshold λ is refreshed at the destination node considering the count of fake data

packets already received by the destination, energy level of destination and memory

available at the destination node, using fuzzy if-then rules.

Step 3: Within a time interval, if a node receives more than β packets from a neighbor then

drop subsequent packets from that neighbor

Step 4: If the same neighbor exceeds β by γ intervals, then blacklist the neighbor and discard

packets from that node in future intervals

Step 5: If a destination node receives more than λ fake data packets from the same node, then

broadcast path cutoff

Step 6: If the receiver detects an abnormal increase in the rate of duplicate/replayed or

impersonated packets then stop sending FAREP in the response of flow sending

requests

4.2 Reactive Defense

4.2.1 Detection Block

i) Features to characterize network behavior

The proposed anomaly detector uses the features which are the variables characterizing the

behavior of the given system. To make this component generalized, it is required to consider

the behavior of the network at the routing layer. Based on the study of various ad-hoc routing

protocols, following are the general features of routing layer considered which are not specific

to any particular attack: Packet rates, Packet rate differences, Packet ratios, Packet distances,

Number of different source addresses, Number of different destination addresses. A brief

description of these features are given below:

Packet rates: number of packets of each type received


63

Packet rate differences: difference in the packet rates calculated for each type of packet

Packet ratios: quotient of the number of packets received of a specific type compared

to another packet type

Packet distances: number of packets received between the receptions of two specific

types of packets.

Number of different source addresses: number of different source addresses counted in

the packets received

Number of different destination addresses: number of different destination addresses

counted in the packets received

ii) Normality Model

The detection component is implemented as a statistical anomaly detector. If the current state

of the network deviates too much from the considered normal network state, this component

will generate an alarm. The normal behavior of a network can be described by means of a

normality model which defines values for selected features when no anomalies are present in

the network. The current behavior of the network, specified by the state vector contains the

values of the same selected features. If feature values in the current state vector deviate from

their normal values, then the detector block treats it as an anomaly. Our proposed anomaly

detector needs a learning phase to derive the normality model. It is unrealistic to generate a

“perfect” normality model for any network. However, to accumulate preliminary normality

models, networks can be deployed in learning environments.

The normality model of the network is automatically generated by training the network. The

model is local to nodes and consists of four elements: the distance threshold Thi , the maximum

feature vector SiH, the minimum feature vector Si

L and the average feature vector Savgi. Si

H and

SiL represent the maximum and minimum values observed for each feature. Savg

i, SiH and Si

L

vectors are calculated during a period of time with a set of N observations. The maximum and

minimum feature vectors are used for normalization (to equalize the magnitude of the different

features in the vector). The normalized vector Vn at node i is calculated as Vn = (V - SiL) / (Si

H

- SiL).


64

iii) Anomaly Detection

The basic concept of the detector is to find the deviation between the given status of the network

and the normality model. As the normality model is local to nodes, the deviation is required to

be calculated for each node. At a given point in time, the state of the network perceived by a

node i is represented as a state vector Si. This vector contains numerical values for selected

features. The deviation can be found as the Euclidean distance D(Si(t)) between the normality

model local to node i and a given observation Si(t). The distance is then compared with a node-

specific threshold Thi. An alert is generated if D(Si(t)) > Thi. The threshold Thi is generated as

a part of the normality model of the node and specifies how far an observation can be from the

average.

To detect an anomaly within the system, the detector needs to observe the traffic and its

characteristics for a certain period of time. The alarms must be generated after that fixed time

interval if the threshold value is higher for that period. The alerts generated by the detector are

processed and aggregated during the interval Ia. The number of packets evaluated and the

number of alerts registered are counted during this period. The alarm is generated if the number

of alerts within the given period exceeds a certain threshold Tha. This threshold is defined in

terms of the proportion of alerts registered over the number of packets evaluated during Ia.

The distance threshold Thi is calculated after calculating the normality vectors. To determine

Thi, the distribution of the distances D(Si(t)) is characterized for a given set of M different

observations. Here, to set the threshold the three-sigma rule can be applied so that most of the

distributions fall inside the threshold. The range obtained using the three-sigma rule for a

normal distribution covers 99.7% of the observations. Thus, Thi is calculated as Thi = µi + 3σi,

where µi is the mean distance and σi is the standard deviation of the given distribution.

4.2.2 The Algorithm of Detection Block

The systematic flow of operations for the detection mechanism is given below.

Input: General Features of Routing Layer, Network Statistics

Output: Alarm, Average feature vector Savgi, Status vector Si(t)

Step 1: At every node i, Generate network normality model consists of

a) Minimum feature vector SiL

b) Maximum feature vector SiH


65

c) Average feature vector Savgi

d) Distance Threshold Thi

Step 2: At every node i, find deviation between the current network state Si(t) and the normality

vector

Step 3: If deviation D(Si(t)) > Thi then generate an alert

Step 4: Aggregate alerts generated during time interval Ia

Step 5: If the number of alerts aggregated within Ia exceeds threshold Tha then generate an

alarm

4.2.3 Diagnosis Block

The role of the diagnosis component is to identify the nature of the attack upon receiving an

alarm generated by the detector component. The diagnosis is done based on the feature values

that describe the node status at a given time. It is assumed that the effects of a particular attack

are always of the same nature, irrespective of the network conditions and node locations.

The diagnosis component works as follows: Along with the alarm, the detector component

provides the average feature vector Savgi and the status vector Si(t) as evidence. A unit length

difference vector di(t) is then calculated as di(t) = Si(t) - Savg

i . This difference is normalized as

dni (t) = di(t) / ||di(t)||, and called the evidence vector. To do the diagnosis, the evidence vector

is required to be matched with the attack vector. It is not possible to characterize all the possible

attacks during the training phase. Therefore, if an attack is not included in the attacker model

and thus not known, the diagnoser component may return unknown attack as the outcome.

The attack model is composed of a number of example vectors to represent the effect of a

particular attack on the different features of the status vector. As no existing dataset provides

an attack model directly, an example vector for a particular attack is calculated by running a

simulation in which the same is applied. To form the example vector Ej, all the observed

differences across the network di(t) are averaged and normalized (here, j is the associated

attack’s status and only the status vectors those were classified as anomalous are considered).

The resulting attack model is a matrix E = [E1 E2 … Ek], with k columns. It is possible to

characterize an attack by more than one example vectors.

To deal with non-modeled attacks, a threshold αj is calculated for each example vector Ej. This

threshold is used to determine the degree of closeness of matching attack with the given status.


66

To calculate αj, first, all the observations used to create Ej are projected against the example

vector. The distribution of projection is then studied and the threshold αj is selected as the range

that contains most of the projections.

In the diagnose component, it is possible to use the same example vectors for the entire

network, for every node. It is assumed that the effect of attacks is approximately uniform

regardless of the normality model generated for a node.

For each interval Ia in which the anomaly detector generates an alarm, the corresponding

observations are given to the diagnose as the evidence of an attack. The diagnose diagnoses

each observation and the attack type associated with the largest number of observations for the

given interval is selected as the output.

For each observation which is considered anomalous, the evidence vector is evaluated against

the example vectors of the known attacks. The example vector that most closely resembles the

evidence vector is selected as the indicator of the possible attack. The angular distance between

the evidence vector and the example vector is considered as the similarity.

To determine whether the output the diagnoser is a known attack or not, a special projection

vector Pi(t) is calculated as Pi(t) = ET . dni(t), where ET represents the transpose of the attack

matrix. A higher projection value for a given attack matrix denotes that the observation

resembles that attack most closely. The dot product between two vectors can be represented as

the scalar projection of one vector on the other. For the above dot product, the possible

projection values are -1, 0 and 1 as the vectors are unit length vectors.

Let Qi(t) be the attack whose example vector has the highest projection value Pij(t) at node i

during observation t. After selecting an example vector Ej, Pij(t) is evaluated against the

threshold αj. If Pij(t) >= αj , the output is Qi(t), otherwise is unknown. In the end, all the

observation diagnostics in the interval Ia are aggregated and the attack type with the largest

number of observations is provided to the mitigation component. If the attack is unknown, then

also the same information is given to the mitigation component.

4.2.4 The Algorithm of Diagnosis Block

Input: Alarm, Average feature vector Savgi, Status vector Si(t)

Output: Attack Type


67

Step 1: For each Ia in which an alarm is generated, Calculate Difference Vector di(t) as di(t) =

Si(t) - Savg

i

Step 2: Normalize the Difference Vector to get the Evidence Vector

Step 3: Match the Evidence Vector ||di(t)|| with each pre-computed Attack Example vector Ej

of known attacks

Step 4: Evaluate similarity Pij(t) against threshold αj. If Pij(t) >= αj , the output is Qi(t) is a

known attack, otherwise, the attack is unknown

Step 5: All the observation diagnostics in the interval Ia are aggregated and the attack type with

the largest number of observations is provided to the mitigation component

4.2.5 Mitigation Block

i) Mitigation Actions

The diagnosis component provides inputs to the mitigation component. Using this information,

the mitigation component chooses an appropriate action to respond to the suspected attack.

This component contains a number of mitigation actions and a mitigation controller. The

mitigation controller is responsible for deciding the type of mitigation to apply and when to

apply it. A generic mitigation action is applied if the detected attack is categorized as unknown.

The mitigation actions are specific to attacks. In the current proposed framework, mitigation

actions are specified for various forms of flooding attacks. The mitigation actions do not

attempt to affect the attacker node’s behavior or identify an attacker.

ii) Mitigation Controller

The role of the mitigation controller is to decide when to enable or disable the mitigation

actions. Due to MANET characteristics and detection accuracy, it is possible that the alarms

generated by the detector are not always accurate. There may exist some non-detected attack

intervals while an attack is affecting the network.

The mitigation controller uses the detection rate of the diagnosed attack which is calculated

during the modeling of the attacks, to extend the mitigation during a period φ after an alarm.

The rate of detection is expressed as P(D|Aj), which is the probability of detection provided

that an attack j is present. Therefore, the probability of no detection is 1 - P(D|Aj). Let W be a

window of a finite number of intervals during which the detector evaluations are taken. The


68

expected number of intervals ∂ in which attacks are detected is E[∂] = W * P(D|Aj) and φ in

which attacks are not detected is E[φ] = W * (1 - P(D|Aj)). Thus, the expected number of non-

detections can be expressed as E[φ] = E[∂] * { (1 - P(D|Aj))/ P(D|Aj)}.

This information can be used to extend the duration of the mitigation actions after the first

interval in which no anomalies are detected. Given a number of observed consecutive detection

intervals ∂, the period of mitigation is extended with φ intervals of mitigation even if no attack

is detected during this time. This adaptive mitigation mechanism has two advantages: it will

not mitigate for unnecessarily long periods and it will mitigate for long enough periods when

the attack is ongoing. When the latest attack is categorized as unknown, the mitigation actions

are not extended.

4.2.6 The Algorithm of Mitigation Block

Input: Attack Type generated by the Diagnosis Component

Output: Updated Routing Layer Feature Values after Mitigation

Step 1: Based on the attack type generated by the diagnosis component, the mitigation

controller determines which actions to apply to mitigate the attack

Step 2: Mitigation Actions are applied during an interval in which a known attack is detected

Step 3: Generic Mitigation Actions are applied if the attack is unknown

Step 4: The duration of the mitigation actions are extended after the first interval in which no

anomalies are detected

4.3 Tolerance

4.3.1 Overlay Routing

When a sender detects the failure of the current route of a flow, it invokes the overlay routing

mechanism to establish a new path to the receiver. The overlay routing mechanism is

independent of ad hoc routing protocols. In the overlay routing, when the sender decides to

discover a new path upon inferring the failure of the existing path, it randomly selects any one

node present on the current path. The selected node is called the overlay node. The sender then

tunnels all packets for the destination to the overlay node, which in turn tunnels the packets

received from the sender to the destination node. Thus, the path established between the source

and destination nodes is an overlay path formed by linking the two tunnels at the selected

overlay node. If the new overlay path consists of an intruder node (i.e., the node generating the


69

spurious traffic) then the newly established path would fail again. In this case, the sender selects

a new overlay node and attempts to reach the destination again until it succeeds or exceeds the

maximum number of retries.

4.3.2 The Algorithm of Tolerance Block

The following algorithm describes the process implemented in the tolerance block.

Step 1: Invoke Overlay Routing Mechanism if a sender detects the failure of the current route

of a flow

Step 2: Overlay Routing Mechanism randomly selects a node on the existing path, which is

called an overlay node

Step 3: The sender tunnels all packets for the destination to the overlay node

Step 4: The overlay node tunnels the packets received from the sender to the destination node

Step 5: If the new overlay path fails due to the presence of an intruder node on that path, then

go to Step 1

Step 6: Repeat until the sender succeeds in establishing a path to the destination or exceeds the

maximum number of retries.

4.4 Workflow of the Proposed Framework

The following flowchart represents the flow of processes involved in each functional block to

implement our integrated survivability framework. As stated earlier, preventive, reactive and

tolerance defense lines would execute simultaneously. The functional blocks of the reactive

defense line – Detection, Diagnosis, and Mitigation, would operate in a sequence, as described

in the above algorithms.


70


71


72

Figure – 4.1 Complete workflow of the proposed survivability framework

Chapter – 5 Experimental Setup and Results

73

CHAPTER – V

Experimental Setup & Results

5.1 Simulation Setup

For proof of concept, we are using GloMoSim (Global Mobile Information System Simulator)

simulator [145]. Our proposed survivability framework with the necessary functional blocks

are implemented in GloMoSim. We now discuss why we are using GloMoSim over other

network simulators.

GloMoSim provides a scalable simulation environment for large wireless and wired

communication networks [145]. It uses a parallel programming language, Parsec [145] to

support a parallel discrete-event simulation capability. GloMoSim offers the simulation of

networks consisting of a large number of nodes connected by a heterogeneous communication

technique which includes multi-hop ad-hoc wireless communication, multicast

communication, conventional Internet protocols and asymmetric communications based on

satellite broadcasts. Table – 5.1 lists the GloMoSim models currently available at each of the

major layers:

Table – 5.1 Protocols Available at Different Network Layers in GloMoSim

Compared to other network simulators such as NS-2, NS-3, OMNET++, and OPNET,

GloMoSim offers better scalability and lesser execution time [146][147]. GloMoSim uses the

node aggregation technique to give significant benefits to the simulation performance.

Initializing each node as a separate entity inherently limits the scalability because the memory

requirements increase dramatically for a model with a large number of nodes. With node


74

aggregation, a single entity can simulate several network nodes in the system. Node

aggregation technique implies that the number of nodes in the system can be increased while

maintaining the same number of entities in the simulation. In GloMoSim, each entity represents

a geographical area of the simulation. Hence the network nodes which a particular entity

represents are determined by the physical position of the nodes [146].

GloMoSim has a Visualization Tool that is platform independent because it is coded in Java.

This tool allows to debug and verify models and scenarios; stop, resume and step execution;

show packet transmissions, show mobility groups in different colors and show statistics.

The radio layer is displayed in the Visualization Tool as follows: When a node transmits a

packet, a yellow link is drawn from this node to all nodes within its power range. As each node

receives the packet, the link is erased and a green line is drawn for successful reception and a

red line is drawn for an unsuccessful reception. No distinction is made between different packet

types (i.e.: control packets vs. regular packets, etc.) [146].

The main configuration parameters for setting up a scenario are defined in the CONFIG.IN

file. These parameters are shown in Table 5.2. Placement of nodes in simulation terrain is

defined in NODES.INPUT file. APP.CONF file specifies different types of traffic generators

for message transmission. Mobility model with other necessary specifications is given in

MOBILITY.IN file.

Table – 5.2 Simulation Parameters

Simulator GloMoSIM 2.03

Total no. of nodes 10 - 100

Attacker nodes 0% - 100%

Simulation Time 45M

Terrain Dimensions 2000X2000

Node-Placement Random

Mobility Model Random-way-point

Routing Protocol AODV

Traffic Generator FTP/GENERIC


75

CONFIG-FILE app.conf

The nodes are placed using RANDOM node-placement strategy in the terrain area of

2000X2000. The traffic generator used for simulation is FTP/GENERIC and RANDOM-

WAYPOINT model is used for node mobility. To show the performance of the proposed

protocol, AODV (Ad hoc On-Demand Distance Vector) [148] routing protocol is used as an

illustration. The reason for choosing AODV over other routing protocols is that the attacks

considered in our threat model can always target AODV. Hence, we can evaluate the

effectiveness of the proposed survivability framework when the network is under attacks.

Based on the characteristics of AODV routing protocol, we use the following features at the

routing layer during the training phase. These features are important to derive the normality

model of the network at each node.

• Packet rate of RREQ, RREP, RERR

• Packet rate differences

• Packet ratio of RREQ/RREP, RREQ/RERR, RREP/RERR

• Packet distance of RREQ and RREP

• Number of different source addresses

• Number of different destination addresses

5.2 Performance Parameters

In general, important metrics to evaluate the performance of a MANET at the routing layer are

throughput, average routing overhead and average power consumption [149]. Throughput

measures how well the network delivers packets from the source to the destination [150].

Average routing overhead is defined as the average number of control packets produced per

node. Control packets include route requests, route replies and route error messages [149].

Average power consumption is measured as the average power consumed per node [149].

Factors that affect the routing performance of a MANET are node speed, network size, number

of traffic sources, node pause-time and type of routing [150]. As described by the authors of

[149], a number of traffic sources is the factor that has the strongest effect on the performance.

Size of the network is another important factor to be considered to measure the performance.


76

Based on the requirements of a specific MANET application or desired services, the above

mentioned set of factors and performance metrics can be modified. As we consider

survivability as the basic problem, we focus on factors and metrics that affect the survivability

of a MANET. The number of traffic sources, network size and number of attacker nodes present

in the network are important factors to consider with respect to survivability.

For evaluating the performance of the functional blocks of our survivability framework, we use

different metrics. These metrics are determined based on the objectives and requirements of a

particular functional block. For example, to assess the effectiveness of the prevention block,

we measure routing overhead and the percentage of data packets dropped due to flooding. Size

of the network, number of attacker nodes and number of traffic sources are the parameters that

affect the performance metrics and therefore these parameters are varied in a fixed range.

For the anomaly detection block, the accuracy of the detection process is very important to

consider. Hence, we treat the detection rate and false positive rate as performance metrics for

the detection block. The duration in which the alerts are aggregated has a great significance in

the computation of detection rate and false positive rate. Thus, we vary attack aggregation

interval as the performance parameter to see its impact on the rate of detection and false

positives.

The diagnosis block receives inputs from the detection block. Hence, the accuracy of detection

affects the outcome of the diagnosis process. The performance of the diagnosis block is

therefore evaluated in terms of the attacks which are diagnosed correctly. This metric is

affected by the same parameter as used in the detection block, Attack aggregation interval.

The process of mitigating attacks is initiated after the execution of the diagnosis block. The

objective of the mitigation block is to mitigate the effects of ongoing attacks in the network.

The effectiveness of mitigation can be seen in terms of routing overhead and the number of

packets dropped due to attacks. Hence, these two are treated as the performance metrics for the

mitigation block. The accurate detection of attacks can improve the performance of the

mitigation phase. Thus, we use the same performance parameter, attack aggregation interval,

for mitigation also.

To see how well the tolerance block performs in achieving survivability, we consider routing

overhead and the number of packets dropped as metrics. The overall performance of the


77

tolerance phase greatly depends on the parameters such as network size, number of traffic

sources and number of attackers present in the network.

When the network is under any form of flooding attacks, energy consumption at network nodes

always increases, irrespective of the performance parameters. Therefore, we do not show the

impact of flooding attacks on the average power consumption explicitly.

5.3 Experimental Results

This section describes the results of simulations, upon executing functional blocks of our

proposed survivability framework. The above mentioned parameters are varied in a range to

see the effect on the overall performance. Each simulation result presented below shows the

average values obtained by running three simulations.

5.3.1 Prevention

To see the effects of preventive mechanism, the number of network nodes and the number of

attacker nodes are varied in a fixed range. We assume that in any scenario, 0% to 100% of the

total nodes can behave as the adversary. These nodes are called flooding nodes and they can

launch any form of DoS attacks as described in the threat model. As expected, routing overhead

is less when preventive actions are taken. When no prevention logic is applied and the number

of attacker nodes is increased, the percentage of data packets dropped is very high. This

percentage is significantly reduced when our approach of prevention is used.

As shown in Figure – 5.1, if we vary the number of attacker nodes, keeping the number of

network nodes fixed, routing overhead increases when no prevention mechanism is applied.

Here, the overhead is computed in terms of the number of route request packets. Without

preventing the flooding nodes from generating and spreading spurious traffic flow, the attacker

nodes are successful in generating a large number of route request packets in the network. The

effect of applying prevention is also shown in the same graph. Overhead is reduced to a

considerable amount when prevention is used.


78

Figure – 5.1 Effect of Prevention Logic on Routing Overhead

When the attacker nodes are varied in a range from 0% to 100% for a fixed number of network

nodes, the effect of our prevention logic is shown in terms of routing overhead in Figure – 5.2.

Here, we use 20 sources which generate data traffic in the network. Routing overhead is

reduced to a great extent if we apply our prevention logic. We get similar results if we increase

the number of traffic sources. This is shown in Figure – 5.3 and 5.4 which have 40 and 60

traffic sources, respectively.


79



80



81


Figure – 5.5 shows the effect of flooding on the number of data packets lost when we use a fixed number of network nodes. As shown

in the figure, when we increase the number of flooding nodes, the rate at which data packets are lost increases. This is the case when no

prevention technique is applied in the network. Due to flooding, links become congested and the energy of nodes are drained. Some of


82

the paths become unavailable due to this and hence packets transmitted over those paths are dropped. When prevention mechanism is

enabled, there is a noticeable reduction in the percentage of data packets dropped.

Figure – 5.5 Effect of Prevention on Percentage of Data Packets Dropped


83

Figure – 5.6 shows the effectiveness of our prevention mechanism when we vary the number of network nodes. For each fixed number

of network nodes, we vary attacker nodes in the range of 0% to 100% of the total nodes. With the increase in the number of attackers,

data packets dropped also increase. When our prevention mechanism is applied, there is a considerable reduction in the number of

packets dropped due to flooding. The same scenario is tested for 20, 40 and 60 traffic sources and the results are shown in Figure – 5.6,

5.7 and 5.8, respectively.

Figure – 5.6 % of Data Packets Dropped with and without Prevention for 20 traffic sources


84



85



86

5.3.2 Detection

As described in the previous chapter, initially in the detection phase, a normality model is needed

to be derived at each node in the network. This model is based on the values contained by normality

vectors computed by nodes. As AODV routing protocol is taken as an illustration, the features to

be included in normality vectors are: Packet rate of RREQ, RREP and RERR packets; Packet rate

differences; Packet ratios (RREQ/RREP, RREQ/RERR, RREP/RERR); number of different

source addresses in received packets; and number of different destination addresses in received

packets. The simulation time is set to 2700 seconds, out of which first 300 seconds are used to

compute node-specific normality vectors and then next 300 seconds are used to determine the

distance threshold Thi. To compute a normality vector for a node, observations are taken after

varying intervals. At the time of determining Thi, the distance values are calculated after every 60

seconds.

As shown in Figure – 5.9, the accuracy of the detection component is mainly based on the intervals

during which observations are taken and alerts are aggregated. As we increase the attack

aggregation interval, detection rate improves.


87

Figure – 5.9 Effect of Attack Aggregation Interval on Detection Rate

Figure – 5.10 shows the effect of attack aggregation interval on the rate of detection when the

interval is varied from 20 seconds to 100 seconds. Here, the number of traffic sources used is 20.

When the interval is larger, the accuracy of the detection process gets better. The scenario is also

evaluated for 40 traffic generator sources, which is depicted in Figure – 5.11. We get similar results

in both the scenarios. The detection rate remains almost the same when attack aggregation duration

is more than 100 seconds. That is why the same is not shown in the graph.


88

Figure – 5.10 Detection Rate with varying Attack Aggregation Interval for 20 traffic sources


89

Figure – 5.11 Detection Rate with varying Attack Aggregation Interval for 40 traffic sources


90

Figure – 5.12 shows the false positive rate calculated for the detection component for 30 network

nodes and 8 flooding nodes. With a higher aggregation interval, the false positive rate of the

detection component reduces and accuracy of detection improves.

Figure – 5.13 and 5.14 show the false positive rate obtained by varying attack aggregation interval

and number of nodes and flooding nodes. There is a considerable reduction in the rate of false

positives when we use a larger value for the attack aggregation interval.

Figure – 5.12 Effect of Attack Aggregation Interval on False Positive Rate


91

Figure – 5.13 False Positive Rate with varying Attack Aggregation Interval for 20 traffic sources


92

Figure – 5.14 False Positive Rate with varying Attack Aggregation Interval for 40 traffic sources


93

5.3.3 Diagnosis

In the threat model of the proposed security framework, we consider different forms of flooding

attacks. The diagnosis component of the proposed framework is able to categorize the detected

attacks into two categories: Flooding and Unknown. The results of the same are shown in the

Figure – 5.15. When we increase attack aggregation interval, the accuracy of the detector improves

which results in better diagnosis outcome. This scenario is tested using a varying number of

attacker nodes and network nodes and the results obtained are shown in Figure – 5.16. The process

of diagnosis produces improved results when we use a larger aggregation interval.

Figure – 5.15 Effect of Attack Aggregation Interval on Diagnosis


94

Figure – 5.16 Attack Aggregation Interval vs. Diagnosis


95

5.3.4 Mitigation

The objective of the mitigation component is to reduce routing overhead and the rate of data

packets dropped due to flooding. Hence, we evaluate the performance of our mitigation component

with respect to these two metrics. Again, the interval during which alerts are generated and

aggregated plays an important role as a performance parameter because the accuracy of mitigation

depends on how accurately detection and diagnosis processes are performed. We vary the number

of traffic sources, the number of attackers and network size to see this effect. As shown in Figure

– 5.17 and 5.18, with a greater value of attack aggregation interval, mitigation of attacks becomes

more effective which reduces routing overhead.


96



97


Figure – 5.19 and 5.20 show the results of the mitigation component to represent the effect of different combinations of network nodes

and attacker nodes on the transmission of data packets. As the mitigation component is dependent on the detection functionality, its

performance is greatly affected by varying the attack aggregation interval. This graph shows that when higher aggregation intervals are

used, more attacks are detected accurately and subsequently mitigated to reduce the packet dropping rate.


98

Figure – 5.19 Attack Aggregation Interval vs. % of Data Packets Dropped for 20 traffic sources


99

Figure – 5.20 Attack Aggregation Interval vs. % of Data Packets Dropped for 40 traffic sources


100

5.3.5 Tolerance

The aim of the tolerance mechanism is to invoke overlay routing to complete the communication

between the source and the destination nodes. Figure – 5.21 shows the variation in the control

overhead mainly caused by routing when a range of network nodes and attacker nodes are

considered in the experiment. We use 20 traffic generators in the first scenario. This scenario is

evaluated with and without applying the proposed tolerance mechanism. When the tolerance

component is enabled, additional control messages for periodic handshaking and overlay routing

are transmitted. Hence, the control overhead is slightly higher than the one obtained without

applying tolerance. Figure – 5.22 and 5.23 depict the similar effect on the routing overhead when

there are 40 and 60 traffic sources are present in the network.


101



102



103


Figure – 5.24 shows the effect of different combinations of network nodes and attacker nodes on the transmission of data packets when

the network has 20 traffic sources. When distributed firewalls are enabled with no intrusion tolerance logic, the percentage of lost data

packets increases with the higher number of attacker nodes. This percentage is significantly reduced when overlay routing is applied


104

after detecting the path failures. Figure – 5.25 and 5.26 present the similar results when traffic sources are varied to 40 and 60,

respectively.

Figure – 5.24 Effect of tolerance logic on % of Data Packets Dropped for 20 traffic sources


105



106


Chapter – 6 Conclusions and Future Enhancements

107

CHAPTER – VI

Conclusions and Future Enhancements

6.1 Objectives Achieved

Our proposed survivability framework focuses on tolerating the effects of ongoing attacks and

providing essential services until the preventive and/or reactive mechanisms adapt themselves to

defend the network from those attacks. This framework consists of three defense lines –

Preventive, Reactive, and Tolerance. As described in the previous chapters, these defense lines are

implemented using five functional blocks – Prevention, Detection, Diagnosis, Mitigation, and

Tolerance. The prevention block attempts to protect the network and its services from intrusions

and anomalies defined in the threat model. The detection block assesses the behavior of the

network run-time to detect anomalies. These detected anomalies are analyzed by the diagnosis

block to determine the attack type and their possible impact on the network services. Based on the

generated diagnosis, the mitigation block determines attack-specific mitigation actions, to be

applied for a particular period to mitigate the effects of present attacks. In case of unknown attacks,

generic mitigation actions are applied. The tolerance block executes actions which are needed to

provide essential network services while the other blocks are dealing with threats and anomalies.

The main advantage of using our framework is that it implements all three defense lines. Thus,

when one defense line fails or is unable to protect network services, the remaining defense lines

attempt to secure the network and provide the necessary services and functionalities. Another

important feature of our framework is that it is independent of ad hoc routing protocols. Any

underlying ad hoc routing mechanism can be used with our framework, which eliminates the need

of deriving a new routing protocol. Our framework is flexible enough to be used for any MANET

application and can be modified according to the need of specific applications or required

functionalities.


108

For evaluating the performance of the proposed framework, different forms of flooding attacks are

considered in the threat model. Our framework is capable of dealing with other types of attacks,

provided that their specifications are available in the threat model. The necessary changes for any

new attack type can be made in the existing functional blocks of the framework.

As presented in the previous chapter, our experimental results clearly show that when a MANET

is simulated with our proposed survivability framework, there is a considerable improvement in

the provision of essential network services at the routing layer. Simulations of prevention block

indicate that the proposed prevention mechanism is capable of reducing the routing overhead and

the number of data packets dropped due to flooding. Results obtained for the detection phase prove

that our detection mechanism detects potential anomalies and intrusions based on the current

network behavior. The outcomes of the diagnosis functional block show that our framework is

able to diagnose the correct type of detected attacks in most of the cases. The impact of the

mitigation block clearly indicates that when the proposed mitigation actions are applied, the

performance of the network improves, with the reduction in routing overhead and data packets

dropped. Results obtained from the simulation of the tolerance phase state that when routing and

data forwarding are affected by flooding in the network, communication is completed using

overlay routing. Though routing overhead is slightly increased due to overlay routing, data

transmission rate is improved and essential network services are provided.

We have achieved the following objectives through our research:

The outcomes of prevention, detection, diagnosis, mitigation and tolerance phases clearly

indicate that our proposed framework with these phases has the capability of surviving

effects of attacks.

Our framework shows a considerable reduction in routing overhead, the percentage of data

packets lost and false positive rate. As shown in the results, the rate of detection and

diagnosis improves with the use of the proposed framework.

Essential network services are always provided even if the network is under attack.

According to the results obtained, the proposed framework outperforms the network

without survivability.


109

6.2 Conclusion

Due to the proliferation of wireless mobile devices, the use of Mobile Ad hoc Networks

(MANETs) has also increased. For most of the applications of MANETs, security is the main

concern. Conventional security solutions are not sufficient to defend MANETs as they do not have

tolerance capacity. The use of preventive, reactive and tolerance defense lines can make MANETs

survivable. The major requirement of a survivable system is to provide basic functionalities and

services in any case. Other important properties of survivability are resistance, recognition,

recovery, and adaptability. In addition to these properties, survivable MANETs have system and

application-specific requirements. A few existing survivable initiatives are either application-

specific or attack-specific and do not implement all three defense lines. Thus, a complete, generic

survivability framework has been proposed by us to make MANETs and secure and tolerant.

According to our literature review, intrusion tolerance is almost unexplored in most of the

survivability initiatives for MANETs. To implement tolerance capability, our framework focuses

on essential network services which are necessary to provide even in adverse conditions. Apart

from tolerance, the proposed framework has four other functional blocks: Prevention, Detection,

Diagnosis, and Mitigation.

There is still a long way to go, but the simulation of all these functional phases clearly show that

our framework has the capability of surviving attacks in the ad-hoc environment and provides

routing and data forwarding as essential services without disruptions. When our proposed

survivability framework is enabled, the average reduction in routing overhead is about 60% during

the prevention phase. The number of packets dropped due to attacks is also lowered to

approximately 50%. During the detection phase, the false positive rate ranges from 0.08 to 0.13.

The rate of detecting attacks is varied from 0.55 to 0.95, considering different observation

scenarios. The accuracy of diagnosing attacks defined in our threat model is from 70% to 90%. On

an average, there is a 55% reduction in routing overhead and 40% reduction in data packets lost

when our mitigation scheme is applied. As overlay routing is invoked during the tolerance phase,

the average increase in routing overhead is 10%. The advantage of enabling tolerance mechanism

is that the percentage of data packets dropped is lessened to 25%, considering the average of

results. The key properties and important requirements for achieving survivability in MANETs are


110

also addressed and fulfilled in the proposed framework. The results of our experiments indicate

that a MANET with our survivability framework outperforms a network without survivability. The

proposed framework is generic and can be used with existing MANETs for a variety of attacks

and any ad hoc routing protocol.

6.3 Possible Future Scope

Our proposed survivability framework is flexible enough to be used with any existing MANET.

Our framework does not depend on any underlying ad hoc routing protocol and thus, can be used

with any routing protocol for MANETs.

Based on the requirements of MANET applications and desired essential network services, the

normality model used by our framework can be modified. Depending on the necessary essential

services, it is possible to add, remove or update existing features in the normality model which

specify the behavior of the network.

We consider various forms of flooding attacks in our threat model. Our survivability framework

can be used to deal with other types of attacks if they are defined in the threat model. The functional

blocks of the proposed framework can also be modified accordingly.

It is possible to integrate our proposed survivability framework with any existing IDS or other

security solution for MANETs. Depending on the features of the existing security solutions,

functional blocks of our framework can be adjusted accordingly.

Future enhancement also includes exploration of the adaptive functional block to dynamically

influence the parameters of the other components presented in our framework. Depending on the

availability of resources, this adaptation of survivability can help in increasing system resilience.

111

References

[1] Papadimitratos, Panagiotis, and Zygmunt J. Haas. "Securing Mobile Ad Hoc Networks."

(2004).

[2] Perkins, Charles E. Ad hoc networking. Vol. 1. Reading: Addison-wesley, 2001.

[3] Djenouri, Djamel, Lyes Khelladi, and Nadjib Badache. "Security issues of mobile ad hoc

and sensor networks." IEEE Communications Surveys Tutorials. Vol. 7. No. 4. IEEE

Communications Society, 2005.

[4] Zhou, Lidong, and Zygmunt J. Haas. "Securing ad hoc networks." IEEE network 13.6

(1999): 24-30.

[5] Yang, H., H. Luo, J. Kong, F. Ye, P. Zerfos, S. Lu, and L. Zhang. "Ad hoc network security:

challenges and solutions." (2004).

[6] Khanpara, Pimal, and Bhushan Trivedi. "Security in Mobile Ad Hoc Networks."

Proceedings of International Conference on Communication and Networks. Springer,

Singapore, 2017.

[7] Mamatha, G. S., and Dr SC Sharma. "Network Layer Attacks and Defense Mechanisms in

MANETS-A Survey." International Journal of Computer Applications 9.9 (2010).

[8] Sen, Jaydip, M. Girish Chandra, P. Balamuralidhar, S. G. Harihara, and Harish Reddy. "A

distributed protocol for detection of packet dropping attack in mobile ad hoc networks."

Telecommunications and Malaysia International Conference on Communications, 2007. ICT-

MICC 2007. IEEE International Conference on. IEEE, 2007.

[9] Marti, Sergio, Thomas J. Giuli, Kevin Lai, and Mary Baker. "Mitigating routing

misbehavior in mobile ad hoc networks." Proceedings of the 6th annual international

conference on Mobile computing and networking. ACM, 2000.

[10] Sarkar, Manasi, and Debdutta Barman Roy. "Prevention of sleep deprivation attacks using

clustering." Electronics Computer Technology (ICECT), 2011 3rd International Conference

on. Vol. 5. IEEE, 2011.

[11] Tseng, Fan-Hsun, Li-Der Chou, and Han-Chieh Chao. "A survey of black hole attacks in

wireless mobile ad hoc networks." Human-centric Computing and Information Sciences 1.1

(2011): 4.

112

[12] Sen, Jaydip, M. Girish Chandra, S. G. Harihara, Harish Reddy, and P. Balamuralidhar. "A

mechanism for detection of gray hole attack in mobile Ad Hoc networks." Information,

Communications & Signal Processing, 2007 6th International Conference on. IEEE, 2007.

[13] Sinha, Somnath, Aditi Paul, and Sarit Pal. "The sybil attack in Mobile Adhoc Network:

Analysis and detection." (2013): 458-466.

[14] Hu, Yih-Chun, Adrian Perrig, and David B. Johnson. "Rushing attacks and defense in

wireless ad hoc network routing protocols." Proceedings of the 2nd ACM workshop on Wireless

security. ACM, 2003.

[15] Nadeem, Adnan, and Michael P. Howarth. "A survey of MANET intrusion detection &

prevention approaches for network layer attacks." IEEE communications surveys & tutorials

15.4 (2013): 2027-2045.

[16] Wu, Bing, Jianmin Chen, Jie Wu, and Mihaela Cardei. "A survey of attacks and

countermeasures in mobile ad hoc networks." Wireless network security. Springer, Boston,

MA, 2007. 103-135.

[17] Hubaux, Jean-Pierre, Levente Buttyán, and Srdan Capkun. "The quest for security in

mobile ad hoc networks." Proceedings of the 2nd ACM international symposium on Mobile ad

hoc networking & computing. ACM, 2001.

[18] Ramanujan, Ranga, Atiq Ahamad, Jordan Bonney, Ryan Hagelstrom, and Ken Thurber.

"Techniques for intrusion-resistant ad hoc routing algorithms (TIARA)." MILCOM 2000. 21st

Century Military Communications Conference Proceedings. Vol. 2. IEEE, 2000.

[19] Argyroudis, Patroklos G., and Donal O'mahony. "Secure routing for mobile ad hoc

networks." IEEE Communications Surveys and Tutorials 7.1-4 (2005): 2-21.

[20] Fokine, Klas. "Key management in ad hoc networks." (2002).

[21] Khalili, Aram, Jonathan Katz, and William A. Arbaugh. "Toward secure key distribution in

truly ad-hoc networks." Applications and the Internet Workshops, 2003. Proceedings. 2003

Symposium on. IEEE, 2003.

[22] Sun, Bo, Lawrence Osborne, Yang Xiao, and Sghaier Guizani. "Intrusion detection

techniques in mobile ad hoc and wireless sensor networks." IEEE Wireless Communications

14.5 (2007).

[23] Debar, Hervé, Marc Dacier, and Andreas Wespi. "Towards a taxonomy of intrusion-

detection systems." Computer Networks 31.8 (1999): 805-822.

113

[24] Debar, Hervé, Marc Dacier, and Andreas Wespi. "A revised taxonomy for intrusion-

detection systems." Annales des télécommunications. Vol. 55. No. 7-8. Springer-Verlag, 2000.

[25] Komninos, Nikos, Dimitris Vergados, and Christos Douligeris. "Detecting unauthorized and

compromised nodes in mobile ad hoc networks." Ad Hoc Networks 5.3 (2007): 289-298.

[26] Cretu, Gabriela F., Janak J. Parekh, Ke Wang, and Salvatore J. Stolfo. "Intrusion and

anomaly detection model exchange for mobile ad-hoc networks." Proc. of 3rd IEEE on

Consumer Communications and Networking Conference (CCNC 2006). 2006.

[27] Tseng, Chinyang Henry, Tao Song, Poornima Balasubramanyam, Calvin Ko, and Karl

Levitt. "A specification-based intrusion detection model for OLSR." International Workshop on

Recent Advances in Intrusion Detection. Springer, Berlin, Heidelberg, 2005.

[28] Veríssimo, Paulo Esteves, Nuno Ferreira Neves, and Miguel Pupo Correia. "Intrusion-

tolerant architectures: Concepts and design." Architecting Dependable Systems. Springer, Berlin,

Heidelberg, 2003. 3-36.

[29] Sterbenz, James PG, Rajesh Krishnan, Regina Rosales Hain, Alden W. Jackson, David

Levin, Ram Ramanathan, and John Zao. "Survivable mobile wireless networks: issues,

challenges, and research directions." Proceedings of the 1st ACM workshop on Wireless security.

ACM, 2002.

[30] Avizienis, Algirdas, J-C. Laprie, Brian Randell, and Carl Landwehr. "Basic concepts and

taxonomy of dependable and secure computing." IEEE transactions on dependable and secure

computing 1.1 (2004): 11-33.

[31] Deswarte, Yves, and David Powell. "Internet security: an intrusion-tolerance approach."

Proceedings of the IEEE 94.2 (2006): 432-441.

[32] Malicious- and Accidental-Fault Tolerance for Internet Applications.

http://www.maftia.org.

[33] Organically Assured and Survivable Information System (OASIS).

http://www.tolerantsystems.org.

[34] Fraga, Joni, and David Powell. "A fault-and intrusion-tolerant file system." Proceedings of

the 3rd International Conference on Computer Security. Vol. 203. No. 218. 1985.

[35] Avizienis, Algirdas, Jean-Claude Laprie, and Brian Randell. "Fundamental concepts of

computer system dependability." Workshop on Robot Dependability: Technological Challenge

of Dependable Robots in Human Environments. 2001.

http://www.maftia.org/

http://www.tolerantsystems.org/

114

[36] Lima, Michele Nogueira, Aldri Luiz Dos Santos, and Guy Pujolle. "A survey of

survivability in mobile ad hoc networks." IEEE Communications Surveys & Tutorials 11.1

(2009): 66-77.

[37] Bajaj, Lokesh, Mineo Takai, Rajat Ahuja, Ken Tang, Rajive Bagrodia, and Mario Gerla.

"Glomosim: A scalable network simulation environment." UCLA computer science department

technical report 990027.1999 (1999): 213.

[38] Bhuvaneshwari, K., and A. Francis Saviour Devaraj. "Examination of Impact of Flooding

attack on MANET and to accentuate on Performance Degradation." International Journal of

Advanced Networking and Applications 4.4 (2013): 1695.

[39] Yang, H., H. Luo, J. Kong, F. Ye, P. Zerfos, S. Lu, and L. Zhang. "Ad hoc network security:

challenges and solutions." (2004).

[40] Awerbuch, Baruch, Reza Curtmola, David Holmer, Cristina Nita-Rotaru, and Herbert

Rubens. "Mitigating byzantine attacks in ad hoc wireless networks." Department of Computer

Science, Johns Hopkins University, Tech. Rep. Version 1 (2004): 16.

[41] Krawczyk, Hugo, Ran Canetti, and Mihir Bellare. "HMAC: Keyed-hashing for message

authentication." (1997).

[42] Kotzanikolaou, Panayiotis, Rosa Mavropodi, and Christos Douligeris. "Secure multipath

routing for mobile ad hoc networks." Wireless On-demand Network Systems and Services, 2005.

WONS 2005. Second Annual Conference on. IEEE, 2005.

[43] Veríssimo, Paulo Esteves, Nuno Ferreira Neves, and Miguel Pupo Correia. "Intrusion-

tolerant architectures: Concepts and design." Architecting Dependable Systems. Springer, Berlin,

Heidelberg, 2003. 3-36.

[44] Deswarte, Yves, and David Powell. "Internet security: an intrusion-tolerance approach."

Proceedings of the IEEE 94.2 (2006): 432-441.

[45] Khalili, Aram, Jonathan Katz, and William A. Arbaugh. "Toward secure key distribution in

truly ad-hoc networks." Applications and the Internet Workshops, 2003. Proceedings. 2003

Symposium on. IEEE, 2003.

115

[46] Deng, Hongmei, Anindo Mukherjee, and Dharma P. Agrawal. "Threshold and identity-

based key management and authentication for wireless ad hoc networks." Information

Technology: Coding and Computing, 2004. Proceedings. ITCC 2004. International Conference

on. Vol. 1. IEEE, 2004.

[47] Lee, Byoungcheon, Colin Boyd, Ed Dawson, Kwangjo Kim, Jeongmo Yang, and Seungjae

Yoo. "Secure key issuing in ID-based cryptography." Proceedings of the second workshop on

Australasian information security, Data Mining and Web Intelligence, and Software

Internationalisation-Volume 32. Australian Computer Society, Inc., 2004.

[48] Li, Guangsong, and Wenbao Han. "A new scheme for key management in ad hoc networks."

International Conference on Networking. Springer, Berlin, Heidelberg, 2005.

[49] Zhang, Yanchao, Wei Liu, Wenjing Lou, Yuguang Fang, and Younggoo Kwon. "AC-PKI:

Anonymous and certificateless public-key infrastructure for mobile ad hoc networks."

Communications, 2005. ICC 2005. 2005 IEEE International Conference on. Vol. 5. IEEE, 2005.

[50] Saxena, Nitesh. "Public key cryptography sans certificates in ad hoc networks."

International Conference on Applied Cryptography and Network Security. Springer, Berlin,

Heidelberg, 2006.

[51] Zhang, Yanchao, Wei Liu, Wenjing Lou, and Yuguang Fang. "Securing mobile ad hoc

networks with certificateless public keys." IEEE transactions on dependable and secure

computing 3.4 (2006): 386-399.

[52] Ren, Yongjun, Jiandong Wang, Youdong Zhang, and Liming Fang. "Identity-based key

issuing protocol for ad hoc networks." Computational Intelligence and Security, 2007

International Conference on. IEEE, 2007.

[53] Zhang, Yuchen, Jing Liu, Yadi Wang, Jihong Han, Hengjun Wang, and Kun Wang.

"Identity-based threshold key management for ad hoc networks." Computational Intelligence

and Industrial Application, 2008. PACIIA'08. Pacific-Asia Workshop on. Vol. 2. IEEE, 2008.

[54] Xia, Pengrui, Meng Wu, Kun Wang, and Xi Chen. "Identity-based fully distributed

certificate authority in an OLSR MANET." Wireless Communications, Networking and Mobile

Computing, 2008. WiCOM'08. 4th International Conference on. IEEE, 2008.

116

[55] Huang, Yueh-Min, Hua-Yi Lin, and Tzone-I. Wang. "Inter-cluster routing authentication

for ad hoc networks by a hierarchical key scheme." Journal of Computer Science and Technology

21.6 (2006): 997-1011.

[56] Diffie, Whitfield, and Martin Hellman. "New directions in cryptography." IEEE

transactions on Information Theory 22.6 (1976): 644-654.

[57] Ingemarsson, Ingemar, Donald Tang, and C. Wong. "A conference key distribution system."

IEEE Transactions on Information theory 28.5 (1982): 714-720.

[58] Burmester, Mike, and Yvo Desmedt. "A secure and efficient conference key distribution

system." Workshop on the Theory and Application of of Cryptographic Techniques. Springer,

Berlin, Heidelberg, 1994.

[59] Becker, Klaus, and Uta Wille. "Communication complexity of group key distribution."

Proceedings of the 5th ACM conference on Computer and communications security. ACM,

1998.

[60] Asokan, N., and Philip Ginzboorg. "Key agreement in ad hoc networks." Computer

communications 23.17 (2000): 1627-1637.

[61] Steiner, Michael, Gene Tsudik, and Michael Waidner. "Key agreement in dynamic peer

groups." IEEE Transactions on Parallel and Distributed Systems 11.8 (2000): 769-780.

[62] Axelsson, Stefan. Intrusion detection systems: A survey and taxonomy. Vol. 99. Technical

report, 2000.

[63] Yi, Ping, Zhoulin Dai, Yiping Zhong, and Shiyong Zhang. "Resisting flooding attacks in

ad hoc networks." Information technology: Coding and computing, 2005. ITCC 2005.

International conference on. Vol. 2. IEEE, 2005.

[64] Guo, Yinghua, and Sylvie Perreau. "Detect DDoS flooding attacks in mobile ad hoc

networks." International Journal of Security and Networks 5.4 (2010): 259-269.

[65] Martin, Thomas, Michael Hsiao, Dong Ha, and Jayan Krishnaswami. "Denial-of-service

attacks on battery-powered mobile computers." Pervasive Computing and Communications,

2004. PerCom 2004. Proceedings of the Second IEEE Annual Conference on. IEEE, 2004.

117

[66] Hsu, Hung-Yuan, Sencun Zhu, and Ali R. Hurson. "LIP: a lightweight interlayer protocol

for preventing packet injection attacks in mobile ad hoc network." International Journal of

Security and Networks 2.3-4 (2007): 202-215.

[67] Yu, Wei, and KJ Ray Liu. "Defense against injecting traffic attacks in cooperative ad hoc

networks." Global Telecommunications Conference, 2005. GLOBECOM'05. IEEE. Vol. 3.

IEEE, 2005.

[68] Gerhards-Padilla, Elmar, Nils Aschenbruck, Peter Martini, Marko Jahnke, and Jens Tolle.

"Detecting black hole attacks in tactical MANETs using topology graphs." Local Computer

Networks, 2007. LCN 2007. 32nd IEEE Conference on. IEEE, 2007.

[69] Medadian, Mehdi, Mohammad Hossein Yektaie, and Amir Masoud Rahmani. "Combat with

Black Hole Attack in AODV routing protocol in MANET." Internet, 2009. AH-ICI 2009. First

Asian Himalayas International Conference on. IEEE, 2009.

[70] Zhang, XiaoYang, Yuji Sekiya, and Yasushi Wakahara. "Proposal of a method to detect

black hole attack in MANET." Autonomous Decentralized Systems, 2009. ISADS'09.

International Symposium on. IEEE, 2009.

[71] Xiaopeng, Gao, and Chen Wei. "A novel gray hole attack detection scheme for mobile ad-

hoc networks." Network and Parallel Computing Workshops, 2007. NPC Workshops. IFIP


[72] Wei, Chen, Long Xiang, Bai Yuebin, and Gao Xiaopeng. "A new solution for resisting gray

hole attack in mobile ad-hoc networks." Communications and Networking in China, 2007.

CHINACOM'07. Second International Conference on. IEEE, 2007.

[73] Sen, Jaydip, M. Girish Chandra, S. G. Harihara, Harish Reddy, and P. Balamuralidhar. "A

mechanism for detection of gray hole attack in mobile Ad Hoc networks." Information,

Communications & Signal Processing, 2007 6th International Conference on. IEEE, 2007.

[74] Yang, Bo, Ryo Yamamoto, and Yoshiaki Tanaka. "Historical evidence based trust

management strategy against black hole attacks in MANET." Advanced Communication

Technology (ICACT), 2012 14th International Conference on. IEEE, 2012.

118

[75] Douceur, John R. "The sybil attack." International workshop on peer-to-peer systems.

Springer, Berlin, Heidelberg, 2002.

[76] Piro, Chris, Clay Shields, and Brian Neil Levine. "Detecting the sybil attack in mobile ad

hoc networks." Securecomm and Workshops, 2006. IEEE, 2006.

[77] Mónica, Diogo, Joao Leitao, Luis Rodrigues, and Carlos Ribeiro. "On the use of radio

resource tests in wireless ad hoc networks." Proc. 3rd WRAITS (2009): 21-26.

[78] Sharma, Himika, and Roopali Garg. "Enhanced lightweight sybil attack detection

technique." Confluence The Next Generation Information Technology Summit (Confluence),

2014 5th International Conference-. IEEE, 2014.

[79] Sinha, Somnath, Aditi Paul, and Sarit Pal. "The sybil attack in Mobile Adhoc Network:

Analysis and detection." (2013): 458-466.

[80] Abbas, Sohail, Madjid Merabti, and David Llewellyn-Jones. "Signal strength based Sybil

attack detection in wireless Ad Hoc networks." Developments in eSystems Engineering (DESE),

2009 Second International Conference on. IEEE, 2009.

[81] Tangpong, Athichart, George Kesidis, Hung-yuan Hsu, and Ali Hurson. "Robust sybil

detection for manets." Computer Communications and Networks, 2009. ICCCN 2009.

Proceedings of 18th Internatonal Conference on. IEEE, 2009.

[82] Hashmi, Saorsh, and John Brooke. "Towards sybil resistant authentication in mobile ad hoc

networks." Emerging Security Information Systems and Technologies (SECURWARE), 2010

Fourth International Conference on. IEEE, 2010.

[83] Abbas, Sohail, Madjid Merabti, David Llewellyn-Jones, and Kashif Kifayat. "Lightweight

sybil attack detection in manets." IEEE systems journal 7.2 (2013): 236-248.

[84] Hu, Yih-Chun, Adrian Perrig, and David B. Johnson. "Rushing attacks and defense in

wireless ad hoc network routing protocols." Proceedings of the 2nd ACM workshop on Wireless

security. ACM, 2003.

[85] Papadimitratos, Panagiotis, and Zygmunt J. Haas. "Secure data communication in mobile

ad hoc networks." IEEE Journal on Selected Areas in Communications 24.2 (2006): 343-356.

119

[86] Papadimitratos, Panagiotis, and Zygmunt J. Haas. "Secure routing for mobile ad hoc

networks." SCS Communication Networks and Distributed Systems Modeling and Simulation

Conference (CNDS 2002). Vol. 31. 2002.

[87] Rawat, Ani, P. D. Vyavahare, and A. K. Ramani. "Evaluation of rushing attack on secured

message transmission (SMT/SRP) protocol for mobile ad-hoc networks." Personal Wireless

Communications, 2005. ICPWC 2005. 2005 IEEE International Conference on. IEEE, 2005.

[88] Tamilselvan, Latha, and V. Sankaranarayanan. "Solution to prevent rushing attack in

wireless mobile ad hoc networks." Ad Hoc and Ubiquitous Computing, 2006. ISAUHC'06.

International Symposium on. IEEE, 2006.

[89] Sen, Jaydip, M. Girish Chandra, P. Balamuralidhar, S. G. Harihara, and Harish Reddy. "A

distributed protocol for detection of packet dropping attack in mobile ad hoc networks."

Telecommunications and Malaysia International Conference on Communications, 2007. ICT-

MICC 2007. IEEE International Conference on. IEEE, 2007.

[90] Marti, Sergio, Thomas J. Giuli, Kevin Lai, and Mary Baker. "Mitigating routing

misbehavior in mobile ad hoc networks." Proceedings of the 6th annual international conference

on Mobile computing and networking. ACM, 2000.

[91] Gonzalez, Oscar F., Michael Howarth, and George Pavlou. "Detection of packet forwarding

misbehavior in mobile ad-hoc networks." Wired/Wireless Internet Communications. Springer,

Berlin, Heidelberg, 2007. 302-314.

[92] Duque, Oscar F. Gonzalez, Antonis M. Hadjiantonis, George Pavlou, and Michael P.

Howarth. "Adaptable misbehavior detection and isolation in wireless ad hoc networks using

policies." Integrated Network Management, 2009. IM'09. IFIP/IEEE International Symposium

on. IEEE, 2009.

[93] Yang, Hao, James Shu, Xiaoqiao Meng, and Songwu Lu. "SCAN: self-organized network-

layer security in mobile ad hoc networks." IEEE Journal on Selected Areas in Communications

24.2 (2006): 261-273.

[94] Mamatha, G. S., and S. C. Sharma. "A highly secured approach against attacks in

MANETS." International Journal of Computer Theory and Engineering 2.5 (2010): 815.

120

[95] Obaidat, Mohammad S., Isaac Woungang, Sanjay Kumar Dhurandher, and Vincent Koo.

"Preventing packet dropping and message tampering attacks on AODV-based mobile ad hoc

networks." Computer, Information and Telecommunication Systems (CITS), 2012 International

Conference on. IEEE, 2012.

[96] Shu, Tao, and Marwan Krunz. "Privacy-preserving and truthful detection of packet

dropping attacks in wireless ad hoc networks." IEEE Transactions on mobile computing 14.4

(2015): 813-828.

[97] Cretu, Gabriela F., Janak J. Parekh, Ke Wang, and Salvatore J. Stolfo. "Intrusion and

anomaly detection model exchange for mobile ad-hoc networks." Proc. of 3rd IEEE on

Consumer Communications and Networking Conference (CCNC 2006). 2006.

[98] Liu, Yu, Cristina Comaniciu, and Hong Man. "Modelling misbehaviour in ad hoc networks:

a game theoretic approach for intrusion detection." International Journal of Security and

Networks 1.3-4 (2006): 243-254.

[99] Jiang, Hai, and Hankang Wang. "Markov chain based anomaly detection for wireless ad

hoc distribution power communication networks." Power Engineering Conference, 2005. IPEC

2005. The 7th International. IEEE, 2005.

[100] Sun, Bo, Kui Wu, Yang Xiao, and Ruhai Wang. "Integration of mobility and intrusion

detection for wireless ad hoc networks." International Journal of Communication Systems 20.6

(2007): 695-721.

[101] Mitrokotsa, Aikaterini, Nikos Komninos, and Christos Douligeris. "Intrusion detection

with neural networks and watermarking techniques for MANET." Pervasive Services, IEEE


[102] Jabbehdari, Sam, S. H. Talari, and N. Modiri. "A neural network scheme for anomaly

based intrusion detection systems in mobile ad hoc networks." Journal of computing 4.2 (2012):

61-66.

[103] Nadeem, Adnan, and Michael Howarth. "Adaptive intrusion detection & prevention of

denial of service attacks in MANETs." Proceedings of the 2009 international conference on

wireless communications and mobile computing: Connecting the world wirelessly. ACM, 2009.

121

[104] Chaudhary, Alka, V. N. Tiwari, and Anil Kumar. "Design an anomaly based fuzzy

intrusion detection system for packet dropping attack in mobile ad hoc networks." Advance

Computing Conference (IACC), 2014 IEEE International. IEEE, 2014.

[105] Uyyala, Shivani, and Dinesh Naik. "Anomaly based intrusion detection of packet dropping

attacks in mobile ad-hoc networks." Control, Instrumentation, Communication and

Computational Technologies (ICCICCT), 2014 International Conference on. IEEE, 2014.

[106] Alem, Yibeltal Fantahun, and Zhao Cheng Xuan. "Preventing black hole attack in mobile

ad-hoc networks using Anomaly Detection." Future Computer and Communication (ICFCC),

2010 2nd International Conference on. Vol. 3. IEEE, 2010

[107] Shao, Min-Hua, Ji-Bin Lin, and Yi-Ping Lee. "Cluster-based cooperative back propagation

network approach for intrusion detection in MANET." Computer and Information Technology

(CIT), 2010 IEEE 10th International Conference on. IEEE, 2010.

[108] Jain, Shrishti, and Sandeep K. Raghuwanshi. "Behavioural and node performance based

Grayhole attack Detection and Amputation in AODV protocol." Advances in Engineering and

Technology Research (ICAETR), 2014 International Conference on. IEEE, 2014.

[109] Ye, Xia, and Junshan Li. "A security architecture based on immune agents for MANET."

Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International

Conference on. IEEE, 2010.

[110] Komninos, Nikos, Dimitris Vergados, and Christos Douligeris. "Detecting unauthorized

and compromised nodes in mobile ad hoc networks." Ad Hoc Networks 5.3 (2007): 289-298.

[111] Alattar, Mouhannad, Françoise Sailhan, and Julien Bourgeois. "Log-based intrusion

detection for MANET." Wireless Communications and Mobile Computing Conference

(IWCMC), 2012 8th International. IEEE, 2012.

[112] Khanpara, Pimal, and Bhushan Trivedi. "Survivability in MANETs.", International

Journal of Advanced Research in Computer Engineering and Technology, vol. 7, pp. 7-10, Jan.

2018.

122

[113] Vigna, Giovanni, Sumit Gwalani, Kavitha Srinivasan, Elizabeth M. Belding-Royer, and

Richard A. Kemmerer. "An intrusion detection tool for AODV-based ad hoc wireless networks."

Computer Security Applications Conference, 2004. 20th Annual. IEEE, 2004..

[114] Tseng, Chinyang Henry, Tao Song, Poornima Balasubramanyam, Calvin Ko, and Karl

Levitt. "A specification-based intrusion detection model for OLSR." International Workshop on

Recent Advances in Intrusion Detection. Springer, Berlin, Heidelberg, 2005.

[115] Orset, Jean-Marie, Baptiste Alcalde, and Ana Cavalli. "An EFSM-based intrusion

detection system for ad hoc networks." International Symposium on Automated Technology for

Verification and Analysis. Springer, Berlin, Heidelberg, 2005.

[116] Stakhanova, Natalia, Samik Basu, Zhang Wensheng, Xia Wang, and Johnny S. Wong.

"Specification synthesis for monitoring and analysis of MANET protocols." (2007).

[117] Joseph, John Felix Charles, Amitabha Das, Boon-Chong Seet, and Bu-Sung Lee.

"CRADS: integrated cross layer approach for detecting routing attacks in MANETs." Wireless

Communications and Networking Conference, 2008. WCNC 2008. IEEE. IEEE, 2008.

[118] Nadeem, Adnan, and Michael Howarth. "A generalized intrusion detection & prevention

mechanism for securing MANETs." Ultra Modern Telecommunications & Workshops, 2009.

ICUMT'09. International Conference on. IEEE, 2009.

[119] Hijazi, Abdulrahman, and Nidal Nasser. "Using mobile agents for intrusion detection in

wireless ad hoc networks." Wireless and Optical Communications Networks, 2005. WOCN 2005.

Second IFIP International Conference on. IEEE, 2005.

[120] Ping, Yi, Jiang Xinghao, Wu Yue, and Liu Ning. "Distributed intrusion detection for

mobile ad hoc networks." Journal of systems engineering and electronics 19.4 (2008): 851-859.

[121] Avizienis, Algirdas, Jean-Claude Laprie, and Brian Randell. "Fundamental concepts of

computer system dependability." Workshop on Robot Dependability: Technological Challenge

of Dependable Robots in Human Environments. 2001.

[122] Linger, Richard C., Nancy R. Mead, and Howard F. Lipson. "Requirements definition for

survivable network systems." Requirements Engineering, 1998. Proceedings. 1998 Third


123

[123] Boudriga, N. A., and Mohammad S. Obaidat. "Fault and intrusion tolerance in wireless ad

hoc networks." Wireless Communications and Networking Conference, 2005 IEEE. Vol. 4.

IEEE, 2005.

[124] Xue, Yuan, and Klara Nahrstedt. "Providing fault-tolerant ad hoc routing service in

adversarial environments." Wireless Personal Communications 29.3-4 (2004): 367-388.

[125] Berman, Vladimir, and Biswanath Mukherjee. "Data security in manets using multipath

routing and directional transmission." Communications, 2006. ICC'06. IEEE International

Conference on. Vol. 5. IEEE, 2006.

[126] Joshi, Deepti, Kamesh Namuduri, and Ravi Pendse. "Secure, redundant, and fully

distributed key management scheme for mobile ad hoc networks: an analysis." EURASIP

Journal on Wireless Communications and Networking 2005.4 (2005): 579-589.

[127] Awerbuch, Baruch, Reza Curtmola, David Holmer, Cristina Nita-Rotaru, and Herbert

Rubens. "ODSBR: An on-demand secure Byzantine resilient routing protocol for wireless ad

hoc networks." ACM Transactions on Information and System Security (TISSEC) 10.4 (2008):

6.

[128] Papadimitratos, Panagiotis, and Zygmunt J. Haas. "Secure message transmission in mobile

ad hoc networks." Ad Hoc Networks 1.1 (2003): 193-209.

[129] Maughan, Douglas, and Mark Schneider. "Internet security association and key

management protocol (ISAKMP)." (1998).

[130] Rabin, Michael O. "Efficient dispersal of information for security, load balancing, and

fault tolerance." Journal of the ACM (JACM) 36.2 (1989): 335-348.

[131] Choudhury, Romit Roy, Xue Yang, Ram Ramanathan, and Nitin H. Vaidya. "On designing

MAC protocols for wireless networks using directional antennas." IEEE transactions on mobile

computing 5.5 (2006): 477-491.

[132] Lou, Wenjing, Wei Liu, and Yuguang Fang. "SPREAD: Enhancing data confidentiality in

mobile ad hoc networks." INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE

Computer and Communications Societies. Vol. 4. IEEE, 2004.

124

[133] Ramanujan, Ranga, Atiq Ahamad, Jordan Bonney, Ryan Hagelstrom, and Ken Thurber.

"Techniques for intrusion-resistant ad hoc routing algorithms (TIARA)." MILCOM 2000. 21st

Century Military Communications Conference Proceedings. Vol. 2. IEEE, 2000.

[134] Azni, A. H., Rabiah Ahmad, Zul Azri Mohamad Noh, Farida Hazwani, and Najwa Hayaati.

"Systematic Review for Network Survivability Analysis in MANETS." Procedia-Social and

Behavioral Sciences 195 (2015): 1872-1881.

[135] Lima, Michele Nogueira, Aldri Luiz Dos Santos, and Guy Pujolle. "A survey of

survivability in mobile ad hoc networks." IEEE Communications Surveys & Tutorials 11.1

(2009): 66-77.

[136] Sterbenz, James PG, David Hutchison, Egemen K. Çetinkaya, Abdul Jabbar, Justin P.

Rohrer, Marcus Schöller, and Paul Smith. "Resilience and survivability in communication

networks: Strategies, principles, and survey of disciplines." Computer Networks 54.8 (2010):

1245-1265.

[137] Khanpara, Pimal and Trivedi, Bhushan. "SECURITY ISSUES IN MANETS." In

Proceedings of 3rd International Conference on Emerging Trends in Engineering, Technology,

Science and Management, pp. 160-165, June. 2017.

[138] Cucurull, Jordi, Mikael Asplund, Simin Nadjm-Tehrani, and Tiziano Santoro. "Surviving

attacks in challenged networks." IEEE Transactions on Dependable and Secure Computing 9.6

(2012): 917-929.

[139] Ramanujan, Ranga, S. Kudige, and T. Nguyen. "Techniques for intrusion-resistant ad hoc

routing algorithms (tiara)." DARPA Information Survivability Conference and Exposition, 2003.

Proceedings. Vol. 2. IEEE, 2003.

[140] Lee, Wenke, and Salvatore J. Stolfo. "A framework for constructing features and models

for intrusion detection systems." ACM transactions on Information and system security (TiSSEC)

3.4 (2000): 227-261.

[141] Bonde Jr, Allen R., and Sumit Ghosh. "A comparative study of fuzzy versus “fixed”

thresholds for robust queue management in cell-switching networks." IEEE/ACM Transactions

on Networking (TON) 2.4 (1994): 337-344.

125

[142] Bezdek, James C. "Computing with uncertainty." Complement 2 (1992): 3.

[143] Tanaka, Hideo, Tetsuji Okuda, and Kiyoji Asai. "Fuzzy information and decision in

statistical model." Advances in Fuzzy Sets Theory and Applications (1979): 303-320.

[144] Kosko, Bart. "Neural networks and fuzzy systems: a dynamical systems approach to

machine intelligence/book and disk." Vol. 1Prentice hall (1992).

[145] Bajaj, Lokesh, Mineo Takai, Rajat Ahuja, Ken Tang, Rajive Bagrodia, and Mario Gerla.

"Glomosim: A scalable network simulation environment." UCLA computer science department

technical report 990027.1999 (1999): 213.

[146] Zeng, Xiang, Rajive Bagrodia, and Mario Gerla. "GloMoSim: a library for parallel

simulation of large-scale wireless networks." ACM SIGSIM Simulation Digest. Vol. 28. No. 1.

IEEE Computer Society, 1998.

[147] Khan, Atta R., Sardar M. Bilal, and Mazliza Othman. "A performance comparison of open

source network simulators for wireless networks." Control System, Computing and Engineering

(ICCSCE), 2012 IEEE International Conference on. IEEE, 2012.

[148] Perkins, Charles, Elizabeth Belding-Royer, and Samir Das. Ad hoc on-demand distance

vector (AODV) routing. No. RFC 3561. 2003.

[149] Perkins, Dmitri D., Herman D. Hughes, and Charles B. Owen. "Factors affecting the

performance of ad hoc networks." Communications, 2002. ICC 2002. IEEE International

Conference on. Vol. 4. IEEE, 2002.

[150] Vadde, Kiran K., and Violet R. Syrotiuk. "Factor interaction on service delivery in mobile

ad hoc networks." IEEE Journal on selected areas in communications 22.7 (2004): 1335-1346.

126

List of Publications

Paper Presented / Published:

1) Security in Mobile Ad Hoc Networks. In Proceedings of International Conference

on Communication and Networks (pp. 501-511), 2016. Springer, Singapore.

2) Security issues in MANETs. 3rd International Conference on Emerging Trends in

Engineering, Technology, (ICETETSM-17), 2017.

3) Survivability in MANETs. International Journal of Advanced Research in

Computer Engineering and Technology (IJARCET), Vol. 7, issue 1, pp. 7-10, 2018.

Paper Submitted:

4) Survivability in Ad hoc Networks: A Review, IET Networks Journal.

5) Resisting Flooding Attacks in Mobile Ad hoc Networks, International Journal of

Security and Networks, InderScience.

6) Techniques for Reactive Defense in Ad hoc Networks, International Journal of

Mobile Computing and Multimedia Communications, IGI Global.

7) Intrusion Tolerance for Survivable Mobile Ad hoc Networks, International Journal

of Future Generation Communication and Networking.

SURVIVABILITY IN MOBILE AD HOC NETWORKS · I declare that the thesis entitled Survivability in...

Documents

Transcript of SURVIVABILITY IN MOBILE AD HOC NETWORKS · I declare that the thesis entitled Survivability in...