5,594 research outputs found
The Mason Test: A Defense Against Sybil Attacks in Wireless Networks Without Trusted Authorities
Wireless networks are vulnerable to Sybil attacks, in which a malicious node
poses as many identities in order to gain disproportionate influence. Many
defenses based on spatial variability of wireless channels exist, but depend
either on detailed, multi-tap channel estimation - something not exposed on
commodity 802.11 devices - or valid RSSI observations from multiple trusted
sources, e.g., corporate access points - something not directly available in ad
hoc and delay-tolerant networks with potentially malicious neighbors. We extend
these techniques to be practical for wireless ad hoc networks of commodity
802.11 devices. Specifically, we propose two efficient methods for separating
the valid RSSI observations of behaving nodes from those falsified by malicious
participants. Further, we note that prior signalprint methods are easily
defeated by mobile attackers and develop an appropriate challenge-response
defense. Finally, we present the Mason test, the first implementation of these
techniques for ad hoc and delay-tolerant networks of commodity 802.11 devices.
We illustrate its performance in several real-world scenarios
An adaptive distributed Intrusion detection system architecture using multi agents
Intrusion detection systems are used for monitoring the network data, analyze them and find the intrusions if any. The major issues with these systems are the time taken for analysis, transfer of bulk data from one part of the network to another, high false positives and adaptability to the future threats. These issues are addressed here by devising a framework for intrusion detection. Here, various types of co-operating agents are distributed in the network for monitoring, analyzing, detecting and reporting. Analysis and detection agents are the mobile agents which are the primary detection modules for detecting intrusions. Their mobility eliminates the transfer of bulk data for processing. An algorithm named territory is proposed to avoid interference of one analysis agent with another one. A communication layout of the analysis and detection module with other modules is depicted. The inter-agent communication reduces the false positives significantly. It also facilitates the identification of distributed types of attacks. The co-ordinator agents log various events and summarize the activities in its network. It also communicates with co-ordinator agents of other networks. The system is highly scalable by increasing the number of various agents if needed. Centralized processing is avoided here to evade single point of failure. We created a prototype and the experiments done gave very promising results showing the effectiveness of the system
- …