Two-tier Intrusion Detection System for Mobile Ad Hoc Networks

Nowadays, a commonly used wireless network (i.e. Wi-Fi) operates with the aid of a fixed infrastructure (i.e. an access point) to facilitate communication between nodes when they roam from one location to another. The need for such a fixed supporting infrastructure limits the adaptability of the wireless network, especially in situations where the deployment of such an infrastructure is impractical. In addition, Wi-Fi limits nodes' communication as it only provides facility for mobile nodes to send and receive information, but not reroute the information across the network. Recent advancements in computer network introduced a new wireless network, known as a Mobile Ad Hoc Network (MANET), to overcome these limitations. MANET has a set of unique characteristics that make it different from other kind of wireless networks. Often referred as a peer to peer network, such a network does not have any fixed topology, thus nodes are free to roam anywhere, and could join or leave the network anytime they desire. Its ability to be setup without the need of any infrastructure is very useful, especially in geographically constrained environments such as in a military battlefield or a disaster relief operation. In addition, through its multi hop routing facility, each node could function as a router, thus communication between nodes could be made available without the need of a supporting fixed router or an access point. However, these handy facilities come with big challenges, especially in dealing with the security issues. This research aims to address MANET security issues by proposing a novel intrusion detection system that could be used to complement existing prevention mechanisms that have been proposed to secure such a network. A comprehensive analysis of attacks and the existing security measures proved that there is a need for an Intrusion Detection System (IDS) to protect MANETs against security threats. The analysis also suggested that the existing IDS proposed for MANET are not immune against a colluding blackmail attack due to the nature of such a network that comprises autonomous and anonymous nodes. The IDS architecture as proposed in this study utilises trust relationships between nodes to overcome this nodes' anonymity issue. Through a friendship mechanism, the problems of false accusations and false alarms caused by blackmail attackers in global detection and response mechanisms could be eliminated. The applicability of the friendship concept as well as other proposed mechanisms to solve MANET IDS related issues have been validated through a set of simulation experiments. Several MANET settings, which differ from each other based on the network's density level, the number of initial trusted friends owned by each node, and the duration of the simulation times, have been used to study the effects of such factors towards the overall performance of the proposed IDS framework. The results obtained from the experiments proved that the proposed concepts are capable to at least minimise i f not fully eliminate the problem currently faced in MANET IDS

Intrusion tolerant routing with data consensus in wireless sensor networks

Dissertação para obtenção do Grau de Mestre em Engenharia InformáticaWireless sensor networks (WSNs) are rapidly emerging and growing as an important new area in computing and wireless networking research. Applications of WSNs are numerous, growing, and ranging from small-scale indoor deployment scenarios in homes and buildings to large scale outdoor deployment settings in natural, industrial, military and embedded environments. In a WSN, the sensor nodes collect data to monitor physical conditions or to measure and pre-process physical phenomena, and forward that data to special computing nodes called Syncnodes or Base Stations (BSs). These nodes are eventually interconnected, as gateways, to other processing systems running applications. In large-scale settings, WSNs operate with a large number of sensors – from hundreds to thousands of sensor nodes – organised as ad-hoc multi-hop or mesh networks, working without human supervision. Sensor nodes are very limited in computation, storage, communication and energy resources. These limitations impose particular challenges in designing large scale reliable and secure WSN services and applications. However, as sensors are very limited in their resources they tend to be very cheap. Resilient solutions based on a large number of nodes with replicated capabilities, are possible approaches to address dependability concerns, namely reliability and security requirements and fault or intrusion tolerant network services. This thesis proposes, implements and tests an intrusion tolerant routing service for large-scale dependable WSNs. The service is based on a tree-structured multi-path routing algorithm, establishing multi-hop and multiple disjoint routes between sensors and a group of BSs. The BS nodes work as an overlay, processing intrusion tolerant data consensus over the routed data. In the proposed solution the multiple routes are discovered, selected and established by a self-organisation process. The solution allows the WSN nodes to collect and route data through multiple disjoint routes to the different BSs, with a preventive intrusion tolerance approach, while handling possible Byzantine attacks and failures in sensors and BS with a pro-active recovery strategy supported by intrusion and fault tolerant data-consensus algorithms, performed by the group of Base Stations

Trust models in wireless sensor networks: A survey

This paper introduces the security and trust concepts in wireless sensor networks and explains the difference between them, stating that even though both terms are used interchangeably when defining a secure system, they are not the same. The difference between reputation and trust is also explained, highlighting that reputation partially affects trust. The methodologies used to model trust and their references are presented. The factors affecting trust updating are summarised and some examples of the systems in which these factors have been implemented are given. The survey states that, even though researchers have started to explore the issue of trust in wireless sensor networks, they are still examining the trust associated with routing messages between nodes (binary events). However, wireless sensor networks are mainly deployed to monitor events and report data, both continuous and discrete. This leads to the development of new trust models addressing the continuous data issue and also to combine the data trust and the communication trust to infer the total trust. © 2010 Springer-Verlag Berlin Heidelberg

Anomaly Recognition in Wireless Ad-hoc Network by using Ant Colony Optimization and Deep Learning

As a result of lower initial investment, greater portability, and lower operational expenses, wireless networks are rapidly replacing their wired counterparts. The new technology that is on the rise is the Mobile Ad-Hoc Network (MANET), which operates without a fixed network infrastructure, can change its topology on the fly, and requires no centralised administration to manage its individual nodes. As a result, MANETs must focus on network efficiency and safety. It is crucial in MANET to pay attention to outliers that may affect QoS settings. Nonetheless, despite the numerous studies devoted to anomaly detection in MANET, security breaches and performance difficulties keep coming back. There is an increased need to provide strategies and approaches that help networks be more safe and robust due to the wide variety of security and performance challenges in MANET. This study presents outlier detection strategies for addressing security and performance challenges in MANET, with a special focus on network anomaly identification. The suggested work utilises a dynamic threshold and outlier detection to tackle the security and performance challenges in MANETs, taking into account metrics such as end-to-end delay, jitter, throughput, packet drop, and energy usage

Design and implementation of architectures for the deployment of secure community wireless networks

Recientes avances en las tecnologías de la comunicación, así como la proliferación de nuevos dispositivos de computación, están plasmando nuestro entorno hacia un Internet ubicuo. Internet ofrece una plataforma global para acceder con bajo coste a una vasta gama de servicios de telecomunicaciones, como el correo electrónico, comercio electrónico, tele-educación, tele-salud y tele-medicina a bajo coste. Sin embargo, incluso en los países más desarrollados, un gran número de áreas rurales todavía están pobremente equipadas con una infraestructura básica de telecomunicaciones. Hoy en día, existen algunos esfuerzos para resolver esta falta de infraestructura, pero resultan todavía insuficientes. Con este objetivo presentamos en esta tesis RuralNet, una red comunitaria inalámbrica para proveer acceso a Internet de forma personalizada a los subscriptores de un área rural. Los objetivos de este estudio han sido el desarrollo de una nueva arquitectura para ofrecer un acceso a Internet flexible y seguro para zonas rurales aisladas. RuralNet combina el paradigma de las redes mesh y el uso de los dispositivos inalámbricos embebidos más económicos para ofrecer un gran número de servicios y aplicaciones basados en Internet. La solución desarrollada por RuralNet es capaz de cubrir grandes áreas a bajo coste, y puede también ser fácilmente desplegado y extendido tanto en términos de cobertura como de servicios ofrecidos. Dado que la implementación y la evaluación de RuralNet requiere un alto coste y una gran cantidad de mano de obra, hemos considerado que la simulación y la emulación eran una alternativa válida para ahorrar costes. Con este objetivo hemos desarrollado Castadiva, un emulador flexible proyectado para la evaluación de redes MANET y mesh. Castadiva es un emulador basado en dispositivos de bajo coste, utilizado para evaluar los protocolos y las aplicaciones desarrolladas.Hortelano Otero, J. (2011). Design and implementation of architectures for the deployment of secure community wireless networks [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/10079Palanci

AIDPS:Adaptive Intrusion Detection and Prevention System for Underwater Acoustic Sensor Networks

Underwater Acoustic Sensor Networks (UW-ASNs) are predominantly used for underwater environments and find applications in many areas. However, a lack of security considerations, the unstable and challenging nature of the underwater environment, and the resource-constrained nature of the sensor nodes used for UW-ASNs (which makes them incapable of adopting security primitives) make the UW-ASN prone to vulnerabilities. This paper proposes an Adaptive decentralised Intrusion Detection and Prevention System called AIDPS for UW-ASNs. The proposed AIDPS can improve the security of the UW-ASNs so that they can efficiently detect underwater-related attacks (e.g., blackhole, grayhole and flooding attacks). To determine the most effective configuration of the proposed construction, we conduct a number of experiments using several state-of-the-art machine learning algorithms (e.g., Adaptive Random Forest (ARF), light gradient-boosting machine, and K-nearest neighbours) and concept drift detection algorithms (e.g., ADWIN, kdqTree, and Page-Hinkley). Our experimental results show that incremental ARF using ADWIN provides optimal performance when implemented with One-class support vector machine (SVM) anomaly-based detectors. Furthermore, our extensive evaluation results also show that the proposed scheme outperforms state-of-the-art bench-marking methods while providing a wider range of desirable features such as scalability and complexity