Collaboration Enforcement In Mobile Ad Hoc Networks

Mobile Ad hoc NETworks (MANETs) have attracted great research interest in recent years. Among many issues, lack of motivation for participating nodes to collaborate forms a major obstacle to the adoption of MANETs. Many contemporary collaboration enforcement techniques employ reputation mechanisms for nodes to avoid and penalize malicious participants. Reputation information is propagated among participants and updated based on complicated trust relationships to thwart false accusation of benign nodes. The aforementioned strategy suffers from low scalability and is likely to be exploited by adversaries. To address these problems, we first propose a finite state model. With this technique, no reputation information is propagated in the network and malicious nodes cannot cause false penalty to benign hosts. Misbehaving node detection is performed on-demand; and malicious node punishment and avoidance are accomplished by only maintaining reputation information within neighboring nodes. This scheme, however, requires that each node equip with a tamper-proof hardware. In the second technique, no such restriction applies. Participating nodes classify their one-hop neighbors through direct observation and misbehaving nodes are penalized within their localities. Data packets are dynamically rerouted to circumvent selfish nodes. In both schemes, overall network performance is greatly enhanced. Our approach significantly simplifies the collaboration enforcement process, incurs low overhead, and is robust against various malicious behaviors. Simulation results based on different system configurations indicate that the proposed technique can significantly improve network performance with very low communication cost

Exploiting Pattern Relationship For Intrusion Detection

The problem of identifying patterns from system call trails of UNIX processes to better model application behavior has been investigated intensively. Most existing approaches focus on capturing the relationship between individual system calls (or system audit events). We add one additional dimension to the problem domain by also taking into consideration the overlap relationship between patterns. We first present a pattern extraction algorithm to generate maximal patterns from system call trails. Overlap relationship between patterns is subsequently investigated and stored Finally, both maximal patterns and their relationships are exploited to detect deviations from normal application behavior. We test this idea using the popular sendmail data set and the login data set obtained from the University of New Mexico. Experimental results indicate that our scheme achieves a much higher detection rate than systems that only consider intra-pattern relationship while maintaining a very low false alarm rate with similar space and time efficiency