Policy-Based Immunization Framework for MANET

Mobility is one of the most important driving forces of hyper-interconnected world that we are living in. Mobile computing devices are becoming smaller, more ubiquitous and simultaneously providing more computing power. Various mobile devices in diff rent sizes with high computing power cause the emergence of new type of networks\u27 applications. Researchers in conferences, soldiers in battlefields, medics in rescue missions, and drivers in busy high- ways can perform more efficiently if they can be connected to each other and aware of the environment they are interacting with. In all mentioned scenarios, the major barrier to have an interconnected collaborative environment is the lack of infrastructure. Mobile Ad hoc Networks (MANETs) are very promising to be able to handle this challenge. In recent years, extensive research has been done on MANETs in order to deliver secure and reliable network services in an infrastructure-less environment. MANETs usually deal with dynamic network topologies and utilize wireless technologies, they are very susceptible to different security attacks targeting different network layers. Combining policy-based management concepts and trust evaluation techniques in more granular level than current trust management frameworks can lead to interesting results toward more secure and reliable MANETs

Mobile Ad Hoc Networks

Guiding readers through the basics of these rapidly emerging networks to more advanced concepts and future expectations, Mobile Ad hoc Networks: Current Status and Future Trends identifies and examines the most pressing research issues in Mobile Ad hoc Networks (MANETs). Containing the contributions of leading researchers, industry professionals, and academics, this forward-looking reference provides an authoritative perspective of the state of the art in MANETs. The book includes surveys of recent publications that investigate key areas of interest such as limited resources and the mobility of mobile nodes. It considers routing, multicast, energy, security, channel assignment, and ensuring quality of service. Also suitable as a text for graduate students, the book is organized into three sections: Fundamentals of MANET Modeling and Simulation—Describes how MANETs operate and perform through simulations and models Communication Protocols of MANETs—Presents cutting-edge research on key issues, including MAC layer issues and routing in high mobility Future Networks Inspired By MANETs—Tackles open research issues and emerging trends Illustrating the role MANETs are likely to play in future networks, this book supplies the foundation and insight you will need to make your own contributions to the field. It includes coverage of routing protocols, modeling and simulations tools, intelligent optimization techniques to multicriteria routing, security issues in FHAMIPv6, connecting moving smart objects to the Internet, underwater sensor networks, wireless mesh network architecture and protocols, adaptive routing provision using Bayesian inference, and adaptive flow control in transport layer using genetic algorithms

A Review on Features’ Robustness in High Diversity Mobile Traffic Classifications

Mobile traffics are becoming more dominant due to growing usage of mobile devices and proliferation of IoT. The influx of mobile traffics introduce some new challenges in traffic classifications; namely the diversity complexity and behavioral dynamism complexity. Existing traffic classifications methods are designed for classifying standard protocols and user applications with more deterministic behaviors in small diversity. Currently, flow statistics, payload signature and heuristic traffic attributes are some of the most effective features used to discriminate traffic classes. In this paper, we investigate the correlations of these features to the less-deterministic user application traffic classes based on corresponding classification accuracy. Then, we evaluate the impact of large-scale classification on feature's robustness based on sign of diminishing accuracy. Our experimental results consolidate the needs for unsupervised feature learning to address the dynamism of mobile application behavioral traits for accurate classification on rapidly growing mobile traffics

Unified architecture of mobile ad hoc network security (MANS) system

In this dissertation, a unified architecture of Mobile Ad-hoc Network Security (MANS) system is proposed, under which IDS agent, authentication, recovery policy and other policies can be defined formally and explicitly, and are enforced by a uniform architecture. A new authentication model for high-value transactions in cluster-based MANET is also designed in MANS system. This model is motivated by previous works but try to use their beauties and avoid their shortcomings, by using threshold sharing of the certificate signing key within each cluster to distribute the certificate services, and using certificate chain and certificate repository to achieve better scalability, less overhead and better security performance. An Intrusion Detection System is installed in every node, which is responsible for colleting local data from its host node and neighbor nodes within its communication range, pro-processing raw data and periodically broadcasting to its neighborhood, classifying normal or abnormal based on pro-processed data from its host node and neighbor nodes. Security recovery policy in ad hoc networks is the procedure of making a global decision according to messages received from distributed IDS and restore to operational health the whole system if any user or host that conducts the inappropriate, incorrect, or anomalous activities that threaten the connectivity or reliability of the networks and the authenticity of the data traffic in the networks. Finally, quantitative risk assessment model is proposed to numerically evaluate MANS security

Evaluation of on-demand routing in mobile ad hoc networks and proposal for a secure routing protocol

Secure routing Mobile Ad hoc Networks (MANETs) has emerged as an important MANET research area. Initial work in MANET focused mainly on the problem of providing efficient mechanisms for finding paths in very dynamic networks, without considering the security of the routing process. Because of this, a number of attacks exploit these routing vulnerabilities to manipulate MANETs. In this thesis, we performed an in-depth evaluation and performance analysis of existing MANET Routing protocols, identifying Dynamic Source Routing (DSR) as the most robust (based on throughput, latency and routing overhead) which can be secured with negligible routing efficiency trade-off. We describe security threats, specifically showing their effects on DSR. We proposed a new routing protocol, named Authenticated Source Routing for Ad hoc Networks (ASRAN) which is an out-of-band certification-based, authenticated source routing protocol with modifications to the route acquisition process of DSR to defeat all identified attacks. Simulation studies confirm that ASRAN has a good trade-off balance in reference to the addition of security and routing efficiency

Resilience Strategies for Network Challenge Detection, Identification and Remediation

The enormous growth of the Internet and its use in everyday life make it an attractive target for malicious users. As the network becomes more complex and sophisticated it becomes more vulnerable to attack. There is a pressing need for the future internet to be resilient, manageable and secure. Our research is on distributed challenge detection and is part of the EU Resumenet Project (Resilience and Survivability for Future Networking: Framework, Mechanisms and Experimental Evaluation). It aims to make networks more resilient to a wide range of challenges including malicious attacks, misconfiguration, faults, and operational overloads. Resilience means the ability of the network to provide an acceptable level of service in the face of significant challenges; it is a superset of commonly used definitions for survivability, dependability, and fault tolerance. Our proposed resilience strategy could detect a challenge situation by identifying an occurrence and impact in real time, then initiating appropriate remedial action. Action is autonomously taken to continue operations as much as possible and to mitigate the damage, and allowing an acceptable level of service to be maintained. The contribution of our work is the ability to mitigate a challenge as early as possible and rapidly detect its root cause. Also our proposed multi-stage policy based challenge detection system identifies both the existing and unforeseen challenges. This has been studied and demonstrated with an unknown worm attack. Our multi stage approach reduces the computation complexity compared to the traditional single stage, where one particular managed object is responsible for all the functions. The approach we propose in this thesis has the flexibility, scalability, adaptability, reproducibility and extensibility needed to assist in the identification and remediation of many future network challenges

Mobile Ad Hoc Networks

Guiding readers through the basics of these rapidly emerging networks to more advanced concepts and future expectations, Mobile Ad hoc Networks: Current Status and Future Trends identifies and examines the most pressing research issues in Mobile Ad hoc Networks (MANETs). Containing the contributions of leading researchers, industry professionals, and academics, this forward-looking reference provides an authoritative perspective of the state of the art in MANETs. The book includes surveys of recent publications that investigate key areas of interest such as limited resources and the mobility of mobile nodes. It considers routing, multicast, energy, security, channel assignment, and ensuring quality of service. Also suitable as a text for graduate students, the book is organized into three sections: Fundamentals of MANET Modeling and Simulation—Describes how MANETs operate and perform through simulations and models Communication Protocols of MANETs—Presents cutting-edge research on key issues, including MAC layer issues and routing in high mobility Future Networks Inspired By MANETs—Tackles open research issues and emerging trends Illustrating the role MANETs are likely to play in future networks, this book supplies the foundation and insight you will need to make your own contributions to the field. It includes coverage of routing protocols, modeling and simulations tools, intelligent optimization techniques to multicriteria routing, security issues in FHAMIPv6, connecting moving smart objects to the Internet, underwater sensor networks, wireless mesh network architecture and protocols, adaptive routing provision using Bayesian inference, and adaptive flow control in transport layer using genetic algorithms

A pragmatic method for integrated modeling of security attacks and countermeasures

In recent years, research efforts in cyber security have steadily increased as a result of growing concerns for cyber attacks and also increasing trend in cyber attack incidents. One of the important areas of research that is gaining importance is modeling of attacks and countermeasures to quantify survivability and other security measures of interest. In this context, on one extreme, attack trees model has received attention due to its simplicity and ease of analysis, and on the other extreme, stochastic models have been advocated. While attack trees model does not capture complex dependencies among events and also is not amenable for modeling dynamic nature of the attacks and countermeasures, the fitness of stochastic models is yet to be established as there is not sufficient evidence to show that attack and defense behaviors follow some known distributions. With this motivation, a new attack modeling approach based on Petri nets, called PENET, is developed in this thesis whose goal is to significantly enhance the modeling power of attack trees. PENET introduces relevant concepts such as dynamic nature of attack, repairability of a system, and the existence of recurring attacks. Moreover, it attempts to find a balance between ease of use and representation power by providing set of constructs, parameters, performance metrics, and time domain analysis of attack progress. Time domain analysis produces valuable output such as time to reach the main goal and the path taken by the attacker. This output helps to evaluate system survivability and defense strategies. This approach is implemented as a software tool, called PENET Tool, which lets users draw model diagrams of a given system through intuitive user interface, perform time domain simulations and carry out security evaluations, and enable interactive ways to improve the survivability of the system

Intrusion detection and response model for mobile ad hoc networks.

This dissertation presents a research whose objective is to design and develop an intrusion detection and response model for Mobile Ad hoc NETworks (MANET). Mobile ad hoc networks are infrastructure-free, pervasive and ubiquitous in nature, without any centralized authority. These unique MANET characteristics present several changes to secure them. The proposed security model is called the Intrusion Detection and Response for Mobile Ad hoc Networks (IDRMAN). The goal of the proposed model is to provide a security framework that will detect various attacks and take appropriate measures to control the attack automatically. This model is based on identifying critical system parameters of a MANET that are affected by various types of attacks, and continuously monitoring the values of these parameters to detect and respond to attacks. This dissertation explains the design and development of the detection framework and the response framework of the IDRMAN. The main aspects of the detection framework are data mining using CART to identify attack sensitive network parameters from the wealth of raw network data, statistical processing using six sigma to identify the thresholds for the attack sensitive parameters and quantification of the MANET node state through a measure called the Threat Index (TI) using fuzzy logic methodology. The main aspects of the response framework are intruder identification and intruder isolation through response action plans. The effectiveness of the detection and response framework is mathematically analyzed using probability techniques. The detection framework is also evaluated by performance comparison experiments with related models, and through performance evaluation experiments from scalability perspective. Performance metrics used for assessing the detection aspect of the proposed model are detection rate and false positive rate at different node mobility speed. Performance evaluation experiments for scalability are with respect to the size of the MANET, where more and more mobile nodes are added into the MANET at varied mobility speed. The results of both the mathematical analysis and the performance evaluation experiments demonstrate that the IDRMAN model is an effective and viable security model for MANET