2 research outputs found
Two-tier Intrusion Detection System for Mobile Ad Hoc Networks
Nowadays, a commonly used wireless network (i.e. Wi-Fi) operates with the aid of a fixed
infrastructure (i.e. an access point) to facilitate communication between nodes when they
roam from one location to another. The need for such a fixed supporting infrastructure
limits the adaptability of the wireless network, especially in situations where the
deployment of such an infrastructure is impractical. In addition, Wi-Fi limits nodes'
communication as it only provides facility for mobile nodes to send and receive
information, but not reroute the information across the network. Recent advancements in
computer network introduced a new wireless network, known as a Mobile Ad Hoc
Network (MANET), to overcome these limitations.
MANET has a set of unique characteristics that make it different from other kind of
wireless networks. Often referred as a peer to peer network, such a network does not have
any fixed topology, thus nodes are free to roam anywhere, and could join or leave the
network anytime they desire. Its ability to be setup without the need of any infrastructure is
very useful, especially in geographically constrained environments such as in a military
battlefield or a disaster relief operation. In addition, through its multi hop routing facility,
each node could function as a router, thus communication between nodes could be made
available without the need of a supporting fixed router or an access point. However, these
handy facilities come with big challenges, especially in dealing with the security issues.
This research aims to address MANET security issues by proposing a novel intrusion
detection system that could be used to complement existing prevention mechanisms that
have been proposed to secure such a network.
A comprehensive analysis of attacks and the existing security measures proved that there is
a need for an Intrusion Detection System (IDS) to protect MANETs against security threats.
The analysis also suggested that the existing IDS proposed for MANET are not immune
against a colluding blackmail attack due to the nature of such a network that comprises
autonomous and anonymous nodes. The IDS architecture as proposed in this study utilises
trust relationships between nodes to overcome this nodes' anonymity issue. Through a
friendship mechanism, the problems of false accusations and false alarms caused by
blackmail attackers in global detection and response mechanisms could be eliminated.
The applicability of the friendship concept as well as other proposed mechanisms to solve
MANET IDS related issues have been validated through a set of simulation experiments.
Several MANET settings, which differ from each other based on the network's density
level, the number of initial trusted friends owned by each node, and the duration of the
simulation times, have been used to study the effects of such factors towards the overall
performance of the proposed IDS framework. The results obtained from the experiments
proved that the proposed concepts are capable to at least minimise i f not fully eliminate the
problem currently faced in MANET IDS
Applications of graph-based codes in networks: analysis of capacity and design of improved algorithms
The conception of turbo codes by Berrou et al. has created a renewed interest in modern graph-based codes. Several encouraging results that have come to light since then have fortified the role these codes shall play as potential solutions for present and future communication problems.
This work focuses on both practical and theoretical aspects of graph-based codes. The
thesis can be broadly categorized into three parts. The first part of the thesis focuses on
the design of practical graph-based codes of short lengths. While both low-density parity-check
codes and rateless codes have been shown to be asymptotically optimal under the message-passing (MP) decoder, the performance of short-length codes from these families under MP decoding is starkly sub-optimal. This work first addresses the
structural characterization of stopping sets to understand this sub-optimality. Using this
characterization, a novel improved decoder that offers several orders of magnitude improvement in bit-error rates is introduced. Next, a novel scheme for the design of a good rate-compatible family of punctured codes is proposed.
The second part of the thesis aims at establishing these codes as a good tool to develop
reliable, energy-efficient and low-latency data dissemination schemes in networks. The problems of broadcasting in wireless multihop networks and that of unicast in delay-tolerant networks are investigated. In both cases, rateless coding is seen to offer an elegant means of achieving the goals of the chosen communication protocols. It was noticed that the ratelessness and the randomness in encoding process make this scheme
specifically suited to such network applications.
The final part of the thesis investigates an application of a specific class of codes called
network codes to finite-buffer wired networks. This part of the work aims at establishing a framework for the theoretical study and understanding of finite-buffer networks. The
proposed Markov chain-based method extends existing results to develop an iterative
Markov chain-based technique for general acyclic wired networks. The framework not only estimates the capacity of such networks, but also provides a means to monitor network traffic and packet drop rates on various links of the network.Ph.D.Committee Chair: Fekri, Faramarz; Committee Member: Li, Ye; Committee Member: McLaughlin, Steven; Committee Member: Sivakumar, Raghupathy; Committee Member: Tetali, Prasa