Attacks and Defenses Utilizing Cross-Layer Interactions in MANET

Cross-layer protocol design is one of the prevailing methodologies that have recently been adopted in networking research and leads to significant performance benefits. In this study, we assess the performance of cross-layer interaction and investigate its effects with regard to security and information assurance of mobile ad hoc wireless networks. Using attacks in realistic wireless networks as a prototype, we find that natural cross-layer interactions between physical, MAC and network layer protocols in MANET can turn out to be a weak point, causing various attacks and intrusions. However, by allowing a controlled synergy between layers affected by attacks, we facilitate timely detection of such attacks that are otherwise difficult to detect and may have devastating effects on network functionality and operation.

Detection and Classification of Network Intrusions using Hidden Markov Models

This paper demonstrates that it is possible to model attacks witha low number of states and classify them using Hidden MarkovModels with very low False Alarm rate and very few FalseNegatives. We also show that the models developed can be used forboth detection and classification. We put emphasis on detectionand classification of network intrusions and attacks using HiddenMarkov Models and training on anomalous sequences. We test severalalgorithms, apply different rules for classification and evaluatethe relative performance of these. Several of the attack examplespresented exploit buffer overflow vulnerabilities, due toavailability of data for such attacks. We emphasize that thepurpose of our algorithms is not only the detection andclassification of buffer overflows; they are designed fordetecting and classifying a broad range of attacks

Household food waste in Belgrade - sin and unconcern

The aim of this study was to examine the actual procedures with food in households and consumer attitudes about food waste. The survey was conducted in 83 households in Belgrade, Serbia. All participants were interviewed using a standardized questionnaire. The results obtained show that awareness of food waste is at a satisfactory level, but the actual situation is that food is discarded in large quantities, even though people are aware of what a global problem this is. Large contradictions were observed among the respondents answers in this study. Respondents who stated that they never discard food, in further responses, declared they throw away significant amounts of food for various reasons (too long storage, overconsumption, improper preparation, etc.). We conclude that people are either unaware of how much food they discard, or they do not want to admit it to themselves. However, participants largely have a sense of guilt about discarding food. This indicates consumer awareness of food waste, and is an encouraging sign that further education could be effective in consumers taking into account their food waste habits, starting from procurement planning, through storage and preparation

Detection of Greedy Individual and Colluding MAC Layer Attackers

Selfish behavior at the Medium Access (MAC) Layer can have devastating side effects on the performance of wireless networks, with effects similar to those of Denial of Service (DoS) attacks. In this paper we consider the problem of detection and prevention of node misbehavior at the MAC layer, focusing on the back-off manipulation by selfish nodes. We propose an algorithm that ensures honest behavior of non-colluding participants. Furthermore, we analyze the problem of colluding selfish nodes, casting the problem within a minimax robust detection framework, providing a detection rule of optimum performance for the worst-case attack. Finally, we compare the effects of colluding attackers with a single attacker in terms of the detection delay. Although our approach is general and can serve as a guideline for the design of any probabilistic distributed MAC protocol, we focus our analysis on the IEEE 802.11 MAC

Intrusion Detection System Resiliency to Byzantine Attacks: The Case Study of Wormholes in OLSR

In this paper we extend the work presented in [1], [2] by quantifying the effects of in-band wormhole attacks on Intrusion Detection Systems. More specifically, we propose a mathematical framework for obtaining performance bounds of Byzantine attackers and the Intrusion Detection System (IDS) in terms of detection delay. We formulate the problem of distributed collaborative defense against coordinated attacks in MANET as a dynamic game problem. In our formulation we have on the one hand a group of attackers that observe what is going on in the network and coordinate their attack in an adaptive manner. On the other side, we have a group of defending nodes (the IDS nodes) that collaboratively observe the network and coordinate their actions against the attackers. Using extensions of the game theoretic framework of [3] we provide a mathematical framework for efficient identification of the worst attacks and damages that the attackers can achieve, as well as the best response of the defenders. This approach leads to quantifying resiliency of the routing-attack IDS with respect to Byzantine attacks

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

System (IDS).INTRUSION DETECTION FOR DEFENSE AT THE MAC AND ROUTING LAYERS OF WIRELESS NETWORKS

The pervasiveness of wireless devices and the architectural organization of wireless networks in distributed communities, where no notion of trust can be assumed, are the main reasons for the growing interest in the issue of compliance to protocol rules. Nevertheless, the random nature of protocol operation together with the inherent difficulty of monitoring in the open and highly volatile wireless medium poses significant challenges. In this thesis, the problem of detection of node misbehavior at the MAC layer and impact of such behavior on two different routing protocols in the Network Layer is considered. Starting from a model where the behavior of a node is observable, we cast the problem within a min-max robust detection framework, with the objective to provide a detection rule of optimum performance for the worst-case attack in the MAC layer. With this framework we capture the uncertainty of attacks launched by intelligent adaptive attackers and concentrate on the class of attacks that are most significant in terms of incurred performance losses. Furthermore, we show that our ideas can be extended to the case where observations are hindered by interference due to concurrent transmissions and deriv

Impact of optimal MAC layer attacks on the network layer

Node misbehavior in wireless ad hoc networks leads to sudden unpredictable changes in network topology, resulting in fluctuation of traffic load and capacity for already existing links. In this work we consider node misbehavior in the Medium Access Control (MAC) layer and its effects on the performance of the network layer. In order to capture uncertainty of the attacker's strategy as well as the unpredictable nature of the wireless medium, we quantify the optimal attack strategy by using the principle of minimum cross-entropy. Following that, we apply the obtained results for analysis of the IEEE 802.11 DCF MAC protocol and investigate the effects of such optimal attacks on the network layer. Finally, we evaluate the robustness of two different routing protocols against the worst-case MAC layer attacks and justify the need for the MAC layer-based Intrusion Detection Sytems (IDS). Copyright 2007 ACM

A framework for MAC protocol misbehavior detection in wireless networks

The pervasiveness of wireless devices and the architectural organization of wireless networks in distributed communities, where no notion of trust can be assumed, are the main reasons for the growing interest in the issue of compliance to protocol rules. Reliable and timely detection of deviation from legitimate protocol operation is recognized as a prerequisite for ensuring efficient and fair use of network resources and minimizing performance losses. Nevertheless, the random nature of protocol operation together with the inherent difficulty of monitoring in the open and highly volatile wireless medium poses significant challenges. In this paper, we consider the fundamental problem of detection of node misbehavior at the MAC layer. Starting from a model where the behavior of a node is observable, we cast the problem within a minimax robust detection framework, with the objective to provide a detection rule of optimum performance for the worst-case attack. The performance is measured in terms of required number of observations in order to derive a decision. This framework is meaningful for studying misbehavior because it captures the presence of uncertainty of attacks and concentrates on the attacks that are most significant in terms of incurred performance losses. It also refers to the case of an intelligent attacker that can adapt its policy to avoid being detected. Although the basic model does not include interference, we show that our ideas can be extended to the case where observations are hindered by interference due to concurrent transmissions. We also present some hints for the problem of notifying the rest of the network about a misbehavior event. Our work provides interesting insights and performance bounds and serves as a prelude to a future study that would capture more composite instances of the problem. Copyright 2005 ACM