survivability in mobile ad hoc networks · i declare that the thesis entitled survivability in...
TRANSCRIPT
SURVIVABILITY IN MOBILE AD HOC NETWORKS
A Thesis submitted to Gujarat Technological University
for the Award of
Doctor of Philosophy
in
Computer/IT Engineering
by
Pimal Khanpara
Enrollment No.: 139997107006
Under supervision of
Dr. Bhushan Trivedi
GUJARAT TECHNOLOGICAL UNIVERSITY
AHMEDABAD
September - 2018
SURVIVABILITY IN MOBILE AD HOC
NETWORKS
A Thesis submitted to Gujarat Technological University
for the Award of
Doctor of Philosophy
in
Computer/IT Engineering
by
Pimal Khanpara
Enrollment No.: 139997107006
Under supervision of
Dr. Bhushan Trivedi
Dean, Faculty of Computer Technology, GLS University, Ahmedabad
GUJARAT TECHNOLOGICAL UNIVERSITY
AHMEDABAD
September - 2018
iii
© Pimal S Khanpara
iv
DECLARATION
I declare that the thesis entitled Survivability in Mobile Ad hoc Networks
submitted by me for the degree of Doctor of Philosophy is the record of research work
carried out by me during the period from July 2014 to August 2018 under the supervision
of Dr. Bhushan Trivedi and this has not formed the basis for the award of any degree,
diploma, associateship, fellowship, titles in this or any other University or other
institution of higher learning.
I further declare that the material obtained from other sources has been duly
acknowledged in the thesis. I shall be solely responsible for any plagiarism or other
irregularities, if noticed in the thesis.
Signature of the Research Scholar: …………………………………………..
Name of Research Scholar: Pimal Khanpara
Date: ………………………………………..
Place: Ahmedabad
v
CERTIFICATE
I certify that the work incorporated in the thesis “Survivability in Mobile Ad hoc
Networks” submitted by Miss. Pimal S. Khanpara was carried out by the
candidate under my supervision/guidance. To the best of my knowledge: (i) the
candidate has not submitted the same research work to any other institution for
any degree/diploma, Associate ship, Fellowship or other similar titles (ii) the
thesis submitted is a record of original research work done by the Research
Scholar during the period of study under my supervision, and (iii) the thesis
represents independent research work on the part of the Research Scholar.
Signature of Supervisor: …………………………………………….
Name of Supervisor: Dr. Bhushan Trivedi
Date: …………………………………….
Place: Ahmedabad
vi
Course-work Completion Certificate
This is to certify that Ms. Pimal Khanpara enrolment no. 139997107006 is a PhD
scholar enrolled for PhD program in the branch Computer/IT Engineering of Gujarat
Technological University, Ahmedabad.
(Please tick the relevant option(s))
He/She has been exempted from the course-work (successfully completed during M.Phil Course)
He/She has been exempted from Research Methodology Course only (successfully completed during M.Phil Course)
He/She has successfully completed the PhD course work for the partial requirement for the award of PhD Degree. His/ Her performance in the course work is as follows-
Grade Obtained in Research Methodology
(PH001)
Grade Obtained in Self Study Course (Core Subject)
(PH002)
AB AA
Supervisor’s Sign (Name of Supervisor)
vii
Originality Report Certificate
It is certified that PhD Thesis titled “Survivability in Mobile Ad hoc
Networks” submitted by Ms. Pimal S. Khanpara has been examined by
me. I undertake the following:
1. Thesis has significant new work / knowledge as compared already published
or are under consideration to be published elsewhere. No sentence, equation,
diagram, table, paragraph or section has been copied verbatim from
previous work unless it is placed under quotation marks and duly
referenced.
2. The work presented is original and own work of the author (i.e. there is no
plagiarism). No ideas, processes, results or words of others have been
presented as Author own work.
3. There is no fabrication of data or results which have been compiled /
analyzed.
4. There is no falsification by manipulating research materials, equipment or
processes, or changing or omitting data or results such that the research is
not accurately represented in the research record.
5. The thesis has been checked using Turnitin (copy of originality report
attached) and found within limits as per GTU Plagiarism Policy and
instructions issued from time to time (i.e. permitted similarity index
<=25%).
Signature of Research Scholar: Date:
Name of Research Scholar: Pimal Khanpara
Place: Ahmedabad
Signature of Supervisor: Date:
Name of Supervisor: Dr. Bhushan Trivedi
Place: Ahmedabad
viii
ix
PhD THESIS Non-Exclusive License to
GUJARAT TECHNOLOGICAL UNIVERSITY
In consideration of being a PhD Research Scholar at GTU and in the interests of the
facilitation of research at GTU and elsewhere, I, Pimal S. Khanpara having
Enrollment No. 139997107006 hereby grant a non- exclusive, royalty free and
perpetual license to GTU on the following terms:
1. GTU is permitted to archive, reproduce and distribute my thesis, in whole or in
part, and/or my abstract, in whole or in part ( referred to collectively as the
Work) anywhere in the world, for non-commercial purposes, in all forms of
media;
2. GTU is permitted to authorize, sub-lease, sub-contract or procure any of the
acts mentioned in paragraph (1);
3. GTU is authorized to submit the Work at any National / International Library,
under the authority of their Thesis Non-Exclusive License;
4. The Universal Copyright Notice © shall appear on all copies made under the
authority of this license;
5. I undertake to submit my thesis, through my University, to any Library and
Archives. Any abstract submitted with the thesis will be considered to form part
of the thesis.
6. I represent that my thesis is my original work, does not infringe any rights of
others, including privacy rights, and that I have the right to make the grant
conferred by this non-exclusive license.
7. If third party copyrighted material was included in my thesis for which, under
the terms of the Copyright Act, written permission from the copy- right owners
is required, I have obtained such permission from the copy- right owners to do
the acts mentioned in paragraph (1) above for the full term of copyright
protection.
8. I retain copyright ownership and moral rights in my thesis, and may deal with
the copyright in my thesis, in any way consistent with rights granted by me to
my University in this non-exclusive license.
x
9. I further promise to inform any person to whom I may hereafter assign or
license my copyright in my thesis of the rights granted by me to my University
in this non- exclusive license.
10. I am aware of and agree to accept the conditions and regulations of PhD
including all policy matters related to authorship and plagiarism.
Signature of Research Scholar: Date:
Name of Research Scholar: Pimal Khanpara
Place: Ahmedabad
Signature of Supervisor: Date:
Name of Supervisor: Dr. Bhushan Trivedi
Place: Ahmedabad
Seal:
xi
Thesis Approval Form
The viva-voce of the PhD Thesis submitted by Miss. Pimal S. Khanpara
(Enrollment No. 139997107006) entitled “Survivability in Mobile Ad hoc
Networks” was conducted on Date: ___________, at Gujarat
Technological University.
(Please tick any one of the following option)
The performance of the candidate was satisfactory. We recommend that she
be awarded the PhD degree.
Any further modifications in research work recommended by the panel after
3 months from the date of first viva-voce upon request of the Supervisor or
request of Independent Research Scholar after which viva-voce can be re-
conducted by the same panel again.
The performance of the candidate was unsatisfactory. We recommend that
she should not be awarded the PhD degree.
Name & Signature of Supervisor with Seal External Examiner-1 Name & Signature
External Examiner-2 Name & Signature External Examiner-3 Name & Signature
xii
Abstract
In disaster scenarios, the infrastructure of conventional communication networks can be
overloaded or damaged severely. In such situations, infrastructure-less Mobile Ad hoc
Networks (MANETs) can be deployed to provide communication services in an ad hoc
manner. MANETs are challenging due to their fundamental characteristics such as dynamic
topology, mobility of nodes, limited network resources and the absence of any centralized
authority for network administration. Due to the mobility of nodes in MANETs,
communication links may not be available after a short while and the number and identity of
participating nodes cannot be assumed. MANETs use air as the communication medium and
hence, wireless links available between networks nodes are not secure and susceptible to many
attacks. In such environments, where little or no physical protection is available against a
variety of attacks, attackers may attempt to disrupt communication process and other network
functionalities. To keep the normal operation of the network intact, researchers have proposed
the idea of survivability, the ability of the network to continue functioning despite attacks and
consequences of attacks.
Survivability is defined as the ability of a system to fulfil its mission in a timely manner, even
in the presence of attacks, accidents or failures. To apply this concept in MANETs, the
requirements of survivability are defined based on the characteristics of ad hoc networks.
Resistance, recognition, recovery and adaptability are the key properties of a survivable
system. A survivability framework for MANETs consisting of three defense lines- Preventive,
Reactive and Tolerance can be implemented taking into account survivability key properties
and requirements for ad hoc networks. Most of the existing survivable initiatives for MANETs
either do not use all three defense lines or focus on only specific survivability properties and
requirements, which makes such solutions attack or application specific. Our research attempts
to develop a survivability framework for general applications of MANETs. The proposed
survivability framework consists of three lines of defense with all important properties and
requirements of survivability. Prevention, detection, diagnosis, mitigation and tolerance of
attacks are implemented as the functional blocks of the proposed survivability framework. The
performance of this framework has been evaluated with a well-known routing protocol AODV
and various possible forms of flooding attacks in ad hoc networks. Different parameters
affecting the performance of the network are also varied in a range for assessing the
xiii
effectiveness of the proposed framework. According to the results obtained, a MANET with
the functionalities of the proposed survivability framework can survive the effects of attacks
at a great extent if our framework is deployed. A network with survivability outperforms the
network without survivability.
xiv
Acknowledgement
Any journey cannot be accomplished without the able support of people who
directly or indirectly lend their time or resources, in order to reach our goal. First
and foremost, I would like to convey my heartfelt gratitude to my parents, my
brother, and my friends for their continuous motivation and adjustments. Words
can never be enough in expressing how grateful I am to these people who made this
thesis possible.
I would like to thank from the bottom of my heart to my supervisor Dr. Bhushan
Trivedi, for believing in me, even when I gave up from time to time. His blessings,
motivation and constant support in worst and best times, has finally paid off in
terms of our research. It would not have been possible for me to constantly strive
for better performance without his extraordinary vision. As a teacher and a guide,
he never leaves the hands of his students. He is with you like a shadow during good
and bad. He has always believed in me more than anyone else.
I would also like to sincerely thank the Doctoral Progress Committee (DPC) members
Dr. Devesh Jinwala and Dr. Darshan Choksi for their frank reviews and precious
suggestions which made our journey a lot easier. The completion of this work would
not have been possible without their able inputs and technical guidance.
I would like to address special thanks to the unknown reviewers of my thesis, for
accepting to read and review this thesis. I wish to thank the authors, developers and
maintainers of the open source used in this work. I would like to appreciate all the
researchers whose works I have used, initially in understanding my field of research
and later for updates. I would like to thank the many people who have taught me
starting with my school teachers, my undergraduate teachers, and my post graduate
teachers.
Last but not the least; I would like to thank my colleagues at Nirma University for
their constant support and help.
xv
Table of Content
Chapter-1 Introduction 1
1.1 Background 1
1.2 Mobile Ad hoc Networks 1
1.3 Security Issues in MANETs 2
1.4 Network Layer Attacks 2
1.5 Security Mechanisms for MANETs 5
1.5.1 Preventive Security Mechanisms for MANETs
1.5.2 Reactive Security Mechanisms for MANETs
1.5.3 Intrusion Detection Systems
1.5.4 Why implementation of IDS is challenging in
MANETs?
1.6 Research Gap 13
1.7 Survivability 13
1.7.1 Intrusion Tolerance
1.7.2 Need for Intrusion Tolerance
1.7.3 Intrusion Tolerance
1.8 Motivation and Objectives 15
1.9 Keywords 16
1.10 Contributions of the Study 17
1.11 Research Methodology utilized for Research
Work
17
1.12 Organization of the reminder of the thesis 19
Chapter-2 Literature Survey 20
2.1 Security Issues in MANETs 21
2.2 Preventive Security Mechanisms for MANETs 23
2.2.1 Existing Cryptography based
Schemes
2.3 Reactive Security Mechanisms for MANETs 28
2.4 Survivability in MANETs 35
2.4.1 Requirements of Survivability
2.4.2 Key Properties of Survivability
2.4.3 Existing Survivable Initiatives
2.5 Survey Conclusions 43
xvi
Chapter-3 Proposed Survivability Framework 46
3.1 Problem Statement 46
3.2 Scope of Research 46
3.3 Objectives of Research 46
3.4 Original Contribution by the thesis 47
3.5 Threat Model 48
3.5.1 DoS Attacks
3.6 Proposed Survivability Framework 50
Chapter-4 Functional blocks of the Proposed Framework 54
4.1 Preventive Defense 54
4.1.1 Prevention Block
4.1.2 Algorithm of Prevention Block
4.2 Reactive Defense 62
4.2.1 Detection Block
4.2.2 Algorithm of Detection Block
4.2.3 Diagnosis Block
4.2.4 Algorithm of Diagnosis Block
4.2.5 Mitigation Block
4.2.6 Algorithm of Mitigation Block
4.3 Tolerance 68
4.3.1 Overlay Routing
4.3.2 Algorithm of Tolerance Block
4.4 Workflow of the Proposed Framework 69
Chapter-5 Experimental Setup and Results 73
5.1 Simulation Setup 73
5.2 Performance Parameters 75
5.3 Experimental Results 77
5.3.1 Prevention
5.3.2 Detection
5.3.3 Diagnosis
5.3.4 Mitigation
5.3.5 Tolerance
xvii
Chapter-6 Conclusions and Future Enhancements 107
6.1 Objectives Achieved 107
6.2 Conclusion 109
6.3 Possible Future Scope 110
xviii
List of Abbreviations
MANET : Mobile Ad hoc Network
AODV : Ad hoc On-Demand Distance Vector
DSR : Dynamic Source Routing
IDS : Intrusion Detection System
PKI : Public Key Infrastructure
KBID : Knowledge based Intrusion Detection
ABID : Anomaly based Intrusion Detection
SBID : Signature based Intrusion Detection
IT : Intrusion Tolerance
GlomoSim : Global Mobile Information System Simulator
DoS : Denial of Service
QoS : Quality of Service
CA : Certificate Authority
IBC : Identity Based Cryptography
HIDS : Host based Intrusion Detection System
NIDS : Network based Intrusion Detection System
BFTR : Best Effort Fault Tolerant Routing
CLA : Cross Layer Approach
SMT : Secure Message Transmission
SA : Security Association
APS : Active Path Set
SDMP : Secure Data based MultiPath
WEP : Wired Equivalent Privacy
Ex-OR : Exclusive – OR
SPREAD : Secure Protocol for Reliable Data Delivery
TIARA : Techniques for Intrusion-resistant Ad hoc Routing Algorithm
FLAC : Flow based Route Access Control
FSREQ : Flow Sending Request
FAREP : Flow Acceptance Reply
RREQ : Route Request
RREP : Route Reply
RERR : Route Error
DR : Detection Rate
FPR : False Positive Rate
xix
List of Figures
Figure – 1.1 Security Mechanisms in MANETs
Figure - 1.2 Network Layer Classification
Figure - 1.3 Knowledge based Intrusion Detection Systems
Figure - 1.4 Anomaly Based Intrusion Detection Systems
Figure – 1.5 Specification Based Intrusion Detection Systems
Figure – 2.1 Defense Lines
Figure – 2.2 Classification of Key-based Preventive Security Mechanisms
Figure – 3.1 Classification of DoS Attacks
Figure – 3.2 Three Defense Lines for Survivability
Figure – 3.3 Proposed Survivability Framework
Figure – 3.4 Functional Blocks of the Proposed Survivability Framework
Figure – 4.1 Complete workflow of the proposed survivability framework
Figure – 5.1 Effect of Prevention Logic on Routing Overhead
Figure – 5.2 Routing Overhead with and without Prevention for 20 traffic sources
Figure – 5.3 Routing Overhead with and without Prevention for 40 traffic sources
Figure – 5.4 Routing Overhead with and without Prevention for 60 traffic sources
Figure – 5.5 Effect of Prevention on Percentage of Data Packets Dropped
Figure – 5.6 % of Data Packets Dropped with and without Prevention for 20 traffic
sources
Figure – 5.7 % of Data Packets Dropped with and without Prevention for 40 traffic
sources
Figure – 5.8 % of Data Packets Dropped with and without Prevention for 60 traffic
sources
Figure – 5.9 Effect of Attack Aggregation Interval on Detection Rate
Figure – 5.10 Detection Rate with varying Attack Aggregation Interval for 20 traffic
sources
xx
Figure – 5.11 Detection Rate with varying Attack Aggregation Interval for 40 traffic
sources
Figure – 5.12 Effect of Attack Aggregation Interval on False Positive Rate
Figure – 5.13 False Positive Rate with varying Attack Aggregation Interval for 20
traffic sources
Figure – 5.14 False Positive Rate with varying Attack Aggregation Interval for 40
traffic sources
Figure – 5.15 Effect of Attack Aggregation Interval on Diagnosis
Figure – 5.16 Attack Aggregation Interval vs. Diagnosis
Figure – 5.17 Attack Aggregation Interval vs. Routing Overhead for 20 traffic sources
Figure – 5.18 Attack Aggregation Interval vs. Routing Overhead for 40 traffic sources
Figure – 5.19 Attack Aggregation Interval vs. % of Data Packets Dropped for 20
traffic sources
Figure – 5.20 Attack Aggregation Interval vs. % of Data Packets Dropped for 40
traffic sources
Figure – 5.21 Effect of tolerance logic on Routing Overhead for 20 traffic sources
Figure – 5.22 Effect of tolerance logic on Routing Overhead for 40 traffic sources
Figure – 5.23 Effect of tolerance logic on Routing Overhead for 60 traffic sources
Figure – 5.24 Effect of tolerance logic on % of Data Packets Dropped for 20 traffic
sources
Figure – 5.25 Effect of tolerance logic on % of Data Packets Dropped for 40 traffic
sources
Figure – 5.26 Effect of tolerance logic on % of Data Packets Dropped for 60 traffic
sources
xxi
List of Tables
Table – 2.1 Layer-wise attacks in MANETs
Table – 2.2 Contributory Security Mechanisms
Table – 2.3 Distributive Security Mechanisms
Table – 2.4 Comparison of Point Detection Mechanisms
Table – 2.5 Comparison of Intrusion Detection Systems
Table – 2.6 Requirements of Survivability in MANETs
Table – 2.7 Survivability Key Properties and Requirements achieved in
Existing Survivable Initiatives
Table – 4.1 IF-THEN Fuzzy Rules for β
Table – 4.2 IF-THEN Fuzzy Rules for γ
Table – 4.3 IF-THEN Fuzzy Rules for λ
Table – 5.1 Protocols Available at Different Network Layers in GloMoSim
Table – 5.2 Simulation Parameters
Chapter – 1 Introduction
1
CHAPTER – I
Introduction
1.1 Background
Nowadays, due to the spread of mobile devices and Internet service facilities, mobile ad
hoc networking and ubiquitous computing have become popular. Many people employ
wireless networking for their personal and professional activities, by using various wireless
devices such as mobile phones, laptops, wireless sensors, and PDAs.
1.2 Mobile Ad hoc Networks
A Mobile Ad hoc NETwork (MANET) is a set of mobile nodes that communicate with
each other using the wireless medium of the air. In a MANET, there is no fixed
infrastructure and participating nodes also act as routers for forwarding packets without
any central administration. MANETs have a dynamic topology and any node can enter or
leave the network anytime [1]. Initially, MANETs were used in military applications and
battlefield communications but nowadays their use has been enlarged and they have been
used for various applications such as information sharing during a presentation or lecture,
emergency disaster relief, controlling or sensing a region, military communication and so
on [2].
Participating nodes in MANETs must perform basic network functions such as routing,
authentication and access control. MANET nodes are mobile and have limited resources
(energy, bandwidth, memory and computing capabilities). Due to small, portable devices
with constrained resources and open wireless communication medium, network
management becomes a difficult task in ad hoc networks. The absence of support
infrastructure, dynamic topology, and fully decentralized network control make ad hoc
networks vulnerable to different types of attacks or intrusions [3]. Many attacks such as
flooding, blackhole, wormhole, impersonation, and others [4] [5] target the basic
characteristics of ad hoc networks.
Chapter – 1 Introduction
2
1.3 Security Issues in MANETs
The basic operations of MANETs can be compromised by attacking different layers of the
network model [6]. Most of the attackers target the network layer as routing is one of the
most important services to be provided by a MANET. Functionalities implemented by
various routing protocols at the network layer are vulnerable because of the fundamental
characteristics of MANETs such as limited battery and computational power, a lack of the
centralized control entity, participation of network nodes in the routing process, dynamic
topology, mobility and short-term network services.
The following section describes network layer vulnerabilities and the existing solutions.
1.4 Network Layer Attacks
There are two main categories of Network Layer attacks in Mobile Ad hoc Networks:
Passive attacks and Active attacks [6]. In passive attacks, the attacker does not try to affect
the normal operation of the routing protocol but tries to get some valuable information about
the network. In such attacks, the attacker attempts to know about the topology of the
network, traffic pattern and identity, and location of the network nodes. Passive attacks in
MANETs are categorized as:
Eavesdropping [7]:
In MANETs, because of wireless links, a node can listen to a message transmitted by
another node without its consent if they are in the same radio range. The eavesdropper can
get useful information if the message is not encrypted. Eavesdropping does not affect the
operation of the network and therefore it is not considered to be a severe attack though the
attacker could get some confidential information using eavesdropping. Geographical
distribution of the network nodes and their transmission range are the main parameters of
the eavesdropping attack.
Traffic Analysis [7]:
Attackers analyze the traffic pattern to get some useful information about the particular
nodes in the network. Even if the messages are encrypted, attackers can extract some useful
Chapter – 1 Introduction
3
information using traffic analysis. Though it is a passive attack, in some MANET
applications, the disclosure of important information through traffic analysis could not be
permitted.
Location Disclosure [7]:
The location of a node can be discovered by an attacker by listening to the traffic on
wireless links. In this attack, attackers gather the node location information like route map
to know which route is situated on the target route. The location of the target node can be
found by the attackers by analyzing the traffic pattern and the packets transmitted by that
node.
In the active attacks in MANETs, attackers try to disrupt the functioning of the network by
altering, forging, dropping, fabricating or injecting data or control packets in the network.
These attacks can be launched in the network by a single intruder or colluding attackers
performing a sequence of activities. Active attacks are more severe compared to passive
attacks as they can degrade the performance of the network significantly or bring down the
network. Active attacks are mainly categorized as routing attacks and packet dropping
attacks.
Packet Dropping [8]:
In packet dropping attack, the malicious node drops the data packets instead of forwarding
them. This attack is also known as data forwarding misbehavior. In some cases, the nodes
drop the data packets because of their low battery power or heavy load or selfish behavior.
The nodes’ behavior is sometimes selfish to save their resources to process their own
operations.
Routing Attacks [9]:
The routing protocols are vulnerable to routing attacks because all the nodes in the network
participate cooperatively in the routing process to find the best route. Attackers can use this
feature and another characteristic of MANETs such as the absence of a centralized
controlling entity to launch the routing attacks. The standard on-demand routing protocols
such as AODV and DSR can be targeted by intruders to launch a wide range of attacks.
Chapter – 1 Introduction
4
Routing attacks are further classified as black hole, gray hole, Sybil, rushing and sleep
deprivation attacks.
Sleep Deprivation Attack [10]
In this attack, the attacker tries to communicate with the target node so that it cannot enter
into sleep mode to conserve its battery power. It is a distributed denial of service attack.
The malicious node uses route request flooding technique in which it broadcasts a route
request packet with a destination address that does not exist in the network. As the
corresponding destination node does not exist, the route reply packet cannot be generated
and after waiting for a fixed time interval, the malicious node re-broadcasts the route
request packet. This process continues and the nodes have to forward the request packets
as no one will have the route to the destination.
Black Hole Attack [11]
This attack targets the route discovery procedure of on-the-fly routing protocols such as
AODV and DSR. When a node sends a route request packet, an attacker advertises itself as
having the fresh route. The attacker repeats this for route requests received from other nodes
and becomes a part of many routes in the network. For all such routes, where the intruder
is an intermediate node does not forward or process the packets but drops them, causing a
black hole in the network. In different routing protocols, the intruder may use different
techniques to initiate the black hole attack. The attack is more severe when the intruder
becomes a part of many routes in the network.
Grey Hole Attack [12]
As with the Black Hole attack, in a grey hole attack, an intruder first becomes a part of the
paths in the network and captures the paths. The intruder then drops the selective packets.
The intruder may drop packets from specific source nodes or uses some other specific
pattern for dropping or choose the packets probabilistically for dropping. Thus, a grey hole
attack is a special form of black hole attack. They differ in packet dropping pattern. If the
Chapter – 1 Introduction
5
attacker drops all the packets then it is considered a black hole attack; if it drops selective
packets then the attack is called grey hole attack.
Sybil Attack [13]
In MANETs, there is a lack of centralized control authority to verify the identities of the
network nodes. An attacker can take the advantage of this property to send control packets
using different identities. This attack is known as a Sybil attack or an impersonation attack.
In this attack, the intruder uses the identity of another network node or random identity to
mislead the routing protocol. An intruder may implement this attack to establish the basis
for some other severe attack.
Rushing Attack [14]
The reactive routing protocols require the nodes to forward only the first route request
packet that arrives for each path discovery. An attacker can make use of this characteristic
to spread route request packets quickly throughout the network to prevent any later valid
route request packets. Because of this, the routes having the intruder can be discovered
instead of other legitimate routes. This attack was first described by Hu et al. [14]. They
also proposed different mechanisms such as randomized route request forwarding, secure
route delegation and detection of secure neighbors to prevent this attack.
1.5 Security Mechanisms for MANETs
Many researchers have proposed techniques for securing ad hoc networks. Most of these
techniques either try to prevent attacks or intrusions from targeting networks and their
functionalities; or they apply detection mechanisms to attempt to identify a specific type of
attack [15]. Whether these techniques are preventive or reactive, their goal is to protect ad
hoc networks and their basic applications. As shown in Figure – 1.1, these conventional
security solutions use different mechanisms such as cryptography, path diversity protocols,
designated hardware, overhearing neighbor communication and others [16].
Chapter – 1 Introduction
6
Figure – 1.1 Security Mechanisms in MANETs
1.5.1 Preventive Security Mechanisms for MANETs
The main objective of preventive security mechanisms is to prevent attacks from targeting
the network. In conventional wired or wireless networks, preventive mechanisms are
implemented using firewalls. Firewalls are placed at ingress/egress points of the network
and thus, they control the traffic which can pass through the network. Implementation of
firewall-based prevention mechanisms is difficult in MANETs due to the fundamental
characteristics of such networks [17]. There is no centralized authority in MANETs and all
nodes are treated at the same level. Moreover, nodes can move freely in the network terrain
and they can enter or leave the network anytime. In such environment, it is very difficult to
define ingress/egress point of the network. Hence, the conventional concept of using
firewalls to prevent attacks is not possible to implement in MANETs [18].
Due to this limitation, many researchers have proposed cryptography based prevention
mechanisms for MANETs [19]. As described in our literature survey section, most of these
prevention mechanisms use Public Key Infrastructure (PKI) based cryptographic
techniques. Though the use of PKI increases the level of security in the network, it has
some major drawbacks. Most of the public key cryptographic techniques require a large
number of computations to encrypt and decrypt messages. A reliable authority is needed in
the network to issue correct certificates for public keys. Conventional cryptographic
systems generally use a trusted third party as a certificate authority who digitally signs
public key certificates. However, it is difficult to do so in MANETs, as all network nodes
are at the same level. Also, the certification authority can be compromised by attackers.
Chapter – 1 Introduction
7
Attackers can also target the encryption/decryption algorithms used by cryptographic
mechanisms. As computers have become more powerful, brute-force attacks on
cryptographic systems are practical to implement [20]. The major problem with
cryptographic solutions is that they only protect what they are designed to protect. The
main objective of cryptography based prevention mechanisms to protect communication
data from attackers. These mechanisms do not aim at defending the other essential services
in the network [21].
Modification in the traditional concept of firewalls has been proposed by a few researchers
to make firewalls implementable in the ad hoc environment. However, our literature review
shows that none of such solutions are full-proof. They are designed for specific attacks and
hence, they fail to protect the basic network services when some other attack targets the
network.
1.5.2 Reactive Security Mechanisms for MANETs
As shown in Figure – 1.2, Network Layer protection mechanisms are classified based on
the number of attacks they can detect. Point detection algorithms can detect only a single
type of attack at Network Layer. The other category, intrusion detection systems can
identify a range of attacks [22]. Point detection algorithms are further classified according
to the type of attack they detect. Classification of Intrusion Detection Systems is done based
on the techniques they employ for detection.
It is more complex and difficult to implement IDS in MANETs than in wired networks.
The main objective of the intrusion detection system in MANETs is to collect audit data
from the network to detect intrusion and provide an effective response to the intrusion.
Following characteristics of MANETs cause challenges for intrusion detection systems.
Nodes in MANETs have limited battery life and computational ability, and therefore,
resource consumption by IDS must be low.
Dynamic topology and mobility of the nodes in MANET make the implementation of
IDS more challenging. The behavior of IDS must be adjusted according to mobility
impacts in the network. IDSs without properly considering mobility are less effective
and result into a high false positive ratio. It is necessary to derive common features
among different mobility models to tune system parameters accurately in detection
engines.
Chapter – 1 Introduction
8
There are no centralized entities in MANET. The nodes also act as routers. In the
absence of centralized audit points, it is difficult to perform monitoring and audit data
can be collected only locally. Hence, MANETs need distributed and cooperative IDSs.
Figure-1.2 Network Layer Classification
1.5.3 Intrusion Detection Systems
Intrusion Detection Systems [23] can detect a range of attacks. This section describes the
basic idea of IDSs and reviews the existing IDSs and challenges faced by them in MANETs.
There are three main categories of Intrusion Detection Systems [24]:
i) Knowledge based Intrusion Detection Systems
ii) Anomaly based Intrusion Detection Systems
iii) Specification based Intrusion Detection Systems
In MANETs, some IDSs are combinations of two or more types of intrusion detection
techniques and are known as Hybrid Intrusion Detection Systems.
i) KBIDS (Knowledge Based Intrusion Detection Systems):
Knowledge based IDSs [25] are also known as misuse detection systems. They use and
maintain a knowledge base consisting of patterns or signatures of well-known attacks. At
Chapter – 1 Introduction
9
the time of detecting the attacks, they use their knowledge about specific attacks and check
for the signatures of the attacks. An alarm is generated when a KBIDS find a match of
patterns in the knowledge base. Figure – 1.3 shows the block diagram view of KBIDS.
Figure-1.3 Knowledge based Intrusion Detection Systems
KBIDS rely on the existing knowledge about the attacks available in the knowledge base.
If the knowledge base does not have any matching pattern for a suspicious activity then
KBIDS considers it as a non-intrusive or legitimate activity. However, if some processes
or activities are degrading the performance of the network then KBIDS considers them as
unknown attacks and adds new rules for them. Following are the different methods KBIDSs
use for constructing the knowledge base:
Expert systems
Expert systems are used by some Knowledge Based Intrusion Detection Systems. An expert
system uses a knowledge base to maintain the information about known attacks as a set of
rules. A monitoring network records audit data which is then translated into facts. To detect
an intrusion, these facts and a set of rules from the knowledge base are used by the inference
engine.
State transition models
Another method used for constructing a knowledge base is state transition modeling. In this
method, an attack is represented as a series of state transitions and defined attack states. A
knowledge base is used to store and maintain the state transition models which represent
attacks.
Chapter – 1 Introduction
10
Signature Analysis
In this method, the attacks are modeled through a sequence of patterns or events. They are
then matched with the generated audit traces to identify an intrusion.
Rule based approach
In rule based approach, the knowledge of known attacks is represented as a set of rules that
is obtained by considering attack scenarios or through observations.
The Knowledge Based Intrusion Detection Systems apply the rules of known attacks to
check the audit data. To detect an attack, KBIDSs check for the match in the knowledge
base using forward or backward chaining. Compared to other intrusion detection systems,
KBIDSs have very low false positive rates of detection. This is because an intrusion is
detected only when there is an exact match of a known attack pattern, signature or sequence
of event occurs. This type of intrusion detection system is best suited when the network is
highly vulnerable to certain known attacks. The limitation of KBIDSs is that they are able
to detect only those attacks whose signatures or patterns are available in the knowledge
base. Moreover, it is tedious to keep the knowledge base up-to-date for maintaining
information about attacks.
ii) Anomaly Based Intrusion Detection Systems:
Anomaly Based Intrusion Detection Systems (ABIDS) [26] are also known as behavior
based intrusion detection systems. These systems observe the anomalous activities to detect
the intrusion. In ABIDSs, the current behavior of the network is compared with the
expected normal behavior of the network.
Chapter – 1 Introduction
11
Figure - 1.4 Anomaly Based Intrusion Detection Systems
As shown in Figure – 1.4, ABIDS works in two phases: the Training Phase and Testing
Phase. The training phase is used to model the normal expected behavior of the network
nodes or the network. This model is then considered as a profile of the network or of the
users that contains information about the parameters which are required to be monitored
and important for intrusion detection. An effective profile is the one that maintains all
information about the acceptable or normal behavior of the network. The second phase,
testing phase, compares the current behavior model of the network or users with the
expected behavior model which is extracted during the training phase. Different
statistical and probabilistic methods such as Markov chains, decision trees, chi-square
and Hotelling’s T2 test are generally used for comparing these two models.
Some Anomaly Based Intrusion Detection Systems also use Neural Networks for the
training phase. If any notable abnormal difference is found by the comparison, an alarm
is generated. ABID systems are said to be effective if they have low false alarm rates.
The main advantage of these intrusion detection systems is that they try to exploit
unknown attacks. They can also generate early warnings of potential threats in the
network. The drawback of ABIDSs is that they are prone to generate false alarms.
iii) Specification Based Intrusion Detection Systems:
Specification Based Intrusion Detection Systems (SBIDS) [27] use explicitly defined
specifications to monitor the operations performed at the network layer or the
Chapter – 1 Introduction
12
functionality of the routing protocol to identify intrusions in the network.
Figure – 1.5 Specification Based Intrusion Detection Systems
The block diagram of a Specification Based Intrusion Detection System is shown in
Figure – 1.5. Initially, SBIDS extracts the specifications that specify the correct
functionality of the network or any other protocol using a set of constraints. In the next
step, the system monitors the execution of the operations or of the protocol with respect
to the given specification. If it finds any deviation from the specification then it detects
it as an intrusion.
1.5.4 Why is the implementation of IDSs challenging in MANETs?
Intrusion Detection Systems designed for wired networks cannot be directly used in ad
hoc networks. Due to the basic characteristics of MANETs, the implementation of an
intrusion detection system becomes challenging.
In MANETs, it is difficult to collect audit data by monitoring as there are no
concentration points. In wired networks, the traffic can be observed at network gateways
while in MANETs, a node can monitor other nodes which are within its radio range. If
the intruder node is not in the radio range of the observing node, it cannot be detected.
Because of this problem, different approaches are proposed in the literature to collect the
audit data cooperatively.
The routing protocols used in the ad hoc environment are different from those used in
Chapter – 1 Introduction
13
wired networks. In MANETs, nodes have to act as routers as in routing infrastructure,
there are no explicit routers. This property creates an opportunity for the attackers to
launch malicious activities in the network.
Moreover, the attacks in MANETs are different from those in wired networks so the
detection techniques used in wired networks cannot be directly used in MANETs. Due
to the dynamic topology, it becomes difficult to capture and collect audit data and also
model the normal behavior of the network correctly and accurately.
The effectiveness of an intrusion detection system deployed in a distributed environment
on each host is limited because of the limited computational ability of the nodes.
Additionally, the limited battery power and bandwidth also make the implementation of
IDS more difficult. Thus, each phase of ID adds a challenge in its implementation.
1.6 Research Gap
Most of the existing preventive and reactive security mechanisms for MANETs, have a
specific security objective and thus can be effective for a given case, but inefficient to
others. This limitation makes such security mechanisms incapable of individually
securing MANETs against all major types of intrusions and attacks [28]. Moreover,
existing security mechanisms only aim at protecting the network and its basic
functionalities. Some essential network services such as routing and data forwarding
must always be provided even if the network is under the effect of one or more attacks.
This important requirement is almost unexplored in the existing security mechanisms for
MANETs. The network must continue functioning despite under threat and even when
the attack is going on and being dealt with. This imposes the need of considering
survivability in the security architecture, which is not investigated in most of the existing
security initiatives for MANETs.
1.7 Survivability
1.7.1 Intrusion Tolerance
As described earlier, in MANETs, preventive security mechanisms attempt to prevent
any type of attack, as firewalls and cryptographic systems. On the other hand, reactive
Chapter – 1 Introduction
14
mechanisms take actions on demand to mitigate the effects of attacks or intrusions, as
intrusion detection systems (IDSs). However, preventive and reactive security
mechanisms are not efficient to put all attacks and intrusions off. Thus, research groups
have focused on building security mechanisms using the third line of defense, called
intrusion tolerance (IT) [28].
1.7.2 Need for Intrusion Tolerance
The first line of defense, preventive security mechanisms are commonly implemented
using various types of cryptography techniques and firewall concepts. The reactive
defense line has the objective of detecting one or more types of attacks and can be
implemented as point detection or intrusion detection systems [29]. To provide the
essential network services in the presence of attacks or intrusions, the third line of
defense must have the ability to tolerate the effects of malicious actions and for achieving
that capability, techniques such as redundancy of information, content distribution and
replication of data can be used [29]. In general, systems having the ability to tolerate
attacks and intrusions are known as intrusion tolerant systems. Such system ability is
very important and necessary for developing a survivable system.
1.7.3 Survivable Systems
The concept of survivability is derived from dependability [30]. Dependability objectives
consist of the system ability to provide essential services and avoid the severe or most
frequent faults and failures. Survivability is considered as a special case of dependability
in which the network is capable of completing its mission in the presence of malicious
faults [29]. Thus, survivability aims to focus on security effectiveness and refers to a system
capable of fulfilling its requirements and objectives in a timely manner in face of intrusions,
attacks, accidents or failures [30]. Being a special case of dependability, survivability
requires fault tolerance mechanisms in the security domain, to achieve intrusion tolerance.
The concept of intrusion tolerant systems were proposed in [31] and emerged with the
development of MAFTIA [32] and OASIS [33] projects. The MAFTIA project was
developed to handle a wide variety of accidental and malicious faults and attacks in Internet
applications. The OASIS project was designed by DARPA (American Department of
Defense) to develop survivable high-speed networks.
Chapter – 1 Introduction
15
As suggested in [34], preventive, reactive and tolerant defense lines should be used together
to make a system survivable. In a survivable network, preventive defense line tries to
prevent attackers from entering into the network. Reactive defense line attempts to identify
attacks and intrusions which could not be prevented by the preventive defense line and
succeed in targeting the network. Reactive defense line is not full proof and hence, it cannot
detect all attacks and intrusions. Thus, when preventive and reactive defense lines fail, the
system must be capable of tolerating the effects of attacks and continue providing essential
services even when the system is being targeted by threats. This can be accomplished using
the third defense line, intrusion tolerance. Therefore, the three defense lines need to be used
together for survivable MANETs. [35] also shows that preventive mechanisms should be
the first line of defense which can avoid certain types of attacks but not capable of blocking
others. When some attacks are successful in entering into the system, reactive defense lines
become active by attempting to detect and stop attacks. As reactive defense lines are usually
point detection or intrusion detection mechanisms and have their own limitations, they can
be failed in stopping attackers from compromising the system. At that time, to provide
critical network functionalities even in the presentence of intrusions or attacks, intrusion
tolerance techniques are applied by the third line of defense until the other two defense lines
adapt themselves and take corrective actions against the targeting intrusion.
The detailed description of important survivability properties and requirements is given in
Chapter – 3. The existing survivability initiatives for MANETs with their advantages and
limitations are discussed in the literature survey section.
1.8 Motivation and Objectives
With the increasing popularity of wireless mobile devices, the use of mobile ad hoc
networks has also increased. For most of the applications of MANETs, security is the main
concern. Conventional security solutions are not sufficient to defend ad hoc networks as
they do not have tolerance capacity. Hence, efforts have been made to design security
solutions for achieving network survivability. The major requirement of a survivable system
is to provide basic functionalities and services in any case. For example, a survivable
network must provide services such as routing, connectivity and data forwarding even when
the network is under attacks. Here, the term system has a broad meaning and can be used
for characterizing networks. Other desirable properties of survivability are resistance,
Chapter – 1 Introduction
16
recognition, recovery, and adaptability. In addition to these properties, survivable ad hoc
networks must have system and application-specific requirements.
Survivable solutions proposed for mobile ad hoc networks by researchers mainly consider
essential services and functionalities that are required to be provided in any critical situation.
Many of these survivable solutions do not define all three lines of defense but make the use
of more than one defense line and have properties needed for tolerating the effects of attacks
[36]. However, the existing survivability initiatives mainly focus on preventive and reactive
defense lines and pay less attention to intrusion tolerance. Moreover, these solutions are
designed for specific attacks or specific network layer functionalities. Some of the important
requirements for achieving survivability such as heterogeneity, robustness, adaptability and
self-configuration are not explored. Therefore, there is a need to build a complete survivable
security solution in which all defense lines operate cooperatively. The survivability model
should be generic and should consider multi-layer functionalities and multi-attack solutions.
At the same time, the survivability model should have the capability of adapting to
unexpected situations.
Following are the major objectives of our research work:
1. To use preventive and reactive defense lines for securing MANETs from attacks.
2. To make networks capable of tolerating the effects of attacks and provide the essential
services even when the network is under attack, however with degraded performance.
3. To integrate three defense lines – Preventive, Reactive and Tolerance to develop a
complete, generic and routing protocol independent survivability framework for
MANETs considering properties and requirements of survivability and access the
amount of fault tolerance despite attacks.
1.9 Keywords
Mobile Ad hoc Networks, Security Mechanisms, Point Detection Mechanisms, Intrusion
Detection Systems, Intrusion Tolerance, Preventive Defense, Reactive Defense,
Survivability, Essential Services, Survivability Framework, Prevention, Detection,
Diagnosis, Mitigation, Tolerance, Flooding, Firewalls.
Chapter – 1 Introduction
17
1.10 Contributions of the study
This thesis provides major contributions in the field of survivability in Mobile Ad hoc
Networks as discussed in the objectives above. We summarize and group the contributions
as follows:
1. In-depth study of the taxonomy of Preventive, Reactive and Tolerance defense lines and
their open research areas in today’s scenario of MANETs. This thesis addresses such
research gaps and possible solutions.
2. Detailed study of survivability concepts, properties, attributes and requirements in the
ad hoc environment. The effectiveness of existing survivability solutions for MANETs
has been analyzed during the literature review phase.
3. We have proposed, designed, implemented and tested a complete survivability
framework, which consists of three defense lines – Preventive, Reactive and Tolerance.
4. To implement the defense lines, our survivability framework uses five functional blocks
– Prevention, Detection, Diagnosis, Mitigation, and Tolerance. Preventive defense line
uses prevention block to implement the desired functionality. Detection, Diagnosis and
Mitigation blocks are used to implement the reactive defense. After detecting attacks or
intrusions, their effects are analyzed and diagnosed to determine how to mitigate them.
Intrusion Tolerance line contains tolerance functional block.
5. Our proposed survivability framework is capable of tolerating the effects of attacks and
providing essential network services even when the network is under attack, however
with degraded performance.
6. Our framework is generic and can be extended for various attacks in MANETs.
Moreover, the proposed framework is independent of underlying ad hoc routing process
and can be used with any existing routing protocol for MANETs.
7. Our framework shows a considerable reduction in routing overhead, the percentage of
data packets lost and false positive rate. Our results proved that the rate of detection and
diagnosis improves with the use of the proposed framework.
1.11 Research Methodology utilized for research work
A qualitative, empirical and exploratory approach has been used for this research work.
Several research papers and technical reports on security and survivability in ad hoc
Chapter – 1 Introduction
18
networks were studied during the literature review phase. In addition to this, different
network simulators were also explored and based on our study, GloMoSim [37] simulator
was chosen to implement the proposed survivability framework. It was found in the
literature review that existing security mechanisms for MANETs focus on either preventive
or reactive defense, and fail to consider tolerance capability. A few survivability initiatives
proposed by researchers for MANETs are specific to attacks or network functionalities and
focus on providing specific services in networks. Due to these limitations, existing
survivability initiatives are not generic and can be used only under certain scenarios.
Key attributes and requirements of survivability in ad hoc environments have also been
explored in this research. Based on this study and limitations of the existing survivability
initiatives, we conclude that to make MANETs survivable, it is necessary to use three
defense lines: Preventive, Reactive and Tolerance. To develop a complete generic
survivability framework for MANETs, we have identified essential network services which
should always be provided in an ad hoc network to complete the process of communication.
The behavior of an ad hoc network is affected by the routing protocol and many times,
attackers attempt to disrupt network functionalities based on routing protocol
characteristics. Therefore, to make the proposed survivability framework independent of
ad hoc routing protocols has been considered as one of the objectives. Based on our study
and requirements for achieving survivability in MANETs, a framework consisting of five
functional blocks has been proposed. Prevention, Detection, Diagnosis, Mitigation, and
Tolerance are the function blocks used to implement three lines of defense. Routing and
data forwarding are very important network services and should always be provided by an
ad hoc network. Hence, these two essential services are considered in the design of the
proposed framework.
To evaluate the impact and effectiveness of the proposed framework, three defense lines
and their respective functional blocks are simulated individually as well as in an integrated
manner during our simulation. As attackers attempt to disrupt network functionalities by
targeting essential services at the network layer, various possible forms of Denial of Service
(DoS) attacks have been considered in the threat model [38]. The functionalities of
prevention and mitigation phases depend on the behavior of attacks and can be modified
accordingly. Parameters affecting the performance of ad hoc networks in the presence of
proposed framework have been varied in a range and the results are analyzed.
Chapter – 1 Introduction
19
1.12 Organization of the remainder of the thesis
In Chapter – 2, we present our literature survey in the area of security in MANETs. We have
segregated our survey based on parameters such as types of defense lines, number of attacks
detected by reactive security mechanisms, and techniques used for detection. The detailed
study of existing survivability initiatives for MANETs with their effectiveness and
limitations is also described.
Chapter – 3 discusses our proposed survivability framework to achieve our objectives
already discussed. We also describe the threat model we have considered for our proposed
framework. The layout of the proposed framework is also presented.
Chapter – 4 details the functional blocks of the proposed survivability framework and their
aggregation.
Chapter – 5 describes important parameters that affect the performance of the proposed
survivability framework. The chapter also shows the experimental setup and simulation
results when these parameters are varied in a range. For each case, the comparison of
performance is presented with and without applying survivability techniques.
Chapter – 6 presents the conclusion of our research work with objectives achieved, and the
scope of future enhancements and extension possible in the proposed work.
Chapter – 2 Literature Survey
20
CHAPTER – II
Literature Survey
Network Survivability addresses dependability, availability, and reliability of a physical
network topology [134]. In MANETs, network survivability is a crucial aspect of reliable
communication which focuses on providing essential services to maintain network
connectivity. In a broad sense, survivability refers to the ability of a system to achieve its
mission in a timely manner even when attacks, failures or accidents are present [135]. However,
in MANETs, survivability relies on how effectively the network fulfills the requirements of
survivability. Maintaining essential services such as connectivity, routing, and data forwarding
is challenging in MANETs due to the self-organizing network topology and dynamic behavior
of network nodes which results in mobility, frequent path failures and interference.
Research on survivability in MANETs was not in the focus in the early years of the wireless
technology age. Since wireless and ad hoc networking was still new, people were more inclined
towards research in the development of routing protocols, Quality of Service (QoS)
provisioning and security architectures. As stated in [134], Exploration of survivability became
demanding with the escalation of mobile devices and wireless system applications from the
year 2006 to 2014.
As described in the previous chapter, an integrated framework is required for network
survivability to determine the strategies and network abilities to detect, diagnose and recover
from failures, attacks or accidents. This framework must also have the ability to tolerate the
effects of failures to continue providing essential services. During modeling survivability, it is
also important to identify essential network services which must be maintained during the
attacks or failures. From the literature review, it was found that existing survivability
mechanisms mainly consider theoretical aspects with limited work on specific survivability
requirements. In this chapter, we present a detailed survey of existing survivability initiatives.
According to this survey, most of the initiatives are application-specific and do not support all
important properties and requirements of survivability. As ad hoc wireless technology is a
Chapter – 2 Literature Survey
21
growing field having a variety of applications, there is a need to develop a complete framework
which integrates functioning of different defense lines to make the network survivable. Our
objective is to make this framework generic so that it can be used with any MANET application
in which routing, data forwarding, and connectivity are the essential services to be provided
always. Moreover, we aim at making this framework independent of underlying ad hoc routing
protocols so that it can be integrated easily into an existing MANET.
It is very important to determine algorithms for implementing the preventive, reactive and
tolerance defense lines in a survivability framework. The following sub-sections present the
review and analysis of existing preventive and reactive mechanisms for different types of
attacks in MANETs. Tolerance mechanisms available in the literature are discussed along with
survivability initiatives.
2.1 Security Issues in MANETs
MANETs are vulnerable to many security problems. Fundamental characteristics such as
limited resources, node mobility, dynamic topology and decentralized infrastructure make
those networks susceptible to various active and passive attacks [39]. Passive attacks include
channel sensing and eavesdropping of confidential information. Modification of packet
contents, deletion of packets, impersonation, injection of packets to wrong destinations are
some of the possible forms of active attacks [16].
Network attacks are sometimes classified based on the layers of the network protocol stack.
Table – 2.1 lists the main attacks which target an ad hoc network at different layers. Sometimes,
participating nodes also generate malicious actions in the network. Such attacks are classified
as misbehavior or Byzantine attacks. Some common examples of Byzantine attacks are
wormhole, sinkhole, blackhole, hello packet flooding, selective forwarding, and rushing.
Sometimes, the reason of node misbehavior is selfishness of a node. A node is called selfish if
it participates in only those network activities which are beneficial to it. For all other activities,
it remains idle to save its own resources.
Many mechanisms have been proposed in the literature to secure MANETs. The design
principles behind those mechanisms are various cryptographic and authentication based
techniques, use of designated hardware, route diversity based protocols and protocols for
Chapter – 2 Literature Survey
22
overhearing neighbor communication [40].
Cryptography and authentication based security mechanisms usually increase the network
overhead. Moreover, it is difficult to implement key management and distribution for complex
cryptographic security techniques in MANETs with limited resources and dynamic topology.
Hence, such techniques are not efficient to work against internal attacks [41]. The objective of
using route diversity techniques is to improve the robustness of paths by finding multiple routes
to provide redundancy in the transmission of information. However, many protocols based on
route diversity approach authenticate only the source and destination nodes, thus making
intermediate nodes susceptible to Sybil and impersonation attacks. To identify and minimize
the effects of misbehaving nodes, security mechanisms based on overhearing neighbor
communication need the support of promiscuous mode by wireless interfaces [42]. Using such
mechanisms, a node in the network can monitor its neighbors and can detect their misbehavior
as modifying or dropping packets. Techniques that use specialized hardware for providing
security, have a common limitation of being used to only a specific type of attack.
In general, the above mentioned security mechanisms follow either preventive or reactive
defense lines. Preventive defense lines provide mechanisms to avoid any kind of attack, as
cryptographic schemes or firewalls. Reactive defense lines enable actions on demand to detect
and mitigate intrusions, as IDS. However, these two defense lines are not efficient to put all
attacks and intrusions off [43] [44]. Hence, researchers have proposed the use of the third
defense line, called Intrusion Tolerance (IT) [44], which has the objective of tolerating the
effects of attacks to make the system survivable. The classification of security mechanisms
based on defense lines is illustrated in Figure - 2.1.
TABLE – 2.1 Layer-wise attacks in MANETs
Network Layer Attack
Physical Jamming
Data Link Collision, Mac Misbehavior, Exhaustion
Network Wormhole, Greyhole, Blackhole, Sinkhole, Sybil, Flooding, Byzantine, Rushing
Transport SYN Flooding, Session Hijacking
Application Repudiation, Virus and Worm attacks
Chapter – 2 Literature Survey
23
Figure – 2.1 Defense Lines
2.2 Preventive Security Mechanisms for MANETs
In MANETs, preventive security mechanisms are used to prevent or avoid the attacks or
intrusions. Different key-based cryptography techniques are commonly used for implementing
preventive schemes. The classification of key management schemes for MANETs is given in
Figure – 2.2.
Figure – 2.2 Classification of Key-based Preventive Security Mechanisms
Chapter – 2 Literature Survey
24
Key management approaches in MANETs are mainly classified as contributory and distributive
[45]. In contributory approach, the key is a result of collaborative efforts of the network nodes.
Contributory schemes are based on key agreement concept. To generate a secret key, k nodes
have to agree to generate their partial share to form the whole key. The advantage of such
schemes is that they do not require any trusted third party for key generation and management.
All communicating parties agree upon a secret symmetric key.
In distributive key management schemes, a key is generated from a single source. Distributive
schemes are further categorized as asymmetric or symmetric cryptography techniques [60]. In
asymmetric or public key cryptography, two different keys, private and public keys are used to
support confidentiality, authentication, and non-repudiation. Private keys of nodes are used to
authenticate the messages and to decrypt the confidential message received from the other
communicating party.
Private keys need not be shared among the network nodes. Researchers have used different
techniques for generating private keys for nodes. Another key, a public key is used to encrypt
the message and it is known by all the nodes in the network. In asymmetric key cryptography,
the distribution of keys is easier compared to symmetric cryptography. If a private key of one
node in the network gets compromised, it does not affect the other ongoing or future
communications as it cannot reveal messages for other communications. The drawback of
asymmetric schemes is that they are computationally expensive.
Symmetric key cryptography requires only one secret key for communication. This secret
needs to be known by both the communicating parties. So, either this key can be generated
centrally by some trusted authority or it can be generated by one of the communicating parties.
In either of the cases, it is needed to share this secret key over the susceptible links. Thus, key
distribution is not secure and easy in symmetric cryptosystems. The advantage of such schemes
is that only one key is needed for any number of transmissions in the network. But, if this one
key is compromised, all the past, ongoing and future messages can be decrypted by the
adversary.
There are two approaches used by asymmetric cryptosystems: Certificate based asymmetric
key management and Identity based asymmetric key management [51]. In certification based
schemes, a certificate authority (CA) is used which acts as a central point that everyone trusts.
CA generates certificates for network nodes which are then used for communication. A node
Chapter – 2 Literature Survey
25
is not trusted until it presents a certificate that is not expired or revoked. CAs are responsible
for issuing, storing, validating and revoking certificates. They also provide public keys of nodes
when queried. In ad hoc networks, CA is actually a node which can be compromised or leave
the network. So, sometimes replicated CAs are used. The concept CA is actually not feasible
in MANETs due to its basic characteristics. Moreover, in certification based schemes, the
overhead of transmitting keys and certificates and storage of public key certificates must be
considered.
Another approach used by asymmetric cryptosystems is Identity based key management, which
is also called IBC (Identity Based Cryptography). IBC is a special form of public key
infrastructure and eliminates the need of CA and public key cryptography. Because of these
features, IBC is easy to deploy. In IBC, both private and public keys are based on the identity
of users. Thus, a public key of IBC is self-proving and can carry much useful information. The
main advantages of IBC schemes are lower resource (power, storage, and bandwidth)
requirement. Many IBC schemes also use threshold cryptography in which a secret is shared
among k users.
2.2.1 Existing Cryptography based Preventive Mechanisms
The analysis of various preventive security mechanisms for MANETs which use cryptography
as the basis is presented in Table – 2.2 and Table – 2.3. Table – 2.2 shows the study of existing
contributory schemes with their important characteristics. Properties and limitations of
different distributive schemes are described in Table – 2.3.
Table – 2.2 Contributory Security Mechanisms
Protocol/Author
Name
Properties Security Scalability Robustness Applicability
Diffie-Hellman
[56]
2-party
protocol
No authentication,
supports trust
management,
intrusion
tolerance,
vulnerable to man
in the middle
attack
Poor Peer availability
assumptions,
faulty nodes,
byzantine
behavior
Self-organizing,
pairwise
symmetric key
Chapter – 2 Literature Survey
26
Ingemarsson,
Tang, and Wong
[57]
Based on Diffie-
Hellman
Scheme, uses
logical ring of
nodes during
key agreement
No authentication,
No intrusion
tolerance, No trust
management,
vulnerable to
byzantine
behavior, man in
the middle attack
Poor Rekeying when
group changes
Self-organizing,
symmetric
group key
Burmester and
Desmedt [58]
Uses reliable
multicasting to
reduce the
number of
rounds to 3
Public key
authentication, No
intrusion
tolerance,
certification
authority for trust
management,
vulnerable to
byzantine behavior
Poor Rekeying when
group changes
Symmetric
group key
Hypercube and Octopus [59]
Arrange nodes into hypercube to reduce the number of rounds from n to d (n = 2^d)
No authentication, No intrusion tolerance, No trust management, vulnerable to byzantine behavior, man in the middle attack
Poor
Rekeying when group changes
Self-organizing, symmetric group key
Password Authenticated Key Agreement [60]
Password authenticated hypercube and octopus scheme
Password authentication, No intrusion tolerance, Organizer for trust management , vulnerable to byzantine behavior
Poor
Rekeying when group changes
Self-organizing, symmetric group key
CLIQUES (CLIQ) [61]
Group changes through reliable multicast from group controller
No authentication, No intrusion tolerance, Group controller for trust management, vulnerable to byzantine behavior, man in the middle attack
Poor
Rekeying when group changes
Self-organizing, symmetric group key
Chapter – 2 Literature Survey
27
Table – 2.3 Distributive Security Mechanisms
Protocol Characteristics PKG Online/offline
TA
Key share
distribution
Limitations
[45] Based on IBC and
threshold
cryptography
Fully
distributed
No Secure channel Threshold cryptography
weaknesses, vulnerability
of network initialization
stage to byzantine failures,
routing-security
interdependency cycle, it
is not specified how key
generation takes place
[46] Based on IBC Fully
distributed
No Temporary PKI Threshold cryptography
weaknesses, vulnerability
of network initialization
stage to byzantine failures,
routing-security
interdependency cycle
[47] Secure key
issuing protocol
based on key
privacy
authorities
Partially
distributed
Offline Not specified routing-security
interdependency cycle (
secure routing is needed
to get partial key and
signature), all KPAs are
required to be online and
available
[48] Key proxy,
multicast group
of PKGs
Partially
distributed
Offline Encrypted
multicast
routing-security
interdependency cycle,
distributes partial private
keys PKG server nodes to
network
[49]
Offline threshold D-PKG
Partially distributed
Offline
Pre-distribution
routing-security interdependency cycle, distributes shares of D-PKGs, vulnerable to mobile attacks
[50]
Lightweight IBC
Partially distributed
Yes
Not specified
routing-security interdependency cycle, vulnerable to Sybil attacks
[51]
Generates compromise-tolerant keys
Partially distributed
Yes
Not specified
Poor scalability, routing-security interdependency cycle, traffic overhead
[52]
Uses blind signature to issue private key shares securely
Partially distributed
Yes
Public channel
Traffic overhead, for each node, password is stored and distributed
Chapter – 2 Literature Survey
28
[53]
Based on IBC and threshold cryptography
Fully distributed
No
Not specified
routing-security interdependency cycle
[54]
Implements Deng’s protocol for OLSR
Fully distributed
No
Self-generated public-private key pair
routing-security interdependency cycle, does not provide security for OLSR, master public-private key collection process is not secure, each DPKG node has to store temporary public keys of other DPKG nodes
[55]
IBC based hybrid key management scheme
Fixed on cluster head
yes
PKI
Inter-cluster communication overhead
2.3 Reactive Security Mechanisms for MANETs
Reactive security mechanisms take actions on demand to detect and mitigate the effects of
attacks or intrusions. As described in the previous chapter, reactive security mechanisms
are classified based on the number of attacks they detect. Reactive security mechanisms
which are capable of detecting only a specific type of attack are called Point Detection
Mechanisms [6]. Intrusion Detection Systems, the other category of reactive security
mechanisms, can identify a range of attacks. Further categorization of point detection
schemes is done according to the type of attack they detect. Intrusion Detection Systems
are classified based on the techniques they employ for identifying attacks. Different
techniques such as knowledge based detection, anomaly based detection or signature based
detection can be used for implementing IDSs. Some of the existing IDSs are hybrid in
nature as they use a combination of detection techniques. IDSs can be deployed either at
host-level or at a central location in the network. Based on the deployment scheme, IDSs
are also classified as Host based Intrusion Detection Systems (HIDS) and Network based
Intrusion Detection Systems (NIDS) [62]. Deployment of IDSs determines what they can
monitor to detect intrusions and hence, deployment plays a vital role in the performance of
IDSs. Comparison and analysis of various point detection mechanisms which have been
proposed for securing MANETs is presented in Table – 2.4. Table – 2.5 contains the study
of existing intrusion detection systems with their advantages and limitations.
Chapter – 2 Literature Survey
29
Table – 2.4 Comparison of Point Detection Mechanisms
Protocol
Name
Archite-
cture
Attacks
detected
Detection
Technique
Corrective
Measures
Routing
Protocol
Data
gathering
Mechanism
Remarks
FAP (Yi et
al. [63]
Distributed Sleep
Deprivatio
n caused
by
malicious
route
requests
Priority
queue of
route
requests
Exclude
attackers
AODV Single node
monitoring
May
suppress
legitimate
nodes
None (Guo
et al. [64])
Not
Specified
Distribute
d DoS
flooding
Uses a
model
based on
flow
detection
features
Not
Specified
Not
Specified
Single node
monitoring
Uses an
analytical
model to
identify
the
attackers
None
(Martin et
al. [65])
Not
Specified
Sleep
Deprivatio
n
Energy
Signature,
Multilevel
Authenticat
ion
Not
Specified
Not
Specified
Requests to
SSH server
Analyzes
the effect
of sleep
deprivatio
n attack on
real
systems
LIP (Hsu et
al. [66])
Not
Specified
Sleep
Deprivatio
n
Local
Broadcast
Authenticat
ion
Not
Specified
Not
Specified
Observation
by nodes
Lightweigh
t; helps to
prevent
packet
injection
and
impersona
tion
None (Yu et
al. [67])
Distributed Sleep
Deprivatio
n
Neighbor
Monitoring
Not
Specified
DSR Monitoring
neighbor
nodes’ route
requests
Intruders
can bypass
the check
for bad
nodes
None
(Sarkar and
Roy [10])
Hierarchica
l
Sleep
Deprivatio
n
Based on
cluster
head’s
decision
Not
Specified
Not
Specified
Observation
of packet
forwarding
It is not
specified
how to
determine
threshold
value for
packet
forwarding
TOGBAD
(Pedillia et
al. [68])
Centralized
,
Hierarchica
l
Black Hole Topology
Graph
Not
Specified
OLSR Topology
Graph
Not
feasible
for
reactive
routing
None
(Medadian
et al. [69])
Distributed Black Hole Finding safe
path
Not
Specified
AODV Neighbors’
observation
May
generate
false alarm
Chapter – 2 Literature Survey
30
in highly
dynamic
MANETs
None
(Zhang et
al. [70])
Distributed Black Hole Verifying
sequence
number of
route reply
Not
Specified
AODV,
SAODV
Intermediate
nodes’
observation
Increased
overhead,
lack of
security
checks for
sequence
request
and reply
packets
None
(Xiaopeng
et al. [71])
Distributed Grey Hole Checkup,
Proof and
Diagnosis
Algorithms
Not
Specified
DSR Proof from
forwarded
packets
Specific to
DSR
None (Wei
et al. [72])
Distributed Grey Hole Aggregate
Signature
Algorithm
Not
Specified
Not
Specified
Aggregate
Signature
Algorithm
A
certificate
authority
is assumed
to be
present
None (Sen
et al. [73])
Hierarchica
l
Grey Hole Local
observation
based on
RTS and CTS
Exclude
attackers
AODV Local
observation
based on RTS
and CTS;
neighbors’
feedback
Specific to
AODV
None (Yang
et al. [74])
Not
Specified
Grey Hole Historical
Evidence
Not
Specified
Not
Specified
Neighbors’
observation
Historical
trust
values are
used to
make
detection
decision
None
(Douceur,
[75])
Centralized Sybil Trusted
Certificate
Not
Specified
Not
Specified
Certificates
managed by
trusted
authority
Requires
to have a
trusted
certificate
authority
PASID (Piro
et al. [76])
Distributed Sybil Passive
monitoring
of traffic
and
mobility
pattern
Not
Specified
AODV Single node
monitoring
May
falsely
detect
node
groups as
attackers
None
(Monica et
al. [77])
Not
Specified
Sybil Radio
Resource
Tests
Not
Specified
Not
Specified
Various radio
resource
tests
Different
tests are
needed for
different
network
conditions
None
(Sharma
Not
Specified
Sybil Considered
RSS, node
speed
Not
Specified
Not
Specified
Node speed
observation
Threshold
value of
Chapter – 2 Literature Survey
31
and Garg
[78])
speed is 10
m/s
None
(Sinha et al.
[79])
Hierarchica
l
Sybil Dissimilariti
es and
similarities
between
nodes
Not
Specified
Not
Specified
Computed
using
centroids of
clusters
Probability
of same
resource
utilization
is
considered
to find
similarities
None
(Abbas et
al. [80])
Not
Specified
Sybil Localization
process
Not
Specified
Not
Specified
Localization
process
Once a
node is
registered,
no further
localizatio
n is
performed
None
(Tangpong
et al. [81])
Not
Specified
Sybil Exchanging
observed
information
Exclude
attackers
Not
Specified
Cooperative
monitoring
No central
authority
is needed
None
(Hashmi
and Brooke
[82])
Not
Specified
Sybil Authenticat
ion Agent
Not
Specified
Not
Specified
Verification
by
authenticatio
n agent
Uses
hardware
id for
authentica
tion
RAP (Hu et
al. [84])
Distributed Rushing
Attack
Mutual
Authenticat
ion
Protocol
Not
Specified
DSR Neighbors’
observation
Specific to
DSR
SRP
(Papadimit
ratos and
Haas [85])
Not
Specified
Rushing
Attack
SMT
protocol
Not
Specified
Not
Specified
SMT protocol Effectiven
ess of SRP
is not
checked
against
routing
attacks in
MANETs
SDSR
(Tamilselve
n et al. [88])
Not
Specified
Rushing
Attack
Not
Specified
Not
Specified
Not
Specified
Random
route request
forwarding
Probability
based
mechanis
m
None (Sen
et al. [89])
Distributed Packet
Dropping
Trust based
model
Exclude
attackers
Not
Specified
Collaborative
monitoring
Based on
trust
values
None
(Gonzalez
et al. [91])
Hierarchica
l
Packet
Dropping
Flow
Conservatio
n
Exclude
attackers
AODV Single node
monitoring
does not
discuss
how to
secure the
misbehavi
or
detection
and
accusation
process
Chapter – 2 Literature Survey
32
None
(Gonzalez
et al. [92])
Distributed Packet
Dropping
Adaptive
policies
Not
Specified
Not
Specified
Distributed
management
overlay
Adaptable
protection
of routing
protocols
SCAN (Yang
et al. [93])
Distributed Packet
Dropping
Information
Cross
Validation
Exclude
attackers
AODV Collaborative
monitoring
Specific to
reactive
routing
process
HSAM
(Mamatha
and
Sharma
[94])
Not
Specified
Packet
Dropping
Ratio of
packets
transmitted
and packets
dropped
Exclude
attackers
Not
Specified
Observation
of packets
Does not
consider
packet
dropping
due to link
breaks
SCM ([95]) Not
Specified
Packet
Dropping
Based on
observation
Generate
alarm;
exclude
attackers
Not
Specified
Collaborative
monitoring
Extra
channels
are
formed
None (Shu
and Krunz
[96])
Not
Specified
Packet
Dropping
Correlation
between
lost packets
Not
Specified
Not
Specified
Public
auditing
architecture
Increased
overhead
Table – 2.5 Comparison of Intrusion Detection Systems
Algorithm
Name
Architecture Attacks
detected
Intrusion
Detection
Technique
Corrective
Measures
Routing
Protocol
Data
gathering
Mechanism
Remarks
None (Cretu
et al., [97])
Distributed,
Peer to peer
Abnormal
behavior of
devices
Anomaly
based
No
cooperatio
n with
intruders
Not
Specified
Observation
of behavior
model
Heavy
computati
on and
processing
overhead
None (Liu et
al. [98])
Distributed DoS Bayesian
game
theory
based
anomaly
detection
Not
Specified
Not
Specified
Lightweight
and
heavyweight
monitoring
systems
Use of two
IDS
None (Jiang
and Wang,
[99])
Distributed,
Zone based
DoS Morkov
Model
Not
Specified
Not
Specified
Use of
Morkov
chain model
Does not
specify
how to
calculate
threshold
value
None (Sun et
al. [100])
Distributed Routing
disruption
attacks
Anomaly
detection
using
Markov
chain
classifier
Not
Specified
Not
Specified
Audit data
sources
Can detect
local
intrusion
Chapter – 2 Literature Survey
33
None
(Mitrocosta
et al. [101])
Collaborativ
e,
Distributed
Various
attacks
Anomaly
detection
using
neural
networks
Exclude
routes
having
intruder
nodes
Not
Specified
MAC layer
features
Test attack
scenarios
are not
given
None
(jabbehdari
et al. [102]
Not
Specified
DoS Anomaly
detection
using
neural
networks
Not
Specified
Not
Specified
Trace output Specific to
DoS
attacks
AIDP
(Nadeem
and
Howarth,
[103])
Clustered,
Hierarchical
DoS Anomaly
detection
Exclude
intruders
General;
tested on
AODV
Routing
information
Specific to
DoS
attacks
AFIDS
(Chaudhary
et al. [104])
Not
Specified
Black Hole Fuzzy
based
anomaly
detection
Exclude
intruders
AODV Network
monitoring
Performan
ce
depends
on the
accuracy
of fuzzy
inference
engine
None
(Uyyala and
Naik, [105])
Distributed Black hole,
Grey hole
Anomaly
detection
Exclude
attackers
AODV Monitoring
nodes
Monitorin
g nodes
have to
maintain
the
informatio
n about
each
ongoing
transmissi
on
IDAD (Alem
and Xuan,
[106])
Not
specified
Black hole Anomaly
detection
Exclude
attackers
AODV Single node
observation
Works
with an
assumptio
n that a
centralized
entity is
always
present in
MANETs;
requires
pre-
collected
audit data
None (Shao
et al. [107]
Clustered Packet
dropping
Back
Propagatio
n Neural
Network
Exclude
attackers
AODV Detection
nodes
In dynamic
MANETs, it
is difficult
to find a
static set
of
detection
nodes
Chapter – 2 Literature Survey
34
None (Jain
and
Raghuvanshi
, [108])
Not
specified
Grey hole Anomaly
detection
Exclude
attackers
AODV IDS nodes Does not
specify
how to
select IDS
nodes
None (Ye
and Li,
[109])
Distributed Various
attacks
Agent
based
anomaly
detection
Exclude
attackers
Not
specified
Detection
agents
Does not
specify
how to
choose
detection
nodes; the
algorithm
is not
tested
None
(Komninos
et al. [110])
Not
specified
Not
specified
Knowledge
based
detection
Not
considered
Not
specified
Audit data
trails
Not tested
against
attacks
IDAR
(Alattar et
al. [111])
Distributed Pattern
matching
Signature
based
detection
Not
specified
OLSR Logs
generated
by OLSR
High
bandwidth
and
memory
requireme
nt
AODVSTAT
(Vigna et al.
[112])
Distributed Resource
depletion,
packet
dropping
Knowledge
based
detection
Not
specified
AODV AODV
routing
packets,
data packets
Detects
the attacks
against
AODV
routing
protocol
only
None (Tseng
et al. [114])
Distributed DoS Finite State
Machine
based SBID
Not
specified
OLSR OLSR
information
Specific to
OLSR
protocol
EFSM (Orset
et al. [115])
Distributed Sybil,
modificatio
n,
fabrication
Extended
Finite State
Machine
based SBID
Not
specified
OLSR OLSR
information
Specific to
OLSR
protocol
None
(Stakhanova
et al. [116])
Not
specified
Behavioral
specificatio
n
Specificatio
n based
detection
Not
specified
AODV,
DSR
Network
traffic flow
Specific to
AODV and
DSR
CRADS
(Joseph et
al. [117])
Not
specified
Rushing,
medication
, spoofing,
packet
dropping
Hybrid
Intrusion
detection
Not
specified
OLSR Data
collected
from
physical,
MAC,
network
layer
Cross layer
approach
GIDP
(Nadeem
and
Howarth,
[118])
Clustered,
hierarchical
Various
network
layer
attacks
Hybrid
intrusion
detection
Exclude
attackers
General Network
characteristi
cs;
performanc
e matrix
Tested
using
AODV
None (Hijazi
and Nasser,
[119])
Distributed Not
specified
Mobile
agent
Not
specified
Not
specified
Not
specified
Analyzes
the scope
of using
Chapter – 2 Literature Survey
35
mobile
agents for
ID
None (Yi et
al. [120])
Clustered,
hierarchical
Routing
loops, DoS
Other IDS Generate
alarm
DSR DSR
specification
s
Specific to
DSR
2.4 Survivability in MANETs
To design a survivability model for an ad hoc network, it is important to identify the basic
critical network functionalities which must be provided even if the network is being targeted
by an attack. Some network services for MANETs must always be provided irrespective of its
context and applications [112]. These services are called general essential services and need to
be provided even in the presence of attacks, failures or faults. Other services which are not
general but essential are called specialized services and depend upon applications or context of
their use.
2.4.1 Requirements of Survivability
The requirements of survivability in MANETs depend upon the characteristics and scope of
the network and essential services for the given network. For any mobile ad hoc network,
general essential services are path finding, connectivity, and communication [122]. Specialized
services may vary with the context of use or application and hence cannot be used in designing
a general survivability model.
Efficient routing process, end-to-end communication, and network connectivity are the
essential services of any survivable MANET that the network is expected to provide always.
Apart from these services, a survivable MANET needs to provide efficiency, self-
configurability, heterogeneity, self-adaptation, integrity, authentication, protection,
confidentiality, access control, redundancy, robustness, self-organization, self-diagnosis, self-
healing, self-control, decentralization, and scalability. These requirements with respect to
essential network services are summarized in Table – 2.6.
Due to the scarcity of resources, it is always important for a MANET to use its energy and
resources efficiently, especially when the system is suspected to be under an attack or intrusion.
The mobility of nodes and dynamic network topology are the reasons for having self-
Chapter – 2 Literature Survey
36
configuration requirement in an ad hoc network. If the network is self-configurable, the
parameters of connection and communication can be changed dynamically. Participating nodes
in a MANET can be of different types and this leads to a requirement of heterogeneity. The
mobility of nodes affect many parameters, services and state of the network and hence, self-
adaptation to a changed network state is must for any mobile ad hoc network. Path finding or
routing process in an ad hoc network must have the mechanisms of providing integrity,
authentication, and confidentiality of communication. As MANETs use an open wireless
communication medium, it is very important to protect the communication. Unauthorized
access must not be allowed in any network and hence, it is one of the desirable properties. To
deal with path failure problems and tolerate routing attacks, multipath routing capability must
be provided in a MANET by implementing redundancy. The process of finding routes must be
robust to different types of attacks. To build a survivable MANET, there should not be any
central point of control that can be targeted by attackers. The network must be decentralized
and self-organized. In the absence of any centralized control, a MANET must monitor itself to
find faults or malicious actions. This property is called self-diagnosis and considered very
important to achieve survivability. When faults or misbehaviors are identified, a network must
take corrective measures to recover from the disruptions by using its self-healing capacity.
Scalability is one of the basic characteristics of a MANET and hence when the network is made
survivable, this requirement must be considered to accommodate a large of number of nodes
in the network.
Table – 2.6 Requirements of Survivability in MANETs
Survivability Requirement General Essential Services
Efficiency
Routing
Robustness
Redundancy
Access Control
Integrity
Authenticity
Confidentiality
Protection
Self-Adaptation
Connectivity
Self-Configuration
Energy-Efficiency
Heterogeneity
Self-Organization
Self-Control
Chapter – 2 Literature Survey
37
Self-Management
Communication Self-Diagnosis
Self-Healing
Self-Optimization
Decentralization
Most of the requirements listed above are connected to others and needed to be provided
together to make MANETs survivable. The effectiveness of some individual requirements can
be improved if they are provided in combination with other survivability requirements. The
general essential services for MANETs are associated with different layers of the network
protocol stack. For example, network connectivity is related to the data link layer of the
network. Path finding and routing related activities are handled by the network layer and the
communication of information is mainly controlled by the application layer. To design a
complete model of survivability, it is needed to consider the dependency of network layers and
multi-layer attacks. If multiple layers are considered for communication and attacks, it becomes
possible to improve robustness and survivability of networks. For example, to make the process
of routing robust and efficient, the network layer can use statistics of bandwidth and energy,
received from the data link layer. In this way, network layers can provide support to each other
to guarantee survivability.
2.4.2 Key Properties of Survivability
In a broad sense, the key properties of survivability are resistance, recognition, recovery, and
adaptability [121]. Resistance is the ability of a system to avoid attacks. It is commonly
implemented using cryptography, authentication, and firewalls. Recognition is the system
capability of identifying attacks and analyzing their effects. Point detection and intrusion
detection systems are examples of recognition mechanisms. Recovery is the capacity of
restoring the affected system functionalities within time constraints, to provide the critical
services and limit the damage. Redundancy and replication are used as recovery mechanisms
by many systems. Adaptability is the capability of adapting to target intrusions by quickly
incorporating lessons learned from faults and failures. Topology control and dynamic selection
of protocols based on system requirements are the conventional examples of adaptation
mechanisms. To build a survivable system, these properties are required to be followed in a
repetitive manner.
Chapter – 2 Literature Survey
38
2.4.3 Existing Survivability Initiatives for MANETs
This section describes existing survivable initiatives for MANETs. However, many of
these initiatives do not provide the complete design of a survivable model but the
properties, objectives, and techniques used by them cannot be seen as conventional
reactive or preventive security solutions and are more correlated to requirements and
properties of survivability. Security solutions that are not using single lines of defense and
use some mechanisms for intrusion tolerance are considered for this survey. The
survivable initiatives included in this survey focus on providing one or more general
essential services in ad hoc networks.
Boudriga and Obaidat [123] proposed a mechanism for making MANETs tolerant to
intrusions. The approach was based on resource allocation and recovery mechanism
implemented at the network layer. The authors also suggested a multilevel trust model for
MANETs. According to this trust model, an ad hoc network is divided into two virtual
domains: the user’s domain and the resources’ domain. Each network activity is assigned
a unique trust value based on the location of the network where it occurs. Based on such
assigned trust levels of activities, resources are allocated to them by applications or users.
The resource allocation scheme is distributed in nature and aims at maximizing the
utilization of available resources and minimizing the costs. Each application gets only a
part of an available resource at any node. The approach implements intrusion tolerance
using a distributed firewall technique, using which path failures caused by intrusions can
be detected and recovered. This firewall is maintained in form of a table at each network
node that contains a list of packets passed through it and successfully reached to
destinations. Firewalls tables are created and maintained dynamically. The entries of
firewall tables are updated when the network detects any malicious behavior, failures or
intrusions. The main use of firewall tables is to prevent a flow of false or fake packets. To
detect misbehavior, nodes use three parameters: authentication failure rate, packet loss
rate, and duplicate packet rate. The proposed model mainly deals with flooding attacks
that is one of the forms of denial of service (DoS) attacks by using the above techniques
along with IPSec based authentication and trust relationships of participating nodes.
BFTR (Best effort Fault Tolerant Routing) is proposed by Xue and Nahrstedt [124]. It is
a source routing algorithm based on path redundancies which has the objective of
providing routing service with low overhead and high delivery ratio when malicious nodes
Chapter – 2 Literature Survey
39
are a part of the network. This approach does not decide whether a route or any node
included in it, is good or not. BFTR uses network statistics and receiver’s feedback, to
select a path with the highest packet delivery ratio in the recent past. BFTR is able to
detect attacks such as misrouting, packet corruption and dropping. Designed based on DSR
flooding, BFTR finds paths between the end nodes and selects the shortest path for routing
data packets. When a path failure is detected, the algorithm discards the current route and
chooses the next shortest route available. The algorithm assumes that a good route is
consisting of nodes with high delivery ratio and hence discards routes with a low delivery
ratio. BFTR also assumes that the end nodes never misbehave and immediate nodes are
included in security support architecture. A prior trust relationship is needed between the
source and destination nodes.
A Cross Layer Approach (CLA) is proposed by Berman and Mukherjee in [125]. This
algorithm is based on intelligent multipath routing and uses directional antennas. Data
availability and confidentiality are the main objectives of CLA. Omni-directional antennas
receive or transmit radio signals in all directions uniformly, while directional antennas
transmit or receive radio signals in one specific direction. With this property, directional
antennas lower the area covered by packet transmission overlapping of message segments
and chances of eavesdropping. This minimizes a possibility of collecting all message
segments at the same time by an attacker. Along with directional antennas, CLA uses a
self-adaptive transmission power control mechanism to minimize the likelihood of
message interception. Using multipath routing, messages are divided based on a threshold
secret sharing algorithm that sends segments of messages by multiple paths. To achieve
the basic objective of minimized message interception probability, CLA uses two
intelligent routing schemes that reduce path-set correlation factor and physical distance of
hops.
Joshi et al. [126] proposed an approach called JA (Joshi’s Approach) for key management
and control. JA describes a complete distributed certificate authority mechanism that uses
redundancy and secret sharing. This mechanism divides the private key of the certificate
authority into segments and then distributes these segments among the network nodes.
Nodes are required to recreate the key using key segments to communicate with each other.
The private key of the certificate authority can be reformed by using a minimum number
of key segments from the total number of segments. This mechanism fails when a
Chapter – 2 Literature Survey
40
sufficient number of nodes to reform the key are not available in the communication range
of the node that is willing to communicate. To introduce redundancy in the network, the
algorithm assigns more than one key segment to each node, lowering the number of nodes
needed to reform the key of the certificate authority and increasing the probability of
reforming the certificate authority key by a legitimate node. However, introducing
redundancy in the algorithm is challenging due to the increased probability of an attacker
compromising the key of the certificate authority. This problem becomes severe when an
attacker compromises a legitimate node in the network because that node is treated as a
good valid node. To deal with this problem, authors have proposed to use an intrusion
detection system for detecting compromised or misbehaving nodes and exclude them from
the network.
ODSBR [127] is a reactive routing protocol that is designed to deal with a variety of
Byzantine attacks. This protocol works in three sequential phases: least weight path
discovery, Byzantine fault localization, and link weight management. The first phase uses
double secure flooding to find routes with minimum cost. At the time of finding a route,
route discovery protocol uses double flooding for sending route request and response
messages. Digital signature and secure authentication are provided using cryptography.
During the Byzantine fault localization phase, faulty links on the routes are detected using
the adaptive probing method. This phase also uses cryptography to ensure the integrity of
packets based on secure acknowledgements received from intermediate node periodically.
Link weight management is the last phase of the protocol that tries to manage weights
assigned to faulty links. Based on a weight value assigned to each link, faulty links can be
discovered. Weight values are stored at every node and used by the least weight path
discovery phase. Authors have claimed that the proposed protocol can perform in different
scenarios. However, some points in the algorithm are not clearly defined. For example,
the algorithm uses digital signatures and RSA cryptography techniques but does not
consider open issues related to them such as authentication of nodes and distribution of
public keys. These points can influence the overall working of ODSBR and are essential
for the expected functionality of the algorithm. Also, secure acknowledgement based
functionalities cannot be guaranteed due to basic characteristics of ad hoc networks such
as dynamic topology and mobility of nodes.
Chapter – 2 Literature Survey
41
Papadimitratos and Haas presented an approach called Secure Message Transmission
(SMT) [128] for providing data protection, integrity, confidentiality, and availability.
SMT is built using four mechanisms: dispersion of transmitted information, multiple
routes used simultaneously, secure end-to-end feedback and adaption to changing network
state. For implementing these mechanisms, SMT requires a security association (SA) [129]
between the source and destination nodes. The need for link encryption is eliminated using
SA. To provide secure data communication, SMT uses Active Path Set (APS) - a set of
node-disjoint paths existing between the source and destination nodes. To provide
recovery through redundancy, a message is divided into a number of small segments using
information dispersal scheme [130]. For improving confidentiality, all message segments
are transmitted using different paths which are available in APS. To form a full message
at the destination, all message pieces are first counted and if a sufficient number of
message shares are found, the message is reconstructed using dispersed segments. A
message authentication code is included in every message segment to support data
integrity. When a destination receives correct message segments, it acknowledges the
receipt to the source by providing a feedback. The feedback generated by the destination
is also secured using cryptography and dispersed to support tolerance to faults. In APS,
each path contains a rate of reliability that computed using the total number of successful
and unsuccessful transmissions on that path. This rate is used by the algorithm for
determining and managing maximally secure routes.
Choudury et al. [131] proposed a protocol named SDMP (Secure Data based MultiPath)
that offers data confidentiality and robustness. As the name suggests, this protocol uses
multiple paths between nodes of the network. SDMP provides authentication and
confidentiality of link layer frames by using wired equivalent privacy (WEP) link
encryption and decryption. SDMP is routing protocol independent and can be used with
any routing protocol that supports multipath routing with topology discovery. There are
two types of paths used by SDMP: data path and signaling path. The later type needs only
one path between the end nodes. The remaining paths can be used for transmitting data.
The proposed protocol uses the diversity coding approach to divide a message into
segments. A unique identifier is assigned to each message segment and then pairs are
formed by combining them using exclusive-or (EX-OR) operations. Different routes are
used for sending each pair and signaling paths are used to send information needed for
message reconstruction at the destination. To be successful, an attacker has to get all
Chapter – 2 Literature Survey
42
transmitted message pairs for reconstruction. An attacker is required to be in the
eavesdropping range of the source or destination to compromise the confidentiality; or
must listen on all paths used and decrypt each encrypted transmitted message piece. The
main drawback of this protocol is that one segment of the original message is always sent
in its original form on one of the data paths and hence the probability of deducing the
original message partially from a few segments by an attacker is high.
Secure Protocol for Reliable Data Delivery (SPREAD) is a protocol proposed by Lou et.
al [132]. The objective of this protocol is to achieve data availability and confidentiality.
In this method, a source node divides messages into a number of segments based on the
threshold secret sharing scheme. Each message segment is then encrypted and transmitted
through multiple independent routes. The protocol assumes that an efficient key
management scheme is available for encryption using different keys for nodes. There are
three main operations to be performed: splitting messages into multiple segments,
selecting multiple routes and transmitting message segments using those routes. Multiple
paths are used for sending message segments to reduce the chances of an attack. To choose
multiple paths for this purpose, the proposed protocol considers various security factors.
To compromise the protocol, an attacker must access all paths to reconstruct the original
message from segments.
Techniques for Intrusion-resistant Ad hoc Routing Algorithms (TIARA) [133], proposed
by Ramanujan et. al, is a protocol to deal with denial of service attacks in ad hoc networks.
TIARA has the flexibility of applying it to any routing protocol but can be deployed easily
and effectively for reactive routing protocols such as AODV and DSR. Intrusion tolerance
to DoS attacks is achieved in TIARA by implementing the following techniques: FLAC
(Flow based route access control), distributed wireless firewall, multipath routing, source-
initiated flow routing, flow monitoring, fast authentication, use of sequence numbers and
referral based resource allocation. In the flow based route access control mechanism, a
distributed wireless firewall is used along with a limited resource allocation on a stream
of control packets in order to prevent attacks based on resource overloading. Each network
node maintains an access control list in which authorized flows are specified. For
allocating network resources for a flow in a limited manner, a threshold is def ined. To
forward data packets, the algorithm finds multiple routes but selects only one. For
detecting path failures, the flow monitoring mechanism sends control messages
Chapter – 2 Literature Survey
43
periodically and chooses an alternative path if a failure is found. The fast authentication
technique assigns a path label to each packet in a secret position. A different secret position
for assigning a path label is chosen by each node. Table – 2.7 shows the key properties
and requirements offered by existing survivability initiatives.
Table – 2.7 Survivability Key Properties and Requirements achieved in Existing Survivable
Initiatives
BA BFTR CLA JA ODSBR SMT SDMP SPREAD TIARA
Survivability Properties
Resistance Yes Yes No Yes Yes Yes Yes Yes Yes
Recognition Yes No No Yes Yes No No No Yes
Recovery Yes Yes Yes Yes Yes Yes Yes Yes Yes
Adaptability Yes No Yes No Yes No No No No
Survivability Requirements
Efficiency No No No No No No No No No
Self-configuration
No No Yes No No Yes No No No
Heterogeneity Yes No No No No No No No Yes
Integrity Yes No No No Yes Yes Yes Yes No
Authentication Yes Yes No No Yes Yes Yes No Yes
Protection Yes No No No Yes No No No No
Confidentiality Yes No No No Yes Yes Yes Yes No
Access control Yes No No No No Yes No No Yes
Redundancy Yes Yes Yes Yes Yes Yes Yes Yes Yes
Robustness Yes No No No No No No No No
Self-organization Yes Yes No Yes Yes No No No Yes
Self-healing Yes Yes No Yes Yes No No No No
Decentralization Yes Yes No Yes Yes No No No Yes
Scalability Yes Yes No Yes Yes No No No Yes
2.5 Survey Conclusions
Our literature survey leads us to the following conclusions:
a) Preventive Security Mechanisms
Due to the fundamental characteristics of MANETs, it is difficult to
implement the conventional concept of firewalls to prevent attacks or
intrusions from entering into the network.
Cryptography based preventive mechanisms are computationally expensive.
Chapter – 2 Literature Survey
44
Most of the existing cryptography based mechanisms need a trusted third
party or a group of reliable network nodes which can transmit certificates
securely in the network. This is difficult to implement in MANETs because
of the absence of any centralized authority and lack of node hierarchy.
Nodes in MANETs can also be compromised by attackers.
Encryption/Decryption techniques used by cryptographic mechanisms are
not full-proof and can be targeted by brute-force attacks.
Cryptographic solutions can only protect what they are designed to protect.
They do not protect other essential network services which should always be
provided.
b) Reactive Security Mechanisms
Point Detection Mechanisms are designed for only a particular type of attack
and therefore, they are not capable of dealing with other types of attacks.
Most of the existing IDSs are also designed to detect attacks of specific
types. When any other attack targets the network, they cannot defend the
network services.
Basic Characteristics of MANETs make the implementation of IDSs
challenging.
Reactive security mechanisms do not aim at tolerating the effects of ongoing
attacks. Thus, when a MANET is targeted by attackers, IDSs attempt to
detect and mitigate but fail to protect essential network services meanwhile.
c) Existing Survivability Initiatives
Existing survivability initiatives do not implement all three lines of defense
which are very important to achieve survivability. Most of the existing
solutions focus on preventive and reactive defense lines and pay less
attention to intrusion tolerance.
Some important survivability properties and requirements such as
adaptability, heterogeneity, self-management and robustness are almost
unexplored in the existing survivability solutions.
Most of the initiatives are designed for specific attacks or specific network
layer functionalities. They cannot be extended for other types of attacks or
functionalities.
To build a complete survivability model for a MANET, all defense lines
Chapter – 2 Literature Survey
45
need to apply cooperatively. The survivability model should be generic so
that it can be used with underlying network functionalities. The
survivability model should also have the capability of adapting to
unexpected situations.
It is needed to develop an integrated survivability framework for MANETs
which uses preventive, reactive and tolerance defense mechanisms together
to achieve survivability. This framework should be able to provide general
essential network services when the network is under threats. Furthermore,
the design of this framework should be routing-protocol-independent so that
it can be used with any existing MANET, without changing its basic
architecture. The framework should provide the ability to survive the
consequences caused by different types of attacks in the ad hoc
environment.
Chapter – 3 Proposed Survivability Framework
46
CHAPTER – III
Proposed Survivability Framework
3.1 Problem Statement
To develop a complete, general, routing-protocol-independent survivability framework for
securing MANETs from different types of attacks, using three defense lines – Preventive,
Reactive and Tolerance, without compromising essential network services.
3.2 Scope of Our Research
Our proposed survivability framework is flexible enough to be used with any underlying ad
hoc routing protocol. The framework aims to provide general essential network services even
when the network is under attack. The scope of our research is defined as:
Simulate for implementation, integrate and monitor the performance of all of these
three defense lines – Preventive, Reactive and Tolerance
Design and Simulation of a routing-protocol-independent threat model to assess the
impact the of the proposed survivability framework
Prevention of attacks defined in the threat model to implement the first line of defense
On-demand identification of anomalies and intrusions using reactive defense
Diagnosis of detected anomalies to determine the type and impact of attacks
Mitigation of detected threats and anomalies by applying attack-specific mitigation
actions
Tolerating the effects of on-going attacks in the network to assure the provisioning of
essential network services regardless of specific network applications.
3.3 Objectives of Our Research
The overall objectives of our research are summarized as:
Chapter – 3 Proposed Survivability Framework
47
To use preventive and reactive defense lines for protecting MANETs from attacks.
To make networks capable of tolerating the effects of attacks and provide the essential
services even when the network is under attack, however with degraded performance.
Develop a complete, generic and routing protocol independent survivability framework
for MANETs by integrating three defense lines.
3.4 Original Contribution by the thesis
Although many researchers have worked towards enhancing existing security mechanisms for
MANETs, major breakthroughs in terms of detection and prevention of attacks are not yet
accomplished [6]. Very less work has been done for making MANETs survivable [29] [136]
[36]. Most of the existing survivability initiatives for MANETs do not define all three lines of
defense and are designed for specific attacks or specific network layer functionalities. Critical
open research areas for MANETs are Lack of full-proof security mechanisms, identifying and
analyzing attacks correctly and offering essential network services all the time despite
intrusions [6] [137] [16]. Preventing and detecting attacks in MANETs is not the only solution.
It is equally important to make the networks survive the effects of attacks. Survivability
initiatives for MANETs do not consider some of the important properties and requirements of
survivability and effective for specific attack scenarios or network situations.
We concentrate on all defense lines to secure MANETs. The first line of defense – prevention,
attempts to defend the network from attacks defined in the threat model. Detection, Diagnosis
and Mitigation components are included in the proposed survivability framework to implement
the second line of defense – reactive defense. The detection component is implemented as a
statistical anomaly detector which identifies network anomalies and generates alarms. After
receiving alarms as a possible indication of attacks, the diagnosis component attempts to
analyze the detected anomalies based on attack signatures available and specifies the type of
attack as a result. The role of the mitigation component is to identify and apply actions to be
taken for mitigating effects of attacks of specific types. This component also determines the
amount of time for which mitigations actions should be applied. The third defense line is
implemented as intrusion tolerance, having the aim of tolerating the impact of ongoing attacks
so that the network can continue providing the basic functionalities and services.
Our proposed survivability framework for MANETs is generic and does not depend on
underlying ad hoc routing protocols. It can be integrated into existing MANETs to provide
Chapter – 3 Proposed Survivability Framework
48
essential network services in the presence of various attacks at different network layers. The
fundamental characteristics of MANETs have been considered to define the list of key
properties and requirements of survivability for the proposed framework. The framework
proposed by us can be extended for different types of attacks and can be used for any MANET
application to get basic services uninterruptedly.
The simulation and analysis of prevention, detection, diagnosis, mitigation and tolerance
phases clearly indicate that our proposed framework with these phases has the capability of
surviving effects of attacks. Our framework shows the considerable reduction in routing
overhead, the percentage of data packets lost and false positive rate. As shown in the results,
the rate of detection and diagnosis improves with the use of the proposed framework. Essential
network services are always provided even if the network is under attack. According to the
results obtained, the proposed framework outperforms the network without survivability.
3.5 Threat Model
In the context of network security, a threat is a potential or actual adverse event that can be
malicious (such as a DoS attack) or incidental (such as the failure of a device) and, that can
compromise the system functionalities. Modeling threats is a method to identify and enumerate
potential threats and vulnerabilities theoretically, from an attacker’s perspective. To optimize
network security, a threat model provides a systematic analysis of the probable attacks and the
functionalities most affected by the attackers. Using this information, defenders can define
countermeasures to prevent, or mitigate the effects of threats to the network. Threat modeling
answers the following questions: What are the most vulnerable points in the network?, What
are high-value functionalities that can be targeted by attackers?, What are the most relevant
threats? and Is there an attack that might go unnoticed?
In communication networks, the important aspect of threat modeling is to determine where the
most effort should be applied to secure a system. This decision varies depending on the
applications, specific requirements and desired functionalities at different layers of the network
model. Threat modeling is an iterative approach that involves defining essential functionalities,
identifying application-specific requirements concerning these functionalities, identifying
potential threats and vulnerabilities and creating security profiles for adverse events.
Chapter – 3 Proposed Survivability Framework
49
To derive the threat model for our proposed survivability framework, we focus on the essential
services which are needed to be provided and the threats that can target such services. We
consider Routing, Data Forwarding, and Connectivity as the essential services which are to be
provided by any MANET application. Various forms of DoS attacks can target different types
of routing protocols at the network layer and thus, the above mentioned essential services also
get affected. Therefore, our threat model assesses possible forms of DoS attacks and their
impact on service provisioning. Based on this analysis, we propose the algorithms for
preventing and mitigating attacks and their effects. The following section describes how DoS
attacks might be the potential threats to the essential services identified by us.
3.5.1 Denial of Service (DoS) Attacks
As shown in Figure – 3.1, Denial of service (DoS) attacks in MANETs are categorized as i)
attacks on data traffic and ii) attacks on routing traffic [38][26]. Attacks on data traffic can be
further classified into two types: i) flow disruption attacks and ii) resource depletion attacks.
When an attacker corrupts, delays or drops data packets passing through it, it is called a flow
disruption attack. In a resource depletion attack, an intruder seizes precious network resources
such as bandwidth, energy etc. and thus these resources become unavailable for the use by the
legitimate traffic in the network.
Figure – 3.1 Classification of DoS Attacks
Researchers have proposed techniques to deal with flow disruption and resource depletion
attacks in the ad-hoc environment. Most of these techniques rely on the design of the specific
routing protocols and must be incorporated into particular ad hoc routing protocols. As we aim
Chapter – 3 Proposed Survivability Framework
50
to build a general survivability framework, our proposed intrusion tolerance component is
independent of a routing protocol and can be used with any underlying ad hoc routing
mechanism.
One very popular approach to deal with flow disruption attacks is multi-path routing [5]. In
multi-path routing, packets are routed along all communication paths which are available
between the source and the destination. Multi-path routing uses redundancy to increase packet
delivery ratio. Even if one or more paths are affected by the intruders, packets are transmitted
along the other redundant paths to achieve end-to-end communication. The major downside of
multi-path routing is the consumption of additional bandwidth to send packets along multiple
redundant paths. Thus, the overhead in a multi-path routing protocol is usually much higher
than a uni-path routing protocol. The other important drawback of multi-path routing is that
conventional routing protocols for ad hoc networks do not support multi-path routing. Either
they are modified to support the functionalities of multi-path routing or a new routing algorithm
with the required functionalities needs to be devised.
In the case of a resource depletion attack, the intruder wastes the network resources by flooding
the network with spurious packets [38]. A flow of such packets drains the energy of the nodes
through which they pass. A considerable amount of network bandwidth is also consumed to
route such spurious traffic of packets. Intruders generate fake packets or replay legitimate
packets to generate a stream of spurious traffic. To defend the network from such resource
draining attack, it is required to subdue the flow of spurious packets. The following section
describes our proposed approach for defending and tolerating the impact of flow disruption and
resource depletion attacks.
3.6 Proposed Survivability Framework
As shown in Figure – 3.2, the three defense lines need to be applied cooperatively to achieve
survivability in MANETs [36].
Chapter – 3 Proposed Survivability Framework
51
Figure – 3.2 Three Defense Lines for Survivability
We have designed and presented the following architecture, which constitutes our proposed
survivability framework:
Figure – 3.3 Proposed Survivability Framework
There are total five functional blocks defined in our approach to implement the defense lines.
These functional blocks are 1) Prevention 2) Detection 3) Diagnosis 4) Mitigation and 5)
Tolerance. Each defense line in our proposed framework requires one or more functional
blocks to achieve survivability partially. For instance, preventive defense line needs prevention
as the functional block. Detection, Diagnosis, and Mitigation processes are implemented in the
form of functional blocks for the reactive defense line. The third defense line, intrusion
tolerance executes the functionalities specified in the tolerance functional block. A detailed
description of these functional blocks is given in the next chapter.
Chapter – 3 Proposed Survivability Framework
52
Figure – 3.4 Functional Blocks of the Proposed Survivability Framework
To achieve survivability, the three defense lines must be aggregated to build a complete
survivable framework for a MANET. Figure – 3.4 describes how our framework employs
aggregation of functional blocks to utilize the functionalities of the defense lines. All three
defense lines must be enabled at the same time as these lines operate cooperatively. A brief
description of the operations performed by each functional block is shown in Figure – 3.4. The
Chapter – 3 Proposed Survivability Framework
53
specifications and working of functional blocks are discussed in detail in the next chapter.
Following paragraphs give the primary idea of operations carried out by functional blocks.
Prevention block implements a distributed wireless firewall mechanism to maintain
permissible packet flow information. Along with this information, the prevention block also
maintains dynamic thresholds β, γ, and λ to deal with different forms of flooding. The
thresholds are set based on current network conditions, using fuzzy logic rules. The complete
logic of prevention block is elaborated in Section 4.1, in the next chapter.
As shown in Figure – 3.4, functional blocks of the reactive defense line execute sequentially.
The reason is that the diagnosis of anomalies can be performed only after the detection.
Therefore, Diagnosis block requires inputs from the anomaly detector. Alarm generated by the
detection block along with the network state vector are provided as inputs to the diagnosis
block. Similarly, mitigation actions can be performed only after the type of detected attack is
identified. Hence, attack type generated by the diagnosis block is used as input by the
mitigation block. Functionalities associated with each block of the reactive defense line are
explained in Section 4.2 of Chapter – 4.
The tolerance block mainly uses an overlay routing mechanism to continue providing essential
services such as routing and data forwarding when the network is under attack. The proposed
overlay routing mechanism does not depend on underlying routing protocols for MANETs.
Upon detecting a route failure, this mechanism establishes an overlay path from the source to
the destination to complete the process of communication. The exact flow of operations for the
tolerance block is stated in the next chapter, in Section 4.3.
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
54
CHAPTER – IV
Functional Blocks of the Proposed Survivability
Framework
As described in the previous chapter, our proposed framework uses three defense lines –
Preventive, Reactive and Tolerance. There are total five functional blocks defined in our
approach to implement the defense lines. These functional blocks are Prevention, Detection,
Diagnosis, Mitigation, and Tolerance. Following sections present the detailed working of each
functional block.
4.1 Preventive Defense
4.1.1 Prevention Block
i) Issues with conventional firewalls in MANETs
In traditional networks, to prevent unauthorized traffic from entering into the network, a
firewall is placed at the ingress/egress point of the network. In MANETs, the topology of the
network is highly dynamic and nodes can enter or leave the network at any time. Due to these
characteristics and absence of a centralized management authority, it is very difficult to define
the ingress/egress point for the network. Furthermore, in the ad-hoc environment, any node
participating in the network could be an intruder and an attack could originate from the network
itself. Hence, the conventional concept of firewalls does not work in MANETs. Moreover,
traditional firewalls are not designed to resist impersonation based flooding attacks where
packets are spoofed and sent as legitimate ones. Such packets can pass through the firewalls as
they satisfy the access control rules mostly based on either port level or IP address level access.
ii) Distributed Wireless Firewall – Our Approach
Our idea of defending MANETs from packet flooding attacks originating from the network
consists of the concept of a distributed wireless firewall. To make the firewall distributed, the
functionalities of it are distributed within all nodes in the network. Each node in the network
maintains an additional table, called the firewall table to maintain a list of permissible packets
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
55
flows which can pass through that node. A stream of packets from one node to another is
considered as a packet flow and is uniquely identified by the IP addresses of the source and
destination nodes. Along with the packet flow specifications, the firewall table also maintains
the thresholds for preventing a flood of spurious packets from draining the network resources.
The use of these thresholds is described later in this section.
The firewall tables are not static and the entries in them are generated and maintained at
runtime. This makes the design of the firewall reconfigurable. The entries of the firewall table
are updated automatically to respond to changes in the network topology or detected intrusions.
Furthermore, the firewall table entries have a finite lifetime. If the entry is not renewed within
that lifetime, it is deleted from the list of permissible packet flows. There is no centralized
authority in the network to manage or control the functionalities of the firewall. Thus, the
firewall is configured and maintained in a completely decentralized manner.
When an intruder generates a stream of spurious traffic, the distributed wireless firewall
attempts to filter out the traffic of flooding packets. As described above, all the nodes in the
network maintain a firewall table. Using the entries of these tables, the immediate one-hop
neighbors of the intruder prevent the attack traffic from flowing through the network and filter
it out. The following paragraphs describe how this is done in our framework.
iii) Maintenance of Permissible Packet Flows using Handshaking
The distributed firewall is created and maintained dynamically in the network by using
handshaking mechanism between the sender and receiver of a packet flow. Before initiating
the transmission of data packets, the sender sends a Flow Sending Request (FSREQ) message
to the receiver. The FSREQ message is sent to the receiver using the underlying routing
protocol for ad hoc networks. Upon receiving this message, if the receiver decides to accept a
flow of packets from that sender, it generates a control message Flow Acceptance Reply
(FAREP) and sends it back to the sender. The FAREP uses the reverse of the path taken by the
FSREQ to reach the sender. Such a handshake between the sender and receiver nodes needs to
be executed periodically during the lifetime of the required communication.
When an FAREP message is sent back by the receiver upon accepting the flow sending request
from a sender, the FAREP message passes through the intermediate nodes. The FAREP
message also contains the exact route to be followed by it. Each intermediate node on this route
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
56
reads this path and creates/refreshes a time-bound entry for it in its firewall table and marks
this entry as a permissible flow. Whenever handshake signals are exchanged between the
sender and receiver, the entries in the firewall tables are refreshed. In case of a route failure, a
new route is found according to the specifications of the underlying ad hoc routing protocol
and handshaking between the sender and receiver takes place again to obtain necessary entries
for the new route in the firewall tables. Firewall table entries for the flows which are no longer
valid would expire and be deleted from the table.
iv) Prevention using Thresholds
a. Prevention from Route-Request Flooding
During the on-demand routing process in MANETs, intruders can exploit the routing
functionality and can send a large number of route request packets. To deal with this form of
flooding attacks, the proposed mechanism uses two threshold values: β and λ. The idea is to
have a reasonable value of thresholds for attributes which indicate the flooding attack and raise
an alarm when the attribute values cross that threshold. Initially, each node defines its default
thresholds for these attributes; for all other nodes. A threshold β specifies the maximum number
of packets that can be transmitted by a node in an interval and it is determined by considering
the average number of packets transmitted in an interval by the node and the average number
of neighbors in its vicinity. γ is the maximum number of times a malicious node can exceed β
before it is blacklisted. This threshold should not generate more false positives and thus it
should be low.
If within a given time interval, a node receives more than β packets from the neighbor then the
subsequent packets from that neighbor should be dropped. If the same neighbor node exceeds
β transmissions by γ intervals then that neighbor node can be assumed to be flooding. All the
packets received from this neighbor should be discarded in the future intervals. This technique
is used for route request flooding prevention.
b. Prevention from Data Packet Flooding
The other form of flooding attack can be implemented by sending a large number of fake data
packets. Fake data packets do not carry any meaningful information in their payload field. To
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
57
prevent this type of flooding attack, a threshold λ is used which specifies the number of fake
data packets that the attacker node can send.
A destination node waits until it receives λ fake data packets from an attacker. When the
number of fake data packets received exceeds λ, the destination node should broadcast that the
path between it and the attacker is not available by generating an error packet. So, the path
existing between the attacker and the destination would be discarded and no new fake data
packets would be sent over that path.
c. Prevention from Duplicate/Replayed/Impersonated Packet Flooding
For each flow, the receiver monitors the duplicate packet receipt rate and the packet
authentication failure rate. The proposed framework uses IPsec based packet authentication to
achieve data integrity of data packets transmitted over the network. Using the packet sequence
number field of IPsec header, the receiver can detect duplicate or replayed packets. The sender
inserts a signed message authentication code in the authentication header field of an IP packet.
Upon receiving the packet, the receiver examines this field to verify the integrity of the received
message. At the receiver, impersonated or replayed packets would increase the rate of
authentication failure and reception of duplicate packets, abnormally. This behavior is detected
by the receiver and it is considered as an anomaly in the current flow. At that time, the receiver
stops accepting Flow Sending Requests from the sender and does not send any FAREP
messages over the existing path. Hence, the entries existing for this flow in the firewall tables
of intermediate and source nodes would not be refreshed and would expire periodically. The
sender would come to know about the path failure when it attempts to complete the required
handshaking procedure with the receiver fails after a certain number of retries.
v) Threshold Setting
In communication networks, to assess the performance, if the collected data values do not suit
the corresponding threshold values then it is an indication of the poor performance of the
network or devices [14]. A threshold value can be set to any level, such as the maximum value,
the minimum value or the equal value. Network services are liable to various types of attacks
and intrusions which could tamper the overall functionality of the network. Defensive and
preventive measures can overcome this liability to a great extent. Such measures analyze the
network traffic and obstruct the intrusions. For this analysis purpose, it is very important to
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
58
select a proper set of features that can affect the crucial network services [140]. If the correct
threshold values are set for these features then it can leverage the resistance capabilities of
prevention mechanisms.
To define thresholds for the prevention phase, we consider the essential services to be provided
by the network and the possible types of attacks that can target these services at the network
layer. Flooding of route request packets, data packets containing no useful information or
spoofed or replayed packets can affect the services such as routing, connectivity and data
forwarding which are the essential services for any MANET. Hence, to deal with a particular
type of attack, we select those features which greatly impact one or more essential services.
For the set of these features, threshold values are defined to identify the deviation.
To set thresholds during the prevention phase, either fixed values or fuzzy values can be used
[141]. In dynamic scenarios, it becomes difficult to determine a fixed threshold value for a
feature to analyze its impact on the changing system behavior. As MANETs have a very
dynamic behavior, the network state varies in response to different types of events in the
network. Therefore, the current statistics in the network should always be considered to decide
the correct threshold values for the selected features [140]. For such a requirement, fuzzy
thresholds are more appropriate compared to fixed thresholds. Fuzzy thresholds can deal with
imprecision and non-statistical uncertainty of the features and capture linguistic, rule-based
control strategies [142]. Fuzzy logic based threshold setting has proven effective in a variety
of applications, especially where it is difficult to characterize a system using fixed two-valued
logic [143]. Fuzzy if-then rules evaluate the network conditions using selected features and
generate a linguistic threshold value as the outcome. The following paragraphs describe how
threshold setting is done for our prevention block.
The prevention phase uses fuzzy logic to set the thresholds β, γ, and λ. Features considered for
setting β are the number of one-hop neighbors (Nn), energy level of a node (EL) and the number
of packets transmitted by a node (Np). Using these features as inputs and following labels for
fuzzy variables, fuzzy if-then rules are defined for β. Combinations of values for input features
and the corresponding output values are shown in Table – 4.1.
Nn = {S (Small), M (Medium), L (Large)}
Np = {S (Small), M (Medium), L (Large)}
EL = {L (Low), M (Medium), H (High)}
β = {S (Small), M (Medium), L (Large)}
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
59
Table – 4.1 IF-THEN Fuzzy Rules for β
Rule If Then
Nn Np EL
β
1 S S L S
2 S S M M
3 S S H L
4 S L L S
5 S L M S
6 S L H S
7 S M L S
8 S M M M
9 S M H M
10 M S L S
11 M S M M
12 M S H M
13 M M L S
14 M M M M
15 M M H M
16 M L L S
17 M L M S
18 M L H S
19 L S L S
20 L S M S
21 L S H S
22 L M L S
23 L M M M
24 L M H S
25 L L L S
26 L L M S
27 L L H S
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
60
To set γ, the energy level of a node (EL) and memory available with a node (Mem) are used as
input parameters to define fuzzy rules. Mapping of input values and output threshold values is
given in Table – 4.2.
EL = {L (Low), M (Medium), H (High)}
Mem = {L (Low), M (Medium), H (High)}
γ = {S (Small), M (Medium), L (Large)}
Table – 4.2 IF-THEN Fuzzy Rules for γ
Rule If Then
EL Mem γ
1 L L S
2 L M S
3 L H S
4 M L M
5 M M S
6 M H S
7 H L L
8 H M M
9 H H S
Similarly, for setting λ, the input parameters are energy level of a destination node (EL), the
amount of memory available with the destination (Mem) and the count of fake data packets
received by the destination node from a source node (Cf). Fuzzy variable labels and if-then
rules are defined as below:
EL = {L (Low), M (Medium), H (High)}
Mem = {L (Low), M (Medium), H (High)}
Cf = {S (Small), VS (Very Small)}
λ = {S (Small), M (Medium), L (Large)}
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
61
Table – 4.3 IF-THEN Fuzzy Rules for λ
Rule If Then
Cf EL Mem λ
1 VS L L S
2 VS L M S
3 VS L H S
4 S L L S
5 S L M S
6 S L H S
7 S M L M
8 S M M M
9 S M H S
10 S H L M
11 S H M M
12 S H H S
13 VS M M M
14 VS M L M
15 VS M H S
16 VS H L L
17 VS H M M
18 VS H H S
4.1.2 Algorithm of Prevention Block
The steps involved in the execution of prevention block are listed in the form of an algorithm
and the same is given below.
Step 1: Setup/Update Firewall Table at each node
1.1: The sender sends FSREQ message to the receiver using underlying ad hoc routing
protocol
1.2: The receiver generates FAREP message if it decides to accept a flow of packets
from that sender
1.3: FAREP message is sent to the sender, using the same route as traversed by FSREQ,
but in the reverse direction
1.4: Intermediate nodes receiving FAREP creates/refreshes a time-bound firewall table
entry for the packet flow
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
62
1.5: If a route failure occurs then repeat from step 1.1
Step 2: Update thresholds entry in the firewall table
2.1: Threshold β is updated based on fuzzy if-then rules which use the number of
neighbors in the vicinity of the node, number of packets transmitted by the node and
node energy level as input parameters
2.2: Threshold γ is modified using if-then fuzzy rules considering node energy level
and available node storage
2.3 Threshold λ is refreshed at the destination node considering the count of fake data
packets already received by the destination, energy level of destination and memory
available at the destination node, using fuzzy if-then rules.
Step 3: Within a time interval, if a node receives more than β packets from a neighbor then
drop subsequent packets from that neighbor
Step 4: If the same neighbor exceeds β by γ intervals, then blacklist the neighbor and discard
packets from that node in future intervals
Step 5: If a destination node receives more than λ fake data packets from the same node, then
broadcast path cutoff
Step 6: If the receiver detects an abnormal increase in the rate of duplicate/replayed or
impersonated packets then stop sending FAREP in the response of flow sending
requests
4.2 Reactive Defense
4.2.1 Detection Block
i) Features to characterize network behavior
The proposed anomaly detector uses the features which are the variables characterizing the
behavior of the given system. To make this component generalized, it is required to consider
the behavior of the network at the routing layer. Based on the study of various ad-hoc routing
protocols, following are the general features of routing layer considered which are not specific
to any particular attack: Packet rates, Packet rate differences, Packet ratios, Packet distances,
Number of different source addresses, Number of different destination addresses. A brief
description of these features are given below:
Packet rates: number of packets of each type received
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
63
Packet rate differences: difference in the packet rates calculated for each type of packet
Packet ratios: quotient of the number of packets received of a specific type compared
to another packet type
Packet distances: number of packets received between the receptions of two specific
types of packets.
Number of different source addresses: number of different source addresses counted in
the packets received
Number of different destination addresses: number of different destination addresses
counted in the packets received
ii) Normality Model
The detection component is implemented as a statistical anomaly detector. If the current state
of the network deviates too much from the considered normal network state, this component
will generate an alarm. The normal behavior of a network can be described by means of a
normality model which defines values for selected features when no anomalies are present in
the network. The current behavior of the network, specified by the state vector contains the
values of the same selected features. If feature values in the current state vector deviate from
their normal values, then the detector block treats it as an anomaly. Our proposed anomaly
detector needs a learning phase to derive the normality model. It is unrealistic to generate a
“perfect” normality model for any network. However, to accumulate preliminary normality
models, networks can be deployed in learning environments.
The normality model of the network is automatically generated by training the network. The
model is local to nodes and consists of four elements: the distance threshold Thi , the maximum
feature vector SiH, the minimum feature vector Si
L and the average feature vector Savgi. Si
H and
SiL represent the maximum and minimum values observed for each feature. Savg
i, SiH and Si
L
vectors are calculated during a period of time with a set of N observations. The maximum and
minimum feature vectors are used for normalization (to equalize the magnitude of the different
features in the vector). The normalized vector Vn at node i is calculated as Vn = (V - SiL) / (Si
H
- SiL).
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
64
iii) Anomaly Detection
The basic concept of the detector is to find the deviation between the given status of the network
and the normality model. As the normality model is local to nodes, the deviation is required to
be calculated for each node. At a given point in time, the state of the network perceived by a
node i is represented as a state vector Si. This vector contains numerical values for selected
features. The deviation can be found as the Euclidean distance D(Si(t)) between the normality
model local to node i and a given observation Si(t). The distance is then compared with a node-
specific threshold Thi. An alert is generated if D(Si(t)) > Thi. The threshold Thi is generated as
a part of the normality model of the node and specifies how far an observation can be from the
average.
To detect an anomaly within the system, the detector needs to observe the traffic and its
characteristics for a certain period of time. The alarms must be generated after that fixed time
interval if the threshold value is higher for that period. The alerts generated by the detector are
processed and aggregated during the interval Ia. The number of packets evaluated and the
number of alerts registered are counted during this period. The alarm is generated if the number
of alerts within the given period exceeds a certain threshold Tha. This threshold is defined in
terms of the proportion of alerts registered over the number of packets evaluated during Ia.
The distance threshold Thi is calculated after calculating the normality vectors. To determine
Thi, the distribution of the distances D(Si(t)) is characterized for a given set of M different
observations. Here, to set the threshold the three-sigma rule can be applied so that most of the
distributions fall inside the threshold. The range obtained using the three-sigma rule for a
normal distribution covers 99.7% of the observations. Thus, Thi is calculated as Thi = µi + 3σi,
where µi is the mean distance and σi is the standard deviation of the given distribution.
4.2.2 The Algorithm of Detection Block
The systematic flow of operations for the detection mechanism is given below.
Input: General Features of Routing Layer, Network Statistics
Output: Alarm, Average feature vector Savgi, Status vector Si(t)
Step 1: At every node i, Generate network normality model consists of
a) Minimum feature vector SiL
b) Maximum feature vector SiH
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
65
c) Average feature vector Savgi
d) Distance Threshold Thi
Step 2: At every node i, find deviation between the current network state Si(t) and the normality
vector
Step 3: If deviation D(Si(t)) > Thi then generate an alert
Step 4: Aggregate alerts generated during time interval Ia
Step 5: If the number of alerts aggregated within Ia exceeds threshold Tha then generate an
alarm
4.2.3 Diagnosis Block
The role of the diagnosis component is to identify the nature of the attack upon receiving an
alarm generated by the detector component. The diagnosis is done based on the feature values
that describe the node status at a given time. It is assumed that the effects of a particular attack
are always of the same nature, irrespective of the network conditions and node locations.
The diagnosis component works as follows: Along with the alarm, the detector component
provides the average feature vector Savgi and the status vector Si(t) as evidence. A unit length
difference vector di(t) is then calculated as di(t) = Si(t) - Savg
i . This difference is normalized as
dni (t) = di(t) / ||di(t)||, and called the evidence vector. To do the diagnosis, the evidence vector
is required to be matched with the attack vector. It is not possible to characterize all the possible
attacks during the training phase. Therefore, if an attack is not included in the attacker model
and thus not known, the diagnoser component may return unknown attack as the outcome.
The attack model is composed of a number of example vectors to represent the effect of a
particular attack on the different features of the status vector. As no existing dataset provides
an attack model directly, an example vector for a particular attack is calculated by running a
simulation in which the same is applied. To form the example vector Ej, all the observed
differences across the network di(t) are averaged and normalized (here, j is the associated
attack’s status and only the status vectors those were classified as anomalous are considered).
The resulting attack model is a matrix E = [E1 E2 … Ek], with k columns. It is possible to
characterize an attack by more than one example vectors.
To deal with non-modeled attacks, a threshold αj is calculated for each example vector Ej. This
threshold is used to determine the degree of closeness of matching attack with the given status.
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
66
To calculate αj, first, all the observations used to create Ej are projected against the example
vector. The distribution of projection is then studied and the threshold αj is selected as the range
that contains most of the projections.
In the diagnose component, it is possible to use the same example vectors for the entire
network, for every node. It is assumed that the effect of attacks is approximately uniform
regardless of the normality model generated for a node.
For each interval Ia in which the anomaly detector generates an alarm, the corresponding
observations are given to the diagnose as the evidence of an attack. The diagnose diagnoses
each observation and the attack type associated with the largest number of observations for the
given interval is selected as the output.
For each observation which is considered anomalous, the evidence vector is evaluated against
the example vectors of the known attacks. The example vector that most closely resembles the
evidence vector is selected as the indicator of the possible attack. The angular distance between
the evidence vector and the example vector is considered as the similarity.
To determine whether the output the diagnoser is a known attack or not, a special projection
vector Pi(t) is calculated as Pi(t) = ET . dni(t), where ET represents the transpose of the attack
matrix. A higher projection value for a given attack matrix denotes that the observation
resembles that attack most closely. The dot product between two vectors can be represented as
the scalar projection of one vector on the other. For the above dot product, the possible
projection values are -1, 0 and 1 as the vectors are unit length vectors.
Let Qi(t) be the attack whose example vector has the highest projection value Pij(t) at node i
during observation t. After selecting an example vector Ej, Pij(t) is evaluated against the
threshold αj. If Pij(t) >= αj , the output is Qi(t), otherwise is unknown. In the end, all the
observation diagnostics in the interval Ia are aggregated and the attack type with the largest
number of observations is provided to the mitigation component. If the attack is unknown, then
also the same information is given to the mitigation component.
4.2.4 The Algorithm of Diagnosis Block
Input: Alarm, Average feature vector Savgi, Status vector Si(t)
Output: Attack Type
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
67
Step 1: For each Ia in which an alarm is generated, Calculate Difference Vector di(t) as di(t) =
Si(t) - Savg
i
Step 2: Normalize the Difference Vector to get the Evidence Vector
Step 3: Match the Evidence Vector ||di(t)|| with each pre-computed Attack Example vector Ej
of known attacks
Step 4: Evaluate similarity Pij(t) against threshold αj. If Pij(t) >= αj , the output is Qi(t) is a
known attack, otherwise, the attack is unknown
Step 5: All the observation diagnostics in the interval Ia are aggregated and the attack type with
the largest number of observations is provided to the mitigation component
4.2.5 Mitigation Block
i) Mitigation Actions
The diagnosis component provides inputs to the mitigation component. Using this information,
the mitigation component chooses an appropriate action to respond to the suspected attack.
This component contains a number of mitigation actions and a mitigation controller. The
mitigation controller is responsible for deciding the type of mitigation to apply and when to
apply it. A generic mitigation action is applied if the detected attack is categorized as unknown.
The mitigation actions are specific to attacks. In the current proposed framework, mitigation
actions are specified for various forms of flooding attacks. The mitigation actions do not
attempt to affect the attacker node’s behavior or identify an attacker.
ii) Mitigation Controller
The role of the mitigation controller is to decide when to enable or disable the mitigation
actions. Due to MANET characteristics and detection accuracy, it is possible that the alarms
generated by the detector are not always accurate. There may exist some non-detected attack
intervals while an attack is affecting the network.
The mitigation controller uses the detection rate of the diagnosed attack which is calculated
during the modeling of the attacks, to extend the mitigation during a period φ after an alarm.
The rate of detection is expressed as P(D|Aj), which is the probability of detection provided
that an attack j is present. Therefore, the probability of no detection is 1 - P(D|Aj). Let W be a
window of a finite number of intervals during which the detector evaluations are taken. The
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
68
expected number of intervals ∂ in which attacks are detected is E[∂] = W * P(D|Aj) and φ in
which attacks are not detected is E[φ] = W * (1 - P(D|Aj)). Thus, the expected number of non-
detections can be expressed as E[φ] = E[∂] * { (1 - P(D|Aj))/ P(D|Aj)}.
This information can be used to extend the duration of the mitigation actions after the first
interval in which no anomalies are detected. Given a number of observed consecutive detection
intervals ∂, the period of mitigation is extended with φ intervals of mitigation even if no attack
is detected during this time. This adaptive mitigation mechanism has two advantages: it will
not mitigate for unnecessarily long periods and it will mitigate for long enough periods when
the attack is ongoing. When the latest attack is categorized as unknown, the mitigation actions
are not extended.
4.2.6 The Algorithm of Mitigation Block
Input: Attack Type generated by the Diagnosis Component
Output: Updated Routing Layer Feature Values after Mitigation
Step 1: Based on the attack type generated by the diagnosis component, the mitigation
controller determines which actions to apply to mitigate the attack
Step 2: Mitigation Actions are applied during an interval in which a known attack is detected
Step 3: Generic Mitigation Actions are applied if the attack is unknown
Step 4: The duration of the mitigation actions are extended after the first interval in which no
anomalies are detected
4.3 Tolerance
4.3.1 Overlay Routing
When a sender detects the failure of the current route of a flow, it invokes the overlay routing
mechanism to establish a new path to the receiver. The overlay routing mechanism is
independent of ad hoc routing protocols. In the overlay routing, when the sender decides to
discover a new path upon inferring the failure of the existing path, it randomly selects any one
node present on the current path. The selected node is called the overlay node. The sender then
tunnels all packets for the destination to the overlay node, which in turn tunnels the packets
received from the sender to the destination node. Thus, the path established between the source
and destination nodes is an overlay path formed by linking the two tunnels at the selected
overlay node. If the new overlay path consists of an intruder node (i.e., the node generating the
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
69
spurious traffic) then the newly established path would fail again. In this case, the sender selects
a new overlay node and attempts to reach the destination again until it succeeds or exceeds the
maximum number of retries.
4.3.2 The Algorithm of Tolerance Block
The following algorithm describes the process implemented in the tolerance block.
Step 1: Invoke Overlay Routing Mechanism if a sender detects the failure of the current route
of a flow
Step 2: Overlay Routing Mechanism randomly selects a node on the existing path, which is
called an overlay node
Step 3: The sender tunnels all packets for the destination to the overlay node
Step 4: The overlay node tunnels the packets received from the sender to the destination node
Step 5: If the new overlay path fails due to the presence of an intruder node on that path, then
go to Step 1
Step 6: Repeat until the sender succeeds in establishing a path to the destination or exceeds the
maximum number of retries.
4.4 Workflow of the Proposed Framework
The following flowchart represents the flow of processes involved in each functional block to
implement our integrated survivability framework. As stated earlier, preventive, reactive and
tolerance defense lines would execute simultaneously. The functional blocks of the reactive
defense line – Detection, Diagnosis, and Mitigation, would operate in a sequence, as described
in the above algorithms.
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
70
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
71
Chapter – 4 Functional Blocks of the Proposed Survivability Framework
72
Figure – 4.1 Complete workflow of the proposed survivability framework
Chapter – 5 Experimental Setup and Results
73
CHAPTER – V
Experimental Setup & Results
5.1 Simulation Setup
For proof of concept, we are using GloMoSim (Global Mobile Information System Simulator)
simulator [145]. Our proposed survivability framework with the necessary functional blocks
are implemented in GloMoSim. We now discuss why we are using GloMoSim over other
network simulators.
GloMoSim provides a scalable simulation environment for large wireless and wired
communication networks [145]. It uses a parallel programming language, Parsec [145] to
support a parallel discrete-event simulation capability. GloMoSim offers the simulation of
networks consisting of a large number of nodes connected by a heterogeneous communication
technique which includes multi-hop ad-hoc wireless communication, multicast
communication, conventional Internet protocols and asymmetric communications based on
satellite broadcasts. Table – 5.1 lists the GloMoSim models currently available at each of the
major layers:
Table – 5.1 Protocols Available at Different Network Layers in GloMoSim
Compared to other network simulators such as NS-2, NS-3, OMNET++, and OPNET,
GloMoSim offers better scalability and lesser execution time [146][147]. GloMoSim uses the
node aggregation technique to give significant benefits to the simulation performance.
Initializing each node as a separate entity inherently limits the scalability because the memory
requirements increase dramatically for a model with a large number of nodes. With node
Chapter – 5 Experimental Setup and Results
74
aggregation, a single entity can simulate several network nodes in the system. Node
aggregation technique implies that the number of nodes in the system can be increased while
maintaining the same number of entities in the simulation. In GloMoSim, each entity represents
a geographical area of the simulation. Hence the network nodes which a particular entity
represents are determined by the physical position of the nodes [146].
GloMoSim has a Visualization Tool that is platform independent because it is coded in Java.
This tool allows to debug and verify models and scenarios; stop, resume and step execution;
show packet transmissions, show mobility groups in different colors and show statistics.
The radio layer is displayed in the Visualization Tool as follows: When a node transmits a
packet, a yellow link is drawn from this node to all nodes within its power range. As each node
receives the packet, the link is erased and a green line is drawn for successful reception and a
red line is drawn for an unsuccessful reception. No distinction is made between different packet
types (i.e.: control packets vs. regular packets, etc.) [146].
The main configuration parameters for setting up a scenario are defined in the CONFIG.IN
file. These parameters are shown in Table 5.2. Placement of nodes in simulation terrain is
defined in NODES.INPUT file. APP.CONF file specifies different types of traffic generators
for message transmission. Mobility model with other necessary specifications is given in
MOBILITY.IN file.
Table – 5.2 Simulation Parameters
Simulator GloMoSIM 2.03
Total no. of nodes 10 - 100
Attacker nodes 0% - 100%
Simulation Time 45M
Terrain Dimensions 2000X2000
Node-Placement Random
Mobility Model Random-way-point
Routing Protocol AODV
Traffic Generator FTP/GENERIC
Chapter – 5 Experimental Setup and Results
75
CONFIG-FILE app.conf
The nodes are placed using RANDOM node-placement strategy in the terrain area of
2000X2000. The traffic generator used for simulation is FTP/GENERIC and RANDOM-
WAYPOINT model is used for node mobility. To show the performance of the proposed
protocol, AODV (Ad hoc On-Demand Distance Vector) [148] routing protocol is used as an
illustration. The reason for choosing AODV over other routing protocols is that the attacks
considered in our threat model can always target AODV. Hence, we can evaluate the
effectiveness of the proposed survivability framework when the network is under attacks.
Based on the characteristics of AODV routing protocol, we use the following features at the
routing layer during the training phase. These features are important to derive the normality
model of the network at each node.
• Packet rate of RREQ, RREP, RERR
• Packet rate differences
• Packet ratio of RREQ/RREP, RREQ/RERR, RREP/RERR
• Packet distance of RREQ and RREP
• Number of different source addresses
• Number of different destination addresses
5.2 Performance Parameters
In general, important metrics to evaluate the performance of a MANET at the routing layer are
throughput, average routing overhead and average power consumption [149]. Throughput
measures how well the network delivers packets from the source to the destination [150].
Average routing overhead is defined as the average number of control packets produced per
node. Control packets include route requests, route replies and route error messages [149].
Average power consumption is measured as the average power consumed per node [149].
Factors that affect the routing performance of a MANET are node speed, network size, number
of traffic sources, node pause-time and type of routing [150]. As described by the authors of
[149], a number of traffic sources is the factor that has the strongest effect on the performance.
Size of the network is another important factor to be considered to measure the performance.
Chapter – 5 Experimental Setup and Results
76
Based on the requirements of a specific MANET application or desired services, the above
mentioned set of factors and performance metrics can be modified. As we consider
survivability as the basic problem, we focus on factors and metrics that affect the survivability
of a MANET. The number of traffic sources, network size and number of attacker nodes present
in the network are important factors to consider with respect to survivability.
For evaluating the performance of the functional blocks of our survivability framework, we use
different metrics. These metrics are determined based on the objectives and requirements of a
particular functional block. For example, to assess the effectiveness of the prevention block,
we measure routing overhead and the percentage of data packets dropped due to flooding. Size
of the network, number of attacker nodes and number of traffic sources are the parameters that
affect the performance metrics and therefore these parameters are varied in a fixed range.
For the anomaly detection block, the accuracy of the detection process is very important to
consider. Hence, we treat the detection rate and false positive rate as performance metrics for
the detection block. The duration in which the alerts are aggregated has a great significance in
the computation of detection rate and false positive rate. Thus, we vary attack aggregation
interval as the performance parameter to see its impact on the rate of detection and false
positives.
The diagnosis block receives inputs from the detection block. Hence, the accuracy of detection
affects the outcome of the diagnosis process. The performance of the diagnosis block is
therefore evaluated in terms of the attacks which are diagnosed correctly. This metric is
affected by the same parameter as used in the detection block, Attack aggregation interval.
The process of mitigating attacks is initiated after the execution of the diagnosis block. The
objective of the mitigation block is to mitigate the effects of ongoing attacks in the network.
The effectiveness of mitigation can be seen in terms of routing overhead and the number of
packets dropped due to attacks. Hence, these two are treated as the performance metrics for the
mitigation block. The accurate detection of attacks can improve the performance of the
mitigation phase. Thus, we use the same performance parameter, attack aggregation interval,
for mitigation also.
To see how well the tolerance block performs in achieving survivability, we consider routing
overhead and the number of packets dropped as metrics. The overall performance of the
Chapter – 5 Experimental Setup and Results
77
tolerance phase greatly depends on the parameters such as network size, number of traffic
sources and number of attackers present in the network.
When the network is under any form of flooding attacks, energy consumption at network nodes
always increases, irrespective of the performance parameters. Therefore, we do not show the
impact of flooding attacks on the average power consumption explicitly.
5.3 Experimental Results
This section describes the results of simulations, upon executing functional blocks of our
proposed survivability framework. The above mentioned parameters are varied in a range to
see the effect on the overall performance. Each simulation result presented below shows the
average values obtained by running three simulations.
5.3.1 Prevention
To see the effects of preventive mechanism, the number of network nodes and the number of
attacker nodes are varied in a fixed range. We assume that in any scenario, 0% to 100% of the
total nodes can behave as the adversary. These nodes are called flooding nodes and they can
launch any form of DoS attacks as described in the threat model. As expected, routing overhead
is less when preventive actions are taken. When no prevention logic is applied and the number
of attacker nodes is increased, the percentage of data packets dropped is very high. This
percentage is significantly reduced when our approach of prevention is used.
As shown in Figure – 5.1, if we vary the number of attacker nodes, keeping the number of
network nodes fixed, routing overhead increases when no prevention mechanism is applied.
Here, the overhead is computed in terms of the number of route request packets. Without
preventing the flooding nodes from generating and spreading spurious traffic flow, the attacker
nodes are successful in generating a large number of route request packets in the network. The
effect of applying prevention is also shown in the same graph. Overhead is reduced to a
considerable amount when prevention is used.
Chapter – 5 Experimental Setup and Results
78
Figure – 5.1 Effect of Prevention Logic on Routing Overhead
When the attacker nodes are varied in a range from 0% to 100% for a fixed number of network
nodes, the effect of our prevention logic is shown in terms of routing overhead in Figure – 5.2.
Here, we use 20 sources which generate data traffic in the network. Routing overhead is
reduced to a great extent if we apply our prevention logic. We get similar results if we increase
the number of traffic sources. This is shown in Figure – 5.3 and 5.4 which have 40 and 60
traffic sources, respectively.
Chapter – 5 Experimental Setup and Results
79
Figure – 5.2 Routing Overhead with and without Prevention for 20 traffic sources
Chapter – 5 Experimental Setup and Results
80
Figure – 5.3 Routing Overhead with and without Prevention for 40 traffic sources
Chapter – 5 Experimental Setup and Results
81
Figure – 5.4 Routing Overhead with and without Prevention for 60 traffic sources
Figure – 5.5 shows the effect of flooding on the number of data packets lost when we use a fixed number of network nodes. As shown
in the figure, when we increase the number of flooding nodes, the rate at which data packets are lost increases. This is the case when no
prevention technique is applied in the network. Due to flooding, links become congested and the energy of nodes are drained. Some of
Chapter – 5 Experimental Setup and Results
82
the paths become unavailable due to this and hence packets transmitted over those paths are dropped. When prevention mechanism is
enabled, there is a noticeable reduction in the percentage of data packets dropped.
Figure – 5.5 Effect of Prevention on Percentage of Data Packets Dropped
Chapter – 5 Experimental Setup and Results
83
Figure – 5.6 shows the effectiveness of our prevention mechanism when we vary the number of network nodes. For each fixed number
of network nodes, we vary attacker nodes in the range of 0% to 100% of the total nodes. With the increase in the number of attackers,
data packets dropped also increase. When our prevention mechanism is applied, there is a considerable reduction in the number of
packets dropped due to flooding. The same scenario is tested for 20, 40 and 60 traffic sources and the results are shown in Figure – 5.6,
5.7 and 5.8, respectively.
Figure – 5.6 % of Data Packets Dropped with and without Prevention for 20 traffic sources
Chapter – 5 Experimental Setup and Results
84
Figure – 5.7 % of Data Packets Dropped with and without Prevention for 40 traffic sources
Chapter – 5 Experimental Setup and Results
85
Figure – 5.8 % of Data Packets Dropped with and without Prevention for 60 traffic sources
Chapter – 5 Experimental Setup and Results
86
5.3.2 Detection
As described in the previous chapter, initially in the detection phase, a normality model is needed
to be derived at each node in the network. This model is based on the values contained by normality
vectors computed by nodes. As AODV routing protocol is taken as an illustration, the features to
be included in normality vectors are: Packet rate of RREQ, RREP and RERR packets; Packet rate
differences; Packet ratios (RREQ/RREP, RREQ/RERR, RREP/RERR); number of different
source addresses in received packets; and number of different destination addresses in received
packets. The simulation time is set to 2700 seconds, out of which first 300 seconds are used to
compute node-specific normality vectors and then next 300 seconds are used to determine the
distance threshold Thi. To compute a normality vector for a node, observations are taken after
varying intervals. At the time of determining Thi, the distance values are calculated after every 60
seconds.
As shown in Figure – 5.9, the accuracy of the detection component is mainly based on the intervals
during which observations are taken and alerts are aggregated. As we increase the attack
aggregation interval, detection rate improves.
Chapter – 5 Experimental Setup and Results
87
Figure – 5.9 Effect of Attack Aggregation Interval on Detection Rate
Figure – 5.10 shows the effect of attack aggregation interval on the rate of detection when the
interval is varied from 20 seconds to 100 seconds. Here, the number of traffic sources used is 20.
When the interval is larger, the accuracy of the detection process gets better. The scenario is also
evaluated for 40 traffic generator sources, which is depicted in Figure – 5.11. We get similar results
in both the scenarios. The detection rate remains almost the same when attack aggregation duration
is more than 100 seconds. That is why the same is not shown in the graph.
Chapter – 5 Experimental Setup and Results
88
Figure – 5.10 Detection Rate with varying Attack Aggregation Interval for 20 traffic sources
Chapter – 5 Experimental Setup and Results
89
Figure – 5.11 Detection Rate with varying Attack Aggregation Interval for 40 traffic sources
Chapter – 5 Experimental Setup and Results
90
Figure – 5.12 shows the false positive rate calculated for the detection component for 30 network
nodes and 8 flooding nodes. With a higher aggregation interval, the false positive rate of the
detection component reduces and accuracy of detection improves.
Figure – 5.13 and 5.14 show the false positive rate obtained by varying attack aggregation interval
and number of nodes and flooding nodes. There is a considerable reduction in the rate of false
positives when we use a larger value for the attack aggregation interval.
Figure – 5.12 Effect of Attack Aggregation Interval on False Positive Rate
Chapter – 5 Experimental Setup and Results
91
Figure – 5.13 False Positive Rate with varying Attack Aggregation Interval for 20 traffic sources
Chapter – 5 Experimental Setup and Results
92
Figure – 5.14 False Positive Rate with varying Attack Aggregation Interval for 40 traffic sources
Chapter – 5 Experimental Setup and Results
93
5.3.3 Diagnosis
In the threat model of the proposed security framework, we consider different forms of flooding
attacks. The diagnosis component of the proposed framework is able to categorize the detected
attacks into two categories: Flooding and Unknown. The results of the same are shown in the
Figure – 5.15. When we increase attack aggregation interval, the accuracy of the detector improves
which results in better diagnosis outcome. This scenario is tested using a varying number of
attacker nodes and network nodes and the results obtained are shown in Figure – 5.16. The process
of diagnosis produces improved results when we use a larger aggregation interval.
Figure – 5.15 Effect of Attack Aggregation Interval on Diagnosis
Chapter – 5 Experimental Setup and Results
94
Figure – 5.16 Attack Aggregation Interval vs. Diagnosis
Chapter – 5 Experimental Setup and Results
95
5.3.4 Mitigation
The objective of the mitigation component is to reduce routing overhead and the rate of data
packets dropped due to flooding. Hence, we evaluate the performance of our mitigation component
with respect to these two metrics. Again, the interval during which alerts are generated and
aggregated plays an important role as a performance parameter because the accuracy of mitigation
depends on how accurately detection and diagnosis processes are performed. We vary the number
of traffic sources, the number of attackers and network size to see this effect. As shown in Figure
– 5.17 and 5.18, with a greater value of attack aggregation interval, mitigation of attacks becomes
more effective which reduces routing overhead.
Chapter – 5 Experimental Setup and Results
96
Figure – 5.17 Attack Aggregation Interval vs. Routing Overhead for 20 traffic sources
Chapter – 5 Experimental Setup and Results
97
Figure – 5.18 Attack Aggregation Interval vs. Routing Overhead for 40 traffic sources
Figure – 5.19 and 5.20 show the results of the mitigation component to represent the effect of different combinations of network nodes
and attacker nodes on the transmission of data packets. As the mitigation component is dependent on the detection functionality, its
performance is greatly affected by varying the attack aggregation interval. This graph shows that when higher aggregation intervals are
used, more attacks are detected accurately and subsequently mitigated to reduce the packet dropping rate.
Chapter – 5 Experimental Setup and Results
98
Figure – 5.19 Attack Aggregation Interval vs. % of Data Packets Dropped for 20 traffic sources
Chapter – 5 Experimental Setup and Results
99
Figure – 5.20 Attack Aggregation Interval vs. % of Data Packets Dropped for 40 traffic sources
Chapter – 5 Experimental Setup and Results
100
5.3.5 Tolerance
The aim of the tolerance mechanism is to invoke overlay routing to complete the communication
between the source and the destination nodes. Figure – 5.21 shows the variation in the control
overhead mainly caused by routing when a range of network nodes and attacker nodes are
considered in the experiment. We use 20 traffic generators in the first scenario. This scenario is
evaluated with and without applying the proposed tolerance mechanism. When the tolerance
component is enabled, additional control messages for periodic handshaking and overlay routing
are transmitted. Hence, the control overhead is slightly higher than the one obtained without
applying tolerance. Figure – 5.22 and 5.23 depict the similar effect on the routing overhead when
there are 40 and 60 traffic sources are present in the network.
Chapter – 5 Experimental Setup and Results
101
Figure – 5.21 Effect of tolerance logic on Routing Overhead for 20 traffic sources
Chapter – 5 Experimental Setup and Results
102
Figure – 5.22 Effect of tolerance logic on Routing Overhead for 40 traffic sources
Chapter – 5 Experimental Setup and Results
103
Figure – 5.23 Effect of tolerance logic on Routing Overhead for 60 traffic sources
Figure – 5.24 shows the effect of different combinations of network nodes and attacker nodes on the transmission of data packets when
the network has 20 traffic sources. When distributed firewalls are enabled with no intrusion tolerance logic, the percentage of lost data
packets increases with the higher number of attacker nodes. This percentage is significantly reduced when overlay routing is applied
Chapter – 5 Experimental Setup and Results
104
after detecting the path failures. Figure – 5.25 and 5.26 present the similar results when traffic sources are varied to 40 and 60,
respectively.
Figure – 5.24 Effect of tolerance logic on % of Data Packets Dropped for 20 traffic sources
Chapter – 5 Experimental Setup and Results
105
Figure – 5.25 Effect of tolerance logic on % of Data Packets Dropped for 40 traffic sources
Chapter – 5 Experimental Setup and Results
106
Figure – 5.26 Effect of tolerance logic on % of Data Packets Dropped for 60 traffic sources
Chapter – 6 Conclusions and Future Enhancements
107
CHAPTER – VI
Conclusions and Future Enhancements
6.1 Objectives Achieved
Our proposed survivability framework focuses on tolerating the effects of ongoing attacks and
providing essential services until the preventive and/or reactive mechanisms adapt themselves to
defend the network from those attacks. This framework consists of three defense lines –
Preventive, Reactive, and Tolerance. As described in the previous chapters, these defense lines are
implemented using five functional blocks – Prevention, Detection, Diagnosis, Mitigation, and
Tolerance. The prevention block attempts to protect the network and its services from intrusions
and anomalies defined in the threat model. The detection block assesses the behavior of the
network run-time to detect anomalies. These detected anomalies are analyzed by the diagnosis
block to determine the attack type and their possible impact on the network services. Based on the
generated diagnosis, the mitigation block determines attack-specific mitigation actions, to be
applied for a particular period to mitigate the effects of present attacks. In case of unknown attacks,
generic mitigation actions are applied. The tolerance block executes actions which are needed to
provide essential network services while the other blocks are dealing with threats and anomalies.
The main advantage of using our framework is that it implements all three defense lines. Thus,
when one defense line fails or is unable to protect network services, the remaining defense lines
attempt to secure the network and provide the necessary services and functionalities. Another
important feature of our framework is that it is independent of ad hoc routing protocols. Any
underlying ad hoc routing mechanism can be used with our framework, which eliminates the need
of deriving a new routing protocol. Our framework is flexible enough to be used for any MANET
application and can be modified according to the need of specific applications or required
functionalities.
Chapter – 6 Conclusions and Future Enhancements
108
For evaluating the performance of the proposed framework, different forms of flooding attacks are
considered in the threat model. Our framework is capable of dealing with other types of attacks,
provided that their specifications are available in the threat model. The necessary changes for any
new attack type can be made in the existing functional blocks of the framework.
As presented in the previous chapter, our experimental results clearly show that when a MANET
is simulated with our proposed survivability framework, there is a considerable improvement in
the provision of essential network services at the routing layer. Simulations of prevention block
indicate that the proposed prevention mechanism is capable of reducing the routing overhead and
the number of data packets dropped due to flooding. Results obtained for the detection phase prove
that our detection mechanism detects potential anomalies and intrusions based on the current
network behavior. The outcomes of the diagnosis functional block show that our framework is
able to diagnose the correct type of detected attacks in most of the cases. The impact of the
mitigation block clearly indicates that when the proposed mitigation actions are applied, the
performance of the network improves, with the reduction in routing overhead and data packets
dropped. Results obtained from the simulation of the tolerance phase state that when routing and
data forwarding are affected by flooding in the network, communication is completed using
overlay routing. Though routing overhead is slightly increased due to overlay routing, data
transmission rate is improved and essential network services are provided.
We have achieved the following objectives through our research:
The outcomes of prevention, detection, diagnosis, mitigation and tolerance phases clearly
indicate that our proposed framework with these phases has the capability of surviving
effects of attacks.
Our framework shows a considerable reduction in routing overhead, the percentage of data
packets lost and false positive rate. As shown in the results, the rate of detection and
diagnosis improves with the use of the proposed framework.
Essential network services are always provided even if the network is under attack.
According to the results obtained, the proposed framework outperforms the network
without survivability.
Chapter – 6 Conclusions and Future Enhancements
109
6.2 Conclusion
Due to the proliferation of wireless mobile devices, the use of Mobile Ad hoc Networks
(MANETs) has also increased. For most of the applications of MANETs, security is the main
concern. Conventional security solutions are not sufficient to defend MANETs as they do not have
tolerance capacity. The use of preventive, reactive and tolerance defense lines can make MANETs
survivable. The major requirement of a survivable system is to provide basic functionalities and
services in any case. Other important properties of survivability are resistance, recognition,
recovery, and adaptability. In addition to these properties, survivable MANETs have system and
application-specific requirements. A few existing survivable initiatives are either application-
specific or attack-specific and do not implement all three defense lines. Thus, a complete, generic
survivability framework has been proposed by us to make MANETs and secure and tolerant.
According to our literature review, intrusion tolerance is almost unexplored in most of the
survivability initiatives for MANETs. To implement tolerance capability, our framework focuses
on essential network services which are necessary to provide even in adverse conditions. Apart
from tolerance, the proposed framework has four other functional blocks: Prevention, Detection,
Diagnosis, and Mitigation.
There is still a long way to go, but the simulation of all these functional phases clearly show that
our framework has the capability of surviving attacks in the ad-hoc environment and provides
routing and data forwarding as essential services without disruptions. When our proposed
survivability framework is enabled, the average reduction in routing overhead is about 60% during
the prevention phase. The number of packets dropped due to attacks is also lowered to
approximately 50%. During the detection phase, the false positive rate ranges from 0.08 to 0.13.
The rate of detecting attacks is varied from 0.55 to 0.95, considering different observation
scenarios. The accuracy of diagnosing attacks defined in our threat model is from 70% to 90%. On
an average, there is a 55% reduction in routing overhead and 40% reduction in data packets lost
when our mitigation scheme is applied. As overlay routing is invoked during the tolerance phase,
the average increase in routing overhead is 10%. The advantage of enabling tolerance mechanism
is that the percentage of data packets dropped is lessened to 25%, considering the average of
results. The key properties and important requirements for achieving survivability in MANETs are
Chapter – 6 Conclusions and Future Enhancements
110
also addressed and fulfilled in the proposed framework. The results of our experiments indicate
that a MANET with our survivability framework outperforms a network without survivability. The
proposed framework is generic and can be used with existing MANETs for a variety of attacks
and any ad hoc routing protocol.
6.3 Possible Future Scope
Our proposed survivability framework is flexible enough to be used with any existing MANET.
Our framework does not depend on any underlying ad hoc routing protocol and thus, can be used
with any routing protocol for MANETs.
Based on the requirements of MANET applications and desired essential network services, the
normality model used by our framework can be modified. Depending on the necessary essential
services, it is possible to add, remove or update existing features in the normality model which
specify the behavior of the network.
We consider various forms of flooding attacks in our threat model. Our survivability framework
can be used to deal with other types of attacks if they are defined in the threat model. The functional
blocks of the proposed framework can also be modified accordingly.
It is possible to integrate our proposed survivability framework with any existing IDS or other
security solution for MANETs. Depending on the features of the existing security solutions,
functional blocks of our framework can be adjusted accordingly.
Future enhancement also includes exploration of the adaptive functional block to dynamically
influence the parameters of the other components presented in our framework. Depending on the
availability of resources, this adaptation of survivability can help in increasing system resilience.
111
References
[1] Papadimitratos, Panagiotis, and Zygmunt J. Haas. "Securing Mobile Ad Hoc Networks."
(2004).
[2] Perkins, Charles E. Ad hoc networking. Vol. 1. Reading: Addison-wesley, 2001.
[3] Djenouri, Djamel, Lyes Khelladi, and Nadjib Badache. "Security issues of mobile ad hoc
and sensor networks." IEEE Communications Surveys Tutorials. Vol. 7. No. 4. IEEE
Communications Society, 2005.
[4] Zhou, Lidong, and Zygmunt J. Haas. "Securing ad hoc networks." IEEE network 13.6
(1999): 24-30.
[5] Yang, H., H. Luo, J. Kong, F. Ye, P. Zerfos, S. Lu, and L. Zhang. "Ad hoc network security:
challenges and solutions." (2004).
[6] Khanpara, Pimal, and Bhushan Trivedi. "Security in Mobile Ad Hoc Networks."
Proceedings of International Conference on Communication and Networks. Springer,
Singapore, 2017.
[7] Mamatha, G. S., and Dr SC Sharma. "Network Layer Attacks and Defense Mechanisms in
MANETS-A Survey." International Journal of Computer Applications 9.9 (2010).
[8] Sen, Jaydip, M. Girish Chandra, P. Balamuralidhar, S. G. Harihara, and Harish Reddy. "A
distributed protocol for detection of packet dropping attack in mobile ad hoc networks."
Telecommunications and Malaysia International Conference on Communications, 2007. ICT-
MICC 2007. IEEE International Conference on. IEEE, 2007.
[9] Marti, Sergio, Thomas J. Giuli, Kevin Lai, and Mary Baker. "Mitigating routing
misbehavior in mobile ad hoc networks." Proceedings of the 6th annual international
conference on Mobile computing and networking. ACM, 2000.
[10] Sarkar, Manasi, and Debdutta Barman Roy. "Prevention of sleep deprivation attacks using
clustering." Electronics Computer Technology (ICECT), 2011 3rd International Conference
on. Vol. 5. IEEE, 2011.
[11] Tseng, Fan-Hsun, Li-Der Chou, and Han-Chieh Chao. "A survey of black hole attacks in
wireless mobile ad hoc networks." Human-centric Computing and Information Sciences 1.1
(2011): 4.
112
[12] Sen, Jaydip, M. Girish Chandra, S. G. Harihara, Harish Reddy, and P. Balamuralidhar. "A
mechanism for detection of gray hole attack in mobile Ad Hoc networks." Information,
Communications & Signal Processing, 2007 6th International Conference on. IEEE, 2007.
[13] Sinha, Somnath, Aditi Paul, and Sarit Pal. "The sybil attack in Mobile Adhoc Network:
Analysis and detection." (2013): 458-466.
[14] Hu, Yih-Chun, Adrian Perrig, and David B. Johnson. "Rushing attacks and defense in
wireless ad hoc network routing protocols." Proceedings of the 2nd ACM workshop on Wireless
security. ACM, 2003.
[15] Nadeem, Adnan, and Michael P. Howarth. "A survey of MANET intrusion detection &
prevention approaches for network layer attacks." IEEE communications surveys & tutorials
15.4 (2013): 2027-2045.
[16] Wu, Bing, Jianmin Chen, Jie Wu, and Mihaela Cardei. "A survey of attacks and
countermeasures in mobile ad hoc networks." Wireless network security. Springer, Boston,
MA, 2007. 103-135.
[17] Hubaux, Jean-Pierre, Levente Buttyán, and Srdan Capkun. "The quest for security in
mobile ad hoc networks." Proceedings of the 2nd ACM international symposium on Mobile ad
hoc networking & computing. ACM, 2001.
[18] Ramanujan, Ranga, Atiq Ahamad, Jordan Bonney, Ryan Hagelstrom, and Ken Thurber.
"Techniques for intrusion-resistant ad hoc routing algorithms (TIARA)." MILCOM 2000. 21st
Century Military Communications Conference Proceedings. Vol. 2. IEEE, 2000.
[19] Argyroudis, Patroklos G., and Donal O'mahony. "Secure routing for mobile ad hoc
networks." IEEE Communications Surveys and Tutorials 7.1-4 (2005): 2-21.
[20] Fokine, Klas. "Key management in ad hoc networks." (2002).
[21] Khalili, Aram, Jonathan Katz, and William A. Arbaugh. "Toward secure key distribution in
truly ad-hoc networks." Applications and the Internet Workshops, 2003. Proceedings. 2003
Symposium on. IEEE, 2003.
[22] Sun, Bo, Lawrence Osborne, Yang Xiao, and Sghaier Guizani. "Intrusion detection
techniques in mobile ad hoc and wireless sensor networks." IEEE Wireless Communications
14.5 (2007).
[23] Debar, Hervé, Marc Dacier, and Andreas Wespi. "Towards a taxonomy of intrusion-
detection systems." Computer Networks 31.8 (1999): 805-822.
113
[24] Debar, Hervé, Marc Dacier, and Andreas Wespi. "A revised taxonomy for intrusion-
detection systems." Annales des télécommunications. Vol. 55. No. 7-8. Springer-Verlag, 2000.
[25] Komninos, Nikos, Dimitris Vergados, and Christos Douligeris. "Detecting unauthorized and
compromised nodes in mobile ad hoc networks." Ad Hoc Networks 5.3 (2007): 289-298.
[26] Cretu, Gabriela F., Janak J. Parekh, Ke Wang, and Salvatore J. Stolfo. "Intrusion and
anomaly detection model exchange for mobile ad-hoc networks." Proc. of 3rd IEEE on
Consumer Communications and Networking Conference (CCNC 2006). 2006.
[27] Tseng, Chinyang Henry, Tao Song, Poornima Balasubramanyam, Calvin Ko, and Karl
Levitt. "A specification-based intrusion detection model for OLSR." International Workshop on
Recent Advances in Intrusion Detection. Springer, Berlin, Heidelberg, 2005.
[28] Veríssimo, Paulo Esteves, Nuno Ferreira Neves, and Miguel Pupo Correia. "Intrusion-
tolerant architectures: Concepts and design." Architecting Dependable Systems. Springer, Berlin,
Heidelberg, 2003. 3-36.
[29] Sterbenz, James PG, Rajesh Krishnan, Regina Rosales Hain, Alden W. Jackson, David
Levin, Ram Ramanathan, and John Zao. "Survivable mobile wireless networks: issues,
challenges, and research directions." Proceedings of the 1st ACM workshop on Wireless security.
ACM, 2002.
[30] Avizienis, Algirdas, J-C. Laprie, Brian Randell, and Carl Landwehr. "Basic concepts and
taxonomy of dependable and secure computing." IEEE transactions on dependable and secure
computing 1.1 (2004): 11-33.
[31] Deswarte, Yves, and David Powell. "Internet security: an intrusion-tolerance approach."
Proceedings of the IEEE 94.2 (2006): 432-441.
[32] Malicious- and Accidental-Fault Tolerance for Internet Applications.
http://www.maftia.org.
[33] Organically Assured and Survivable Information System (OASIS).
http://www.tolerantsystems.org.
[34] Fraga, Joni, and David Powell. "A fault-and intrusion-tolerant file system." Proceedings of
the 3rd International Conference on Computer Security. Vol. 203. No. 218. 1985.
[35] Avizienis, Algirdas, Jean-Claude Laprie, and Brian Randell. "Fundamental concepts of
computer system dependability." Workshop on Robot Dependability: Technological Challenge
of Dependable Robots in Human Environments. 2001.
114
[36] Lima, Michele Nogueira, Aldri Luiz Dos Santos, and Guy Pujolle. "A survey of
survivability in mobile ad hoc networks." IEEE Communications Surveys & Tutorials 11.1
(2009): 66-77.
[37] Bajaj, Lokesh, Mineo Takai, Rajat Ahuja, Ken Tang, Rajive Bagrodia, and Mario Gerla.
"Glomosim: A scalable network simulation environment." UCLA computer science department
technical report 990027.1999 (1999): 213.
[38] Bhuvaneshwari, K., and A. Francis Saviour Devaraj. "Examination of Impact of Flooding
attack on MANET and to accentuate on Performance Degradation." International Journal of
Advanced Networking and Applications 4.4 (2013): 1695.
[39] Yang, H., H. Luo, J. Kong, F. Ye, P. Zerfos, S. Lu, and L. Zhang. "Ad hoc network security:
challenges and solutions." (2004).
[40] Awerbuch, Baruch, Reza Curtmola, David Holmer, Cristina Nita-Rotaru, and Herbert
Rubens. "Mitigating byzantine attacks in ad hoc wireless networks." Department of Computer
Science, Johns Hopkins University, Tech. Rep. Version 1 (2004): 16.
[41] Krawczyk, Hugo, Ran Canetti, and Mihir Bellare. "HMAC: Keyed-hashing for message
authentication." (1997).
[42] Kotzanikolaou, Panayiotis, Rosa Mavropodi, and Christos Douligeris. "Secure multipath
routing for mobile ad hoc networks." Wireless On-demand Network Systems and Services, 2005.
WONS 2005. Second Annual Conference on. IEEE, 2005.
[43] Veríssimo, Paulo Esteves, Nuno Ferreira Neves, and Miguel Pupo Correia. "Intrusion-
tolerant architectures: Concepts and design." Architecting Dependable Systems. Springer, Berlin,
Heidelberg, 2003. 3-36.
[44] Deswarte, Yves, and David Powell. "Internet security: an intrusion-tolerance approach."
Proceedings of the IEEE 94.2 (2006): 432-441.
[45] Khalili, Aram, Jonathan Katz, and William A. Arbaugh. "Toward secure key distribution in
truly ad-hoc networks." Applications and the Internet Workshops, 2003. Proceedings. 2003
Symposium on. IEEE, 2003.
115
[46] Deng, Hongmei, Anindo Mukherjee, and Dharma P. Agrawal. "Threshold and identity-
based key management and authentication for wireless ad hoc networks." Information
Technology: Coding and Computing, 2004. Proceedings. ITCC 2004. International Conference
on. Vol. 1. IEEE, 2004.
[47] Lee, Byoungcheon, Colin Boyd, Ed Dawson, Kwangjo Kim, Jeongmo Yang, and Seungjae
Yoo. "Secure key issuing in ID-based cryptography." Proceedings of the second workshop on
Australasian information security, Data Mining and Web Intelligence, and Software
Internationalisation-Volume 32. Australian Computer Society, Inc., 2004.
[48] Li, Guangsong, and Wenbao Han. "A new scheme for key management in ad hoc networks."
International Conference on Networking. Springer, Berlin, Heidelberg, 2005.
[49] Zhang, Yanchao, Wei Liu, Wenjing Lou, Yuguang Fang, and Younggoo Kwon. "AC-PKI:
Anonymous and certificateless public-key infrastructure for mobile ad hoc networks."
Communications, 2005. ICC 2005. 2005 IEEE International Conference on. Vol. 5. IEEE, 2005.
[50] Saxena, Nitesh. "Public key cryptography sans certificates in ad hoc networks."
International Conference on Applied Cryptography and Network Security. Springer, Berlin,
Heidelberg, 2006.
[51] Zhang, Yanchao, Wei Liu, Wenjing Lou, and Yuguang Fang. "Securing mobile ad hoc
networks with certificateless public keys." IEEE transactions on dependable and secure
computing 3.4 (2006): 386-399.
[52] Ren, Yongjun, Jiandong Wang, Youdong Zhang, and Liming Fang. "Identity-based key
issuing protocol for ad hoc networks." Computational Intelligence and Security, 2007
International Conference on. IEEE, 2007.
[53] Zhang, Yuchen, Jing Liu, Yadi Wang, Jihong Han, Hengjun Wang, and Kun Wang.
"Identity-based threshold key management for ad hoc networks." Computational Intelligence
and Industrial Application, 2008. PACIIA'08. Pacific-Asia Workshop on. Vol. 2. IEEE, 2008.
[54] Xia, Pengrui, Meng Wu, Kun Wang, and Xi Chen. "Identity-based fully distributed
certificate authority in an OLSR MANET." Wireless Communications, Networking and Mobile
Computing, 2008. WiCOM'08. 4th International Conference on. IEEE, 2008.
116
[55] Huang, Yueh-Min, Hua-Yi Lin, and Tzone-I. Wang. "Inter-cluster routing authentication
for ad hoc networks by a hierarchical key scheme." Journal of Computer Science and Technology
21.6 (2006): 997-1011.
[56] Diffie, Whitfield, and Martin Hellman. "New directions in cryptography." IEEE
transactions on Information Theory 22.6 (1976): 644-654.
[57] Ingemarsson, Ingemar, Donald Tang, and C. Wong. "A conference key distribution system."
IEEE Transactions on Information theory 28.5 (1982): 714-720.
[58] Burmester, Mike, and Yvo Desmedt. "A secure and efficient conference key distribution
system." Workshop on the Theory and Application of of Cryptographic Techniques. Springer,
Berlin, Heidelberg, 1994.
[59] Becker, Klaus, and Uta Wille. "Communication complexity of group key distribution."
Proceedings of the 5th ACM conference on Computer and communications security. ACM,
1998.
[60] Asokan, N., and Philip Ginzboorg. "Key agreement in ad hoc networks." Computer
communications 23.17 (2000): 1627-1637.
[61] Steiner, Michael, Gene Tsudik, and Michael Waidner. "Key agreement in dynamic peer
groups." IEEE Transactions on Parallel and Distributed Systems 11.8 (2000): 769-780.
[62] Axelsson, Stefan. Intrusion detection systems: A survey and taxonomy. Vol. 99. Technical
report, 2000.
[63] Yi, Ping, Zhoulin Dai, Yiping Zhong, and Shiyong Zhang. "Resisting flooding attacks in
ad hoc networks." Information technology: Coding and computing, 2005. ITCC 2005.
International conference on. Vol. 2. IEEE, 2005.
[64] Guo, Yinghua, and Sylvie Perreau. "Detect DDoS flooding attacks in mobile ad hoc
networks." International Journal of Security and Networks 5.4 (2010): 259-269.
[65] Martin, Thomas, Michael Hsiao, Dong Ha, and Jayan Krishnaswami. "Denial-of-service
attacks on battery-powered mobile computers." Pervasive Computing and Communications,
2004. PerCom 2004. Proceedings of the Second IEEE Annual Conference on. IEEE, 2004.
117
[66] Hsu, Hung-Yuan, Sencun Zhu, and Ali R. Hurson. "LIP: a lightweight interlayer protocol
for preventing packet injection attacks in mobile ad hoc network." International Journal of
Security and Networks 2.3-4 (2007): 202-215.
[67] Yu, Wei, and KJ Ray Liu. "Defense against injecting traffic attacks in cooperative ad hoc
networks." Global Telecommunications Conference, 2005. GLOBECOM'05. IEEE. Vol. 3.
IEEE, 2005.
[68] Gerhards-Padilla, Elmar, Nils Aschenbruck, Peter Martini, Marko Jahnke, and Jens Tolle.
"Detecting black hole attacks in tactical MANETs using topology graphs." Local Computer
Networks, 2007. LCN 2007. 32nd IEEE Conference on. IEEE, 2007.
[69] Medadian, Mehdi, Mohammad Hossein Yektaie, and Amir Masoud Rahmani. "Combat with
Black Hole Attack in AODV routing protocol in MANET." Internet, 2009. AH-ICI 2009. First
Asian Himalayas International Conference on. IEEE, 2009.
[70] Zhang, XiaoYang, Yuji Sekiya, and Yasushi Wakahara. "Proposal of a method to detect
black hole attack in MANET." Autonomous Decentralized Systems, 2009. ISADS'09.
International Symposium on. IEEE, 2009.
[71] Xiaopeng, Gao, and Chen Wei. "A novel gray hole attack detection scheme for mobile ad-
hoc networks." Network and Parallel Computing Workshops, 2007. NPC Workshops. IFIP
International Conference on. IEEE, 2007.
[72] Wei, Chen, Long Xiang, Bai Yuebin, and Gao Xiaopeng. "A new solution for resisting gray
hole attack in mobile ad-hoc networks." Communications and Networking in China, 2007.
CHINACOM'07. Second International Conference on. IEEE, 2007.
[73] Sen, Jaydip, M. Girish Chandra, S. G. Harihara, Harish Reddy, and P. Balamuralidhar. "A
mechanism for detection of gray hole attack in mobile Ad Hoc networks." Information,
Communications & Signal Processing, 2007 6th International Conference on. IEEE, 2007.
[74] Yang, Bo, Ryo Yamamoto, and Yoshiaki Tanaka. "Historical evidence based trust
management strategy against black hole attacks in MANET." Advanced Communication
Technology (ICACT), 2012 14th International Conference on. IEEE, 2012.
118
[75] Douceur, John R. "The sybil attack." International workshop on peer-to-peer systems.
Springer, Berlin, Heidelberg, 2002.
[76] Piro, Chris, Clay Shields, and Brian Neil Levine. "Detecting the sybil attack in mobile ad
hoc networks." Securecomm and Workshops, 2006. IEEE, 2006.
[77] Mónica, Diogo, Joao Leitao, Luis Rodrigues, and Carlos Ribeiro. "On the use of radio
resource tests in wireless ad hoc networks." Proc. 3rd WRAITS (2009): 21-26.
[78] Sharma, Himika, and Roopali Garg. "Enhanced lightweight sybil attack detection
technique." Confluence The Next Generation Information Technology Summit (Confluence),
2014 5th International Conference-. IEEE, 2014.
[79] Sinha, Somnath, Aditi Paul, and Sarit Pal. "The sybil attack in Mobile Adhoc Network:
Analysis and detection." (2013): 458-466.
[80] Abbas, Sohail, Madjid Merabti, and David Llewellyn-Jones. "Signal strength based Sybil
attack detection in wireless Ad Hoc networks." Developments in eSystems Engineering (DESE),
2009 Second International Conference on. IEEE, 2009.
[81] Tangpong, Athichart, George Kesidis, Hung-yuan Hsu, and Ali Hurson. "Robust sybil
detection for manets." Computer Communications and Networks, 2009. ICCCN 2009.
Proceedings of 18th Internatonal Conference on. IEEE, 2009.
[82] Hashmi, Saorsh, and John Brooke. "Towards sybil resistant authentication in mobile ad hoc
networks." Emerging Security Information Systems and Technologies (SECURWARE), 2010
Fourth International Conference on. IEEE, 2010.
[83] Abbas, Sohail, Madjid Merabti, David Llewellyn-Jones, and Kashif Kifayat. "Lightweight
sybil attack detection in manets." IEEE systems journal 7.2 (2013): 236-248.
[84] Hu, Yih-Chun, Adrian Perrig, and David B. Johnson. "Rushing attacks and defense in
wireless ad hoc network routing protocols." Proceedings of the 2nd ACM workshop on Wireless
security. ACM, 2003.
[85] Papadimitratos, Panagiotis, and Zygmunt J. Haas. "Secure data communication in mobile
ad hoc networks." IEEE Journal on Selected Areas in Communications 24.2 (2006): 343-356.
119
[86] Papadimitratos, Panagiotis, and Zygmunt J. Haas. "Secure routing for mobile ad hoc
networks." SCS Communication Networks and Distributed Systems Modeling and Simulation
Conference (CNDS 2002). Vol. 31. 2002.
[87] Rawat, Ani, P. D. Vyavahare, and A. K. Ramani. "Evaluation of rushing attack on secured
message transmission (SMT/SRP) protocol for mobile ad-hoc networks." Personal Wireless
Communications, 2005. ICPWC 2005. 2005 IEEE International Conference on. IEEE, 2005.
[88] Tamilselvan, Latha, and V. Sankaranarayanan. "Solution to prevent rushing attack in
wireless mobile ad hoc networks." Ad Hoc and Ubiquitous Computing, 2006. ISAUHC'06.
International Symposium on. IEEE, 2006.
[89] Sen, Jaydip, M. Girish Chandra, P. Balamuralidhar, S. G. Harihara, and Harish Reddy. "A
distributed protocol for detection of packet dropping attack in mobile ad hoc networks."
Telecommunications and Malaysia International Conference on Communications, 2007. ICT-
MICC 2007. IEEE International Conference on. IEEE, 2007.
[90] Marti, Sergio, Thomas J. Giuli, Kevin Lai, and Mary Baker. "Mitigating routing
misbehavior in mobile ad hoc networks." Proceedings of the 6th annual international conference
on Mobile computing and networking. ACM, 2000.
[91] Gonzalez, Oscar F., Michael Howarth, and George Pavlou. "Detection of packet forwarding
misbehavior in mobile ad-hoc networks." Wired/Wireless Internet Communications. Springer,
Berlin, Heidelberg, 2007. 302-314.
[92] Duque, Oscar F. Gonzalez, Antonis M. Hadjiantonis, George Pavlou, and Michael P.
Howarth. "Adaptable misbehavior detection and isolation in wireless ad hoc networks using
policies." Integrated Network Management, 2009. IM'09. IFIP/IEEE International Symposium
on. IEEE, 2009.
[93] Yang, Hao, James Shu, Xiaoqiao Meng, and Songwu Lu. "SCAN: self-organized network-
layer security in mobile ad hoc networks." IEEE Journal on Selected Areas in Communications
24.2 (2006): 261-273.
[94] Mamatha, G. S., and S. C. Sharma. "A highly secured approach against attacks in
MANETS." International Journal of Computer Theory and Engineering 2.5 (2010): 815.
120
[95] Obaidat, Mohammad S., Isaac Woungang, Sanjay Kumar Dhurandher, and Vincent Koo.
"Preventing packet dropping and message tampering attacks on AODV-based mobile ad hoc
networks." Computer, Information and Telecommunication Systems (CITS), 2012 International
Conference on. IEEE, 2012.
[96] Shu, Tao, and Marwan Krunz. "Privacy-preserving and truthful detection of packet
dropping attacks in wireless ad hoc networks." IEEE Transactions on mobile computing 14.4
(2015): 813-828.
[97] Cretu, Gabriela F., Janak J. Parekh, Ke Wang, and Salvatore J. Stolfo. "Intrusion and
anomaly detection model exchange for mobile ad-hoc networks." Proc. of 3rd IEEE on
Consumer Communications and Networking Conference (CCNC 2006). 2006.
[98] Liu, Yu, Cristina Comaniciu, and Hong Man. "Modelling misbehaviour in ad hoc networks:
a game theoretic approach for intrusion detection." International Journal of Security and
Networks 1.3-4 (2006): 243-254.
[99] Jiang, Hai, and Hankang Wang. "Markov chain based anomaly detection for wireless ad
hoc distribution power communication networks." Power Engineering Conference, 2005. IPEC
2005. The 7th International. IEEE, 2005.
[100] Sun, Bo, Kui Wu, Yang Xiao, and Ruhai Wang. "Integration of mobility and intrusion
detection for wireless ad hoc networks." International Journal of Communication Systems 20.6
(2007): 695-721.
[101] Mitrokotsa, Aikaterini, Nikos Komninos, and Christos Douligeris. "Intrusion detection
with neural networks and watermarking techniques for MANET." Pervasive Services, IEEE
International Conference on. IEEE, 2007.
[102] Jabbehdari, Sam, S. H. Talari, and N. Modiri. "A neural network scheme for anomaly
based intrusion detection systems in mobile ad hoc networks." Journal of computing 4.2 (2012):
61-66.
[103] Nadeem, Adnan, and Michael Howarth. "Adaptive intrusion detection & prevention of
denial of service attacks in MANETs." Proceedings of the 2009 international conference on
wireless communications and mobile computing: Connecting the world wirelessly. ACM, 2009.
121
[104] Chaudhary, Alka, V. N. Tiwari, and Anil Kumar. "Design an anomaly based fuzzy
intrusion detection system for packet dropping attack in mobile ad hoc networks." Advance
Computing Conference (IACC), 2014 IEEE International. IEEE, 2014.
[105] Uyyala, Shivani, and Dinesh Naik. "Anomaly based intrusion detection of packet dropping
attacks in mobile ad-hoc networks." Control, Instrumentation, Communication and
Computational Technologies (ICCICCT), 2014 International Conference on. IEEE, 2014.
[106] Alem, Yibeltal Fantahun, and Zhao Cheng Xuan. "Preventing black hole attack in mobile
ad-hoc networks using Anomaly Detection." Future Computer and Communication (ICFCC),
2010 2nd International Conference on. Vol. 3. IEEE, 2010
[107] Shao, Min-Hua, Ji-Bin Lin, and Yi-Ping Lee. "Cluster-based cooperative back propagation
network approach for intrusion detection in MANET." Computer and Information Technology
(CIT), 2010 IEEE 10th International Conference on. IEEE, 2010.
[108] Jain, Shrishti, and Sandeep K. Raghuwanshi. "Behavioural and node performance based
Grayhole attack Detection and Amputation in AODV protocol." Advances in Engineering and
Technology Research (ICAETR), 2014 International Conference on. IEEE, 2014.
[109] Ye, Xia, and Junshan Li. "A security architecture based on immune agents for MANET."
Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International
Conference on. IEEE, 2010.
[110] Komninos, Nikos, Dimitris Vergados, and Christos Douligeris. "Detecting unauthorized
and compromised nodes in mobile ad hoc networks." Ad Hoc Networks 5.3 (2007): 289-298.
[111] Alattar, Mouhannad, Françoise Sailhan, and Julien Bourgeois. "Log-based intrusion
detection for MANET." Wireless Communications and Mobile Computing Conference
(IWCMC), 2012 8th International. IEEE, 2012.
[112] Khanpara, Pimal, and Bhushan Trivedi. "Survivability in MANETs.", International
Journal of Advanced Research in Computer Engineering and Technology, vol. 7, pp. 7-10, Jan.
2018.
122
[113] Vigna, Giovanni, Sumit Gwalani, Kavitha Srinivasan, Elizabeth M. Belding-Royer, and
Richard A. Kemmerer. "An intrusion detection tool for AODV-based ad hoc wireless networks."
Computer Security Applications Conference, 2004. 20th Annual. IEEE, 2004..
[114] Tseng, Chinyang Henry, Tao Song, Poornima Balasubramanyam, Calvin Ko, and Karl
Levitt. "A specification-based intrusion detection model for OLSR." International Workshop on
Recent Advances in Intrusion Detection. Springer, Berlin, Heidelberg, 2005.
[115] Orset, Jean-Marie, Baptiste Alcalde, and Ana Cavalli. "An EFSM-based intrusion
detection system for ad hoc networks." International Symposium on Automated Technology for
Verification and Analysis. Springer, Berlin, Heidelberg, 2005.
[116] Stakhanova, Natalia, Samik Basu, Zhang Wensheng, Xia Wang, and Johnny S. Wong.
"Specification synthesis for monitoring and analysis of MANET protocols." (2007).
[117] Joseph, John Felix Charles, Amitabha Das, Boon-Chong Seet, and Bu-Sung Lee.
"CRADS: integrated cross layer approach for detecting routing attacks in MANETs." Wireless
Communications and Networking Conference, 2008. WCNC 2008. IEEE. IEEE, 2008.
[118] Nadeem, Adnan, and Michael Howarth. "A generalized intrusion detection & prevention
mechanism for securing MANETs." Ultra Modern Telecommunications & Workshops, 2009.
ICUMT'09. International Conference on. IEEE, 2009.
[119] Hijazi, Abdulrahman, and Nidal Nasser. "Using mobile agents for intrusion detection in
wireless ad hoc networks." Wireless and Optical Communications Networks, 2005. WOCN 2005.
Second IFIP International Conference on. IEEE, 2005.
[120] Ping, Yi, Jiang Xinghao, Wu Yue, and Liu Ning. "Distributed intrusion detection for
mobile ad hoc networks." Journal of systems engineering and electronics 19.4 (2008): 851-859.
[121] Avizienis, Algirdas, Jean-Claude Laprie, and Brian Randell. "Fundamental concepts of
computer system dependability." Workshop on Robot Dependability: Technological Challenge
of Dependable Robots in Human Environments. 2001.
[122] Linger, Richard C., Nancy R. Mead, and Howard F. Lipson. "Requirements definition for
survivable network systems." Requirements Engineering, 1998. Proceedings. 1998 Third
International Conference on. IEEE, 1998.
123
[123] Boudriga, N. A., and Mohammad S. Obaidat. "Fault and intrusion tolerance in wireless ad
hoc networks." Wireless Communications and Networking Conference, 2005 IEEE. Vol. 4.
IEEE, 2005.
[124] Xue, Yuan, and Klara Nahrstedt. "Providing fault-tolerant ad hoc routing service in
adversarial environments." Wireless Personal Communications 29.3-4 (2004): 367-388.
[125] Berman, Vladimir, and Biswanath Mukherjee. "Data security in manets using multipath
routing and directional transmission." Communications, 2006. ICC'06. IEEE International
Conference on. Vol. 5. IEEE, 2006.
[126] Joshi, Deepti, Kamesh Namuduri, and Ravi Pendse. "Secure, redundant, and fully
distributed key management scheme for mobile ad hoc networks: an analysis." EURASIP
Journal on Wireless Communications and Networking 2005.4 (2005): 579-589.
[127] Awerbuch, Baruch, Reza Curtmola, David Holmer, Cristina Nita-Rotaru, and Herbert
Rubens. "ODSBR: An on-demand secure Byzantine resilient routing protocol for wireless ad
hoc networks." ACM Transactions on Information and System Security (TISSEC) 10.4 (2008):
6.
[128] Papadimitratos, Panagiotis, and Zygmunt J. Haas. "Secure message transmission in mobile
ad hoc networks." Ad Hoc Networks 1.1 (2003): 193-209.
[129] Maughan, Douglas, and Mark Schneider. "Internet security association and key
management protocol (ISAKMP)." (1998).
[130] Rabin, Michael O. "Efficient dispersal of information for security, load balancing, and
fault tolerance." Journal of the ACM (JACM) 36.2 (1989): 335-348.
[131] Choudhury, Romit Roy, Xue Yang, Ram Ramanathan, and Nitin H. Vaidya. "On designing
MAC protocols for wireless networks using directional antennas." IEEE transactions on mobile
computing 5.5 (2006): 477-491.
[132] Lou, Wenjing, Wei Liu, and Yuguang Fang. "SPREAD: Enhancing data confidentiality in
mobile ad hoc networks." INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE
Computer and Communications Societies. Vol. 4. IEEE, 2004.
124
[133] Ramanujan, Ranga, Atiq Ahamad, Jordan Bonney, Ryan Hagelstrom, and Ken Thurber.
"Techniques for intrusion-resistant ad hoc routing algorithms (TIARA)." MILCOM 2000. 21st
Century Military Communications Conference Proceedings. Vol. 2. IEEE, 2000.
[134] Azni, A. H., Rabiah Ahmad, Zul Azri Mohamad Noh, Farida Hazwani, and Najwa Hayaati.
"Systematic Review for Network Survivability Analysis in MANETS." Procedia-Social and
Behavioral Sciences 195 (2015): 1872-1881.
[135] Lima, Michele Nogueira, Aldri Luiz Dos Santos, and Guy Pujolle. "A survey of
survivability in mobile ad hoc networks." IEEE Communications Surveys & Tutorials 11.1
(2009): 66-77.
[136] Sterbenz, James PG, David Hutchison, Egemen K. Çetinkaya, Abdul Jabbar, Justin P.
Rohrer, Marcus Schöller, and Paul Smith. "Resilience and survivability in communication
networks: Strategies, principles, and survey of disciplines." Computer Networks 54.8 (2010):
1245-1265.
[137] Khanpara, Pimal and Trivedi, Bhushan. "SECURITY ISSUES IN MANETS." In
Proceedings of 3rd International Conference on Emerging Trends in Engineering, Technology,
Science and Management, pp. 160-165, June. 2017.
[138] Cucurull, Jordi, Mikael Asplund, Simin Nadjm-Tehrani, and Tiziano Santoro. "Surviving
attacks in challenged networks." IEEE Transactions on Dependable and Secure Computing 9.6
(2012): 917-929.
[139] Ramanujan, Ranga, S. Kudige, and T. Nguyen. "Techniques for intrusion-resistant ad hoc
routing algorithms (tiara)." DARPA Information Survivability Conference and Exposition, 2003.
Proceedings. Vol. 2. IEEE, 2003.
[140] Lee, Wenke, and Salvatore J. Stolfo. "A framework for constructing features and models
for intrusion detection systems." ACM transactions on Information and system security (TiSSEC)
3.4 (2000): 227-261.
[141] Bonde Jr, Allen R., and Sumit Ghosh. "A comparative study of fuzzy versus “fixed”
thresholds for robust queue management in cell-switching networks." IEEE/ACM Transactions
on Networking (TON) 2.4 (1994): 337-344.
125
[142] Bezdek, James C. "Computing with uncertainty." Complement 2 (1992): 3.
[143] Tanaka, Hideo, Tetsuji Okuda, and Kiyoji Asai. "Fuzzy information and decision in
statistical model." Advances in Fuzzy Sets Theory and Applications (1979): 303-320.
[144] Kosko, Bart. "Neural networks and fuzzy systems: a dynamical systems approach to
machine intelligence/book and disk." Vol. 1Prentice hall (1992).
[145] Bajaj, Lokesh, Mineo Takai, Rajat Ahuja, Ken Tang, Rajive Bagrodia, and Mario Gerla.
"Glomosim: A scalable network simulation environment." UCLA computer science department
technical report 990027.1999 (1999): 213.
[146] Zeng, Xiang, Rajive Bagrodia, and Mario Gerla. "GloMoSim: a library for parallel
simulation of large-scale wireless networks." ACM SIGSIM Simulation Digest. Vol. 28. No. 1.
IEEE Computer Society, 1998.
[147] Khan, Atta R., Sardar M. Bilal, and Mazliza Othman. "A performance comparison of open
source network simulators for wireless networks." Control System, Computing and Engineering
(ICCSCE), 2012 IEEE International Conference on. IEEE, 2012.
[148] Perkins, Charles, Elizabeth Belding-Royer, and Samir Das. Ad hoc on-demand distance
vector (AODV) routing. No. RFC 3561. 2003.
[149] Perkins, Dmitri D., Herman D. Hughes, and Charles B. Owen. "Factors affecting the
performance of ad hoc networks." Communications, 2002. ICC 2002. IEEE International
Conference on. Vol. 4. IEEE, 2002.
[150] Vadde, Kiran K., and Violet R. Syrotiuk. "Factor interaction on service delivery in mobile
ad hoc networks." IEEE Journal on selected areas in communications 22.7 (2004): 1335-1346.
126
List of Publications
Paper Presented / Published:
1) Security in Mobile Ad Hoc Networks. In Proceedings of International Conference
on Communication and Networks (pp. 501-511), 2016. Springer, Singapore.
2) Security issues in MANETs. 3rd International Conference on Emerging Trends in
Engineering, Technology, (ICETETSM-17), 2017.
3) Survivability in MANETs. International Journal of Advanced Research in
Computer Engineering and Technology (IJARCET), Vol. 7, issue 1, pp. 7-10, 2018.
Paper Submitted:
4) Survivability in Ad hoc Networks: A Review, IET Networks Journal.
5) Resisting Flooding Attacks in Mobile Ad hoc Networks, International Journal of
Security and Networks, InderScience.
6) Techniques for Reactive Defense in Ad hoc Networks, International Journal of
Mobile Computing and Multimedia Communications, IGI Global.
7) Intrusion Tolerance for Survivable Mobile Ad hoc Networks, International Journal
of Future Generation Communication and Networking.