Calvin Ko scite author profile

The Ad hoc On-Demand Distance Vector (AODV) routing protocol, designed for mobile ad hoc networks, offers quick adaptation to dynamic link conditions, low processing and memory overhead, and low network utilization. However, without keeping in mind the security issues in the protocol design, AODV is vulnerable to various kinds of attacks. This paper analyzes some of the vulnerabilities, specifically discussing attacks against AODV that manipulate the routing messages. We propose a solution based on specification-based intrusion detection to detect attacks on AODV. Briefly, our approach involves the use of finite state machines for specifying correct AODV routing behavior and distributed network monitors for detecting run-time violation of the specifications. In addition, one additional field in the protocol message is proposed to enable the monitoring. We illustrate that our algorithm, which employs a tree data structure, can effectively detect most of the serious attacks in real time and with minimum overhead.

show abstract

A General Cooperative Intrusion Detection Architecture for MANETs

Sterne¹,

Balasubramanyam²,

Carman³

et al.

121

View full text Add to dashboard Cite

1Intrusion detection in MANETs is challenging because these networks change their topologies dynamically; lack concentration points where aggregated traffic can be analyzed; utilize infrastructure protocols that are susceptible to manipulation; and rely on noisy, intermittent wireless communications. We present a cooperative, distributed intrusion detection architecture that addresses these challenges while facilitating accurate detection of MANET-specific and conventional attacks. The architecture is organized as a dynamic hierarchy in which detection data is acquired at the leaves and is incrementally aggregated, reduced, and analyzed as it flows upward toward the root. Security management directives flow downward from nodes at the top.To maintain communications efficiency, the hierarchy is automatically reconfigured as needed using clustering techniques in which clusterheads are selected based on topology and other criteria. The utility of the architecture is illustrated via multiple attack scenarios.Proceedings of the Third IEEE International Workshop on Information Assurance (IWIA'05) 0-7695-2317-X/05 $20.00 © 2005 IEEE Network nodes in the problem domain of interest encompass a heterogeneous mixture of manned and unmanned mobile systems including autonomous vehicles and sensors. Platform types include PDAs, processors embedded in special purpose devices, laptopclass systems, and server-class systems, which may be positioned in various kinds of vehicles.A network in this problem domain can be characterized as a collection of interconnected islands, each containing up to a few hundred mobile nodes and corresponding to a single routing domain. Relationships between these islands may be organized in a way that roughly parallels the hierarchical structure of the human organizations that deploy them. Mobile nodes will communicate with their neighbors over radios, with data rates from tens of kilobits per second to a few megabits per second. Internet-based protocols play a role by binding together the disparate wireless link layers and physical layers in the network, and providing "reachback" capability to the Internet. All nodes will be IPaddressable, with the IP addressing hierarchy closely coupled with the domain hierarchy. Specific nodes in each domain may be connected to nodes in other domains with higher-data-rate links of a few Mbps. All links are dynamic since nodes may rapidly establish or lose connectivity with their neighbors. Key operational and technical challengesKey operational and technical challenges of this problem domain include the following: Proceedings of the Third IEEE International Workshop on Information Assurance (IWIA'05) 0-7695-2317-X/05 $20.00 © 2005 IEEE Proceedings of the Third IEEE International Workshop on Information Assurance (IWIA'05) 0-7695-2317-X/05 $20.00

show abstract

Automated detection of vulnerabilities in privileged programs by execution monitoring

Fink

Levitt

124

View full text Add to dashboard Cite

Challenges in intrusion detection for wireless ad-hoc networks

Brutch¹,

Ko²

113

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Calvin Ko

Execution monitoring of security-critical programs in distributed systems: a specification-based approach

A specification-based intrusion detection system for AODV

A General Cooperative Intrusion Detection Architecture for MANETs

Automated detection of vulnerabilities in privileged programs by execution monitoring

Challenges in intrusion detection for wireless ad-hoc networks

Contact Info

Product

Resources

About