D. Sterne scite author profile

1Intrusion detection in MANETs is challenging because these networks change their topologies dynamically; lack concentration points where aggregated traffic can be analyzed; utilize infrastructure protocols that are susceptible to manipulation; and rely on noisy, intermittent wireless communications. We present a cooperative, distributed intrusion detection architecture that addresses these challenges while facilitating accurate detection of MANET-specific and conventional attacks. The architecture is organized as a dynamic hierarchy in which detection data is acquired at the leaves and is incrementally aggregated, reduced, and analyzed as it flows upward toward the root. Security management directives flow downward from nodes at the top.To maintain communications efficiency, the hierarchy is automatically reconfigured as needed using clustering techniques in which clusterheads are selected based on topology and other criteria. The utility of the architecture is illustrated via multiple attack scenarios.Proceedings of the Third IEEE International Workshop on Information Assurance (IWIA'05) 0-7695-2317-X/05 $20.00 © 2005 IEEE Network nodes in the problem domain of interest encompass a heterogeneous mixture of manned and unmanned mobile systems including autonomous vehicles and sensors. Platform types include PDAs, processors embedded in special purpose devices, laptopclass systems, and server-class systems, which may be positioned in various kinds of vehicles.A network in this problem domain can be characterized as a collection of interconnected islands, each containing up to a few hundred mobile nodes and corresponding to a single routing domain. Relationships between these islands may be organized in a way that roughly parallels the hierarchical structure of the human organizations that deploy them. Mobile nodes will communicate with their neighbors over radios, with data rates from tens of kilobits per second to a few megabits per second. Internet-based protocols play a role by binding together the disparate wireless link layers and physical layers in the network, and providing "reachback" capability to the Internet. All nodes will be IPaddressable, with the IP addressing hierarchy closely coupled with the domain hierarchy. Specific nodes in each domain may be connected to nodes in other domains with higher-data-rate links of a few Mbps. All links are dynamic since nodes may rapidly establish or lose connectivity with their neighbors. Key operational and technical challengesKey operational and technical challenges of this problem domain include the following: Proceedings of the Third IEEE International Workshop on Information Assurance (IWIA'05) 0-7695-2317-X/05 $20.00 © 2005 IEEE Proceedings of the Third IEEE International Workshop on Information Assurance (IWIA'05) 0-7695-2317-X/05 $20.00

show abstract

Infrastructure for intrusion detection and response

Schnackenberg

Djahandari²,

Sterne³

View full text Add to dashboard Cite

In-Band Wormholes and Countermeasures in OLSR Networks

Kruus

Sterne

Gopaul

et al. 2006

View full text Add to dashboard Cite

In a wormhole attack, colluding nodes create connecting the purported neighbors using a covert the illusion that two remote regions of a MANET are communication mechanism. The wormhole undermines directly connected through nodes that appear to be shortest path routing calculations, allowing the attacking neighbors, but are actually distant from each other. This nodes to attract traffic from other parts of the network so it is undermines shortest-path routing calculations, allowing routed through them. The wormhole thus creates two artificial the attacking nodes to attract traffic, which can then be traffic choke points that are under the control of the attacker manipulated. Prior research has concentrated on out-of-and can be utilized at an opportune future time to degrade or band wormholes, which covertly connect the purported analyze the traffic stream.neighbors via a separate wireline network or RF channel.Prior research on wormholes in MANETs has concentratedWe present a detailed description of in-band wormholes in primarily on out-of-band wormholes, which covertly connect OLSR networks. These connect the purported neighbors purported neighbors via a separate communication via covert, multi-hop tunnels. In-band wormholes are an mechanism, such as a wireline network or additional RF important threat because they do not require specialized channel that is not generally available throughout the network hardware and can be launched by any node in the [HU03] [HONG05]. This paper describes in detail, in-band MANET. Moreover, unlike out-of-band wormholes, in-wormholes, which covertly connect the purported neighbors band wormholes consume network capacity, inherently via multi-hop tunnels through the primary link layer. In-band degrading service. We explain the conditions under which wormholes are important for several reasons. First, because an in-band wormhole will collapse and how it can be made they do not require additional specialized hardware, they can collapse resilient. We identify the self-contained and be launched from any node in the network; as a result, they extended forms of in-band wormholes and present may be more likely to be used by real adversaries. Second, wormhole gravitational analysis, a technique for comparing unlike out-of-band wormholes, which actually add channel the effect of wormholes on the network. Finally, we identify potential countermeasures for preventing and capacit toth network, in-an wormholes tinualy consume network ca acity i.e. waste bandwidth) thereby detecting in-band wormholes based on packet loss rates, .y ..y packet delays, and topological characteristics, and we inhermen asurs service degrandaton. Thrd athough describe the results of initial laboratory experiments to cout-of-band wormhols sem toodepend assess theireffectiveness, on out-of-band mechanisms such as geographic position assess their effectiveness. information or highly synchronized clocks, countermeasures Index Terms-Computer network security, routing, for in-band wormholes may not. mobile communications, re...

show abstract

Cooperative Intrusion Traceback and Response Architecture (CITRA)

Schnackengerg

Holliday

Smith

et al.

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

D. Sterne

Practical Domain and Type Enforcement for UNIX

A General Cooperative Intrusion Detection Architecture for MANETs

Infrastructure for intrusion detection and response

In-Band Wormholes and Countermeasures in OLSR Networks

Cooperative Intrusion Traceback and Response Architecture (CITRA)

Contact Info

Product

Resources

About