In a wormhole attack, colluding nodes create connecting the purported neighbors using a covert the illusion that two remote regions of a MANET are communication mechanism. The wormhole undermines directly connected through nodes that appear to be shortest path routing calculations, allowing the attacking neighbors, but are actually distant from each other. This nodes to attract traffic from other parts of the network so it is undermines shortest-path routing calculations, allowing routed through them. The wormhole thus creates two artificial the attacking nodes to attract traffic, which can then be traffic choke points that are under the control of the attacker manipulated. Prior research has concentrated on out-of-and can be utilized at an opportune future time to degrade or band wormholes, which covertly connect the purported analyze the traffic stream.neighbors via a separate wireline network or RF channel.Prior research on wormholes in MANETs has concentratedWe present a detailed description of in-band wormholes in primarily on out-of-band wormholes, which covertly connect OLSR networks. These connect the purported neighbors purported neighbors via a separate communication via covert, multi-hop tunnels. In-band wormholes are an mechanism, such as a wireline network or additional RF important threat because they do not require specialized channel that is not generally available throughout the network hardware and can be launched by any node in the [HU03] [HONG05]. This paper describes in detail, in-band MANET. Moreover, unlike out-of-band wormholes, in-wormholes, which covertly connect the purported neighbors band wormholes consume network capacity, inherently via multi-hop tunnels through the primary link layer. In-band degrading service. We explain the conditions under which wormholes are important for several reasons. First, because an in-band wormhole will collapse and how it can be made they do not require additional specialized hardware, they can collapse resilient. We identify the self-contained and be launched from any node in the network; as a result, they extended forms of in-band wormholes and present may be more likely to be used by real adversaries. Second, wormhole gravitational analysis, a technique for comparing unlike out-of-band wormholes, which actually add channel the effect of wormholes on the network. Finally, we identify potential countermeasures for preventing and capacit toth network, in-an wormholes tinualy consume network ca acity i.e. waste bandwidth) thereby detecting in-band wormholes based on packet loss rates, .y ..y packet delays, and topological characteristics, and we inhermen asurs service degrandaton. Thrd athough describe the results of initial laboratory experiments to cout-of-band wormhols sem toodepend assess theireffectiveness, on out-of-band mechanisms such as geographic position assess their effectiveness. information or highly synchronized clocks, countermeasures Index Terms-Computer network security, routing, for in-band wormholes may not. mobile communications, re...
In this paper we extend the work presented in [1], [2] by quantifying the effects of in-band wormhole attacks on Intrusion Detection Systems. More specifically, we propose a mathematical framework for obtaining performance bounds of Byzantine attackers and the Intrusion Detection System (IDS) in terms of detection delay. We formulate the problem of distributed collaborative defense against coordinated attacks in MANET as a dynamic game problem. In our formulation we have on the one hand a group of attackers that observe what is going on in the network and coordinate their attack in an adaptive manner. On the other side, we have a group of defending nodes (the IDS nodes) that collaboratively observe the network and coordinate their actions against the attackers. Using extensions of the game theoretic framework of [3] we provide a mathematical framework for efficient identification of the worst attacks and damages that the attackers can achieve, as well as the best response of the defenders. This approach leads to quantifying resiliency of the routing-attack IDS with respect to Byzantine attacks.
To support research in wireless mobile networks and mobile ad-hoc network security, the u.s. Army Research Laboratory (ARL) has developed a HWireless Emulation Laboratory" (WEL). A key component of the WEL is a Mobile Ad-hoc Network (MANET) emulation testbed on which algorithms and applications can be subjected to emulated wireless network conditions. The testbed is based on the MANE (Mobile Ad-hoc Network Emulator) software originally developed by the Naval Research Laboratory (NRL). It has since been improved through the incorporation of advanced modeling methods and computing technologies. Important additional features include (1) the integration of the terrain integrated rough earth model (TIREM) propagation model, (2) the use of virtual machine technologies to scale the size of the network, and (3) the inclusion of custom-designed mobility patterns to create a specific dynamic topology ofa MANET under test. Currently the WEL testbed can emulate a 101-node MANET and, through the use of virtualization technologies, will scale well beyond that number. This paper discusses the current capabilities ofARL's WEL for conducting empirical evaluation and demonstration of MANET technologies and concludes with planned future enhancements. I.
Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing the burden, to Department of Defense, Washington Headquarters Services, Directorate for Information Operations and Reports (0704-0188), 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS. REPORT DATE (DD-MM-YYYY) September 20082. REPORT TYPE ARL-RP-0227 SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR'S ACRONYM(S) SPONSOR/MONITOR'S REPORT NUMBER(S) DISTRIBUTION/AVAILABILITY STATEMENTApproved for public release; distribution unlimited. SUPPLEMENTARY NOTESA reprint from the Proceedings of the Milcom conference, San Diego, CA, November 17-19, 2008. ABSTRACTVarious approaches have been proposed in the past for monitoring a network to diagnose failures and performance bottlenecks. One such approach for efficient and effective monitoring is probing. Probes such as ICMP pings are an effective tool for detecting network nodes that have been compromised by an attacker who tries to delay or drop traffic passing through the captured node. However, an intelligent attacker may evade detection by giving preferential treatment to probe traffic. This is usually possible because probe packets have a different format from regular application packets and are easily distinguishable. Hence, it is important to probe in a stealthy manner so as to avoid identification of probes by an attacker and to ensure the collection of accurate system health statistics. In this report, we review design approaches for generating stealthy probes and describe various possible mechanisms that can be used for such a design. These approaches are evaluated according to the design criteria and we identify what may be feasible solutions for stealthy probing in battlefield ad-hoc wireless networks. SUBJECT TERMS
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.
