A cooperative intrusion detection system for ad hoc networks

Huang, Yiteng; Lee, Wenke

doi:10.1145/986858.986877

Cited by 373 publications

(249 citation statements)

References 19 publications

Supporting

Mentioning

248

Contrasting

Unclassified

Order By: Relevance

“…The idea of overhearing traffic in the vicinity (e.g. [1]- [3]) has been used to build trust relationships among nodes in networks (e.g. [1], [2]), detect and mitigate certain kinds of attacks (e.g.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

DISA: Detection and isolation of sneaky attackers in locally monitored multi‐hop wireless networks

Khalil

Bagchi

Ali

et al. 2013

Security Comm Networks

View full text Add to dashboard Cite

Local monitoring has been demonstrated as a powerful technique for mitigating security attacks in multi-hop ad-hoc networks. In local monitoring, nodes overhear partial neighborhood communication to detect misbehavior such as packet drop or delay. However, local monitoring as presented in the literature is vulnerable to a class of attacks that we introduce here called stealthy packet dropping. Stealthy packet dropping disrupts the packet from reaching the destination by malicious behavior at an intermediate node. However, the malicious node gives the impression to its neighbors that it performed the legitimate forwarding action. Moreover, a legitimate node comes under suspicion. We introduce four ways of achieving stealthy packet dropping, none of which is currently detectable. We provide a protocol called DISA, based on local monitoring, to remedy each attack. DISA incorporates two techniqueshaving the neighbors maintain additional information about the routing path, and adding some checking responsibility to each neighbor.We show through analysis and simulation that basic local monitoring (BLM) fails to efficiently mitigate any of the presented attacks while DISA successfully mitigates them.

show abstract

Section: Related Workmentioning

confidence: 99%

“…For systems where arriving at a common view is important, the detecting node initiates a distributed protocol to disseminate the alarm. Many protocols have been built on top of local monitoring for intrusion detection (e.g., [3]), building trust and reputation among nodes (e.g. [1], [2]), protecting against control and data traffic attacks (e.g.…”

mentioning

confidence: 99%

DISA: Detection and isolation of sneaky attackers in locally monitored multi‐hop wireless networks

Khalil

Bagchi

Ali

et al. 2013

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…현재 다양한 클러스터링 기법들이 연구되었는데 그 중 단일홉 클러스터링의 대표적인 방법은 Lowest ID Clustering [8] 과 Highest Connectivity Clustering [9] 이고, 다중홉으로 토폴로지를 구성하는 알고리즘으로는 Adaptive Multihop Clustering [10] 이 대표적이며, 본 논문에서는 AMC클러스터링 알고리 즘을 기반으로 역추적 기능을 탑재 하였으며 또한 현재의 애드혹 기반 역추적 메커니즘을 살펴보도록 한다 [3] . …”

Section: ⅱ 관련 연구unclassified

A Design of TNA(Traceback against Network Attacks) Based on Multihop Clustering using the depth of Tree structure on Ad-hoc Networks

Kim¹,

Lee²

2012

The Journal of Korea Information and Communications Society

View full text Add to dashboard Cite

In the current MANET, DOS or DDOS attacks are increasing, but as MANET has limited bandwidth, computational resources and battery power, the existing traceback mechanisms can not be applied to it. Therefore, in case of traceback techniques being applied to MANET, the resource of each node must be used efficiently. However, in the traceback techniques applied to an existing ad hoc network, as a cluster head which represents all nodes in the cluster area manages the traceback, the overhead of the cluster head shortens each node's life. In addition, in case of multi-hop clustering, as one Cluster head manages more node than one, its problem is getting even worse. This paper proposes TNA(Traceback against Network Attacks) based on multihop clustering using the depth of tree structure in order to reduce the overhead of distributed information management 주저자：관동대학교 전자계산공학과,

show abstract

“…In [25] Markov-chain based local anomaly detection model is proposed for a zone-Based IDS architecture where the network is divided into zones based on geographic partitioning. Another approach which constructs an anomaly-detection model automatically by extracting the correlations among monitored features is proposed in [12]. Furthermore, they introduced simple rules to determine attack types and sometimes attackers after detecting an attack using cross-feature analysis.…”

Section: Related Workmentioning

confidence: 99%

Power-Aware Intrusion Detection in Mobile Ad Hoc Networks

2010

View full text Add to dashboard Cite

Abstract. Mobile ad hoc networks (MANETs) are a highly promising new form of networking. However they are more vulnerable to attacks than wired networks. In addition, conventional intrusion detection systems (IDS) are ineffective and inefficient for highly dynamic and resourceconstrained environments. Achieving an effective operational MANET requires tradeoffs to be made between functional and non-functional criteria. In this paper we show how Genetic Programming (GP) together with a Multi-Objective Evolutionary Algorithm (MOEA) can be used to synthesise intrusion detection programs that make optimal tradeoffs between security criteria and the power they consume.

show abstract

A cooperative intrusion detection system for ad hoc networks

Cited by 373 publications

References 19 publications

DISA: Detection and isolation of sneaky attackers in locally monitored multi‐hop wireless networks

DISA: Detection and isolation of sneaky attackers in locally monitored multi‐hop wireless networks

A Design of TNA(Traceback against Network Attacks) Based on Multihop Clustering using the depth of Tree structure on Ad-hoc Networks

Power-Aware Intrusion Detection in Mobile Ad Hoc Networks

Contact Info

Product

Resources

About