DEMEM: Distributed Evidence-Driven Message Exchange Intrusion Detection Model for MANET

Tseng, Chinyang Henry; Wang, Shiau-Huey; Ko, Calvin; Levitt, Karl N.

doi:10.1007/11856214_13

Cited by 36 publications

(23 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In most cases these metrics reflect the number of attacks detected, but sometimes they show the number of attackers detected [13]. The detection delay is not usually taken into account, but there are a few exceptions [16,17,13]. There are approaches that quantify the impact of the detectors, such as network overhead or the CPU speed-up [18], or data delivery ratio to evaluate the impact of attack response [13].…”

Section: Related Workmentioning

confidence: 99%

Anomaly Detection and Mitigation for Disaster Area Networks

Cucurull

Asplund

Nadjm‐Tehrani

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. One of the most challenging applications of wireless networking are in disaster area networks where lack of infrastructure, limited energy resources, need for common operational picture and thereby reliable dissemination are prevalent. In this paper we address anomaly detection in intermittently connected mobile ad hoc networks in which there is little or no knowledge about the actors on the scene, and opportunistic contacts together with a store-and-forward mechanism are used to overcome temporary partitions. The approach uses a statistical method for detecting anomalies when running a manycast protocol for dissemination of important messages to k receivers. Simulation of the random walk gossip (RWG) protocol combined with detection and mitigation mechanisms is used to illustrate that resilience can be built into a network in a fully distributed and attack-agnostic manner, at a modest cost in terms of drop in delivery ratio and additional transmissions. The approach is evaluated with attacks by adversaries that behave in a similar manner to fair nodes when invoking protocol actions.

show abstract

Section: Related Workmentioning

confidence: 99%

Anomaly Detection and Mitigation for Disaster Area Networks

Cucurull

Asplund

Nadjm‐Tehrani

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…A MANET is formed when a group of mobile nodes cooperatively communicate with each other without a pre-established infrastructure. According to Tseng et al [10], a MANET is inherently trustall-peers by design and therein lies its problem. A malicious node can corrupt other trusting nodes by forging incorrect data packets to evade detection.…”

Section: Other Applicationsmentioning

confidence: 99%

Towards Intrusion Detection for Encrypted Networks

Goh

Zimmermann

Looi

2009

2009 International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

show abstract

“…[8] detects violations in the protocol specification based on an extended finite state automation (EFSA) of AODV. Distributed Evidence-Driven Message Exchange Intrusion Detection Model (DEMEM) [13] detects inconsistency among the routing messages in OLSR. [6] models the attacks on AODV protocol using attack tree and identify the damages.…”

Section: Related Workmentioning

confidence: 99%

Misuse Detection in Consent-Based Networks

Alicherry¹,

Keromytis

2011

Applied Cryptography and Network Security

View full text Add to dashboard Cite

Abstract. Consent-based networking, which requires senders to have permission to send traffic, can protect against multiple attacks on the network. Highly dynamic networks like Mobile Ad-hoc Networks (MANETs) require destination-based consent networking, where consent needs to be given to send to a destination in any path. These networks are susceptible to multipath misuses by misbehaving nodes. In this paper, we identify the misuses in destination-based consent networking, and provide solution for detecting and recovering from the misuses. Our solution is based on our previously introduced DIPLOMA architecture. DIPLOMA is a deny-by-default distributed policy enforcement architecture that can protect the end-host services and network bandwidth. DIPLOMA uses capabilities to provide consent for sending traffic. In this paper, we identify how senders and receivers can misuse capabilities by using them in multiple paths, and provide distributed solutions for detecting those misuses. To that end, we modify the capabilities to aid in misuse detection and provide protocols for exchanging information for distributed detection. We also provide efficient algorithms for misuse detection, and protocols for providing proof of misuse. Our solutions can handle privacy issues associated with the exchange of information for misuse detection. We have implemented the misuse detection and recovery in DIPLOMA systems running on Linux operating systems, and conducted extensive experimental evaluation of the system in Orbit MANET testbed. The results show our system is effective in detecting and containing multipath misuses.

show abstract

DEMEM: Distributed Evidence-Driven Message Exchange Intrusion Detection Model for MANET

Cited by 36 publications

References 10 publications

Anomaly Detection and Mitigation for Disaster Area Networks

Anomaly Detection and Mitigation for Disaster Area Networks

Towards Intrusion Detection for Encrypted Networks

Misuse Detection in Consent-Based Networks

Contact Info

Product

Resources

About