Risk-Aware Mitigation for MANET Routing Attacks

IEEE Transactions on Dependable and Secure Computing (Impact Factor: 1.06). 05/2012; DOI: 10.1109/TDSC.2011.51
Source: IEEE Xplore

ABSTRACT Mobile Ad hoc Networks (MANET) have been highly vulnerable to attacks due to the dynamic nature of its network infrastructure. Among these attacks, routing attacks have received considerable attention since it could cause the most devastating damage to MANET. Even though there exist several intrusion response techniques to mitigate such critical attacks, existing solutions typically attempt to isolate malicious nodes based on binary or naïve fuzzy response decisions. However, binary responses may result in the unexpected network partition, causing additional damages to the network infrastructure, and naïve fuzzy responses could lead to uncertainty in countering routing attacks in MANET. In this paper, we propose a risk-aware response mechanism to systematically cope with the identified routing attacks. Our risk-aware approach is based on an extended Dempster-Shafer mathematical theory of evidence introducing a notion of importance factors. In addition, our experiments demonstrate the effectiveness of our approach with the consideration of several performance metrics.

1 Bookmark
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Abstract—The performance of ad hoc networks depends on cooperation and trust among distributed nodes. To enhance security in ad hoc networks, it is important to evaluate trustworthiness of other nodes without centralized authorities. In this paper, we present an information theoretic framework to quantitatively measure trust and model trust propagation in ad hoc networks. In the proposed framework, trust is a measure of uncertainty with its value represented by entropy. We develop four Axioms that address the basic understanding of trust and the rules for trust propagation. Based on these Axioms, we present two trust models: entropy-based model and probability-based model, which satisfy all the Axioms. Techniques of trust establishment and trust update are presented to obtain trust values from observation. The proposed trust evaluation method and trust models are employed in ad hoc networks for secure ad hoc routing and malicious node detection. A distributed scheme is designed to acquire, maintain, and update trust records associated with the behaviors of nodes’ forwarding packets and the behaviors of making recommendations about other nodes. Simulations show that the proposed trust evaluation system can significantly improve the network throughput as well as effectively detect malicious behaviors in ad hoc networks.
    IEEE Journal on Selected Areas in Communications 02/2006; 24:305-317. · 3.12 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Reputation management systems have been proposed as a cooperation enforcement solution in ad hoc networks. Typically, the functions of reputation management (evaluation, detection, and reaction) are carried out homogeneously across time and space. However, the dynamic nature of ad hoc networks causes node behavior to vary both spatially and temporally due to changes in local and network-wide conditions. When reputation management functions do not adapt to such changes, their effectiveness, measured in terms of accuracy (correct identification of node behavior) and promptness (timely identification of node misbehavior), may be compromised. We propose an adaptive reputation management system that realizes that changes in node behavior may be driven by changes in network conditions and that accommodates such changes by adapting its operating parameters. We introduce a time-slotted approach to allow the evaluation function to quickly and accurately capture changes in node behavior. We show how the duration of an evaluation slot can adapt according to the network's activity to enhance the system accuracy and promptness. We then show how the detection function can utilize a Sequential Probability Ratio Test (SPRT) to distinguish between cooperative and misbehaving neighbors. The SPRT adapts to changes in neighbors' behavior that are a by-product of changing network conditions, by using the node's own behavior as a benchmark. We compare our proposed solution to a nonadaptive system, showing the ability of our system to achieve high accuracy and promptness in dynamic environments. To the best of our knowledge, this is the first work to explore the adaptation of the reputation management functions to changes in network conditions.
    IEEE Transactions on Computers 01/2010; 59:707-719. · 1.38 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper addresses how to perform cost-sensitive responses to routing attacks on Mobile Ad Hoc Networks (MANET). There have been numerous research efforts on securing MANET protocols using cryptography or intrusion detection techniques. However, few writings have addressed MANET intrusion response. Most research on automated response for wired networks focuses on how to select the best response action to improve the security posture and availability of the system in a cost effective manner. We borrow this cost sensitive concept and develop a cost model for MANET. Two indices, Topology Dependency Index (TDI) and Attack Damage Index (ADI), are developed to reflect the response cost and attack damage, respectively. TDI measures the positional relationship between nodes and the attacker and ADI represents the routing damage caused by the attacker. Response cost, routing damage brought by the isolation response, can be calculated from TDI. Comparing TDI with ADI helps the response agents ("RA") to perform Adaptive Isolation while maintaining good network throughput. The simulation results show that launching adaptive isolations according to the comparison of TDI and ADI gives better network throughput than direct isolation. Therefore, the main contribution of our solution is to keep network connectivity when launching isolation responses and to do so such that good quality of network routing services is maintained.
    Recent Advances in Intrusion Detection, 10th International Symposium, RAID 2007, Gold Goast, Australia, September 5-7, 2007, Proceedings; 01/2007


Available from
Jun 27, 2014