-
[show abstract]
[hide abstract]
ABSTRACT: To support research in wireless mobile networks and mobile ad-hoc network security, the U.S. army research laboratory (ARL) has developed a ldquoWireless emulation laboratoryrdquo (WEL). A key component of the WEL is a Mobile Ad-hoc network (MANET) emulation testbed on which algorithms and applications can be subjected to emulated wireless network conditions. The testbed is based on the MANE (mobile ad-hoc network emulator) software originally developed by the naval research laboratory (NRL). It has since been improved through the incorporation of advanced modeling methods and computing technologies. Important additional features include (1) the integration of the terrain integrated rough earth model (TIREM) propagation model, (2) the use of virtual machine technologies to scale the size of the network, and (3) the inclusion of custom-designed mobility patterns to create a specific dynamic topology of a MANET under test. Currently the WEL testbed can emulate a 101-node MANET and, through the use of virtualization technologies, will scale well beyond that number. This paper discusses the current capabilities of ARLpsilas WEL for conducting empirical evaluation and demonstration of MANET technologies and concludes with planned future enhancements.
Military Communications Conference, 2008. MILCOM 2008. IEEE; 12/2008
-
[show abstract]
[hide abstract]
ABSTRACT: Due to the dynamics and mobility of mobile ad hoc networks (MANETs), intrusion detection techniques in MANETs must be adaptive. In this work, we propose detection schemes that are suitable to detect in-band wormhole attacks. The first detection scheme uses the Sequential Probability Ratio Test (SPRT). The SPRT has been proven to be an optimal detection test when the probability distributions of both normal and abnormal behaviors are given. Furthermore, we introduce non-parametric methods, which require no training and are more adaptive to mobile scenarios. The proposed detection schemes are implemented and evaluated using a 48-node testbed and a mobile ad-hoc network emulator at the Army Research Lab. The performance and detection accuracy of various schemes are compared, especially in the presence of congestion. We provide tradeoffs analyses among detection latency and probabilities of false alarms and missed detection.
Military Communications Conference, 2008. MILCOM 2008. IEEE; 12/2008
-
[show abstract]
[hide abstract]
ABSTRACT: Cooperative intrusion detection techniques for MANETs utilize ordinary computing hosts as network intrusion sensors. If compromised, these hosts may inject bogus data into the intrusion detection system to hide their activities or falsely accuse well-behaved nodes. Approaches to Byzantine fault tolerance involving voting are potentially applicable, but must address the fact that only nodes in particular topological locations at particular times are qualified to vote on whether an attack occurred. We examine these issues in the context of a prototype distributed detector for self-contained, in-band wormholes in OLSR networks. We propose an opportunistic voting algorithm and present test results from a 48-node testbed in which colluding attackers generate corroborating false accusations against pairs of innocent nodes. The results indicate that opportunistic voting can instantaneously suppress false accusations when the network topology and routes chosen by OLSR provide a sufficient number of nearby honest observers to outvote the attackers.
Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual; 01/2008
-
[show abstract]
[hide abstract]
ABSTRACT: Many insider attacks, such as certain forms of packet dropping, malicious routing updates, and wormholes, can only be detected using distributed and cooperative algorithms. One promising approach for applying these algorithms is using an intrusion detection (ID) hierarchy enabling data aggregation and local decision making whenever possible. A key challenge to this problem is the selection and maintenance of a scalable and robust hierarchy optimizing detection performance (e.g., latency, coverage, and false alarm rate) while incurring minimal cost (e.g., bandwidth and processing). Existing approaches (i.e. flooding for forming a Breadth First Search Tree) to constructing such a hierarchy are simple and distributed; however, their performance and cost can be undesirable. Moreover, mobility can produce constant large scale changes in the hierarchy that degrade performance and increase cost. The main contributions of this paper are to: a) model the performance and costs of ID hierarchies and represent them in formal objective functions and constraints, b) modify an existing versatile, multi-objective hierarchy generation and maintenance tool to create trees, c) give simulation results on the quality and stability of ID hierarchies in a 100-node mobile network
Military Communications Conference, 2006. MILCOM 2006. IEEE; 11/2006
