Conference Paper

Adaptable Misbehavior Detection and Isolation in Wireless Ad Hoc Networks Using Policies

Centre for Commun. Syst. Res. (CCSR), Univ. of Surrey, Guildford, UK
DOI: 10.1109/INM.2009.5188816 Conference: Integrated Network Management, 2009. IM '09. IFIP/IEEE International Symposium on
Source: DBLP


Wireless ad hoc networks provide the communications platform for new technologies and applications, such as vehicular ad hoc networks or wireless mesh networks. However, their multihop wireless nature makes them inherently unreliable and vulnerable, since their overall performance depends on the cooperative packet forwarding behavior of each individual node. In this paper we present a role-based approach that uses a distributed management overlay and gathers information about the packet forwarding activities of each node in the network. Using policies to control an adaptive algorithmic method that monitors the individual behavior of each node, we show that it is possible to detect, accuse and punish misbehaving nodes with a high degree of confidence. Our evaluation results demonstrate that after the successful detection of misbehaving nodes, their punishment through network isolation can significantly improve network performance in terms of packet delivery and throughput.

Download full-text


Available from: Michael Howarth
  • Source
    • "This new scheme selects the intrusion response action based on the severity of the attack, the degradation in network performance and the expected impact of the response action on the network performance. Further, to improve scalability and to estimate the overhead imposed by our scheme we borrow and implement the clustering approach proposed in [2], modifying it for our protection mechanism. Finally, we have conducted a case study to assess the overall effectiveness of the proposed detection and adaptive response scheme. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Mobile Ad Hoc Networks are vulnerable to a variety of network layer attacks such as black hole, grey hole, sleep deprivation & rushing attacks. In this paper we present an intrusion detection & adaptive response mechanism for MANETs that detects a range of attacks and provides an effective response with low network degradation. We consider the deficiencies of a fixed response to an intrusion; and we overcome these deficiencies with a flexible response scheme that depends on the measured confidence in the attack, the severity of attack and the degradation in network performance. We present results from an implementation of the response scheme that has three intrusion response actions. Simulation results show the effectiveness of the proposed detection and adaptive response mechanisms in various attack scenarios. An analysis of the impact of our proposed scheme shows that it allows a flexible approach to management of threats and demonstrates improved network performance with a low network overhead.
    Full-text · Article · Feb 2014 · Ad Hoc Networks
  • [Show abstract] [Hide abstract]
    ABSTRACT: The motivation of the presented thesis emanated from the need for unrestricted wireless communication in a scalable and predictable manner. This need is accentuated by the increasing users' demand for spontaneous communication. The objective is to propose a management framework able to leverage the potential of wireless ad hoc networks as an alternative communication method allowing them to coexist with other networks and to emerge as their flexible extension.
    No preview · Conference Paper · Jul 2009
  • [Show abstract] [Hide abstract]
    ABSTRACT: Due to its obvious importance, fault detection and localization is a well-studied problem in communication networks, as attested by the many techniques designed to address this problem. The inherent variability, limited component reliability, and constrained resources of MANETs (Mobile Ad hoc Networks) make the problem not just more important, but also critical. Practical development and deployment considerations imply that fault detection and localization methods must i) avoid relying on overly detailed models of network protocols and traffic assumptions and instead rely on actual cross-layer measurements/observations, and ii) be applicable across different network scales and topologies with minimum adjustments. This paper demonstrates the feasibility of such goals, and proposes an important and as yet unexplored approach to fault management in MANETs: network-invariant fault detection, localization and diagnosis with limited knowledge of the underlying network and traffic models. We show how fault management methods can be derived by observing statistical network/traffic measurements in one network, and subsequently applied to other networks with satisfactory performance. We demonstrate that a carefully designed but widely applicable set of local and weak global indicators of faults can be efficiently aggregated to produce highly sensitive and specific methods that perform well when applied to MANETs with varying sizes, topologies, and traffic matrices.
    No preview · Article · Jan 2012
Show more