A framework for misuse detection in ad hoc Networks-part I

Subhadrabandhu, D.; Sarkar, Saswati; Anjum, Farooq

doi:10.1109/jsac.2005.861387

Cited by 55 publications

(41 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our novel approach for monitoring node selection is to consider monitoring "wireless links" and not monitoring "nodes" as existing solutions propose [9,10]. Our approach helps detecting attacks that affect functionality of communication link, e.g., Black hole attack.…”

Section: Intrusion Detection System and Attacker Modelmentioning

confidence: 99%

“…The monitoring node selection as an optimization problem has received some attention [9,10,12], where the first two papers optimize the channel assignment in monitoring nodes equipped with multi-channel radios, while the latter only addresse the coverage problem of distributed monitoring selection algorithms. While the authors use existing mesh routers for monitoring purposes, another set of related work (e.g., [9,13]) considers deploying additional monitoring nodes.…”

Section: State Of Artmentioning

confidence: 99%

“…As proposed in the literature, in wireless networks, some nodes can be selected as "monitoring" nodes. They cooperatively perform intrusion detection functions [9,10]. It is obvious that duty-cycling mesh nodes are not suitable to be monitor nodes, since they are not awake all the time.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Energy Efficient Monitoring for Intrusion Detection in Battery-Powered Wireless Mesh Networks

Hassanzadeh

Stoleru

Shihada

2011

Ad-Hoc, Mobile, and Wireless Networks

View full text Add to dashboard Cite

Abstract. Wireless Mesh Networks (WMN) are easy-to-deploy, low cost solutions for providing networking and internet services in environments with no network infrastructure, e.g., disaster areas and battlefields. Since electric power is not readily available in such environments batterypowered mesh routers, operating in an energy efficient manner, are required. To the best of our knowledge, the impact of energy efficient solutions, e.g., involving duty-cycling, on WMN intrusion detection systems, which require continuous monitoring, remains an open research problem. In this paper we propose that carefully chosen monitoring mesh nodes ensure continuous and complete detection coverage, while allowing non-monitoring mesh nodes to save energy through duty-cycling. We formulate the monitoring node selection problem as an optimization problem and propose distributed and centralized solutions for it, with different tradeoffs. Through extensive simulations and a proof-of-concept hardware/software implementation we demonstrate that our solutions extend the WMN lifetime by 8%, while ensuring, at the minimum, a 97% intrusion detection rate.

show abstract

Section: Intrusion Detection System and Attacker Modelmentioning

confidence: 99%

Section: State Of Artmentioning

confidence: 99%

See 1 more Smart Citation

Energy Efficient Monitoring for Intrusion Detection in Battery-Powered Wireless Mesh Networks

Hassanzadeh

Stoleru

Shihada

2011

Ad-Hoc, Mobile, and Wireless Networks

View full text Add to dashboard Cite

show abstract

“…• Transmission security is based on digital signature method [12] in which each node uses private key to sign the blacklist.…”

Section: Blacklisting Of the Nodesmentioning

confidence: 99%

A Flow Monitoring based Distributed Defense Technique for Reduction of Quality Attacks in MANET

Venkatasubramanian¹,

Gopalan²

2011

IJCA

View full text Add to dashboard Cite

Reduction of Quality (ROQ) attack is one of the Denial of Service (DoS) attacks which affect the MANETs. Instead of refusing the clients from the services completely, these RoQ attacks throttle the TCP throughput heavily and reduce the QoS to end systems. To mitigate this RoQ attack in MANET, we propose to design a distributed defense technique in this paper. Initially, a mechanism for monitor node selection is designed such that the monitoring nodes should cover the entire network. These monitoring nodes estimate the short-lived flows to observe the sudden increase in the traffic load in a short time. When the total traffic load of such flow exceeds a threshold value, an attack is detected and the corresponding node is added into a local blacklist. The local blacklist from all the monitoring nodes is sent to a master node from which it evaluates the attacker. The attacker will be notified by the master node to all the monitoring nodes so that all the nodes become aware of the attacker. By simulation results, we show that the proposed technique improves the throughput with reduced packet drops. General TermsWireless Ad hoc networks, QoS

show abstract

“…Monitoring node solutions [8][9][10] select a subset of nodes (called monitoring nodes), assign each selected node the same set of IDS functions for monitoring a distinct part of network (i.e., either communication links [10] or WMN nodes [9]). These solutions, however, suffer from high false negative rates because some IDS functions cannot be activated on monitoring nodes due to limited resources (e.g., memory and processing power).…”

Section: Introductionmentioning

confidence: 99%

RAPID: Traffic-agnostic intrusion detection for resource-constrained wireless mesh networks

Hassanzadeh

Stoleru

Polychronakis

et al. 2014

Computers & Security

View full text Add to dashboard Cite

Due to the recent increased interest in wireless mesh networks (WMN), their security challenges have become of paramount importance. An important security mechanism for WMN, intrusion detection, has received considerable attention from the research community. Recent results show that traditional monitoring mechanisms are not applicable to real-world WMN due to their constrained resources (memory and processing power), which result in high false negative rates since only few IDS functions can be activated on monitoring nodes. Cooperative solutions, on the other hand, have high communication overhead and detection delay when traffic is high. A practical traffic-aware IDS solution was recently proposed for resource-constrained WMN, however, traffic-awareness might not be feasible for some WMN applications. This paper proposes a traffic-agnostic IDS solution that uses a link-coverage approach to monitor both local and backbone WMN traffic. Using real-world experiments and extensive simulations we show our proposed IDS solutions outperform traffic-aware IDS solutions while requiring lower computation and communication overhead.

show abstract

A framework for misuse detection in ad hoc Networks-part I

Cited by 55 publications

References 21 publications

Energy Efficient Monitoring for Intrusion Detection in Battery-Powered Wireless Mesh Networks

Energy Efficient Monitoring for Intrusion Detection in Battery-Powered Wireless Mesh Networks

A Flow Monitoring based Distributed Defense Technique for Reduction of Quality Attacks in MANET

RAPID: Traffic-agnostic intrusion detection for resource-constrained wireless mesh networks

Contact Info

Product

Resources

About