Jin Liu,Hefei Ling,Fuhao Zou,Wei Qi Yan,Zhengding Lu

DOI: https://doi.org/10.4018/jdcf.2010100103

2010-01-01

International Journal of Digital Crime and Forensics

Abstract:This paper proposes a technique to defeat Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks in Ad Hoc Networks. The technique is divided into two main parts and with game theory and cryptographic puzzles. Introduced first is a new client puzzle to prevent DoS attacks in such networks. The second part presents a multiplayer game that takes place between the nodes of an ad hoc network and based on fundamental principles of game theory. By combining computational problems with puzzles, improvement occurs in the efficiency and latency of the communicating nodes and resistance in DoS and DDoS attacks. Experimental results show the effectiveness of the approach for devices with limited resources and for environments like ad hoc networks where nodes must exchange information quickly.

Wei-Qiang Xu,Tie-Jun Wu

DOI: https://doi.org/10.1007/s11390-006-0072-2

2006-01-01

Abstract:Mobile ad hoc networks (MANETs) are a kind of very complex distributed communication systems with wireless mobile nodes that can be freely and dynamically self-organized into arbitrary and temporary network topologies. MANETs inherit several limitations of wireless networks, meanwhile make new challenges arising from the specificity of MANETs, such as route failures, hidden terminals and exposed terminals. When TCP is applied in a MANET environment, a number of tough problems have to be dealt with. In this paper, a comprehensive survey on this dynamic field is given. Specifically, for the first time all factors impairing TCP performance are identified based on network protocol hierarchy, i.e., lossy wireless channel at the physical layer; excessive contention and unfair access at the MAC layer; frail routing protocol at the network layer, the MAC layer and the network layer related mobile node; unfit congestion window size at the transport layer and the transport layer related asymmetric path. How these factors degrade TCP performance is clearly explained. Then, based on how to alleviate the impact of each of these factors listed above, the existing solutions are collected as comprehensively as possible and classified into a number of categories, and their advantages and limitations are discussed. Based on the limitations of these solutions, a set of open problems for designing more robust solutions is suggested.

Zhao Du,Wang Xueping,Yu Jianhua

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.09.097

2008-01-01

Abstract:When the mobile Ad Hoc Network (MANET) is widely used in many areas,the research on the security of the MANET is becoming more and more important.Because of its peculiarity,DDoS attacks have brought very serious threats to the MANET as well as to the wired network.A new efficient Neighbor Union-based defensive architecture is proposed to defend DDoS attacks in MANET.Attack data packets are detected and filtered.Experiments show that this detection and filtering policy can defend DDoS attacks effectively,while little storage space and time is consumed.

S.A.Arunmozhi,Y.Venkataramani

DOI: https://doi.org/10.5121/ijnsa.2011.3312

2011-06-07

Abstract:The wireless ad hoc networks are highly vulnerable to distributed denial of service(DDoS) attacks because of its unique characteristics such as open network architecture, shared wireless medium and stringent resource constraints. These attacks throttle the tcp throughput heavily and reduce the quality of service(QoS) to end systems gradually rather than refusing the clients from the services completely. In this paper, we discussed the DDoS attacks and proposed a defense scheme to improve the performance of the ad hoc networks. Our proposed defense mechanism uses the medium access control (MAC) layer information to detect the attackers. The status values from MAC layer that can be used for detection are Frequency of receiving RTS/CTS packets, Frequency of sensing a busy channel and the number of RTS/DATA retransmissions. Once the attackers are identified, all the packets from those nodes will be blocked. The network resources are made available to the legitimate users. We perform the simulation with Network Simulator NS2 and we proved that our proposed system improves the network performance.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Hung-Min Sun,Chiung-Shun Chen,Ci-Lun Chen,Yao-Hsin Chen

2011-01-01

Abstract:Wireless network technology is demanding and continually growing. However, unconstrained dynamic nature of the topology of mobile ad hoc networks makes them vulnerable to various types of attacks including routing attacks. Black hole attacks belong to one such type of attacks which disrupt the routing functions in MANETs. Rushing attacks also enable the attackers with limited resources and no cryptographic material to destroy the operation in MANETs. Wormhole attacks which are more sophisticated attacks still can easily crumble the connection in MANETs. These attacks greatly reduce the performance of the networks. Moreover, they are able to partition the network and degrade the connectivity of the network. In this paper, we propose a robust scheme to defense these routing attacks in MANETs and improve the performance of the networks.

S.M. Udhaya Sankar,D. Dhinakaran,C. Cathrin Deboral,M. Ramakrishnan

DOI: https://doi.org/10.14445/22315381/IJETT-V70I11P224

2023-04-21

Abstract:Wireless networks that are decentralized and communicate without using existing infrastructure are known as mobile ad-hoc networks. The most common sorts of threats and attacks can affect MANETs. Therefore, it is advised to utilize intrusion detection, which controls the system to detect additional security issues. Monitoring is essential to avoid attacks and provide extra protection against unauthorized access. Although the current solutions have been designed to defeat the attack nodes, they still require additional hardware, have considerable delivery delays, do not offer high throughput or packet delivery ratios, or do not do so without using more energy. The capability of a mobile node to forward packets, which is dependent on the platform's life quality, may be impacted by the absence of the network node power source. We developed the Safe Routing Approach (SRA), which uses behaviour analysis to track and monitor attackers who discard packets during the route discovery process. The attacking node recognition system is made for irregular routing node detection to protect the controller network's usual properties from becoming recognized as an attack node. The suggested method examines the nearby attack nodes and conceals the trusted node in the routing pathway. The path is instantly assigned after the initial discovery of trust nodes based on each node's strength value. It extends the network's life span and reduces packet loss. In terms of Packet Delivery Ratio (PDR), energy consumption, network performance, and detection of attack nodes, the suggested approach is contrasted with AIS, ZIDS, and Improved AODV. The findings demonstrate that the recommended strategy performs superior in terms of PDR, residual energy, and network throughput.

Networking and Internet Architecture,Cryptography and Security

ZHAO Du,JING Yi-Nan,WANG Xue-ping,YU Jian-hua

DOI: https://doi.org/10.3321/j.issn:1002-8331.2007.05.036

2007-01-01

Abstract:When the Mobile Ad Hoc Network(MANET) is widely used in many areas nowadays,the research on security of MANET is becoming more and more important.DDoS attacks have brought very serious threats to the MANET,as well as to the wired network.Because of the peculiarity of the MANET,the research for DDoS attacks in MANET is much more different from that in wired network.This paper first describes security problems in MANET,and then lists the DDoS attacks in the physics layer,MAC layer,network layer,and transport layer.At the same time,we also introduce the state of the art of defense mechanisms against the challenge of each kind of DDoS attacks.At last,some instructive suggestions about how to form a secure MANET against the DDoS attacks have been given.

Jaydip Sen,M. Girish Chandra,P. Balamuralidhar,Harihara S. G.,Harish Reddy

DOI: https://doi.org/10.48550/arXiv.1111.0385

2011-11-02

Abstract:In multi-hop mobile ad hoc networks (MANETs),mobile nodes cooperate with each other without using any infrastructure such as access points or base stations. Security remains a major challenge for these networks due to their features of open medium, dynamically changing topologies, reliance on cooperative algorithms, absence of centralized monitoring points, and lack of clear lines of defense. Among the various attacks to which MANETs are vulnerable, malicious packet dropping attack is very common where a malicious node can partially degrade or completely disrupt communication in the network by consistently dropping packets. In this paper, a mechanism for detection of packet dropping attack is presented based on cooperative participation of the nodes in a MANET. The redundancy of routing information in an ad hoc network is utilized to make the scheme robust so that it works effectively even in presence of transient network partitioning and Byzantine failure of nodes. The proposed scheme is fully cooperative and thus more secure as the vulnerabilities of any election algorithm used for choosing a subset of nodes for cooperation are absent. Simulation results show the effectiveness of the protocol.

Cryptography and Security,Networking and Internet Architecture

Iain Baird,Isam Wadhaj,Baraq Ghaleb,Craig Thomson

DOI: https://doi.org/10.3390/electronics13163314

IF: 2.9

2024-08-22

Electronics

Abstract:Mobile ad hoc networks (MANETs) offer a decentralized communication solution ideal for infrastructure-less environments like disaster relief zones. However, their inherent lack of central control and dynamic topology make them vulnerable to attacks. This paper examines the impact of various attacks on mobile nodes within two network types: randomly and uniformly distributed stationary networks. Four types of attacks are investigated: delay, dropping, sinkhole (alone), and a combined black hole attack (dropping + sinkhole). The effects of these attacks are compared using the packet delivery ratio, throughput, and end-to-end delay. The evaluation results show that all single attacks negatively impacted network performance, with the random network experiencing the most significant degradation. Interestingly, the combined black hole attack, while more disruptive than any single attack, affected the uniformly distributed network more severely than the random network.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ankita A. Mahamune,M. M. Chandane

DOI: https://doi.org/10.1007/s40031-021-00627-0

2021-06-15

Journal of The Institution of Engineers (India): Series B

Abstract:Mobile Ad hoc NETwork (MANET) is a distributed architecture-less network having mobile nodes dynamically building up routes among themselves for transmission of packets. Security is the most crucial interest for its essential working. Due to its distinctive features including active network topology, lack of fixed/centralized authority, slower data transfer rate, a limited number of resources, bandwidth, and battery power, it is often attackable by malevolent nodes. Various types of attacks can affect network operations and make trans-reception untrustworthy. In order to obtain a more robust MANET operation through innovative design and development strategies, the study of severity of various attacks and their respective counter measures is necessary. This paper presents a detailed survey of TCP/IP layerwise attacks on MANET and the corresponding defence mechanisms. Further, a MANET scenario using a standard dynamic routing protocol Ad Hoc On-demand Distance Vector (AODV) is framed and tested under the routing disruption attacks viz. grayhole, blackhole, and cooperative blackhole. The attacks are simulated in the EXata environment to determine their prevalence over others in varying network scenarios. The comparative performance analysis is also carried out based on the measurements of the state-of-the-art evaluation metrics like Packet Delivery Ratio (PDR), end-to-end delay, throughput, jitter, and the number of data packets dropped by malicious nodes. The presented work brings uniqueness where it covers a wide variety of attacks, respective defence mechanisms, and a successful practical demonstration to validate the severity of selective dominant attacks all at one place which is not found in earlier literature.

Ziming Zhao,Zhuotao Liu,Huan Chen,Fan Zhang,Zhuoxue Song,Zhaoxuan Li

DOI: https://doi.org/10.1109/tdsc.2023.3349180

2024-01-01

Abstract:Defending against Distributed Denial of Service (DDoS) attacks is a fundamental problem in the Internet. Over the past few decades, the research and industry communities have proposed a variety of solutions, from adding incremental capabilities to the existing Internet routing stack, to clean-slate future Internet architectures, and to widely deployed commercial DDoS prevention services. Yet a recent interview with over 100 security practitioners in multiple sectors reveals that existing solutions are still insufficient against , due to either unenforceable protocol deployment or non-comprehensive traffic filters. This seemingly endless arms race with attackers probably means that we need a fundamental paradigm shift. In this paper, we propose a new DDoS prevention paradigm named preference-driven and in-network enforced traffic shaping , aiming to explore the novel DDoS prevention norms that focus on delivering victim-preferred traffic rather than consistently chasing after the DDoS attacks. Towards this end, we propose DFNet, a novel DDoS prevention system that provides reliable delivery of victim-preferred traffic without full knowledge of DDoS attacks. At a very high level, the core innovative design of DFNet embraces the advances in Machine Learning (ML) and new network dataplane primitives, by encoding the victim's traffic preference (in the form of complex ML models) into dataplane packet scheduling algorithms such that the victim-preferred traffic is forwarded with priority at line-speed, regardless of the attacker strategy. We implement a prototype of DFNet in 11,560 lines of code, and extensively evaluate it on our testbed. The results show that a single instance of DFNet can forward 99.93% of victim-desired traffic when facing previously unseen attacks, while imposing less than 0.1% forwarding overhead on a dataplane with 80 Gbps upstream links and a 40 Gbps bottleneck.

Hung-Min Sun,Chiung-Hsun Chen,Ling-Chun Hsu,Yen-Hsueh Chen

DOI: https://doi.org/10.1049/cp.2011.0922

2011-01-01

Abstract:Many routing protocols in MANET have been proposed to resist packet dropping attacks by removing suspicious node from route. However, when they cannot discovery who is an adversary, they cannot effectively deal with packet dropping attacks launch by the adversary. In other words, when there is anyone type of packet dropping attacks they cannot resist, the packet delivery rate will be influenced. In view of this, we propose a novel scheme to mitigate the influence of any kind of packet dropping attacks in MANET. Further, our scheme can cooperate with other protocols to acquire better packet delivery rate and to decrease overheads. The security analysis and simulation study in this paper verify the effectiveness and efficiency of our scheme.

Akshai Aggarwal,Savita Gandhi,Nirbhay Chaubey,Naren Tada,Srushti Trivedi

DOI: https://doi.org/10.48550/arXiv.1405.6216

2014-02-10

Networking and Internet Architecture

Abstract:Mobile Ad Hoc Networks (MANETs) are collections of mobile nodes that can communicate with one another using multihop wireless links. MANETs are often deployed in the environments, where there is no fixed infrastructure and centralized management. The nodes of mobile ad hoc networks are susceptible to compromise. In such a scenario, designing an efficient, reliable and secure routing protocol has been a major challengesue over the last many years. The routing protocol Ad hoc On-demand Distance Vector (AODV) has no security measures in-built in it. It is vulnerable to many types of routing attacks. The flood attack is one of them. In this paper, we propose a simple and effective technique to secure Ad hoc Ondemand Distance Vector (AODV) routing protocol against flood attacks. To deal with a flood attack, we have proposed Neighbor Defense Technique for Ad hoc On-demand Distance Vector (NDTAODV). This makes AODV more robust. The proposed technique has been designed to isolate the flood attacker with the use of timers, peak value and hello alarm technique. We have simulated our work in Network Simulator NS-2.33 (NS-2) with different pause times by way of different number of malicious nodes. We have compared the performance of NDTAODV with the AODV in normal situation as well as in the presence of malicious attacks. We have considered Packet Delivery Fraction (PDF), Average Throughput (AT) and Normalized Routing Load (NRL) for comparing the performance of NDTAODV and AODV.

S. Syed Jamaesha,M. S. Gowtham,M. Ramkumar

DOI: https://doi.org/10.1002/ett.70008

IF: 3.6

2024-10-27

Transactions on Emerging Telecommunications Technologies

Abstract:ABSTRACT In the context of Mobile Ad Hoc Networks (MANETs), the dynamic and decentralized topology poses significant challenges like unreliable connectivity, limited bandwidth, node mobility, and vulnerability to security threats from malicious nodes. Ensuring secure and energy‐efficient data transmission in such environments is crucial for mission‐critical applications. This research addresses these pressing challenges by introducing a robust routing protocol capable of detecting and mitigating malicious nodes, thereby enhancing MANET's Quality of Service (QoS). The proposed approach, the Dendritic Cell with Adaptive Trust Q‐learning Protocol (dDC‐ATQP), integrates several innovative techniques to tackle these issues. Firstly, the trust evaluation mechanism assesses the behavior of nodes to identify potential malicious actors, mitigating the effect of malicious nodes on system execution. Secondly, the adaptive routing strategy optimizes data transmission paths based on real‐time network conditions, reducing latency and packet loss. To evaluate the effectiveness of this approach, extensive simulations are conducted using a range of performance metrics. The results demonstrate significant improvements over existing methods, including a throughput increase of (79.2% in 50 s), lower end‐to‐end‐delay (0.075 s for 20 nodes), energy consumption of (38.55/J), higher packet delivery ratio (98% for 20 nodes), reduced packet loss ratio (5% for 100 nodes), enhanced security (80% for 70 nodes).

telecommunications

Parmod Kumar,Anupam Baliyan,K. Ramalingeswara Prasad,N. Sreekanth,Parag Jawarkar,Vandana Roy,Enoch Tetteh Amoatey

DOI: https://doi.org/10.1155/2022/5713092

2022-04-13

Wireless Communications and Mobile Computing

Abstract:A number of disadvantages of traditional networks may be attributed to the close relationship that exists between the control plane and the data plane inside proprietary hardware designs, as described above. The problem of security is one of the most difficult to deal with. There are a plethora of network hazards and attacks that might be encountered these days. DDoS attacks are one of the most popular and disruptive attacks on the internet today, and they affect a wide range of organisations. Despite a large number of traditional mitigation solutions now available, the frequency, volume, and intensity of distributed denial-of-service (DDoS) attacks continue to rise. According to the findings of this paper, a new network paradigm is necessary to satisfy the requirements of today’s complex security concerns. It was necessary to develop a software-defined network (SDN) in order to meet the real-time needs of the massive network that was expanding at an exponential rate. Many advantages of SDN exist, including simplicity of administration, scalability, and agility, but one of the most critical is security, which is one of the most important considerations when implementing SDN. SDS may be seen as a paradigm in which the implementation of new security regulations in the computer environment is performed via the use of protected software, which is described further below. The goal is to provide a flexible and extensible architecture for DDoS detection and prevention that is both flexible and extendable; the suggested clustering approach, which is based on the Open Day Light (ODL) Controller, is employed to carry out the experimental findings. In this section, we emphasise DDoS penetration techniques from a range of tools, and we evaluate the vulnerability against various tactics. It is necessary to use a Mininet emulation tool to construct a detection and prevention system against distributed denial of service (DDoS) attacks in order to achieve success. There is a range of other simulation tools that are utilised in conjunction with this research in order to bring it to a conclusion. Integration of industry standards such as SNORT and Flow has been accomplished in a variety of situations and parameter settings. During the creation of a framework capable of detecting and mitigating DDoS attacks at an early stage in both the control and application levels, the implementation of this framework has been shown to be crucial in the development of a framework.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jaydip Sen,Sripad Koilakonda,Arijit Ukil

DOI: https://doi.org/10.48550/arXiv.1111.0387

2011-11-02

Abstract:A mobile ad hoc network (MANET) is a collection of autonomous nodes that communicate with each other by forming a multi-hop radio network and maintaining connections in a decentralized manner. Security remains a major challenge for these networks due to their features of open medium, dynamically changing topologies, reliance on cooperative algorithms,absence of centralized monitoring points, and lack of clear lines of defense. Most of the routing protocols for MANETs are thus vulnerable to various types of attacks. Ad hoc on-demand distance vector routing (AODV) is a very popular routing algorithm. However, it is vulnerable to the well-known black hole attack, where a malicious node falsely advertises good paths to a destination node during the route discovery process. This attack becomes more sever when a group of malicious nodes cooperate each other. In this paper, a defense mechanism is presented against a coordinated attack by multiple black hole nodes in a MANET. The simulation carried out on the proposed scheme has produced results that demonstrate the effectiveness of the mechanism in detection of the attack while maintaining a reasonable level of throughput in the network.

Cryptography and Security,Networking and Internet Architecture

Jun Li,HanPing Hu,Qiao Ke,Naixue Xiong

DOI: https://doi.org/10.3390/s17030553

2017-03-09

Abstract:With the rapid development of virtual machine technology and cloud computing, distributed denial of service (DDoS) attacks, or some peak traffic, poses a great threat to the security of the network. In this paper, a novel topology link control technique and mitigation attacks in real-time environments is proposed. Firstly, a non-invasive method of deploying virtual sensors in the nodes is built, which uses the resource manager of each monitored node as a sensor. Secondly, a general topology-controlling approach of resisting the tolerant invasion is proposed. In the proposed approach, a prediction model is constructed by using copula functions for predicting the peak of a resource through another resource. The result of prediction determines whether or not to initiate the active defense. Finally, a minority game with incomplete strategy is employed to suppress attack flows and improve the permeability of the normal flows. The simulation results show that the proposed approach is very effective in protecting nodes.

Wei Wei,Houbing Song,Huihui Wang,Xiumei Fan

DOI: https://doi.org/10.1109/access.2017.2681684

IF: 3.9

2017-01-01

IEEE Access

Abstract:Concentrating on the influence of DDoS applied to ad hoc networks, we introduced three classic queue management algorithms: Drop-Tail, random early detection (RED), and random exponential marking (REM). We analyzed and compared the defensive abilities of these algorithms applied to ad hoc networks with NS2 under DDoS attack. The results showed that active queue management algorithms, such as REM and RED, exhibited stronger defensive abilities than the passive queue management algorithm Drop-Tail under medium- and small-scale DDoS attacks; however, under large-scale DDoS attack, all three algorithms exhibited insufficient defensive capabilities. This means that other defense schemes, such as network detection, must be integrated into security schemes to defeat DDoS attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic

M. S. Gowtham,M. Vigenesh,M. Ramkumar

DOI: https://doi.org/10.1002/ett.4938

IF: 3.6

2024-01-31

Transactions on Emerging Telecommunications Technologies

Abstract:Abstract The Mobile Ad Hoc Network (MANET) depending on dynamic distributed topology presents several challenges such as decentralized infrastructure. In MANET, each node act as a host as well as a router to exchange packet. From Source to destination, the MANET nodes offer the ability of transmission to send, receive, and route traffic. Moreover, the presence of selfish nodes or malicious nodes in MANETs significantly degrades network performance. Identifying and isolating such nodes poses a formidable challenge. Consequently, this research introduces a security model founded on the principles of an Artificial Immune System (AIS) to detect and defend against Selfish Node (SN) attacks. This research work employs the principles of AIS to categorize a node's behavioral state based on the Mature Context Immune Antigen Rate (MCIAR). Subsequently, a hybrid protocol named Reliable History‐dependent Resource Conscious Clustered and Defensive AODV (RRCC‐DAODV) is introduced to detect Selfish Nodes (SNs) and counteract their attacks. Within the RRCC algorithm, the identification of selfish nodes relies on both Trust Value (TV) and Residual Energy (RE). Additionally, the proposed DAODV protocol incorporates the V‐detector algorithm to enhance defense mechanisms against potential attacks. The simulation of the proposed model is carried out in NS3. The proposed mechanism achieves a detection ratio of 94.05%. The simulation outcomes demonstrate the excellence of the implemented system. This superiority is observed when compared to other standard protocols, as indicated by the parameters of throughput, residual energy, packet delivery ratio, and delay.

telecommunications