WWW.DISSERTATION.XLIBX.INFO
FREE ELECTRONIC LIBRARY - Dissertations, online materials
 
<< HOME
CONTACTS



Pages:   || 2 | 3 | 4 | 5 |   ...   | 11 |

«Real-time Intrusion Detection for Ad hoc Networks Ioanna Stamouli A dissertation submitted to the University of Dublin, in partial fulfilment of the ...»

-- [ Page 1 ] --

Real-time Intrusion Detection for Ad hoc Networks

Ioanna Stamouli

A dissertation submitted to the University of Dublin, in partial fulfilment of

the requirements for the degree of Master of Science in Computer Science

September 12, 2003

Declaration

I declare that the work described in this dissertation is, except

where otherwise stated, entirely my own work and has not been

submitted as an exercise for a degree at this or any other

university.

Signed: ___________________

Ioanna Stamouli September 12, 2003 ii Permission to lend and/or copy I agree that Trinity College Library may lend or copy this dissertation upon request.

Signed: ___________________

Ioanna Stamouli September 12, 2003 iii Acknowledgements I would like to thank my supervisor, Mr. Hitesh Tewari, for all his guidance and assistance throughout the duration of this project. I would also like to thank my family who put me where I am today. Thanks and appreciation goes to my classmates for their continuous support throughout the year and for making me feel like home. Finally, I would like to thank Patroklos Argyroudis for his enlightening critique in many aspects of the project and for the essential comments concerning this document.

iv Abstract In the recent years, wireless technology has enjoyed a tremendous rise in popularity and usage opening new fields of applications in the domain of networking. One such field concerns mobile ad hoc networks (MANETs) where the participating nodes do not rely on any existing network infrastructure. By definition the nature of ad hoc networks is dynamically changing and they have a fully decentralised topology. Hence security is hard to achieve due to the dynamic nature of the relationships between the participating nodes as well as the vulnerabilities and limitations of the wireless transmissions medium.

The RIDAN system is a novel architecture that uses knowledge-based intrusion detection techniques to detect active attacks that an adversary can perform against the routing fabric of mobile ad hoc networks. Moreover, the system is designed to take countermeasures to minimise the effectiveness of an attack and keep the performance of the network within acceptable limits.

The novelty of the system lies in the usage of timed finite state machines that enable the real-time detection of active attacks.

The RIDAN system does not introduce any changes to the underlying routing protocol and operates as an intermediate component between the network traffic and the routing protocol.

The system was developed and tested to operate in AODV-enabled networks using the network simulator (ns-2). The simulator parameters that were used in the scenarios developed to evaluate the RIDAN system consider both the accuracy and the efficiency of the simulation. The system was evaluated using as main the metric the delivery ratio. Thus when the system is under the sequence number attack the delivery ratio drops to 38.3% while the RIDAN-enabled AODV increases its performance by 16.6%. When the network is under the resource consumption attack the delivery ratio of AODV drops to 42.6% and the RIDAN system improves it by 31.6%.

The final implemented attack is the dropping routing packets attack and when it is performed the delivery ration decreases to 23% while the RIDAN-enabled AODV manages to keep the network performance 13.8 % higher.

–  –  –

INTRODUCTION

1.1 BACKGROUND

1.2 PROPOSED GOALS

1.3 DOCUMENT OVERVIEW

AD HOC NETWORKS

2.1 INTRODUCTION

2.2 PROPERTIES OF AD HOC NETWORKS

2.3 COMPARISON WITH WIRED NETWORKS

2.3.1 Infrastructure

2.3.2 Addressing

2.3.3 Routing

2.4 AD HOC ROUTING PROTOCOLS

2.4.1 Properties of Ad hoc Routing Protocols

2.4.2 Table-driven Ad hoc Routing Protocols

2.4.2.1 Destination-Sequenced Distance-Vector (DSDV)

2.4.2.2 Optimised Link State Routing (OLSR)

2.4.3 On-demand Ad hoc Routing Protocols

2.4.3.1 Ad hoc On-demand Distance Vector (AODV)

2.4.3.2 Dynamic Source Routing (DSR)

2.4.5 AODV Operational Details

2.4.5.1 Properties

2.4.5.2 Route Discovery

2.4.5.3 Route Maintenance

2.5 SUMMARY

SECURITY IN AD HOC NETWORKS

3.1 INTRODUCTION

3.2 SECURITY GOALS

3.2 SECURITY CHALLENGES

3.3 ACTIVE ROUTING ATTACKS

3.4 SECURITY SCHEMES

3.4.1 Intrusion Detection

3.4.2 Secure Routing

3.5 SUMMARY

INTRUSION DETECTION

4.1 INTRODUCTION

4.2 INTRUSION DETECTION IN INFRASTRUCTURE NETWORKS

vi 4.2.1 Specification-based Anomaly Detection

4.2.2 Statistical Process Control for Computer Intrusion Detection

4.2.3 A New Intrusion Method based on Process Profiling

4.2.4. Real-Time Protocol Analysis for Detecting Link-State Routing Protocol Attacks..............28

4.3 INTRUSION DETECTION IN AD HOC NETWORKS

4.3.1 Watchdog and Pathrater

4.3.2 Security Enhancements in AODV

4.3.3 Context Aware Detection of Selfish Nodes in DSR

4.4 SUMMARY





DESIGN

5.1 INTRODUCTION

5.2 SYSTEM OVERVIEW

5.2.1 OBJECTIVES

5.2.2 Assumptions

5.3 AODV ROUTING ATTACKS

5.3.1 Sequence Number Attack

5.3.2 Dropping Routing Traffic Attack

5.3.3 Resource Consumption Attack

5.4 MODELLING OF THE RIDAN INTRUSION DETECTION COMPONENT

5.4.1 Sequence Number Attack Detection

5.4.2 Dropping Routing Packets Attack Detection

5.4.3 Resource Consumption Attack Detection

5.5 SUMMARY

IMPLEMENTATION

6.1 INTRODUCTION

6.2 THE NS-2 NETWORK SIMULATOR

6.3 IMPLEMENTATION OF THE SEQUENCE NUMBER ATTACK

6.3.1 Implementation of the Sequence Number Attack Detection

6.4 IMPLEMENTATION OF THE DROPPING ROUTING PACKETS ATTACK

6.4.1 Implementation of the Dropping Routing Packets Attack Detection

6.5 IMPLEMENTATION OF THE RESOURCE CONSUMPTION ATTACK

6.5.1 Implementation of the Resource Consumption Attack Detection

6.6 SUMMARY

EVALUATION AND CONCLUSIONS

7.1 INTRODUCTION

7.2 EXPERIMENTS AND MEASUREMENTS

7.3 EVALUATION OF THE SEQUENCE NUMBER ATTACK DETECTION

7.4 EVALUATION OF THE DROPPING ROUTING PACKETS ATTACK DETECTION

vii

7.5 EVALUATION OF THE RESOURCE CONSUMPTION ATTACK DETECTION

7.6 ACCURACY OF THE RIDAN SYSTEM

7.7 CONCLUSIONS AND FURTHER WORK

7.8 SUMMARY

BIBLIOGRAPHY

–  –  –

FIGURE 2.1: AD HOC NETWORK EXAMPLE.

FIGURE 2.2: THE FORMAT OF ROUTE REQUEST PACKET.

FIGURE 2.3: PROPAGATION OF AN AODV RREQ AND ESTABLISHMENT OF THE REVERSE ROUTES.

........14 FIGURE 2.4: FORMAT OF A ROUTE REPLY (RREP) PACKET.

FIGURE 2.5: PROPAGATION OF A RREP MESSAGE FROM THE DESTINATION TO THE SOURCE NODE.

.........15 FIGURE 2.6: THE FORMAT OF THE ROUTE ERROR (RERR) MESSAGE

FIGURE 2.7: ROUTE MAINTENANCE.

FIGURE 5.8: HIGH-LEVEL ARCHITECTURE OF THE RIDAN LOGICAL COMPONENTS

FIGURE 5.9: EXAMPLE OF THE SEQUENCE NUMBER ATTACK

FIGURE 5.10: FIRST SEQUENCE NUMBER ATTACK DETECTION FSM.

FIGURE 5.11: SECOND SEQUENCE NUMBER ATTACK DETECTION FSM.

FIGURE 5.12: THIRD SEQUENCE NUMBER ATTACK FSM.

FIGURE 5.13: DROPPING ROUTING PACKETS ATTACK DETECTION FSM

FIGURE 5.14: RESOURCE CONSUMPTION ATTACK DETECTION FSM.

FIGURE 6.15: THE CLASS DIAGRAM OF THE SYSTEM. THE METHODS AND ATTRIBUTES OF THE AODV

PUBLIC AGENT ARE OMITTED FOR READABILITY REASONS.

FIGURE 7.16: DELIVERY RATIO VERSUS NUMBER OF CONNECTION IN THE SEQUENCE NUMBER ATTACK. 62

FIGURE 7.17: DELIVERY RATIO VERSUS NODE MOBILITY IN THE SEQUENCE NUMBER ATTACK................63

FIGURE 7.18: NUMBER OF FALSE REPLIES SENT BY THE MALICIOUS NODE VERSUS THE NUMBER OF

CONNECTIONS.

FIGURE 7.19: NUMBER OF FALSE REPLIES SENT BY THE MALICIOUS NODE VERSUS NODE MOBILITY.

.......64

FIGURE 7.20: DELIVERY RATIO VERSUS NUMBER OF CONNECTION IN THE DROPPING ROUTING PACKETS

ATTACK.

FIGURE 7.21: DELIVERY RATION VERSUS NODE MOBILITY IN THE DROPPING ROUTING PACKETS ATTACK.

FIGURE 7.22: ROUTING OVERHEAD RATIO VERSUS NUMBER OF ACTIVE CONNECTIONS IN THE DROPPING

ROUTING PACKETS ATTACK.

FIGURE 7.23: ROUTING OVERHEAD RATIO VERSUS NODE MOBILITY IN THE DROPPING ROUTING PACKETS

ATTACK.

FIGURE 7. 24: THE PERCENTAGE OF ADDITIONAL ROUTING TRAFFIC INTRODUCED WHEN THE NUMBER OF

ADDITIONAL PACKETS SENT BY THE MALICIOUS NODE INCREASES

FIGURE 7.25: DELIVERY RATIO VERSUS NUMBER OF CONNECTION IN THE RESOURCE CONSUMPTION

ATTACK.

FIGURE 7.26: DELIVERY RATION VERSUS NODE MOBILITY IN THE RESOURCE CONSUMPTION ATTACK....70

FIGURE 7.27: ROUTING PACKETS DROPPED RATIO VERSUS NUMBER OF CONNECTIONS.

FIGURE 7.28: ROUTING PACKETS DROPPED RATIO VERSUS NODE MOBILITY.

ixList of Tables

TABLE 6.1: DISTRIBUTION OF THE LOGICAL MODULES OF THE RIDAN SYSTEM IN THE METHODS OF THE

RIDAN-ENABLED AODV AGENT

TABLE 6.2: THE TCL FILES THAT WERE MODIFIED TO ADD THE NEW SEQAODV ROUTING AGENT.

.......46 TABLE 6.3: RECVREQUEST PSEUDOCODE.

TABLE 6.4: THE TCL FILES THAT WERE MODIFIED TO ADD THE NEW RIDANAODV ROUTING AGENT... 48

TABLE 6.5: PSEUDOCODE OF THE IMPLEMENTATION OF THE RIDAN DETECTION COMPONENT FOR THE

FIRST FSM USED TO DETECT THE SEQUENCE NUMBER ATTACK.

TABLE 6.6: PSEUDOCODE OF THE IMPLEMENTATION OF THE RIDAN DETECTION COMPONENT FOR THE

SECOND FSM USED TO DETECT THE SEQUENCE NUMBER ATTACK.

TABLE 6.7: PSEUDOCODE OF THE IMPLEMENTATION OF THE RIDAN DETECTION COMPONENT FOR THE

THIRD FSM USED TO DETECT THE SEQUENCE NUMBER ATTACK.

TABLE 6.8: THE TCL FILES THAT WERE MODIFIED TO ADD THE NEW DRPAODV ROUTING AGENT.

.......53 TABLE 6. 9: PSEUDOCODE OF THE IMPLEMENTATION OF THE DROPPING ROUTING PACKETS ATTACK......54 TABLE 6.10: CHANGES REQUIRED TO ENABLE AODV IN PROMISCUOUS MODE.

TABLE 6.11: PSEUDOCODE OF THE IMPLEMENTATION OF THE RIDAN DETECTION COMPONENT FOR THE

FSM USED TO DETECT THE DROPPING ROUTING PACKETS ATTACK.

TABLE 6.12: THE TCL FILES THAT WERE MODIFIED TO ADD THE NEW RCAODV ROUTING AGENT.

.......57

TABLE 6.13: PSEUDOCODE OF THE IMPLEMENTATION OF THE RIDAN DETECTION COMPONENT FOR THE

FSM USED TO DETECT THE RESOURCE CONSUMPTION ATTACK

TABLE 6.14: SIMULATION PARAMETERS.

xChapter 1Introduction

1.1 Background In the recent years, wireless technology has enjoyed a tremendous rise in popularity and usage, thus opening new fields of applications in the domain of networking. One of the most important of these fields concerns mobile ad hoc networks (MANETs), where the participating nodes do not rely on any existing network infrastructure. A mobile ad hoc network is a collection of wireless nodes that can be rapidly deployed as a multi-hop packet radio network without the aid of any existing network infrastructure or centralized administration [CE89]. Therefore, the interconnections between nodes are capable of changing on continual and arbitrary basis. Nodes within each other's radio range communicate directly via wireless links, while those that are further apart use other nodes as relays.

Ad hoc networks have a wide array of military and commercial applications. They are ideal in situations where installing an infrastructure network is not possible or when the purpose of the network is too transient or even for the reason that the previous infrastructure network was destroyed.

Security in mobile ad hoc networks is a hard to achieve due to dynamically changing and fully decentralized topology as well as the vulnerabilities and limitations of wireless data transmissions. Existing solutions that are applied in wired networks can be used to obtain a certain level of security. Nonetheless, these solutions are not always be suitable to wireless networks. Therefore ad hoc networks have their own vulnerabilities that cannot be always tackled by these wired network security solutions [ACP+02].

One of the very distinct characteristics of MANETs is that all participating nodes have to be involved in the routing process. Traditional routing protocols designed for infrastructure networks cannot be applied in ad hoc networks, thus ad hoc routing protocols were designed to satisfy the needs of infrastructureless networks. Due to the different characteristics of wired and wireless media the task of providing seamless environments for wired and wireless networks is very complicated. One of the major factors is that the wireless medium is inherently less secure than their wired counterpart. Most traditional applications do not provide user level security schemes based on the fact that physical network wiring provides some level of security [Bha94].

The routing protocol sets the upper limit to security in any packet network. If routing can be misdirected, the entire network can be paralyzed [WLB03]. This problem is enlarged in ad hoc networks since routing usually needs to rely on the trustworthiness of all nodes that are participating in the routing process. An additional difficulty is that it is hard to distinguish compromised nodes from nodes that are suffering from broken links.



Pages:   || 2 | 3 | 4 | 5 |   ...   | 11 |


Similar works:

«CURRICULUM VITAE NAME : AHMED SURNAME : AOUISSI CURRENT POSITION : PROFESSOR Chemistry Department –KSAPERSONAL ADRESS : TELEPHONE : 00 966 508259460 aouissed @yahoo.fr E-mail : aouissia@ksu.edu.sa E-mail : Website http://faculty.ksu.edu.sa/aouissi/default.aspx WORKING LANGUAGES : ARABIC-FRENCH-ENGLISH Educational background 1General Certificate of Education, Maths Option (Laghouat, Algeria) 1976. 2M. Sc (Higher Studies Certificate) in Applied Organic Chemistry (Algies, Algeria) 1981. 3Master...»

«DID SCHOOL CONCURRENCY AFFECT THE LOCATION OF RESIDENTIAL DEVELOPMENT?: AN ANALYSIS OF SCHOOL CONCURRENCY IN ALACHUA COUNTY, FLORIDA By LARA LEHMAN HOLIMON A THESIS PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF ARTS IN URBAN AND REGIONAL PLANNING UNIVERSITY OF FLORIDA 2012 1 © 2012 Lara Lehman Holimon 2 To my incredible parents, Jim and Beth Holimon, and to my remarkable siblings, Beth Ellen, Paul, and Jimmy...»

«The Gothic Wanderer From Transgression to Redemption Tyler R. Tichelaar, Ph.D. Praise for The Gothic Wanderer “This book makes me realize we are all Gothic wanderers. We look for meaning and ethics in life as we plod our way through a fantastic landscape peopled by strangers and strange things. As Tyler Tichelaar shows us, when we mature, we move from fearing the outcasts among us to recognizing ourselves in them. The Gothic Wanderer shows us the importance of its title figure in helping us...»

«M B 94.096 FOLKLÓR ÉS E T N O G R Á F I A 7 Vekerdi József A MAGYARORSZÁGI CIGÁNY KUTATÁSOK TÖRTÉNETE DEBRECEN,1982 VEKERDI JÓZSEF A magyarországi cigány k u t a t á s o k története DEBRECEN,1982 FOLKLÓR ÉS ETNOGRÁFIA 7. Oktatási és kutatási kiadvány Kossuth Lajos Tudományegyetem Néprajzi Tanszék Szerkeszti: Ujváry Zoltán Munkatárs: Barna Gábor K é z i r a t gyeuiánt ISSN 0139-2i|68 iB 5a-Mí-Ji^::xi ^N UJqfi.ö^ie '^n.j iqg^ I. 18-19. szízad A hazai cigány...»

«2015 1. NAME OF COUNTRY : Fiji 2. NAME OF LIBRARY : Library Services of Fiji 3. NAME OF DIRECTOR : Merewalesi Vueti 4. NAME OF PERSON FOR INTERNATIONAL MATTERS : Anaseini Jese 5. MAILING ADDRESS : P.O.Box 2526, Government Building, Suva, Fiji Islands 6. TELEPHONE : + 679 331 5303 / + 679 990 4266 7. FACSIMILE : +679 331 4994 8. EMAIL ADDRESS : mvueti@govnet.gov.fj / emvueti@ymail.com 1. GENERAL OVERVIEW OF RECENT MAJOR DEVELOPMENT 1.1 Establishment of Memorandum of Agreements with...»

«Restricted THE COUNCIL Minutes of the meeting held on 4 July 2007. Present: Lord Elystan Morgan, President (in the Chair); Mr Huw WynneGriffith, Vice-President; Mr Richard H Morgan, Treasurer; Professor Noel G Lloyd, Vice-Chancellor and Principal; Professor Aled Jones, Dr John Harries, Professor Lyn Pykett, Pro Vice-Chancellors; Mr Roger Banner, Mr Ben Davies, Professor Roger Earis, Mr Gwynfryn Evans, Dr Gayner Eyre, Mrs Elizabeth France, Dr M Hopkins, Mrs Rachel Hubbard, Mr Gerallt Hughes, Mr...»

«The Wave: A Teaching Tool for Minimising Resistance Author Christine Herzog, Auckland Workers' Educational Association The Wave can be applied to a range of educational settings and subjects. It is particularly effective when the subject matter is controversial and requires learners to consider various viewpoints or contexts different to their own. What is The Wave? The tool provides a reliable, easy-to-deliver, easyto-understand, easy-to-remember learning experience that highlights two main...»

«Proceedings of the 5th International Conference on Applied Human Factors and Ergonomics AHFE 2014, Kraków, Poland 19-23 July 2014 Edited by T. Ahram, W. Karwowski and T. Marek Voice and Text Messaging in Ship Communication Thomas Porathe, Peter Eklund, and Henrik Goransson Department of Shipping and Marine Technology Chalmers University of Technology Gothenburg, Sweden ABSTRACT Misunderstandings in voice radio communication have been identified as a root cause of accidents at sea. One reason...»

«Methodism Among Nova Scotia's Yankee Planters Allen B. Robertson Queen's University During the 1770s two revivalist evangelical sects gained a following in Nova Scotia; one, Newlight Congregationalism — with both Predestinarian and Free Will variants — grew out of the religious and social heritage of the colony's dominant populace, the New England Planters. The other sect, Wesleyan Methodism, took root among transplanted Yorkshiremen who moved between 1772 and 1776 to the Isthmus of...»

«Project on Managing the Atom The Three Overlapping Streams of India’s Nuclear Programs Kalman A. Robertson John Carlson April 2016 Project on Managing the Atom Belfer Center for Science and International Affairs Harvard Kennedy School 79 JFK Street Cambridge, MA 02138 617-495-4219 atom@hks.harvard.edu http://www. belfercenter.org/mta The author of this report invites liberal use of the information provided in it for educational purposes, requiring only that the reproduced material clearly...»

«Normal Spanning Trees, Aronszajn Trees and Excluded Minors Reinhard Diestel and Imre Leader We prove that a connected infinite graph has a normal spanning tree (the infinite analogue of a depth-first search tree) if and only if it has no minor obtained canonically from either an (ℵ0, ℵ1 )-regular bipartite graph or an order-theoretic Aronszajn tree. This disproves Halin’s conjecture that only the first of these obstructions was needed to characterize the graphs with normal spanning...»

«POWERFUL MIRRORS: NEO-VICTORIAN DOUBLING IN THE NOVELS OF LIBBA BRAY, CASSANDRA CLARE, AND KADY CROSS Lisa Graham A Thesis Submitted to the University of North Carolina Wilmington in Partial Fulfillment of the Requirements for the Degree of Masters of Arts Department of English University of North Carolina Wilmington 2013 Approved by Advisory Committee Mark Boren Katherine Montwieler Katie Peel Chair Accepted by Digitally signed by Ron Vetter DN: cn=Ron Vetter, o=UNCW, ou=Computer Science,...»





 
<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.