Y. Zhang and W. Lee, "Intrusion Detection in Wireless Ad-Hoc Networks," ACM Mobicom, pp. 275--283, Aug. 2000.  Home/Search   Document Details and Download   Summary   Related Articles   Check

.... erroneous routing updates, replaying old routing information, changing routing updates, or advertising incorrect routing information [25, 15] While these attacks are possible in xed networks as well, the nature of the ad hoc environment magni es their e ects, and makes their detection dicult [23]. The characteristics of an ad hoc network demand new metrics for routing. Traditionally, distance (measured in hops) is used as the metric in most ad hoc route discovery algorithms (e.g. AODV, DSR, ZRP, TORA etc. The use of other metrics (e.g. geographic location, signal stability, power, ....

Y. Zhang and W. Lee. Intrusion Detection in Wireless Ad-Hoc Networks. In The Sixth Annual ACM/IEEE Conference on Mobile Computing and Networking, Boston, MA, USA, August 2000.

....advantage. The modifications we propose to IEEE 802.11 protocol are based on a similar design philosophy of incorporating features in a protocol that help detect or discourage misbehavior. Intrusion detection and tolerance techniques are used as a tool for diagnosing and tolerating misbehavior [19, 3, 16, 7]. Intrusion detection approaches are based on developing a long term profile of normal activities, and identify intrusion by observing deviations from the measured profile. On the other hand, our proposed modifications are not dependent on the availability of a long term profile of normal ....

Y. Zhang and W. Lee. Intrusion detection in wireless adhoc networks. In Mobile Computing and Networking, pages 275--283, 2000.

.... erroneous routing updates, replaying old routing information, changing routing updates, or advertising incorrect routing information [8] While these attacks are possible in xed networks as well, the nature of the ad hoc environment magni es their e ects, and makes their detection dicult [14]. The characteristics of an ad hoc network demand new metrics for routing. Traditionally, distance (measured in hops) is used as the metric in most ad hoc route discovery algorithms (e.g. AODV [6] DSR [4] TORA [11] etc. The use of other metrics (e.g. geographic location [13] signal ....

Y. Zhang and W. Lee. Intrusion Detection in Wireless Ad-Hoc Networks. In The Sixth Annual ACM/IEEE Conference on Mobile Computing and Networking, Boston, MA, USA, Aug. 2000.

....the usage of smart antennae, thus decreasing information leakage and increasing the safety of physical layer and channel access. Intrusion Detection: Existing solutions for wired network Intrusion Detection Systems (IDS) do not suit the wireless Ad Hoc networks. The difficulties are discussed in [33]. To utilize either misuse detection or anomaly detection to monitor any possible compromises, the IDS must be able to distinguish normal from anomaly activities. To enable intrusion detection in wireless Ad Hoc networks, the research problems are: How to efficiently collect normal and anomaly ....

....3 Related Work Because of the special environments (e.g. battlefield) under which Ad Hoc networks are applied, the vulnerabilities and protection of routing topologies have been paid attention since the very beginning. The difficulties to apply current IDS to Ad Hoc networks are discussed in [33] and a multi layer integrated IDS for Ad Hoc environments is proposed. The security problems in wireless LAN and Ad Hoc networks are first investigated in [10] and [34] In [13] different methods for query location for on demand routing in Ad Hoc networks are analyzed. The latest Ad Hoc network ....

Y. Zhang and W. Lee. Intrusion detection in wireless ad-hoc networks. In Proceedings of ACM MobiComm, 2000.

....security of Ad Hoc networks and to establish IDS. The efforts in securing communication for wireless networks are also relevant to our work. Zhang and Lee studied the security characteristics of Ad Hoc networks. They identify the difficulties in applying current IDS to the wireless environments [16]. They presented a generic multi layer integrated IDS infrastructure for the Ad Hoc networks. But solutions to some critical problems remain. How to efficiently collect the patterns of attacks and how to safely distribute the intrusion detection results to individual host need further research. ....

Y. Zhang and W. Lee, "Intrusion detection in wireless Ad-Hoc networks, " in Proceedings of ACM MobiCom, 2000.

.... erroneous routing updates, replaying old routing information, changing routing updates, or advertising incorrect routing information [2, 3] While these attacks are possible in fixed networks as well, the nature of the ad hoc environment magnifies their effects, and makes their detection difficult [4]. The characteristics of an ad hoc network demand new metrics for routing. Traditionally, distance (measured in hops) is used as the metric in most ad hoc route discovery algorithms (e.g. AODV [5] DSR [6] TORA [7] etc. The use of other metrics (e.g. geographic location [8] signal stability ....

Y. Zhang and W. Lee, "Intrusion Detection in Wireless AdHoc Networks," in The Sixth Annual ACM/IEEE Conference on Mobile Computing and Networking, Boston, MA, USA, Aug. 2000.

....and trace misbehavior. We are aware of further techniques to do so, and believe that there are further techniques we are not aware of. In fact, this problem is quite similar to intrusion detection, which has been studied for most existing and envisioned networks, including mobile ad hoc networks [25]. 6 Conclusion We have described an architecture for fostering collaboration between selfish nodes of multi hop cellular networks, and have provided mechanisms to encourage honest behavior and to discourage dishonest behavior. To the best of our knowledge, no single paper was published so far on ....

Y. Zhang, W. Lee, "Intrusion Detection in Wireless Ad-Hoc Networks," Proceedings of the Sixth ACM International Conference on Mobile Networking and Computing, Boston, August 2000 (Mobicom 2000).

....could also perform cooperative detection. For example, in the insider clone attack, after exchanging its trace data with another node E, a node A might detect the attack if they both have met a third node P at about the same time but at quite different locations (if GPS is equipped) Zhang and Lee [34], Marti et al. 21] have studied the intrusion and misbehavior detection issue in mobile networks. Finally, after detecting the attacks and identify the compromised nodes, one or a certain number of nodes each sign a node revocation notice that include the identities of the compromised nodes ....

....specific routing protocols, while we design LHAP as a general network access control protocol which provides authentication for every packet and is independent of the routing protocols. Other work in ad hoc network security include work on intrusion and misbehavior detection. Zhang and Lee [34] describe several intrusion detection and response mechanisms for ad hoc networks. Marti et al. [21] consider the problem of detecting selfish intermediate nodes that do not forward packets. 8 Conclusions In this paper, we have presented LHAP, a lightweight hop by hop authentication protocol for ....

Y.Zhang and W.Lee. Intrusion Detection in Wireless Ad-Hoc Networks. MOBICOM 2000.

....mechanisms to detect nodes misbehaving with the intent of obtaining an unfair share of bandwidth (greedy misbehavior) in IEEE 802.11 based networks and penalize such misbehavior. II. RELATED WORK Considerable research has been done on detecting and handling misbehavior at the network layer [2], 3] 4] 5] 6] in wireless networks. One approach is to identify misbehaving nodes and avoid such nodes in routing [4] The redundant routes in ad hoc networks are used to route around misbehaving nodes. This ensures that reasonable throughput is obtained by well behaved nodes but it does ....

....of Correct Prediction with time. We measure the Correct Prediction percentage for 1 second intervals starting from time 0 and the results are averaged over 30 runs. For example, the Correct Prediction percentage plotted at 1 second is computed based on the packets received in the interval [1,2] seconds. The 3 curves in the figure plot the variation of Correct Prediction for misbehaving sender nodes having Percentage of Conformance (denoted as PC in the figure) of 0 , 40 and 80 . We see from the figure that a misbehaving node not following the backoff protocol at all (modeled by PC = ....

Yongguang Zhang and Wenke Lee, "Intrusion detection in wireless ad-hoc networks," in Mobile Computing and Networking, 2000, pp. 275--283.

....former but not for the latter. In contrast, we do not rely on those infrastructure assumptions and we focus on the interaction between two mobile principals with potentially similar privacy requirements. There has been other research on various aspects of security in systems with mobility (e.g. [9, 32, 33] in addition to [4, 6, 13, 18, 23, 30] cited above) Some of that work touches on privacy issues. In particular, the work of Jakobsson and Wetzel points out some privacy problems in Bluetooth. The protocols of this paper are designed to address such problems. The questions treated here are also ....

Yongguang Zhang and Wenke Lee. Intrusion detection in wireless ad-hoc networks. In Proceedings of the Sixth Annual ACM/IEEE International Conference on Mobile Computing and Networking (MobiCom 2000), pages 275--283, 2000.

....cryptography is not enough for combating unscrupulous nodes (i.e. malicious nodes that contain legitimate cryptographic key material) and the malevolent army of colluding nodes. As a remedy, Marti et al. 11] propose monitoring the transmission of neighbouring nodes, on the network routing level. [17] propose running intrusion detection agents on every node. We like to generalize the above ideas into a unified framework of intrusion detection. For this purpose, it is necessary to compile a list of rules against which to check for anomaly. For example, from a data centric point of view, a node ....

Y. Zhang and W. Lee. Intrusion detection in wireless ad-hoc networks. In Proc. 6th Annual ACM/IEEE International Conference on Mobile Computing (MOBICOM '00), pages 275--283, 2000.

....requires an elaborated model to produce high detection rate with low false alarm rate. Resource constrains. IDS should not consume too much power as MANET environment is often operated on battery power. Our goal is to develop IDS techniques that address these issues. In our preliminary study [35], we have developed a new architecture called Distributed and Cooperative Intrusion Detection. In this model, IDS agent runs at each mobile node and performs local data collection and local detection, whereas cooperative detection and global intrusion response can be triggered when a node ....

Y. Zhang and W. Lee. Intrusion detection in wireless ad-hoc networks. In Proceedings of the 6 ACM International Conference on Mobile Computing and Networking (MobiCom), August 2000.

....(a) the IEEE 802.11 MAC protocol is used and (b) when FAIRMAC is used and generate an intuition for possible solutions that may be used to alleviate these effects. 2. Background Prior work on Ad Hoc Network Security Security in ad hoc networks has been the focus of attention in recent times [1,2,3,8]. However, DoS attacks have not been addressed. In [2] Zhang and Lee point out the various attacks that are possible at different layers of the protocol stack. They do discuss possible solutions to a few of these attacks but the discussion is mainly focused on intrusion detection in ad hoc ....

....is used and generate an intuition for possible solutions that may be used to alleviate these effects. 2. Background Prior work on Ad Hoc Network Security Security in ad hoc networks has been the focus of attention in recent times [1,2,3,8] However, DoS attacks have not been addressed. In [2], Zhang and Lee point out the various attacks that are possible at different layers of the protocol stack. They do discuss possible solutions to a few of these attacks but the discussion is mainly focused on intrusion detection in ad hoc networks. In [3] a methodology for providing a secure ....

Y. Zhang and W. Lee, "Intrusion detection in wireless ad hoc networks," ACM MOBICOM, 2000.

....routing state in another node. Performance evaluation has shown that SEAD outperforms DSDV SQ in terms of packet delivery ratio, but SEAD adds overhead and latency to the network. 3. 2 Detection and Reaction Intrusion detection for wireless ad hoc networks has been proposed by Zhang and Lee [ZL00] to complement intrusion prevention techniques. The authors argue that an architecture for intrusion detection should be distributed and cooperative, using statistical anomaly detection approaches and integrating intrusion detection information from several networking layers. They use a majority ....

Yongguang Zhang and Wenke Lee. Intrusion Detection in Wireless Ad-Hoc Networks. In Proceedings of MOBICOM 2000, pages 275--283, 2000.

....transitions between the two communication modes. A suit of algorithms and protocols are implemented to realize the design with practical intrusion detection mechanisms. 4. 3 Assumptions As the communication infrastructure of ad hoc networks is volatile and vulnerable to wide range of attacks [109], it is inappropriate to push the complexity into the infrastructure. Thus by enforcing end to end security at the transport layer, we are able to provide solid and uniform security support to every node in the network despite security vulnerabilities in the lower layers. In our design, data ....

Y. Zhang and W. Lee. Intrusion detection in wireless ad-hoc networks. In MOBICOM, 2000.

....that sensor networks only consist of sensor nodes, because there is no reason why other types of devices should be disallowed from becoming a part of the network to communicate with the sensors. In the literature, we find many proposals concerning the security requirements of ad hoc networks [15, 22, 23, 33, 61, 62]. In standard security, we are concerned with confidentiality, authentication, integrity, nonrepudiation, access control, availability, but in the context of ad hoc networks, satisfying all these requirements does not ensure the security of the system as a whole [5, 8, 33, 35, 36, 37] The ....

....many parameters, it is typically around 1KB. In the context of SPINS, 1KB is already more than 20 of the available 4500 byte code space. Depending on the size of the trusted graph size, the required number of stored certificates for acceptable performance easily exceeds 10. Lastly, Zhang et al. [61] argue on the importance of intrusion detection for ad hoc networks, and propose an extension of existing techniques to the ad hoc wireless case. We believe that the time is still too early to fingerprint anomalies in ad hoc networks when it is even unclear how an e#cient protocol should behave. ....

Y. Zhang and W. Lee. Intrusion detection in wireless adhoc networks. In Proc. 6th Annual ACM/IEEE International Conference on Mobile Computing (MOBICOM'00), pages 275--283, 2000.

.... In our design, data privacy, data integrity, and data non repudiation are realized by end to end security solutions as specified in SSL TLS [26, 4] and its wireless extension WTLS [46] As the communication infrastructure of ad hoc networks is volatile and vulnerable to wide range of attacks [50], it is inappropriate to push the complexity into the infrastructure. Thus by enforcing end to end security at the transport layer, we are able to provide solid [44] and uniform security support to every node in the network despite security vulnerabilities in the lower layers 1 . In transport ....

Y. Zhang and W. Lee. Intrusion detection in wireless ad-hoc networks. In MOBICOM, 2000.

.... In our design, data privacy, data integrity, and data non repudiation are realized by end to end security solutions as specified in SSL TLS [25, 4] and its wireless extension WTLS [45] As the communication infrastructure of ad hoc networks is volatile and vulnerable to wide range of attacks [49], it is inappropriate to push the complexity into the infrastructure. Thus by enforcing end to end security at the transport layer, we are able to provide solid [43] and uniform security support to every node in the network despite security vulnerabilities in the lower layers 1 . In transport ....

Y. Zhang and W. Lee. Intrusion detection in wireless ad-hoc networks. In MOBICOM, 2000.

....of its own geographic position and is able to share it with others, hence creating other kinds of vulnerabilities. To conclude this subsection, it is worth mentioning that researchers are also exploring the application of intrusion detection techniques to the protection of mobile ad hoc networks [27]. Moreover, prevention of traffic analysis has also been considered [16] 3.3 Neighborhood Attacks can be based on the protocols between neighbors, such as the hello protocol. By this technique, an attacker can force a victim node to unveil private data, such as its identity. In fact, even in ....

Y. Zhang and W. Lee. Intrusion detection in wireless ad-hoc networks. In Proceedings of MOBICOM, 2000.

....updates mechanisms in a group of special nodes or servers in the ad hoc networks to increase service availability and robustness. The authors assume reliable communication links, 5 which does not hold in typical mobile wireless networks. Our approaches are clearly di#erent from these works. [15] studies the problem of intrusion detection in ad hoc networks. While intrusion detection is out of the scope of this report, the proposed algorithms are self defensive to detect potential attacks on our security system. Our design works with any intrusion detection mechanisms. We do not specify ....

....characterize this advantage. Finally we assume each node employs some local detection mechanism to monitor its one hop neighbors behavior. The assumption is based on another observation that although intrusion detection in 7 ad hoc networks is generally much more di#cult than in wired networks [15], monitoring and detecting misbehaviors or attacks among one hop neighboring nodes are readily easier and more practical [16] since each wireless transmission is a broadcast among the one hop neighborhood and local interactions are inherent features of wireless networks. 3.3 Adversary Model An ....

Y. Zhang and W. Lee, "Intrusion detection in wireless ad hoc networks," ACM MOBICOM, 2000.

No context found.

Y. Zhang and W. Lee, "Intrusion Detection in Wireless Ad-Hoc Networks," ACM Mobicom, pp. 275--283, Aug. 2000.

No context found.

Y. Zhang and W. Lee, "Intrusion Detection in Wireless Ad-Hoc Networks," ACM Mobicom, pp. 275--283, Aug. 2000.

No context found.

Y. Zhang and W. Lee. Intrusion Detection in Wireless AdHoc Networks. ACM Mobicom, pages 275--283, Aug. 2000.

No context found.

Y. Zhang and W. Lee. Intrusion detection in wireless ad-hoc networks. In ACM MOBICOM, 2000.

No context found.

Y. Zhang and W. Lee, "Intrusion detection in wireless ad hoc networks, " ACM MOBICOM, 2000

No context found.

Y. Zhang and W. Lee, "Intrusion Detection in Wireless Ad-Hoc Networks," ACM Mobicom, pp. 275--283, Aug. 2000.

....in typical ad hoc networks. The network density assumption quantitatively characterizes this redundancy. The assumption of local detection mechanisms is based on the observation that although intrusion detection in ad hoc networks is generally much more difficult than in their wired counterpart [34], monitoring and detecting misbehaviors among one hop neighbors are readily easier and more practical due to the broadcast nature of the wireless transmission [22] 3.2 Localized Trust Model The notion of trust is fundamental in authentication protocols. In the dominating TTP (trusted third ....

Y. Zhang and W. Lee. Intrusion Detection in Wireless Ad-hoc Networks. In MOBICOM, 2000.

....channel. 3) Each node has at least k one hop legitimate neighboring nodes . 4) Mobility is characterized by a maximum node moving speed S max . 5) Each node is equipped with some local detection mechanism to identify misbehaving nodes among its one hop neighborhood, e.g. those proposed in [4, 22]. This assumption is based on the observation that although intrusion detection in ad hoc networks is generally more difficult than in wired networks [4] detecting misbehaviors among one hop neighbors is readily easier and practical due to the broadcast nature of the wireless transmission ....

.... node is equipped with some local detection mechanism to identify misbehaving nodes among its one hop neighborhood, e.g. those proposed in [4, 22] This assumption is based on the observation that although intrusion detection in ad hoc networks is generally more difficult than in wired networks [4], detecting misbehaviors among one hop neighbors is readily easier and practical due to the broadcast nature of the wireless transmission [22] If a node could not find k neighbors, it may roam to a new location to obtain more neighbors. 3.1 Adversary Models Our design handles two kinds of ....

Y. Zhang and W. Lee, "Intrusion detection in wireless ad hoc networks," ACM MOBICOM, 2000

No context found.

Y. Zhang and W. Lee. Intrusion Detection in Wireless Ad Hoc Networks. Proc. of ACM Mobicom, 2000.

No context found.

Y. Zhang and W. Lee. Intrusion Detection in Wireless Ad Hoc Networks. 6th International Conference Mobile Computing and Networks, 2000.

No context found.

Y. Zhang and W. Lee. Intrusion detection in wireless ad hoc networks. In Proceedings of the 6th International Conference on Mobile Computing and Networking (MobiCom 2000.

No context found.

Yongguang Zhang and Wenke Lee. Intrusion Detection in Wireless Ad-Hoc Networks. In MOBICOM 2000. ACM Press, 2000.

No context found.

Y.G. Zhang, W. Lee and Y.A. Huang. Intrusion Detection in Wireless Ad-Hoc Networks. In Proc. of MOBICOM'00, August 2000.

No context found.

Zhang Y, Lee W. Intrusion detection in wireless ad-hoc networks. In MOBICOM, 2000; pp. 275 -- 283.

No context found.

Zhang, Y. & Lee, W. (2000), `Intrusion detection in wireless ad hoc networks', Proceedings of the 6th International Conference on Mobile Computing and Networking .

No context found.

Yongguang Zhang and Wenke Lee. Intrusion detection in wireless ad-hoc networks. In Mobile Computing and Networking, pages 275--283, 2000. also available as http: //citeseer.nj.nec.com/zhang00intrusion.html.

No context found.

Zhang, Y. und Lee, W.: Intrusion detection in wireless ad-hoc networks. In: Mobile Computing and Networking. S. 275--283. 2000. auch verfgbar unter http: //citeseer.nj.nec.com/zhang00intrusion.html.

No context found.

Y. Zhang. Intrusion detection in wireless ad-hoc networks, 2000.

No context found.

Y. Zhang and W. Lee. Intrusion Detection in Wireless AdHoc Networks. MOBICOM 2000. Proceedings of the 23 rd International Conference on Distributed Computing Systems Workshops (ICDCSW'03)

No context found.

Y.G. Zhang, W. Lee and Y.A. Huang. Intrusion Detection in Wireless Ad-Hoc Networks. In Proceedings of the Sixth Annual ACM/IEEE International Conference on Mobile Computing and Networking (MOBICOM 2000.

No context found.

Y. Zhang and W. Lee. Intrusion detection in wireless ad hoc networks. In Proceedings of MOBICOM'00, pages 275--283, 2000.

No context found.

Y. Zhang and W. Lee. Intrusion detection in wireless ad-hoc networks. In Proceedings of Mobicom'2000.

No context found.

Y. Zhang and W. Lee. Intrusion Detection in Wireless Ad-Hoc Networks. In Proceedings of MobiCom, 2000.

No context found.

Y. Zhang and W. Lee. Intrusion detection in wireless ad hoc networks. In Proc. ACM MOBICOM, 2000.

No context found.

Yongguang Zhang and Wenke Lee. Intrusion detection in wireless ad-hoc networks. In Proceedings of MOBICOM 2000.

No context found.

Y. Zhang and W. Lee. Intrusion detection in wireless ad-hoc networks. th ACM/IEEE International Conference on Mobile Computing and Networking (MobiCOM'00), pages 275--283, Boston, MA, August 2000.

No context found.

Y. Zhang and W. Lee. Intrusion detection in wireless ad-hoc networks. In Proceedings of the sixth annual international conference on Mobile computing and networking, pages 275--283. ACM Press, 2000.

No context found.

Wenke Lee Yongguang Zhang. Intrusion detection in wireless ad-hoc networks. Mobicom, 2000.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC