scispace - formally typeset
Search or ask a question
Journal ArticleDOI

A model of data forwarding in MANETs for lightweight detection of malicious packet dropping

Leovigildo Sánchez-Casado1, Gabriel Maciá-Fernández1, Pedro García-Teodoro1, Roberto Magán-Carrión1
University of Granada1
20 Jul 2015-Computer Networks (Elsevier North-Holland, Inc.)-Vol. 87, Iss: 87, pp 44-58
TL;DR: This work introduces a model of data forwarding in MANETs which is used for recognizing malicious packet dropping behaviors and proposes an anomaly-based IDS system based on an enhanced windowing method to carry out the collection and analysis of selected cross-layer features.
About: This article is published in Computer Networks.The article was published on 2015-07-20 and is currently open access. It has received 27 citations till now. The article focuses on the topics: Network packet.

Summary (5 min read)

Jump to: [1. Introduction][2. Related Work][2.1. ACK-based Schemes][2.2. Reputation-based Schemes][2.3. Detection-based Schemes][2.4. Discussion of Related Work][3. Model for the Forwarding Process in MANETs][4. Malicious Packet Dropping Detection][4.1. Attack Model and Scenario Description][4.2. Overview of the Detection Approach][4.3. Parameters Estimation][4.4. Enhanced Windowing for Collecting Features][4.5. Complexity][4.6. Summary of the Detection Approach][5. Implementing the Packet Dropping Detection Scheme][6. Performance Evaluation][6.1. Experimental Environment][6.2. Detection Results][6.2.1. Influence of Window Size][6.2.2. Influence of Mobility][6.2.3. Influence of Channel Error Probability][6.2.4. Influence of Number of Malicious Nodes] and [6.2.5. Discussion and Comparison of Detection Results]

1. Introduction

  • Wireless networks have considerably evolved in the last years, leading to the appearance of different related technologies, architectures and applications [1].
  • One of the architectures that have attracted much attention, especially by the research community, are the so called Mobile Ad hoc NETworks .
  • Malicious nodes drop received data or control messages instead of relaying them, thus affecting the traffic in the network [5].
  • There are different types of dropping attacks, depending on the particular strategy adopted by the attacker [6].
  • The analytical model of the forwarding process which is used as the basis for their detection proposal is presented in Section 3.

2.1. ACK-based Schemes

  • Here, nodes in the network communicate with their neighbors to explicitly request acknowledgments and confirm the reception of sent packets.
  • These two schemes fail when any two-hop neighbors do not cooperate.
  • Besides, to reduce the routing overhead, authors present in [12] an improvement of their scheme called 2ACK, where only a portion of the packets are acknowledged.
  • Nodes use 3hop ACK packets to acknowledge TC messages, while HELLO rep packets advertise two-hop neighbors to a requesting MultiPoint Relay (MPR) node.
  • The collected information is afterwards used as the basis for an accusation-based collaborative mechanism for node isolation.

2.2. Reputation-based Schemes

  • The basic idea behind these techniques is that each node first generates an opinion with respect to others.
  • A trust manager sends and receives alarm messages, informing about detected adversaries.
  • Finally, a path manager is responsible for launching an appropriate response.
  • The authors in [17] propose Friends and Foes, a scheme to punish selfish nodes.
  • The concept of inner-circle consistence was adopted in [18] to identify forged route replies and prevent packet dropping attacks.

2.3. Detection-based Schemes

  • Marti et al. [19] proposed a system called Watchdog, where a monitor node compares the packets that it sends with the overheard packets forwarded by the next hop.
  • Classifiers like Naı̈ve-Bayes, RIPPER or C4.5 are then used for the detection.
  • They perform the intrusion detection in application, routing and MAC layers.
  • Other authors also propose dynamic adaptations in their works, like those in [24, 25].
  • The authors in [28] incorporate a Bayesian filter into the standard watchdog implementation in order to reduce the number of false positives.

3. Model for the Forwarding Process in MANETs

  • The model considers different legitimate circumstances in communications (collisions, channel errors or mobility) as well as malicious behaviors, and allows inferring how they all may affect the performance of the overall retransmission procedure.
  • If all of the previous events occur, the node tries to forward the packet.
  • To do this, two subsequent actions are taken.
  • Let us term this event as RTS event, and its associated probability PRTS .
  • All these circumstances cause messages to be lost and CTS packets not to be received, thus leading to an RTS retransmission.

4. Malicious Packet Dropping Detection

  • A new detection methodology for packet dropping in MANETs is explained.
  • First, the authors describe the attack model and the underlying scenario.
  • Second, the authors detail the proposed detection approach.
  • Next, the authors provide details about parameters estimation and suggest a windowing methodology.

4.1. Attack Model and Scenario Description

  • The authors also 1Although there are other reasons to consider a link as broken, like node failures, congestion or others, in this work, for simplicity, they will use indistinctly the terms mobility or broken link to encompass all these situations.
  • Of course, this aspect does not affect to the fundamentals of their proposal.
  • The authors additionally consider the existence of M malicious nodes, with the same behavior as the legitimate ones, except that they will also drop received packets instead of forwarding them.
  • A further extension of their work would imply the combination and evaluation of their technique with others which specifically deal with collusion attacks.
  • Their scheme might be complemented by performing some end-to-end checking, like the one proposed in [31].

4.2. Overview of the Detection Approach

  • This way, a set of network related features is first obtained for each node in a given temporal window of analysis.
  • From these features, the probability values given in Section 3 are afterwards estimated.
  • If PDROP is greater than this threshold and according to an anomaly-based approach, the authors conclude that the analyzed node is malicious, and legitimate otherwise: node = { malicious, if PDROP ≥ θ legitimate, otherwise (5) Obviously, the operating point of the detector depends on the value used for the detection threshold.
  • If θ is set to a low value, more malicious nodes in the network will be detected, but also more legitimate nodes will be misclassified as malicious (i.e., false positive rate increases).
  • On the contrary, the use of high values for θ will result in fewer malicious nodes being detected, but it will also produce low false positives.

4.3. Parameters Estimation

  • Here the authors discuss how to calculate the probabilities involved in their analytical model taking into account different features obtained from the network.
  • P̂MOB is set to 1 when the number of RTS retransmissions exceeds the SRL limit in a measuring window, since here the node considers that it does not have a connection with the next hop.
  • AODV (Ad hoc On-demand Distance Vector) routing protocol [35] is considered as a case study in this work.
  • In the case that the broken link is closer to the source node than to the destination one, the intermediate node throws the route away and sends back a Route ERRor message (RERR) to alert its precursors about the link fail.
  • For that, it sends a RREQ message in a similar way that the source node would do.

4.4. Enhanced Windowing for Collecting Features

  • This methodology presents two main drawbacks: i. The first one is related to situations where the temporal window ends just after the transmission of an RTS packet.
  • That is, the features are obtained for non-overlapping windows of P received data packets for each node in the network.
  • Fig. 3 evidences that, by employing the event-based windowing, the authors ensure that mobility situations can be fully collected.
  • Besides the solution of these reported problems, an additional significant advantage should be mentioned for the proposed event-based windowing scheme.

4.5. Complexity

  • Here the authors briefly discuss the complexity of the proposed scheme, taking into consideration both storage and computational requirements for each IDS instance.
  • Regarding memory needs, each IDS procedure running in a given node just requires to handle 5 features (4 of them integers and 1 boolean) for each node monitored.
  • In terms of computational overhead, for each node to be monitored their scheme executes a maximum of 13 basic operations (arithmetic, comparisons and assignments) per analysis window.
  • Expressed in Big O notation, the complexity of the proposed detector is O(1) per analysis window and monitored node, which is lower than that of most data mining techniques, usually of order O(n), O(n2), or even greater.
  • The detection performed by the SVM classifier used in [27] requires between 2,700 and 9,000 computations per analysis window and monitored node.

4.6. Summary of the Detection Approach

  • It must be noted that the detection proposal is based on an analytical model which employs simple features to carry out the detection process.
  • The use of this methodology incurs lower computational overhead in comparison with more sophisticated techniques based on data mining or machine learning algorithms, which require higher AC CE PT ED M AN US CR IP T computational complexity.
  • The operating point of their system must still be empirically obtained for specific scenarios or network conditions.

5. Implementing the Packet Dropping Detection Scheme

  • Beyond the theoretical development of their cross-layer malicious packet dropping detection method, in the following the authors discuss how to deploy their proposal.
  • The IDS has access not only to the statistics of sent packets by a given node, but also to those corresponding to the received packets.
  • The features for estimating the potential malicious behavior of a given node are indirectly collected by other nodes, which cooperate in order to provide a collaborative data collection process.
  • In the experimentation presented in Section 6 the authors show the effect of this estimation and demonstrate that it does not degrade significantly the performance of the detection system.
  • This way, the set of trustworthy monitor nodes can be substituted by the own neighbor nodes of a given one in the network.

6. Performance Evaluation

  • This section describes the experimental framework used to validate the packet dropping IDS approach proposed here, and the results obtained from that evaluation.
  • The authors have carried out extensive experiments to verify the proper performance of their proposal.

6.1. Experimental Environment

  • Network Simulator 2 (NS-2) [38] has been adopted as evaluation platform [39] to simulate several deployments for a MANET environment.
  • Other parameters chosen for simulation are those shown in Table 1 and Table 2.
  • The pause time is 15 s, that is, after reaching the desired destination the node waits for 15 s before choosing a new random destination and repeating the procedure.
  • Malicious nodes in the environment are configured to drop 20% of the data packets received to be forwarded towards a final destination.

6.2. Detection Results

  • The detection performance of the introduced IDS is evaluated by means of two well known parameters, namely the True Positives Rate (TPR), or detection accuracy/rate, and the False Positives Rate (FPR).
  • Repeating 75 times (with different seed values) each of the simulations2.
  • As expected, the results obtained for the distributed-collection IDS approach are a little bit worse than the ones got in the stand-alone case.
  • On the contrary, lower detection thresholds result in better TPR values, but in increasing FPR figures.

6.2.1. Influence of Window Size

  • The size of the selected event-based window for collecting the features has also been chosen through experimental results.
  • Operating Point for Different Window Sizes, also known as Table 3.
  • As expected, the bigger the window the better detection capabilities in terms of FPR, although the size of the window cannot grow indefinitely, since this fact leads to increasing delays in the detection process.

6.2.2. Influence of Mobility

  • The authors now study the detection efficiency for different mobility conditions.
  • Six scenarios are thus simulated, with speed values from 5 m/s to 30 m/s to consider a wide range of possibilities.
  • Fig. 6 shows graphically both TPR and FPR for such different scenarios.
  • As shown, both the stand-alone and the distributed implementations achieve excellent results regarding the two metrics considered.
  • AC CE PT ED M AN US CR IP T meanwhile FPR always remains below 4%.

6.2.3. Influence of Channel Error Probability

  • The detection efficiency under different channel error probabilities has also been studied.
  • The authors have also considered higher error probabilities to test the performance of their scheme when different channel characteristics, like shadowing or multipath fading, cause large packet losses.
  • Fig. 7 depicts graphically both TPR and FPR in these situations.
  • As shown, TPR degrades for the stand-alone implementation as channel error probability increases.
  • This is mainly due to the fact that, for every received packet, it is more likely that the node has to retransmit it several times.

6.2.4. Influence of Number of Malicious Nodes

  • Another set of experiments are aimed at analyzing the performance of both detection approaches for an increasing number of malicious nodes.
  • The results obtained are presented in Fig. 8.
  • That is, the proposal provides again very good detection results.

6.2.5. Discussion and Comparison of Detection Results

  • From the above figures, it is clear that their IDS related proposal can efficiently detect the malicious nodes in the environment with an overall accuracy upper to 93%.
  • The authors have also carried out a more realistic comparison among their results and those exhibited by other similar schemes and comparable scenarios) in [22, 23, 27].
  • In order to show the suitability of this comparison among detection results, Table 4 presents for each scheme some parameters defining the scenarios considered.
  • This scheme integrates three different subsystems (a Bayes-based classifier, Markov chains and an association rule algorithm), which results in a more complex approach.

Did you find this useful? Give us your feedback

Figures (2)
Citations
More filters
Journal ArticleDOI
A time stamp-based algorithm to improve security and performance of mobile ad hoc network

[...]

Sachin D. Ubarhande1, D. D. Doye1, Prakash S. Nalwade1
Shri Guru Gobind Singhji Institute of Engineering and Technology1
01 May 2019-Wireless Networks
TL;DR: A time stamp-based algorithm is proposed which is an enhanced version of existing IDSNAODV algorithm and shows improved performance for packet delivery ratio, throughput and routing overhead as compared to existing algorithm.
Abstract: Mobile ad hoc network is open medium and infrastructure-less network. Mobile ad hoc network is susceptible to various security attacks such as, black hole attack, gray hole attack, bad mouthing attack, sybil attack and worm hole attack due to open medium, infrastructure-less features and lack of in-built security. In black hole attack and gray hole attack, attacker falsely sends route reply and dropped data packets received from source node. Due to these attacks, performance of mobile ad hoc network decreases. This paper proposes a time stamp-based algorithm which is an enhanced version of existing IDSNAODV algorithm. Proposed algorithm modifies existing palling process to validate identity of observer nodes using a time stamp-based approach. Based on defined set of rules and recorded activities report, source node decides the nature of target node. The performance of proposed algorithm is evaluated using the network simulator. The proposed algorithm shows improved performance for packet delivery ratio, throughput and routing overhead as compared to existing algorithm.

1 citations

Journal ArticleDOI
A Comprehensive Review of Mitigation Techniques for Blackhole Attack in AODV Routing Protocol in MANETs

[...]

Nitin Khanna, Monika Sachdeva
28 Feb 2018-International journal of advanced science and technology
TL;DR: In this paper, many existing solutions that are useful in mitigation of blackhole attack are reviewed and critically review them for their drawbacks and advantages along with their simulation and result highlights.
Abstract: Mobile Ad-hoc NETwork is a self-configuring network that has no infrastructure and communication happens in multi-hop fashion. This dynamic nature of MANET and lack of infrastructure makes it prone to many types of routing and security attacks. Ad-hoc Ondemand Distance Vector is the most commonly preferred routing protocol in which route is formulated only when it is needed in a reactive manner. AODV is prone to a kind of packet drop attack called blackhole attack. In this paper, we have reviewed many existing solutions that are useful in mitigation of blackhole attack. These mechanisms are categorized as detection and prevention methodologies in the review. We have provided a detail on these mechanisms involving the concept of mechanism, simulation and result in brief and critically review them for their drawbacks and advantages along with their simulation and result highlights. A comparison is drawn and finally, the future research areas are identified on which the research should focus.

1 citations

Cites background from "A model of data forwarding in MANET..."

  • ...Enhanced Temporal Windowing [26] NS-2 Detection Probability and statics of communication parameters Detection rate is 9299% for Blackhole attack Trade-off between threshold and detection accuracy hinders effectiveness...

    [...]

  • ...35 Detection Co-operative trust based approach Detection rate is approximatel y 96% Opinions cause high level overhead, network is prone to attacks in its initial phase CORIDS [24] Qualnet Detection Cluster head as IDS Shows 97% detection rate in Blackhole attack Use of CH requires high end hardware, larger routes are formed Trueness Level [25] Matlab Preventio n Trust Algorithms PDR rises to 92% Computation overheads, Trust is solely calculated on the base of PDR Enhanced Temporal Windowing [26] NS-2 Detection Probability and statics of communication parameters Detection rate is 92- 99% for Blackhole attack Trade-off between threshold and detection accuracy hinders effectiveness...

    [...]

Journal ArticleDOI
Trust-aware and energy-efficient data gathering in wireless sensor networks using PSO

[...]

Keiwan Soltani, Leili Farzinvash, Mohammad Ali Balafar
07 Feb 2023-Soft Computing
Journal ArticleDOI
DC-LTM: A Data Collection Strategy Based on Layered Trust Mechanism for IoT

[...]

An He1, Guangwei Wu1, Jinhuan Zhang2
Central South University Forestry and Technology1, Central South University2
17 Aug 2021-Wireless Communications and Mobile Computing
TL;DR: Li et al. as discussed by the authors proposed a data collection strategy based on a layered trust mechanism (DC-LTM), which recruited MVs as data collectors of the sensor nodes based on the data value in the city, evaluates the trustworthiness of the data reported by the nodes, and records the results to the cloud data center.
Abstract: A large number of Internet of Things (IoT) devices such as sensor nodes are deployed in various urban infrastructures to monitor surrounding information. However, it is still a challenging issue to collect data in a low-cost, high-quality, and reliable manner through IoT technique. Although the recruitment of mobile vehicles (MVs) to collect urban data has proved to be an effective method, most existing data collection systems lack a trust detection mechanism for malicious terminal nodes and malicious vehicles, which should lead to security vulnerabilities in practice. This paper proposes a novel data collection strategy based on a layered trust mechanism (DC-LTM). The strategy recruits MVs as data collectors of the sensor nodes based on the data value in the city, evaluates the trustworthiness of the data reported by the nodes, and records the results to the cloud data center. Furthermore, in order to make the data collection system more efficient and trust mechanism more reliable, we introduce unmanned aerial vehicles (UAVs) dispatched by data centers to actively verify the core sensor node data and use the core sensor data as baseline data to evaluate the credibility of the vehicles and the trust value of the whole network sensor nodes. Different from the previous strategies, UAVs adopts the DC-LTM method to obtain the node data while actively obtaining the trust value of MVs and nodes, which effectively improves the quality of data acquisition. Simulation results show that the mechanism effectively distinguishes malicious vehicles that provide false data in exchange for payment and reduces the total cost of system recruitment payments. At the same time, the proposed incentive mechanism encourages vehicle to complete the evaluation task and improves the accuracy of node trust evaluation. The recognition rates of false data attacks and flooding attacks as well as the recognition error rate of normal nodes are 100%, 98.9%, and 3.9%, respectively, which improves the quality of system data collection as a whole.
Journal ArticleDOI
Identification and eradication of attacker node in a mobile ad-hoc network environment using prediction model on delay factor

[...]

V. M. Gayathri1, P. Supraja1
SRM University1
01 Mar 2021-Evolving Systems
TL;DR: A prediction model based on the delay factor, which impacts the performance of the node and its network and determines the malicious node is offered.
Abstract: Mobile ad-hoc network (MANET) is a theoretical and experimental approach for achieving the applications to the best using VANETs. Given the mobility of nodes in the mobile ad-hoc networks, it is hard to depict the nature of the network or the structure of the network. With static nodes, it is easy to monitor a network. In a mobile environment, any node can come and join the network based on the distance covered by the entire network. A node that enters the region joins the network, while one that moves away leaves it and ceases participating in network communication. The routing table is updated, based on the movement of the nodes. Owing to the factors above, security fails to live up to expectations. Identifying a vulnerable node is a difficult proposition. This paper offers a prediction model based on the delay factor, which impacts the performance of the node and its network. The experimental results determine the malicious node. A malicious node is disconnected from the network.
References
More filters
Book
Wireless Communications: Principles and Practice

[...]

Theodore S. Rappaport
15 Jan 1996
TL;DR: WireWireless Communications: Principles and Practice, Second Edition is the definitive modern text for wireless communications technology and system design as discussed by the authors, which covers the fundamental issues impacting all wireless networks and reviews virtually every important new wireless standard and technological development, offering especially comprehensive coverage of the 3G systems and wireless local area networks (WLANs).
Abstract: From the Publisher: The indispensable guide to wireless communications—now fully revised and updated! Wireless Communications: Principles and Practice, Second Edition is the definitive modern text for wireless communications technology and system design. Building on his classic first edition, Theodore S. Rappaport covers the fundamental issues impacting all wireless networks and reviews virtually every important new wireless standard and technological development, offering especially comprehensive coverage of the 3G systems and wireless local area networks (WLANs) that will transform communications in the coming years. Rappaport illustrates each key concept with practical examples, thoroughly explained and solved step by step. Coverage includes: An overview of key wireless technologies: voice, data, cordless, paging, fixed and mobile broadband wireless systems, and beyond Wireless system design fundamentals: channel assignment, handoffs, trunking efficiency, interference, frequency reuse, capacity planning, large-scale fading, and more Path loss, small-scale fading, multipath, reflection, diffraction, scattering, shadowing, spatial-temporal channel modeling, and microcell/indoor propagation Modulation, equalization, diversity, channel coding, and speech coding New wireless LAN technologies: IEEE 802.11a/b, HIPERLAN, BRAN, and other alternatives New 3G air interface standards, including W-CDMA, cdma2000, GPRS, UMTS, and EDGE Bluetooth wearable computers, fixed wireless and Local Multipoint Distribution Service (LMDS), and other advanced technologies Updated glossary of abbreviations and acronyms, and a thorolist of references Dozens of new examples and end-of-chapter problems Whether you're a communications/network professional, manager, researcher, or student, Wireless Communications: Principles and Practice, Second Edition gives you an in-depth understanding of the state of the art in wireless technology—today's and tomorrow's.

17,102 citations

Ad hoc On-Demand Distance Vector (AODV) Routing

[...]

Charles E. Perkins, Elizabeth M. Belding-Royer, Samir R. Das
01 Jul 2003
TL;DR: A logging instrument contains a pulsed neutron source and a pair of radiation detectors spaced along the length of the instrument to provide an indication of formation porosity which is substantially independent of the formation salinity.
Abstract: The Ad hoc On-Demand Distance Vector (AODV) routing protocol is intended for use by mobile nodes in an ad hoc network. It offers quick adaptation to dynamic link conditions, low processing and memory overhead, low network utilization, and determines unicast routes to destinations within the ad hoc network. It uses destination sequence numbers to ensure loop freedom at all times (even in the face of anomalous delivery of routing control messages), avoiding problems (such as "counting to infinity") associated with classical distance vector protocols.

11,490 citations

Additional excerpts

  • ...AODV (Ad hoc On-demand Distance Vector) routing protocol [35] is considered as a case study in this work....

    [...]

Dynamic Source Routing in Ad Hoc Wireless Networks.

[...]

David B. Johnson1, David A. Maltz1
Carnegie Mellon University1
01 Jan 1994
TL;DR: In this article, the authors present a protocol for routing in ad hoc networks that uses dynamic source routing, which adapts quickly to routing changes when host movement is frequent, yet requires little or no overhead during periods in which hosts move less frequently.
Abstract: An ad hoc network is a collection of wireless mobile hosts forming a temporary network without the aid of any established infrastructure or centralized administration. In such an environment, it may be necessary for one mobile host to enlist the aid of other hosts in forwarding a packet to its destination, due to the limited range of each mobile host’s wireless transmissions. This paper presents a protocol for routing in ad hoc networks that uses dynamic source routing. The protocol adapts quickly to routing changes when host movement is frequent, yet requires little or no overhead during periods in which hosts move less frequently. Based on results from a packet-level simulation of mobile hosts operating in an ad hoc network, the protocol performs well over a variety of environmental conditions such as host density and movement rates. For all but the highest rates of host movement simulated, the overhead of the protocol is quite low, falling to just 1% of total data packets transmitted for moderate movement rates in a network of 24 mobile hosts. In all cases, the difference in length between the routes used and the optimal route lengths is negligible, and in most cases, route lengths are on average within a factor of 1.01 of optimal.

8,614 citations

Book ChapterDOI
Dynamic Source Routing in Ad Hoc Wireless Networks

[...]

David B. Johnson1, David A. Maltz1
Carnegie Mellon University1
01 Jan 1996
TL;DR: This paper presents a protocol for routing in ad hoc networks that uses dynamic source routing that adapts quickly to routing changes when host movement is frequent, yet requires little or no overhead during periods in which hosts move less frequently.
Abstract: An ad hoc network is a collection of wireless mobile hosts forming a temporary network without the aid of any established infrastructure or centralized administration. In such an environment, it may be necessary for one mobile host to enlist the aid of other hosts in forwarding a packet to its destination, due to the limited range of each mobile host’s wireless transmissions. This paper presents a protocol for routing in ad hoc networks that uses dynamic source routing. The protocol adapts quickly to routing changes when host movement is frequent, yet requires little or no overhead during periods in which hosts move less frequently. Based on results from a packet-level simulation of mobile hosts operating in an ad hoc network, the protocol performs well over a variety of environmental conditions such as host density and movement rates. For all but the highest rates of host movement simulated, the overhead of the protocol is quite low, falling to just 1% of total data packets transmitted for moderate movement rates in a network of 24 mobile hosts. In all cases, the difference in length between the routes used and the optimal route lengths is negligible, and in most cases, route lengths are on average within a factor of 1.01 of optimal.

8,256 citations

"A model of data forwarding in MANET..." refers methods in this paper

  • ...The mobility model for the nodes refers to the Random Waypoint Model (RWP) [41], with a fixed minimum speed equal to 1 m/s and a maximum speed varying from 5 to 30 m/s....

    [...]

Proceedings ArticleDOI
Mitigating routing misbehavior in mobile ad hoc networks

[...]

Sergio Marti1, TJ Giuli1, Kevin Lai1, Mary Baker1
Stanford University1
01 Aug 2000
TL;DR: Two techniques that improve throughput in an ad hoc network in the presence of nodes that agree to forward packets but fail to do so are described, using a watchdog that identifies misbehaving nodes and a pathrater that helps routing protocols avoid these nodes.
Abstract: This paper describes two techniques that improve throughput in an ad hoc network in the presence of nodes that agree to forward packets but fail to do so. To mitigate this problem, we propose categorizing nodes based upon their dynamically measured behavior. We use a watchdog that identifies misbehaving nodes and a pathrater that helps routing protocols avoid these nodes. Through simulation we evaluate watchdog and pathrater using packet throughput, percentage of overhead (routing) transmissions, and the accuracy of misbehaving node detection. When used together in a network with moderate mobility, the two techniques increase throughput by 17% in the presence of 40% misbehaving nodes, while increasing the percentage of overhead transmissions from the standard routing protocol's 9% to 17%. During extreme mobility, watchdog and pathrater can increase network throughput by 27%, while increasing the overhead transmissions from the standard routing protocol's 12% to 24%.

3,747 citations

"A model of data forwarding in MANET..." refers background in this paper

  • ...[19] proposed a system called Watchdog, where a monitor node compares the packets that it sends with the overheard packets forwarded by the next hop....

    [...]

Related Papers (5)
Prevention of selective black hole attacks on mobile ad hoc networks through intrusion detection systems

[...]

01 Jan 2011-Computer Communications
Ming-Yang Su
An intrusion detection & adaptive response mechanism for MANETs

[...]

01 Feb 2014
Adnan Nadeem, Adnan Nadeem, Michael Howarth
Preventing malicious packet dropping nodes in MANET using IFHM based SAODV routing protocol

[...]

01 Nov 2019-Cluster Computing
K. Vanitha, A. M. J. Zubair Rahaman
Reputation based malicious node detection in OppNets

[...]

01 Jan 2016
Asma'a Ahmad, Majeed Alajeely, Robin Doss
Detecting Malicious Packet Dropping in the Presence of Collisions and Channel Errors in Wireless Ad Hoc Networks

[...]

14 Jun 2009
Thaier Hayajneh, Prashant Krishnamurthy, David Tipper, Tae-Hoon Kim 
Frequently Asked Questions (2)
Q1. What have the authors contributed in "A model of data forwarding in manets for lightweight detection of malicious packet dropping" ?

This work introduces a model of data forwarding in MANETs which is used for recognizing malicious packet dropping behaviors. Second, the authors propose an anomaly-based IDS system based on an enhanced windowing method to carry out the collection and analysis of selected crosslayer features. The authors evaluate their proposal in a simulation framework and the experimental results show a considerable enhancement in detection results when compared with other approaches in the literature. Third, a real deployment of the IDS is also considered by suggesting a methodology for the collection of the selected features in a distributed manner. 

Different schemes can be analyzed for that, e. g., obtaining an average of previous AC CE PT ED M AN US CR IP T threshold values, computing the threshold as a function of the mobility speed, etc. • Finally, the authors are planning to extend their approach to include an attack model where several nodes work in collusion to evade the detection process.