scispace - formally typeset
Search or ask a question
Proceedings ArticleDOI

TraceGray: An application-layer scheme for intrusion detection in MANET using mobile agents

TL;DR: The proposed TraceGray scheme uses mobile agents to carry out intrusion detection in a MANET without modifying either the underlying routing algorithms or other layers like the datalink layer, and is essentially protocol independent.
Abstract: Many intrusion detection algorithms have been proposed to detect network attacks on Mobile Ad-Hoc Networks (MANET). Most of such proposals require extensive modifications to routing algorithms or lower layers which might not be always feasible in practice. This paper proposes a simple but non-trivial scheme TraceGray, that uses mobile agents (MA) to carry out intrusion detection in a MANET without modifying either the underlying routing algorithms or other layers like the datalink layer. TraceGray works only in the application layer and detects multiple gray holes in a DSR protocol based MANET, while traversing the network from a given source to a destination. Since mobile agents work in the application layer, our approach requires no changes to any existing routing protocols or lower layers and is essentially protocol independent. The ns-2 based implementation show successful detection of multiple gray holes in networks with moderate mobility.
Citations
More filters
Journal ArticleDOI
TL;DR: This paper proposes a novel Distributed Intrusion Detection System using Multi Agent in order to decrease false alarms and manage misuse and anomaly detects.
Abstract: s.y.rashida@gmail.com ABSTRACT In order to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. Therefore, it is necessary that this security concern must be articulate right from the beginning of the network design and deployment. The intrusion detection technology is the process of identifying network activity that can lead to a compromise of security policy. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and manage misuse and anomaly detects.

16 citations


Cites methods from "TraceGray: An application-layer sch..."

  • ...In [6], the mobile agent based intrusion detection system were developed which uses the trace gray technique to detect the intrusions....

    [...]

Book ChapterDOI
01 Jan 2017
TL;DR: A novel two player incomplete information extensive form game is used to model the defender and the attacker both of whom are considered rational agents in an effort to determine their optimal (equilibrium) strategies under different values for the parameters true detection rate, false alarm rate, packet value, probability of the node being a gray hole, cost of exposure of the attacker and cost of not using a node for the defender.
Abstract: Wireless ad hoc networks rely on the cooperation of participating nodes to undertake activities such as routing. Malicious nodes participating in the network may refuse to forward packets and instead discard them to mount a denial-of-service attack called a packet drop or blackhole attack. Blackhole attacks can however be easily detected using common networking tools like trace route as all packets passing through the malicious node is dropped. A gray hole attack on the other hand accomplishes denial of service by selectively dropping packets thus escaping detection. In this paper, a novel two player incomplete information extensive form game is used to model the defender and the attacker both of whom are considered rational agents in an effort to determine their optimal (equilibrium) strategies under different values for the parameters true detection rate, false alarm rate, packet value, packets forwarded per unit time, probability of the node being a gray hole, cost of exposure of the attacker and cost of not using a node for the defender. The respective equilibrium strategies if followed guarantee maximum possible protection for the defender and maximal possible damage potential for the attacker.

7 citations

Proceedings Article
11 Mar 2015
TL;DR: This paper speaks about gray hole detection by using cluster of three nodes and its performance with various mobility and number of nodes and a gray hole is harder to detect since it behaves normally during the route discovery phase.
Abstract: Mobile Ad-Hoc Networks are autonomous and decentralized wireless systems. MANETs consist of mobile nodes that are free in moving in and out in the network. Security in Mobile Ad-Hoc Network is the most important concern for the basic functionality of network. MANETs often suffer from security attacks because of its features like open medium, changing its topology dynamically, lack of central monitoring and management, cooperative algorithms and no clear defense mechanism. This characteristic makes MANETs more vulnerable to be exploited by an attacker inside the network. In MANET, a gray hole refers to a malicious node which initially responds to route requests normally but when packets are sent to it for transmission, it drops those packets either selectively or indiscriminately. In terms of detection, a gray hole is harder to detect since it behaves normally during the route discovery phase. Its malicious behavior exhibits only when data packets are routed through it. This behavior can be intermittent and not necessarily continuous or periodic in nature. This paper speaks about gray hole detection by using cluster of three nodes and its performance with various mobility and number of nodes.

7 citations

Book ChapterDOI
04 Jun 2014
TL;DR: A couple of alternative functions in MARS are designed and evaluated and lead to an increase in the resilience and tolerance of the network against security threats, improving network survivability.
Abstract: Few proposals exist in the literature where security in networks and communications is studied from a pro-active perspective. One of them is MARS, a self-healing system intended to mitigate the malicious effects of common threats in MANETs. MARS makes use of special agent nodes to recover the loss of connectivity due to the operation of malicious nodes in the environment. Despite the general good performance of MARS, this paper shows some situations in which it does not work properly. This is caused by an inappropriate behavior of the optimization objective function considered in MARS. To overcome this limitation, a couple of alternative functions are designed and evaluated. The effectiveness of the new proposals is validated through extensive experiments. The new optimization functions lead to an increase in the resilience and tolerance of the network against security threats, improving network survivability.

5 citations

Proceedings ArticleDOI
02 Jul 2013
TL;DR: This paper proposed a new method to detect malicious nodes actively without modifying or adding routing protocols, only few pairs of detection nodes are needed, which can identify and isolate malicious nodes.
Abstract: In mobile ad hoc networks (MANET), network security problems emerge in an endless stream. For example, malicious nodes may become immediate nodes of routing paths first by replying spoof routing information. Then data packets might be stolen, modified, and even dropped by malicious nodes. These kinds of behavior interfere or interrupt communication between nodes, wasting unnecessary bandwidth resource. In the literature, there exists many works on solving malicious nodes problems in MANET. Most of proposed solutions need to modify original routing protocols or add new protocols. It's hard to be practicable for real-world deployment. In this paper, we proposed a new method to detect malicious nodes actively. Without modifying or adding routing protocols, only few pairs of detection nodes are needed, which can identify and isolate malicious nodes. In our simulation, the results show that packets delivery rate can be improved 17% by one pair of detection nodes and the average extra overhead of each node is only increased by 0.1 KB/s.

4 citations

References
More filters
Proceedings ArticleDOI
01 Aug 2000
TL;DR: Two techniques that improve throughput in an ad hoc network in the presence of nodes that agree to forward packets but fail to do so are described, using a watchdog that identifies misbehaving nodes and a pathrater that helps routing protocols avoid these nodes.
Abstract: This paper describes two techniques that improve throughput in an ad hoc network in the presence of nodes that agree to forward packets but fail to do so. To mitigate this problem, we propose categorizing nodes based upon their dynamically measured behavior. We use a watchdog that identifies misbehaving nodes and a pathrater that helps routing protocols avoid these nodes. Through simulation we evaluate watchdog and pathrater using packet throughput, percentage of overhead (routing) transmissions, and the accuracy of misbehaving node detection. When used together in a network with moderate mobility, the two techniques increase throughput by 17% in the presence of 40% misbehaving nodes, while increasing the percentage of overhead transmissions from the standard routing protocol's 9% to 17%. During extreme mobility, watchdog and pathrater can increase network throughput by 27%, while increasing the overhead transmissions from the standard routing protocol's 12% to 24%.

3,747 citations


"TraceGray: An application-layer sch..." refers background in this paper

  • ...Marti et al [3] propose two extensions to the DSR algorithm: the watchdog and the pathrater, that rely on the promiscuous mode in DSR algorithm to identify misbehaving nodes....

    [...]

Journal ArticleDOI
TL;DR: A mobile agent has the unique ability to transport itself from one system in a network to another in the same network, which allows it to move to a system containing an object with which it wants to interact and then to take advantage of being in the the same host or network as the object.
Abstract: Dispatch your agents; shut off your machine. Mobility is an orthogonal property of agents, that is, not all agents are mobile. An agent can just sit there and communicate with its environment through conventional means, such as remote procedure calling and messaging. We call agents that do not or cannot move \" stationary agents. \" A stationary agent executes only on the system on which it begins execution. If it needs information not on that system or needs to interact with an agent on another system, it typically uses a communication mechanism, such as remote procedure calling. In contrast, a mobile agent is not bound to the system on which it begins execution [1]. It is free to travel among the hosts in the network. Created in one execution environment, it can transport its state and code with it to another execution environment in the network, where it resumes execution. The term \" state \" typically means the attribute values of the agent that help it determine what to do when it resumes execution at its destination. Code in an object-oriented context means the class code necessary for an agent to execute. A mobile agent has the unique ability to transport itself from one system in a network to another in the same network. This ability allows it to move to a system containing an object with which it wants to interact and then to take advantage of being in the same host or network as the object. Our interest in mobile agents is not motivated by the technology per se but rather by the benefits agents provide for creating distributed systems. There are at least seven main benefits, or good reasons, to start using mobile agents: They reduce the network load. Distributed systems often rely on communication protocols involving multiple interactions to accomplish a given task. The result is a lot of network traffic. Mobile agents allow users to package a conversation and dispatch it to a destination host where interactions take place locally. Mobile agents are also useful when reducing the flow of raw data in the network. When very large volumes of data are stored at remote hosts, that data should be processed in its locality rather than transferred over the network. The motto for agent-based data processing is simple: Move the computation to the data rather than the data to the computation. They overcome network latency. …

949 citations


"TraceGray: An application-layer sch..." refers methods in this paper

  • ...In this paper, we propose an application-layer scheme TraceGray which works primarily in the application layer using mobile agents [6] to detect gray holes and hence, requires no lower–layer modifications....

    [...]

Journal ArticleDOI
TL;DR: This paper examines the vulnerabilities of wireless networks and argues that it must include intrusion detection in the security architecture for mobile computing environment, and develops a key mechanism in this architecture, anomaly detection for mobile ad-hoc network, through simulation experiments.
Abstract: The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective. We need to search for new architecture and mechanisms to protect the wireless networks and mobile computing application. In this paper, we examine the vulnerabilities of wireless networks and argue that we must include intrusion detection in the security architecture for mobile computing environment. We have developed such an architecture and evaluated a key mechanism in this architecture, anomaly detection for mobile ad-hoc network, through simulation experiments.

808 citations


"TraceGray: An application-layer sch..." refers background in this paper

  • ...Zhang et al [2] propose a distributive and cooperative IDS architecture for MANET such that every node participates in the detection process by locally running an IDS agent and also participate in global intrusion detection....

    [...]

Proceedings ArticleDOI
06 Jan 2003
TL;DR: This paper implements an efficient and bandwidth-conscious framework that targets intrusion at multiple levels and takes into account distributed nature of ad hoc wireless network management and decision policies.
Abstract: In this paper we propose a distributed intrusion detection system for ad hoc wireless networks based on mobile agent technology. Wireless networks are particularly vulnerable to intrusion, as they operate in open medium, and use cooperative strategies for network communications. By efficiently merging audit data from multiple network sensors, we analyze the entire ad hoc wireless network for intrusions and try to inhibit intrusion attempts. In contrast to many intrusion detection systems designed for wired networks, we implement an efficient and bandwidth-conscious framework that targets intrusion at multiple levels and takes into account distributed nature of ad hoc wireless network management and decision policies.

292 citations


"TraceGray: An application-layer sch..." refers background in this paper

  • ...Kachirski and Guha [1] propose a mobile agent based distributed multi-sensor IDS....

    [...]

Proceedings ArticleDOI
01 Dec 2007
TL;DR: A security mechanism is proposed to defend against a cooperative gray hole attack on the well known AODV routing protocol in MANETs and shows that the scheme has a significantly high detection rate with moderate network traffic overhead.
Abstract: Protecting the network layer from malicious attacks is an important and challenging security issue in mobile ad hoc networks (MANETs). In this paper, a security mechanism is proposed to defend against a cooperative gray hole attack on the well known AODV routing protocol in MANETs. A gray hole is a node that selectively drops and forwards data packets after it advertises itself as having the shortest path to the destination node in response to a route request message from a source node. The proposed mechanism does not apply any cryptographic primitives on the routing messages. Instead, it protects the network by detecting and reacting to malicious activities of any node. Simulation results show that the scheme has a significantly high detection rate with moderate network traffic overhead.

105 citations


"TraceGray: An application-layer sch..." refers background in this paper

  • ...In [4] and [5], Sen et al propose algorithms in which every node monitor its neighbours to identify any abnormal activity and invokes a distributed algorithm to verify if a neighbour is malicious....

    [...]