무선 애드혹 네트워크에서 비정상 라우팅 행위 기반 DoS 공격 탐지 프레임워크 연구
A Framework for Protecting the Wireless Ad Hoc Networks from DoS Attacks based on Routing Misbehavior
- 주제(키워드) Routing misbehavior , intrusion detection , monitoring , wireless ad hoc networks
- 발행기관 아주대학교
- 지도교수 김동규
- 발행년도 2009
- 학위수여년월 2009. 2
- 학위명 박사
- 학과 및 전공 정보통신전문대학원 정보통신공학과
- 실제URI http://www.dcollection.net/handler/ajou/000000009926
- 본문언어 영어
- 저작권 아주대학교 논문은 저작권에 의해 보호받습니다.
초록/요약
A wireless ad hoc network has an autonomous structure in which network nodes scattered around without the help of specific infrastructure communicate and cooperate with one another through wireless media. In a wireless ad hoc network, all the nodes perform a series of routing processes during communication and deliver messages to the final destination. That is, for a message to be transmitted from the original sender to the final destination, multiple nodes repeat the process of receiving the message from the previous node and sending it to the next node. Accordingly, if one of the nodes misbehaves during the message transmission delivery process, communication cannot be made properly. Misbehavior is an intentional damage to the network by not following the routing process and by causing the loss of messages. Most of misbehaviors bring damages such as denial of service to the network. For example, if all packets to be delivered by a malicious node disguised as a normal node are discarded, all communication sessions that use a route including the node cannot get service. This type of attacks includes black hole, gray hole (selective forwarding), wormhole, message blocking, and message delivery to a wrong path. Such attacks are detected by the method of network monitoring that watches continuously whether messages are delivered properly to the next hop. This method basically uses watchdog. Watchdog observes through overhearing, which is a characteristic of communication technology based on wireless media, whether the node at the next hop delivers the message, which has been passed by the watchdog to the hop, to its next hop accurately. However, the use of watchdog has the difficulty that each message transmission has to be overheard continuously. Furthermore, it should have information on all messages transmitted. There are also technical limitations in watchdog itself. Thus, in this study, we reviewed problems in previous researches, and as a solution for the problems, proposed a new monitoring method that does not use overhearing watchdog. The proposed method can detect attacks in a more effective way while solving problems in the existing watchdog method. In the proposed method, each node accumulates statistical data on messages that it has processed in the communication process. Based on information accumulated in itself and neighbor nodes to be monitored, each node determines whether a neighbor node under monitoring is normal or damaging the network through frequent wrong routing behaviors. An experiment using a network simulator showed that the proposed method is more efficient than other existing methods. Wormhole attack is one of the most severe threats to ad hoc networks. There have been many researches to overcome the wormhole attack. These researches, however, still have some limitations to handle wormhole attacks properly such as burden of computation, complicated pre-work for each communication, and no defense method. In this study, we propose an effective wormhole attack defense mechanism that can properly detect wormhole attacks and respond to them. Each node maintains its neighbors’ information. According to the information, each node can identify replayed packet. We analyze the effectiveness of the proposed method and the efficiency of the approach by using traffic and memory space measure.
more목차
ACKNOWLEDGEMENT --------------------------------------------------------------- I
ABSTRACT ---------------------------------------------------------------------- III
TABLE OF CONTENTS ------------------------------------------------------------- V
LIST OF FIGURES --------------------------------------------------------------- X
LIST OF TABLES ---------------------------------------------------------------- XII
CHAPTER 1 INTRODUCTIONS ------------------------------------------------------- 1
1.1 ROUTING MISBEHAVIOR IN WIRELESS AD HOC NETWORKS -------------------------- 2
1.2 SCOPE AND GOAL OF THE DISSERTATION --------------------------------------- 9
1.3 STRUCTURE OF THE DISSERTATION -------------------------------------------- 9
CHAPTER 2 WIRELESS AD HOC NETWORKS AND SECURITY ------------------------------- 11
2.1 OVERVIEW OF ROUTING PROTOCOLS -------------------------------------------- 11
2.2 SECURITY SERVICES AND CHALLENGES ----------------------------------------- 17
2.3 SECURITY ATTACKS ON ROUTING PROTOCOL ------------------------------------- 19
2.3.1 Attacks using Impersonation ------------------------------------------- 20
2.3.2 Attacks using Modification -------------------------------------------- 22
2.3.3 Attacks using Fabrication --------------------------------------------- 23
2.3.4 Replay Attacks -------------------------------------------------------- 29
2.3.5 Denial of Service (DoS) Attacks --------------------------------------- 29
2.4 SECURE ROUTING PROTOCOLS ------------------------------------------------- 32
2.4.1 Secure Efficient Ad hoc Distance Vector (SEAD) ------------------------ 33
2.4.2 ARIADNE --------------------------------------------------------------- 34
2.4.3 Security Aware Routing (SAR) ------------------------------------------ 35
2.4.4 Secure Routing Protocol (SRP) ----------------------------------------- 36
2.4.5 Secure Routing Protocol for Ad Hoc Networks (ARAN) -------------------- 37
2.4.6 Security Protocols for Sensor Network (SPINS) ------------------------- 39
2.4.7 Cooperation of Nodes Fairness in Dynamic Ad hoc Networks (CONFIDANT) -- 40
2.4.8 Defense Mechanisms against Rushing Attacks ---------------------------- 41
2.4.9 Defense Mechanisms against Wormhole Attacks --------------------------- 42
2.4.10 Defense Mechanisms against Sybil Attacks ----------------------------- 43
2.4.11 Security Mechanisms for Broadcast Operation -------------------------- 45
2.4.12 Limitation of the Secure Routing Protocols --------------------------- 47
2.5 INTRUSION DETECTION SYSTEM FOR MANETS ------------------------------------ 47
2.5.1 Distributed IDS for Ad Hoc Networks ----------------------------------- 48
2.5.2 AODV Protocol-based IDS ----------------------------------------------- 49
2.5.3 Techniques for Intrusion-Resistant Ad Hoc Routing Algorithms ---------- 51
2.5.4 Distributed Intrusion Detection Using Mobile Agents ------------------- 52
2.5.5 Local Intrusion Detection System -------------------------------------- 54
2.5.6 Watch Dog and Pathrather ---------------------------------------------- 56
2.6 PREVENTING ROUTING MISBEHAVIOR ---------------------------------------- 56
2.6.1 Credit-Based Schemes -------------------------------------------------- 57
2.6.2 Reputation-Based Schemes ---------------------------------------------- 58
2.6.3 End-to-end Acknowledgment Schemes ------------------------------------- 59
2.6.4 Other Prior State-of-the-art Schemes ---------------------------------- 61
2.6.5 The TWOACK and S-TWOACK Schemes --------------------------------------- 62
CHAPTER 3 MOTIVATIONS AND ASSUMPTIONS ----------------------------------------- 63
3.1 LIMITATION OF THE EXISTING MONITORING SCHEME ----------------------------- 63
3.2 MONITORING ELEMENTS ------------------------------------------------------ 65
3.2 ASSUMPTIONS -------------------------------------------------------------- 66
CHAPTER 4 ROUTING MISBEHAVIOR DETECTION --------------------------------------- 68
4.1 OUTLINE OF THE PROPOSED FRAMEWORK ---------------------------------------- 69
4.2 COLLECTION OF INFORMATION ON NEIGHBOR NODES ------------------------------ 71
4.2.1 Neighbor List Construction for the Static Networks -------------------- 71
4.2.2 Discussions ----------------------------------------------------------- 76
4.2.3 Neighbor List Construction for the Dynamic Networks ------------------- 78
4.3 MONITORING THE NETWORK TRAFFIC ------------------------------------------- 81
4.4 MISBEHAVIOR DETECTION PROCESS -------------------------------------------- 84
4.4.1 Representative Node Selection ----------------------------------------- 85
4.4.2 Misbehavior Decision -------------------------------------------------- 86
4.5 REVISING THRESHOLD AUTOMATICALLY ----------------------------------------- 87
4.6 SUMMARY ------------------------------------------------------------------ 88
CHAPTER 5 EXPERIMENTAL RESULTS ------------------------------------------------ 90
5.1 ENVIRONMENT OF EXPERIMENT ------------------------------------------------ 90
5.2 RESULTS OF EXPERIMENT ON DETECTION PERFORMANCE --------------------------- 91
5.3 EXPERIMENTAL RESULTS ON NETWORK PERFORMANCE ------------------------------ 95
CHAPTER 6 COLLUSION-BASED ROUTING MISBEHAVIOR DETECTION ----------------------- 96
6.1 RELATED WORKS ------------------------------------------------------------ 97
6.1.1 Wormhole Attacks ------------------------------------------------------ 97
6.1.2 Previous Wormhole Attack Detection Methods ---------------------------- 99
6.2 WORMHOLE ATTACK DEFENSE MECHANISM ---------------------------------------- 102
6.2.1 Indication of the Wormhole Attacks ------------------------------------ 102
6.2.2 Building a Neighbor List ---------------------------------------------- 105
6.2.3 Detecting Wormhole ---------------------------------------------------- 106
6.2.4 Responding to Wormhole ------------------------------------------------ 107
6.3 ANALYSIS OF THE PROPOSED PROTOCOL ---------------------------------------- 109
6.3.1 Security Analysis ----------------------------------------------------- 109
6.3.2 Performance Analysis -------------------------------------------------- 110
6.4 SIMULATION --------------------------------------------------------------- 111
6.5 SUMMARY ------------------------------------------------------------------ 113
CHAPTER 7 CONCLUSIONS -------------------------------------------------------- 114
BIBLIOGRAPHY ------------------------------------------------------------------ 116
목차
FIGURE 1. ROUTE INFECTION RATIO UNDER ROUTING MISBEHAVIOR ATTACK ------------------------------ 6
FIGURE 2. NETWORK PERFORMANCE DEGRADATION UNDER CASE A ATTACK --------------------------------- 7
FIGURE 3. NETWORK PERFORMANCE DEGRADATION UNDER CASE B ATTACK --------------------------------- 7
FIGURE 4. AN EXAMPLE OF SYBIL ATTACK ---------------------------------------------------------- 21
FIGURE 5. AN EXAMPLE SENSOR NETWORK UNDER SELECTIVE FORWARDING ATTACKS ------------------------ 27
FIGURE 6. THE TYPES OF SELECTIVE FORWARDING ATTACKS ------------------------------------------- 28
FIGURE 7. NETWORK TRAFFIC INFORMATION MONITORING METHOD USING COOPERATING NODES --------------- 70
FIGURE 8. THE PROCESS OF CREATING A 1-HOP NEIGHBOR NODE INFORMATION LIST ---------------------- 72
FIGURE 9. THE PROCESS OF CREATING A 2-HOP NEIGHBOR NODE INFORMATION LIST ---------------------- 72
FIGURE 10. AN EXAMPLE OF A NEIGHBOR NODE INFORMATION LIST ------------------------------------- 76
FIGURE 11. THE SCHEMATIC VIEW OF THE NEIGHBOR LIST DISTRIBUTION IN THE DYNAMIC NETWORKS ------- 79
FIGURE 12. AN EXAMPLE OF MONITORING MESSAGES PROCESSED BY A NODE ------------------------------ 82
FIGURE 13. AN EXAMPLE OF MONITORING PROCESS FOR A NODE ---------------------------------------- 84
FIGURE 14. ADJUSTING THRESHOLD VALUE ---------------------------------------------------------- 87
FIGURE 15. CHANGE IN THE INTRUSION DETECTION RATE --------------------------------------------- 91
FIGURE 16. THE CUMULATIVE NUMBER OF DROPPED PACKETS ACCORDING TO SIMULATION TIME -------------- 92
FIGURE 17. CHANGE IN THE PACKET LOSS RATE ACCORDING TO THE NUMBER OF ATTACKERS ---------------- 93
FIGURE 18. THE EFFECTS OF THE TIME INTERVAL DURING NEIGHBOR LIST CONSTRUCTION ----------------- 94
FIGURE 19. CHANGE IN THE AVERAGE NETWORK DELAY ACCORDING TO THE NUMBER OF ATTACKERS ----------- 94
FIGURE 20. THE NUMBER OF MESSAGES EXCHANGED DURING THE NEIGHBOR NODE LIST CONSTRUCTION -------- 95
FIGURE 21. AN EXAMPLE OF WORMHOLE ATTACK ------------------------------------------------------ 98
FIGURE 22. AN EXAMPLE OF THE PACKET INCLUDING IDENTITIES AND MACS ----------------------------- 107
FIGURE 23. CUMULATIVE NUMBER OF DROPPED PACKET BY ATTACKER ------------------------------------ 111
FIGURE 24. AVERAGE LATENCY DURING SIMULATION TIME --------------------------------------------- 112
FIGURE 25. PACKET LOSS RATIO OF BOTH WITHOUT AND WITH DEFENSE MECHANISM ----------------------- 113
목차
TABLE 1. ATTACK TREE ---------------------------------------------------------- 4
TABLE 2. SIMULATION PARAMETERS ------------------------------------------------ 5
TABLE 3. A SUMMARY OF TIARA COUNTERMEASURES AGAINST INTRUSION ATTACKS --------- 52
TABLE 4. THE NEIGHBOR LIST CONSTRUCTION ALGORITHM FOR THE DYNAMIC NETWORKS ---- 81
TABLE 5. MONITORING ALGORITHM WHEN NODE X FORWARDS A PACKET TO NODE W --------- 83
TABLE 6. MONITORING ALGORITHM WHEN NODE X RECEIVES A PACKET FROM NODE W ------- 83
TABLE 7. SIMULATION PARAMETERS ------------------------------------------------ 90
TABLE 8. THE RESULTS OF THE NEIGHBOR CORRECTNESS TEST ------------------------- 108
