Basic Search / Detailed Display

Author: 蔡効謙
Hsiao-Chien Tsai
Thesis Title: 無線隨意網路上的惡意節點偵測機制
On Design of Reputation Mechanisms to Detect Malicious Nodes in Mobile Ad Hoc Networks
Advisor: 羅乃維
Nai-Wei Lo
Committee: 雷欽隆
Chin-Laung Lei
簡宏宇
Hung-Yu Chien
吳宗成
Tzong-Chen Wu
賴源正
Yuan- Cheng Lai
Degree: 博士
Doctor
Department: 管理學院 - 資訊管理系
Department of Information Management
Thesis Publication Year: 2011
Graduation Academic Year: 99
Language: 英文
Pages: 135
Keywords (in Chinese): 無線隨意網路無線網路網路安全名譽系統
Keywords (in other languages): MANET, mobile ad hoc network, wireless network, network security, reputation system
Reference times: Clicks: 1088Downloads: 4
Share:
School Collection Retrieve National Library Collection Retrieve Error Report

無線隨意網路(Mobile Ad Hoc Networks, MANETs)是由一群行動裝置節點所形成的無線網路,網路節點之間不需要固定的網路基礎設備即可建立通訊。在無線隨意網路下,網路的基本功能與服務由節點之間合作提供。然而這種即時建立的無線網路並沒有任何單位可強制節點之間必須提供可靠的服務,或提供正確的網路資訊,因此任何能夠存取網路的節點皆可不遵守網路通訊協定進行惡意行為,以破壞網路連結性或降低網路服務品質。
本論文提出了一些機制,用來偵測網路節點是否執行惡意行為,並破壞網路的服務品質。首先,這篇論文提出了一個惡意節點模糊推論引擎。此推論引擎根據鄰近節點的行為表現,來推論其他節點是否存在惡意行為。本論文亦提出了一個節點名譽系 (Reputation System)用來評鑑節點的行為表現,並推論網路是否存在惡意節點。此名譽系統根據網路環境動態調整信任評估模組,以提高惡意節點的偵測率與降低惡意節點的誤判率。網路節點的移動與不穩定的無線網路環境是造成惡意行為誤判的元兇。因此本論文亦提出了一個節點名譽校正機制(Reputation Calibration Mechanism),其根據網路狀況來校正節點的名譽,使一般的名譽系統皆可有效的在不穩定的網路環境下,有效的偵測惡意節點。本論文所提出的惡意節點偵測機制,皆經過大量的網路實驗測試。網路實驗結果證明本論文所提出的節點名譽校正機制,可在高移動性網路與不穩定的網路通訊下有效的偵測並隔離惡意節點,使網路運作正常。


A mobile ad hoc network (MANET) is a wireless communication network formed by a group of mobile devices. In a MANET environment, fixed infrastructure is not supported. When two nodes want to establish communication channel between each other, they require other intermediate nodes, which may move themselves during the communication session, to cooperatively help them to dynamically construct a route. There is no central authority in a MANET, therefore, a node cannot monitor and enforce other nodes to cooperatively provide reliable communication services. Any intermediate node in a data routing path may arbitrarily decide what action it will perform when receiving a route request or a forwarding data packet. Hence, for selfish or malicious reasons, malicious actions such as packet dropping and false information dissemination may be performed by a mobile node easily. Therefore, how to dynamically detect malicious nodes such that normal communications will not be disrupted or delayed and false information will not be spread, has become a critical issue and a challenging research topic in MANETs.
This dissertation proposed several mechanisms based on different concepts to detect malicious nodes in MANETs. First of all, a fuzzy inference engine for nodes in a MANET is proposed. The engine installed inside a node can infer the trust level of a target node based on observing reports from its neighboring nodes. Secondly, a node reputation system, which dynamically changes its trust evaluation models based on the current status of MANET environment, is introduced. Finally, a reputation calibration mechanism for general reputation systems is derived. The most challenge issue of malicious node detection in MANETs is that the dynamics of node mobility and everlastingly changed network status make trust evaluation of a target node inaccurate. The proposed reputation calibration mechanism can correct inaccurate trust value and let reputation system effectively detect malicious nodes in error-prone networks. The proposed mechanisms are all extensively evaluated by network simulations. The simulation results show that the reputation calibration mechanism is a promising way to detect malicious nodes in highly mobile and unstable networks.
The lesson we learned is that there is no clear rule to define whether a detected node behavior is based on malicious motivation in MANETs. Using fixed rules to detect malicious node behaviors is not always suitable. Instead, by adopting calibration mechanism, we can easily detect whether a node behavior is more toward to misbehaved direction or not. Dynamically constructing detection rules based on the behaviors of neighboring nodes is a promising way to effectively detect malicious nodes.

中文摘要 I Abstract III 誌 謝 V Contents VI List of Figures VIII List of Tables XI Chapter 1 Introduction 1 Chapter 2 Related Works 8 2.1 Credit-based Schemes 10 2.2 Acknowledgement-based Schemes 13 2.3 Reputation-based Schemes 15 Chapter 3 Problem Definition 23 Chapter 4 Threshold-adaptive Mechanism for Reputation System 24 4.1 Introduction of Threshold-adaptive Mechanism 24 4.2 Performance Evaluation 36 4.3 Brief Summary 42 Chapter 5 A Dual-core Adaptive Mechanism for Reputation System 44 5.1 Introduction of Dual-core Adaptive Mechanism 45 5.2 Performance Evaluation 55 5.3 Brief Summary 65 Chapter 6 Calibration Mechanism for Reputation System 67 6.1 Introduction of Calibration Mechanism 68 6.2 Implementation of the Calibration Mechanism in a Reputation System 72 6.3 Performance Evaluations under Different Mobility 75 6.4 Performance Evaluations under Noise Area 92 6.5 Discussion on Calibration Mechanism 113 6.6 Brief Summary 117 Chapter 7 Conclusion and Future Work 119

[1] P. G. Argyroudis and D. O'Mahony, "Secure routing for mobile ad hoc networks," IEEE Communications Surveys & Tutorials, vol. 7, pp. 2-21, 2005.
[2] H. Yih-Chun and A. Perrig, "A survey of secure wireless ad hoc routing," IEEE Security & Privacy Magazine, vol. 2, pp. 28-39, 2004.
[3] J. Van Der Merwe, Dawoud Dawoud and Stephen McDonald, "A survey on peer-to-peer key management for mobile ad hoc networks," ACM Computing Surveys (CSUR), vol. 39, 2007.
[4] G. F. Marias, P. Georgiadis, D. Flitzanis and K. Mandalas, "Cooperation enforcement schemes for MANETs: a survey," Wireless Communications and Mobile Computing, vol. 6, pp. 319-332, 2006.
[5] H. Yang, Shu J., Xiaoqiao Meng and Songwu Lu, "SCAN: self-organized network-layer security in mobile ad hoc networks," IEEE Journal on Selected Areas in Communications, vol. 24, pp. 261-273, 2006.
[6] A. Patwardhan, J. Parkera, M. Iorgab, A. Joshia, T. Karygiannisb and Y. Yeshaa, "Threshold-based intrusion detection in ad hoc networks and secure AODV," Ad Hoc Networks, vol. 6, pp. 578-599, 2008.
[7] S. Buchegger and Jean-Yves Le Boudec, "Performance analysis of the CONFIDANT protocol," Proceedings of the 3rd ACM International Symposium on Mobile ad hoc Networking & Computing, pp. 226-236, 2002.
[8] Sergio Marti,T. J. Giuli, Kevin Lai and Mary Baker, "Mitigating routing misbehavior in mobile ad hoc networks," Proceedings of the 6th Annual International Conference on Mobile computing and networking, pp. 255-265, 2000.
[9] Han Yu, Zhiqi Shen, Chunyan Miao, Leung C. and Niyato D. , "A Survey of trust and reputation management systems in wireless communications," Proceedings of the IEEE, vol. 98, pp. 1755-1772, 2010.
[10] A. Boukerche and Y. Ren, "A trust-based security system for ubiquitous and pervasive computing environments," Computer Communications, vol. 31, pp. 4343-4351, 2008.
[11] Jie Li, Ruidong Li and Jien Kato, "Future trust management framework for mobile ad hoc networks," IEEE Communications Magazine vol. 46, pp. 108-114, 2008.
[12] Yan Sun, Zhu Han and Liu, K.J.R., "Defense of trust management vulnerabilities in distributed ntworks," IEEE Communications Magazine, vol. 46, p. 112, 2008.
[13] Mzrak A.T., Savage S. and Marzullo K., "Detecting malicious packet losses," IEEE Transactions on Parallel and Distributed Systems, vol. 20, pp. 191-206, 2009.
[14] Wei Gong, Zhiyang You, Danning Chen, Xibin Zhao, Ming Gu and Kwok-Yan Lam, "Trust based routing for misbehavior detection in ad hoc networks," Journal of Networks, vol. 5, p. 551, 2010.
[15] Dongbin Wang, Xiangzhan Yu, Hui Zhi and Mingzeng Hu, "Enabling cooperative ad hoc networks under noise," Information Technology Journal, vol. 9, pp. 124-131, 2010.
[16] Djenouri D., Khelladi L. and Badache A.N., "A survey of security issues in mobile ad hoc and sensor networks," IEEE Communications Surveys & Tutorials, vol. 7, pp. 2-28, 2005.
[17] N. Marchang and R. Datta, "Collaborative techniques for intrusion detection in mobile ad-hoc networks," Ad Hoc Networks, vol. 6, pp. 508-523, 2008.
[18] L. Buttyan and J. Hubaux, "Stimulating cooperation in self-organizing mobile ad hoc networks," Mobile Networks and Applications, vol. 8, pp. 579-592, 2003.
[19] Yanchao Zhang, Wenjing Lou, Wei Liu and Yuguang Fang, "A secure incentive protocol for mobile ad hoc networks," Wireless Networks, vol. 13, pp. 569-582, 2007.
[20] Kejun Liu, Jing Deng, Varshney P.K. and Balakrishnan K., "An acknowledgment-based approach for the detection of routing misbehavior in MANETs," IEEE Transactions on Mobile Computing, vol. 6, pp. 488-502, 2007.
[21] D. Djenouri and N. Badache, "Struggling against selfishness and black hole attacks in MANETs," Wireless Communications and Mobile Computing, vol. 8, 2008.
[22] D. Djenouri and N. Badache, "On eliminating packet droppers in MANET: A modular solution," Ad Hoc Networks, vol. 7, 2009.
[23] Tarek Sheltami, Anas Al-Roubaiey, Elhadi Shakshuki and Ashraf Mahmoud, "Video transmission enhancement in presence of misbehaving nodes in MANETs," Multimedia Systems, vol. 15, pp. 273-282, 2009.
[24] Papadimitratos P., Buttyan L., Holczer T., Schoch E., FreudigerJ., Raya, M., Zhendong Ma, Kargl. F., Kung, A. and Hubaux J.-P., "Secure vehicular communication systems: design and architecture," IEEE Communications Magazine, vol. 46, pp. 100-109, 2008.
[25] Yang H., Ricciato F., Lu S. and Zhang L., "Securing a wireless world," Proceedings of the IEEE, vol. 94, pp. 442-454, 2006.
[26] Toshihiro SUZUKI, Ashiq KHAN and Wataru TAKITA, "Proactive cooperation mechanism against selfish power off for mobile ad hoc networks," IEICE Transactions on Communications, vol. 90, pp. 2702-2711, 2007.
[27] L. Buttyan and J. P. Hubaux, "Enforcing service availability in mobile ad-hoc WANs," Proceedings of the ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), 2000, pp. 87-96.
[28] B. Levente and H. Jean-Pierre, "Stimulating cooperation in self-organizing mobile ad hoc networks," Mobile Networks and Applications vol. 8, pp. 579-592, 2003.
[29] Zhong S., Chen J. and Yang Y.R., "Sprite: a simple, cheat-proof, credit-based system for mobile ad-hoc networks," Proceedings of the 22th IEEE International Conference on Computer Communications (INFOCOM), 2003.
[30] Baruch Awerbuch, David Holmer, Crisina Nita-Rotaru and Herbert Rubens, "An on-demand secure routing protocol resilient to byzantine failures," Proceedings of the ACM Workshop on Wireless Security (WiSe), 2002, pp. 21-30.
[31] Frank Kargl, Andreas Klenk, Stefan Schlott and Michael Weber, "Advanced detection of selfish or malicious nodes in ad hoc networks," Lecture Notes in Computer Science, vol. 3313, pp. 152–165, 2005.
[32] P. Michiardi and R. Molva, "CORE: A collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks," Proceedings of the 6th IFIP Communication and Multimedia Security Conference, 2002.
[33] S. Alampalayam and A. Kumar, "An adaptive and predictive security model for mobile ad hoc networks," Wireless Personal Communications, vol. 29, pp. 263-281, 2004.
[34] Jie Li, Ruidong Li and Jien Kato, "Future trust management framework for mobile ad hoc networks," IEEE Communications Magazine, vol. 46, pp. 108-114, 2008.
[35] David B. Johnson, David A. Maltz and Yih-Chun Hu, "The dynamic source routing protocol for mobile ad hoc networks," IETF MANET WG lnternet draft, 2000.
[36] Yan Lindsay Sun, Wei Yu, Zhu Han and Liu K.J.R., "Information theoretic framework of trust modeling and evaluation for ad hoc networks," IEEE Journal on Selected Areas in Communications, vol. 24, p. 305, 2006.
[37] J. Liu and V. Issarny, "An incentive compatible reputation mechanism for ubiquitous computing environments," International Journal of Information Security, vol. 6, pp. 297-311, 2007.
[38] Sudha Chinni, Johnson Thomas, Gheorghita Ghinea and Zhengming Shen, "Trust model for certificate revocation in ad hoc networks," Ad Hoc Networks, vol. 6, pp. 441-457, 2008.
[39] Kargl. F., Papadimitratos P., Buttyan L., Holczer T., Schoch E., FreudigerJ., Raya, M., Zhendong Ma, Kung, A. and Hubaux J.-P., "Secure vehicular communication systems: implementation, performance, and research challenges," IEEE Communications Magazine, vol. 46, pp. 110-118, 2008.
[40] Bo Sun, Kui Wu, Yang Xiao and Ruhai Wang, "Integration of mobility and intrusion detection for wireless ad hoc networks," International Journal of Communication Systems, vol. 20, 2007.
[41] Nakayama H., Kurosawa S., Jamalipour A. and Nemoto Y. Kato N., "A dynamic anomaly detection scheme for AODV-based mobile ad hoc networks," IEEE Transactions on Vehicular Technology, vol. 58, pp. 2471-2481, 2009.
[42] S. R. Zakhary and M. Radenkovic, "Reputation-based security protocol for MANETs in highly mobile disconnection-prone environments," Proceedings of the 7th International Conference on Wireless On-demand Network Systems and Services (WONS), 2010, pp. 161-167.
[43] Velloso P.B., Laufer R.P. de O Cunha D., Duarte O.C.M.B and Pujolle G., "Trust management in mobile ad hoc networks using a scalable maturity-based model," IEEE Transactions on Network and Service Management, vol. 7, pp. 172-185, 2010.
[44] F. Li and J. Wu, "Uncertainty modeling and reduction in MANETs," IEEE Transactions on Mobile Computing, 2010.
[45] M. T. Refaei, L. A. DaSilva, M. Eltoweissy and T. Nadeem, "Adaptation of reputation management systems to dynamic network conditions in ad hoc networks," IEEE Transactions on Computers, 2010.
[46] Jing Nie, Jiangchua Wen, Ji Luo, Xin He and Zheng Zhou, "An adaptive fuzzy logic based secure routing protocol in mobile ad hoc networks," Fuzzy Sets and Systems, vol. 157, pp. 1704-1712, 2006.
[47] J. M. L. Manickam and S. Shanmugavel, "Fuzzy based trusted ad hoc on-demand distance vector routing protocol for MANET," Proceedings of the International Conference on Advanced Computing and Communications (ADCOM), 2007, pp. 414-421.
[48] Zuo Jing, Chi Xuefen, Lin Guan and Li Hongxia, "Service-aware multi-constrained routing protocol with QoS guarantee based on fuzzy logic," Proceedings of the International Conference on Advanced Information Networking and Applications, 2008, pp. 762-767.
[49] S. McCanne and S. Floyd. Network simulator ns-2. Available: HUhttp://www.isi.edu/nsnam/nsU
[50] Tracy Camp, Jeff Boleng and Vanessa Davies, "A survey of mobility models for ad hoc network research," Wireless Communications and Mobile Computing, vol. 2, pp. 483-502, 2002.
[51] G. Theodorakopoulos and J. S. Baras, "On trust models and trust evaluation metrics for ad hoc networks," IEEE Journal on Selected Areas in Communications, vol. 24, pp. 318-328, 2006.
[52] C. K. Toh, "Associativity-based routing for ad hoc mobile networks," Wireless Personal Communications, vol. 4, pp. 103-139, 1997.
[53] Athanasios Bamis, Azzedine Boukerche, Loannis Chatzigiannakis and Sotiris Nikoletseas, "A mobility aware protocol synthesis for efficient routing in ad hoc mobile networks," Computer Networks, 2007.
[54] Hsiao-Chien Tsai, Nai-Wei Lo and Tzong-Chen Wu, "A Threshold-adaptive reputation system on mobile ad hoc networks," IEICE Transactions on Information and Systems, vol. E92-D, 2009.
[55] Charles E. Perkins, Elizabeth M. Belding-Royer and Samir R. Das, "Ad hoc On-Demand Distance Vector (AODV) Routing, RFC3561," Internet RFCs, 2003.
[56] S. Ozdemir, "Functional reputation based reliable data aggregation and transmission for wireless sensor networks," Computer Communications, vol. 31, pp. 3941-3953, 2008.
[57] Jungkeun Yoon, Mingyan Liu and Brian Noble, "Random waypoint considered harmful," Proceedings of the 22th IEEE International Conference on Computer Communications (INFOCOM), 2003, pp. 1312-1321
[58] R. V. Boppana and X. Su, "On the effectiveness of monitoring for intrusion detection in mobile Ad hoc networks," IEEE Transactions on Mobile Computing, 2010.
[59] B. Ishibashi and R. Boutaba, "Topology and mobility considerations in mobile ad hoc networks," Ad Hoc Networks, vol. 3, pp. 762-776, 2005.
[60] L. Lazos and M. Krunz, "Selective jamming/dropping insider attacks in wireless mesh networks," IEEE Network, vol. 25, pp. 30-34, 2011.
[61] C.K. Toh, Dongkyun Kim, Sutaek Oh and Hongseok Yoo, "The controversy of selfish nodes in ad hoc networks," Proceedings of the International Conference on Advanced Communication Technology (ICACT), 2010, pp. 1087-1092.

QR CODE