Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years because of the rapid proliferation of wireless devices. MANETs are highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring and management point, and lack of a clear line of defense. In this paper, we report our progress in developing intrusion detection (ID) capabilities for MANET. Building on our prior work on anomaly detection, we investigate how to improve the anomaly detection approach to provide more details on attack types and sources. For several well-known attacks, we can apply a simple rule to identify the attack type when an anomaly is reported. In some cases, these rules can also help identify the attackers. We address the run-time resource constraint problem using a cluster-based detection scheme where periodically a node is elected as the ID agent for a cluster. Compared with the scheme where each node is its own ID agent, this scheme is much more efficient while maintaining the same level of effectiveness. We have conducted extensive experiments using the ns-2 and MobiEmu environments to validate our research. 1.

svasu,kurose,towsley¡

In wireless sensor networks, clustering sensor nodes into small groups is an effective technique to achieve scalability, self-organization, power saving, channel access, routing, etc. A number of cluster formation protocols have been proposed recently. However, most existing protocols assume benign environments, and are vulnerable to attacks from malicious nodes. In this paper, we propose a secure distributed cluster formation protocol to organize sensor networks into mutually disjoint cliques. Our protocol has the following properties: (1) normal nodes are divided into mutually disjoint cliques; (2) all the normal nodes in each clique agree on the same clique memberships; (3) while external attackers can be prevented from participating in the cluster formation process, inside attackers that do not follow the protocol semantics can be identified and removed from the network; (4) the communication overhead is moderate; (5) the protocol is fully distributed. 1

There is a fundamental difference between wireless and wired networks, since the latter employ point-to-point communication while the former use broadcast transmission as the communication primitive. In this paper, we describe an algorithm, called self-selection, which takes advantage of broadcast communication to efficiently implement the basic operation of selecting a node possessing some desired properties among all the neighbors of the requestor. Self-selection employs a prioritized transmission back-off delay scheme in which each node’s delay of transmitting a signal is dependent on the probability of the node’s ability to best perform a pertinent task and in turn, enables the node to autonomously select itself for the task. We demonstrate the benefits of self-selection in two basic wireless ad hoc network communication algorithms: flooding and routing. By relating back-off delay to the signal strength of a received packet, we design an efficient variant of conventional flooding named Signal Strength Aware Flooding. By using distance-to-destination to derive back-off delay, we design a novel and fault-tolerant wireless ad hoc network routing protocol named Self-Selective Routing.

We have identified a fundamental operator in wireless networks that we named the local leader election problem in which the goal is to select a leader node in a spatially close neighborhood. We present a simple and elegant solution to the local leader election problem by making use of both: (i) implicit synchronization points, commonly observable by all nodes in the same neighborhood, and (ii) the prioritized backoff delay, dependent on the desired probability of each node becoming a leader. We then show that both flooding and routing are instances of the local leader election problem, so our general solution naturally applies. By relating the backoff delay to the signal strength of the received packet, we can design a variant of flooding named Signal Strength Aware Flooding (SSAF) that can improve its efficiency. By using a different metric to derive the backoff delay, we have designed a new generation wireless routing protocol, that we named the Routeless Routing protocol that possesses several interesting properties. 1.

The spread of wireless portable devices is pushing towards service provisioning over dense Mobile Ad-hoc NETworks (MANETs), i.e., limited spatial regions, such as shopping malls and airports, where a high number of mobile peers can autonomously cooperate without a statically deployed network infrastructure. The paper proposes the REDMAN middleware to manage, retrieve, and disseminate replicas of data/service components to cooperating nodes in a dense MANET. The guideline is to exploit high node population to enable optimistic lightweight resource replication capable of tolerating node exits/failures. REDMAN adopts original approximated solutions, specifically designed for dense MANET, that have demonstrated good scalability and limited overhead for dense MANET configuration (node identification and manager election), for replica distribution/retrieval, and for lazily-consistent replica degree maintenance.

Abstract—Sensor nodes are often organized into clusters for efficiency and scalability purposes. Every sensor cluster is managed by a cluster leader during the network operation such as routing and data aggregation. Since managing a cluster consumes substantial energy, the cluster leader needs to be re-elected from time to time for load balancing. In hostile environments, it is critical to ensure the security of such leader election. This paper proposes an efficient, resilient, and fully distributed leader election protocol for sensor networks. It only uses efficient symmetric key operations and guarantees that (i) benign cluster members will elect the same leader as long as they are wellconnected, and (ii) attackers cannot impact the leader election process to increase or decrease the chance of a benign member being elected as a cluster leader. In addition, the proposed method can quickly recover from message loss or malicious attacks. The evaluation results also demonstrate the efficiency and effectiveness of this approach. I.

Group communication has become an important component in wireless networks. In this paper, we focus on the environments in which multiple groups coexist in the system, and both intra and inter group multicast traffic must be protected by secret keys. We propose a mechanism that integrates polynomials with flat tables to achieve personal key share distribution and efficient key refreshment during group changes. The proposed mechanism distributes keys via true broadcast. The contributions of the research include: (1) By switching from asymmetric algorithms to symmetric encryption methods, the proposed mechanism avoids heavy computation, and improves the processing efficiency of multicast traffic and the power usage at the wireless nodes. The group managers do not have to generate public-private key pairs when the group member changes. (2) It becomes more difficult for an attacker to impersonate another node since personal key shares are adopted. The additional storage overhead at the wireless nodes and the increased broadcast traffic during key refreshment are justified. In addition, we describe techniques to improve the robustness of the proposed mechanism under the complicated scenarios such as collusive attacks and batch group member changes.

Abstract- Wireless Ad Hoc networks are susceptible to intrusions as they operate in an open medium and use co-operative strategies for network communications. Solutions that are designed for wired networks are not always suitable for wireless networks, especially Mobile Ad Hoc Networks (MANETs) because of their dynamic nature. To obtain an acceptable level of security for MANETs, traditional security solutions like encryption are combined with intrusion detection mechanisms. One method is to have an IDS client running on every mobile host in a network, which runs a local detection engine analyzing local data for anomalies [1]. A cooperative detection mechanism decides whether there is an intrusion, with all nodes taking part in the decision process by voting. But MANET nodes typically have limited battery power, thus it is not efficient to make each MANET node always a monitoring node, especially when the threat level is low. Instead, a cluster of neighboring MANET nodes can randomly and fairly elect a monitoring node, the cluster head. One of the main drawbacks of the clustered approach is the single point of failure, the cluster head. If a compromised node happens to be selected as the cluster head, it can launch attacks without being detected. Thus in this paper we introduce the concept of a cluster backup which is a replica of the cluster head and which monitors the cluster head along with providing another line of defense by running a complementary intrusion detection algorithm. This scheme provides protection from a situation where the cluster head is compromised. This results in a load balanced distributed architecture where the backup shares some of the workload of the cluster head. Keywords- Ad-Hoc networks; anomaly; backup; clique; election; intrusion detection; master; signature;

Abstract: Leader election algorithms solve the instability problem in the network which is caused by leader failure.In this paper, we propose a new leader election algorithm in two dimensional torus networks. The algorithm aims to elect one node to be a new leader. The new leader is identified by some characteristics not in the other nodes in the network. When the process is terminated, the network is returned to a stable state with one node as leader where other nodes are aware of this leader. The new algorithm solves this problem despite the existence of one link failure. In a network of N nodes connected by two dimensional torus network, the new algorithm uses O(N) messages to elect a new leader in O ( N) time steps. These results are valid for both cases: simple case (when the leader failure is detected by one node) and in the worst case (when the failure is discovered by up to N-1 nodes).