무선 애드혹 네트워크에서 비정상 라우팅 행위 기반 DoS 공격 탐지 프레임워크 연구

DC Field Value Language
dc.contributor.advisor김동규-
dc.contributor.author이건희-
dc.date.accessioned2019-10-21T07:13:46Z-
dc.date.available2019-10-21T07:13:46Z-
dc.date.issued2009-02-
dc.identifier.other9926-
dc.identifier.urihttps://dspace.ajou.ac.kr/handle/2018.oak/17500-
dc.description학위논문(박사)--아주대학교 정보통신전문대학원 :정보통신공학과,2009. 2-
dc.description.tableofcontentsACKNOWLEDGEMENT --------------------------------------------------------------- I ABSTRACT ---------------------------------------------------------------------- III TABLE OF CONTENTS ------------------------------------------------------------- V LIST OF FIGURES --------------------------------------------------------------- X LIST OF TABLES ---------------------------------------------------------------- XII CHAPTER 1 INTRODUCTIONS ------------------------------------------------------- 1 1.1 ROUTING MISBEHAVIOR IN WIRELESS AD HOC NETWORKS -------------------------- 2 1.2 SCOPE AND GOAL OF THE DISSERTATION --------------------------------------- 9 1.3 STRUCTURE OF THE DISSERTATION -------------------------------------------- 9 CHAPTER 2 WIRELESS AD HOC NETWORKS AND SECURITY ------------------------------- 11 2.1 OVERVIEW OF ROUTING PROTOCOLS -------------------------------------------- 11 2.2 SECURITY SERVICES AND CHALLENGES ----------------------------------------- 17 2.3 SECURITY ATTACKS ON ROUTING PROTOCOL ------------------------------------- 19 2.3.1 Attacks using Impersonation ------------------------------------------- 20 2.3.2 Attacks using Modification -------------------------------------------- 22 2.3.3 Attacks using Fabrication --------------------------------------------- 23 2.3.4 Replay Attacks -------------------------------------------------------- 29 2.3.5 Denial of Service (DoS) Attacks --------------------------------------- 29 2.4 SECURE ROUTING PROTOCOLS ------------------------------------------------- 32 2.4.1 Secure Efficient Ad hoc Distance Vector (SEAD) ------------------------ 33 2.4.2 ARIADNE --------------------------------------------------------------- 34 2.4.3 Security Aware Routing (SAR) ------------------------------------------ 35 2.4.4 Secure Routing Protocol (SRP) ----------------------------------------- 36 2.4.5 Secure Routing Protocol for Ad Hoc Networks (ARAN) -------------------- 37 2.4.6 Security Protocols for Sensor Network (SPINS) ------------------------- 39 2.4.7 Cooperation of Nodes Fairness in Dynamic Ad hoc Networks (CONFIDANT) -- 40 2.4.8 Defense Mechanisms against Rushing Attacks ---------------------------- 41 2.4.9 Defense Mechanisms against Wormhole Attacks --------------------------- 42 2.4.10 Defense Mechanisms against Sybil Attacks ----------------------------- 43 2.4.11 Security Mechanisms for Broadcast Operation -------------------------- 45 2.4.12 Limitation of the Secure Routing Protocols --------------------------- 47 2.5 INTRUSION DETECTION SYSTEM FOR MANETS ------------------------------------ 47 2.5.1 Distributed IDS for Ad Hoc Networks ----------------------------------- 48 2.5.2 AODV Protocol-based IDS ----------------------------------------------- 49 2.5.3 Techniques for Intrusion-Resistant Ad Hoc Routing Algorithms ---------- 51 2.5.4 Distributed Intrusion Detection Using Mobile Agents ------------------- 52 2.5.5 Local Intrusion Detection System -------------------------------------- 54 2.5.6 Watch Dog and Pathrather ---------------------------------------------- 56 2.6 PREVENTING ROUTING MISBEHAVIOR ---------------------------------------- 56 2.6.1 Credit-Based Schemes -------------------------------------------------- 57 2.6.2 Reputation-Based Schemes ---------------------------------------------- 58 2.6.3 End-to-end Acknowledgment Schemes ------------------------------------- 59 2.6.4 Other Prior State-of-the-art Schemes ---------------------------------- 61 2.6.5 The TWOACK and S-TWOACK Schemes --------------------------------------- 62 CHAPTER 3 MOTIVATIONS AND ASSUMPTIONS ----------------------------------------- 63 3.1 LIMITATION OF THE EXISTING MONITORING SCHEME ----------------------------- 63 3.2 MONITORING ELEMENTS ------------------------------------------------------ 65 3.2 ASSUMPTIONS -------------------------------------------------------------- 66 CHAPTER 4 ROUTING MISBEHAVIOR DETECTION --------------------------------------- 68 4.1 OUTLINE OF THE PROPOSED FRAMEWORK ---------------------------------------- 69 4.2 COLLECTION OF INFORMATION ON NEIGHBOR NODES ------------------------------ 71 4.2.1 Neighbor List Construction for the Static Networks -------------------- 71 4.2.2 Discussions ----------------------------------------------------------- 76 4.2.3 Neighbor List Construction for the Dynamic Networks ------------------- 78 4.3 MONITORING THE NETWORK TRAFFIC ------------------------------------------- 81 4.4 MISBEHAVIOR DETECTION PROCESS -------------------------------------------- 84 4.4.1 Representative Node Selection ----------------------------------------- 85 4.4.2 Misbehavior Decision -------------------------------------------------- 86 4.5 REVISING THRESHOLD AUTOMATICALLY ----------------------------------------- 87 4.6 SUMMARY ------------------------------------------------------------------ 88 CHAPTER 5 EXPERIMENTAL RESULTS ------------------------------------------------ 90 5.1 ENVIRONMENT OF EXPERIMENT ------------------------------------------------ 90 5.2 RESULTS OF EXPERIMENT ON DETECTION PERFORMANCE --------------------------- 91 5.3 EXPERIMENTAL RESULTS ON NETWORK PERFORMANCE ------------------------------ 95 CHAPTER 6 COLLUSION-BASED ROUTING MISBEHAVIOR DETECTION ----------------------- 96 6.1 RELATED WORKS ------------------------------------------------------------ 97 6.1.1 Wormhole Attacks ------------------------------------------------------ 97 6.1.2 Previous Wormhole Attack Detection Methods ---------------------------- 99 6.2 WORMHOLE ATTACK DEFENSE MECHANISM ---------------------------------------- 102 6.2.1 Indication of the Wormhole Attacks ------------------------------------ 102 6.2.2 Building a Neighbor List ---------------------------------------------- 105 6.2.3 Detecting Wormhole ---------------------------------------------------- 106 6.2.4 Responding to Wormhole ------------------------------------------------ 107 6.3 ANALYSIS OF THE PROPOSED PROTOCOL ---------------------------------------- 109 6.3.1 Security Analysis ----------------------------------------------------- 109 6.3.2 Performance Analysis -------------------------------------------------- 110 6.4 SIMULATION --------------------------------------------------------------- 111 6.5 SUMMARY ------------------------------------------------------------------ 113 CHAPTER 7 CONCLUSIONS -------------------------------------------------------- 114 BIBLIOGRAPHY ------------------------------------------------------------------ 116|FIGURE 1. ROUTE INFECTION RATIO UNDER ROUTING MISBEHAVIOR ATTACK ------------------------------ 6 FIGURE 2. NETWORK PERFORMANCE DEGRADATION UNDER CASE A ATTACK --------------------------------- 7 FIGURE 3. NETWORK PERFORMANCE DEGRADATION UNDER CASE B ATTACK --------------------------------- 7 FIGURE 4. AN EXAMPLE OF SYBIL ATTACK ---------------------------------------------------------- 21 FIGURE 5. AN EXAMPLE SENSOR NETWORK UNDER SELECTIVE FORWARDING ATTACKS ------------------------ 27 FIGURE 6. THE TYPES OF SELECTIVE FORWARDING ATTACKS ------------------------------------------- 28 FIGURE 7. NETWORK TRAFFIC INFORMATION MONITORING METHOD USING COOPERATING NODES --------------- 70 FIGURE 8. THE PROCESS OF CREATING A 1-HOP NEIGHBOR NODE INFORMATION LIST ---------------------- 72 FIGURE 9. THE PROCESS OF CREATING A 2-HOP NEIGHBOR NODE INFORMATION LIST ---------------------- 72 FIGURE 10. AN EXAMPLE OF A NEIGHBOR NODE INFORMATION LIST ------------------------------------- 76 FIGURE 11. THE SCHEMATIC VIEW OF THE NEIGHBOR LIST DISTRIBUTION IN THE DYNAMIC NETWORKS ------- 79 FIGURE 12. AN EXAMPLE OF MONITORING MESSAGES PROCESSED BY A NODE ------------------------------ 82 FIGURE 13. AN EXAMPLE OF MONITORING PROCESS FOR A NODE ---------------------------------------- 84 FIGURE 14. ADJUSTING THRESHOLD VALUE ---------------------------------------------------------- 87 FIGURE 15. CHANGE IN THE INTRUSION DETECTION RATE --------------------------------------------- 91 FIGURE 16. THE CUMULATIVE NUMBER OF DROPPED PACKETS ACCORDING TO SIMULATION TIME -------------- 92 FIGURE 17. CHANGE IN THE PACKET LOSS RATE ACCORDING TO THE NUMBER OF ATTACKERS ---------------- 93 FIGURE 18. THE EFFECTS OF THE TIME INTERVAL DURING NEIGHBOR LIST CONSTRUCTION ----------------- 94 FIGURE 19. CHANGE IN THE AVERAGE NETWORK DELAY ACCORDING TO THE NUMBER OF ATTACKERS ----------- 94 FIGURE 20. THE NUMBER OF MESSAGES EXCHANGED DURING THE NEIGHBOR NODE LIST CONSTRUCTION -------- 95 FIGURE 21. AN EXAMPLE OF WORMHOLE ATTACK ------------------------------------------------------ 98 FIGURE 22. AN EXAMPLE OF THE PACKET INCLUDING IDENTITIES AND MACS ----------------------------- 107 FIGURE 23. CUMULATIVE NUMBER OF DROPPED PACKET BY ATTACKER ------------------------------------ 111 FIGURE 24. AVERAGE LATENCY DURING SIMULATION TIME --------------------------------------------- 112 FIGURE 25. PACKET LOSS RATIO OF BOTH WITHOUT AND WITH DEFENSE MECHANISM ----------------------- 113|TABLE 1. ATTACK TREE ---------------------------------------------------------- 4 TABLE 2. SIMULATION PARAMETERS ------------------------------------------------ 5 TABLE 3. A SUMMARY OF TIARA COUNTERMEASURES AGAINST INTRUSION ATTACKS --------- 52 TABLE 4. THE NEIGHBOR LIST CONSTRUCTION ALGORITHM FOR THE DYNAMIC NETWORKS ---- 81 TABLE 5. MONITORING ALGORITHM WHEN NODE X FORWARDS A PACKET TO NODE W --------- 83 TABLE 6. MONITORING ALGORITHM WHEN NODE X RECEIVES A PACKET FROM NODE W ------- 83 TABLE 7. SIMULATION PARAMETERS ------------------------------------------------ 90 TABLE 8. THE RESULTS OF THE NEIGHBOR CORRECTNESS TEST ------------------------- 108-
dc.language.isoeng-
dc.publisherThe Graduate School, Ajou University-
dc.rights아주대학교 논문은 저작권에 의해 보호받습니다.-
dc.title무선 애드혹 네트워크에서 비정상 라우팅 행위 기반 DoS 공격 탐지 프레임워크 연구-
dc.title.alternativeLee, Gunhee-
dc.typeThesis-
dc.contributor.affiliation아주대학교 정보통신전문대학원-
dc.contributor.alternativeNameLee, Gunhee-
dc.contributor.department정보통신전문대학원 정보통신공학과-
dc.date.awarded2009. 2-
dc.description.degreeMaster-
dc.identifier.localId567607-
dc.identifier.urlhttp://dcoll.ajou.ac.kr:9080/dcollection/jsp/common/DcLoOrgPer.jsp?sItemId=000000009926-
dc.subject.keywordRouting misbehavior-
dc.subject.keywordintrusion detection-
dc.subject.keywordmonitoring-
dc.subject.keywordwireless ad hoc networks-
dc.description.alternativeAbstractA wireless ad hoc network has an autonomous structure in which network nodes scattered around without the help of specific infrastructure communicate and cooperate with one another through wireless media. In a wireless ad hoc network, all the nodes perform a series of routing processes during communication and deliver messages to the final destination. That is, for a message to be transmitted from the original sender to the final destination, multiple nodes repeat the process of receiving the message from the previous node and sending it to the next node. Accordingly, if one of the nodes misbehaves during the message transmission delivery process, communication cannot be made properly. Misbehavior is an intentional damage to the network by not following the routing process and by causing the loss of messages. Most of misbehaviors bring damages such as denial of service to the network. For example, if all packets to be delivered by a malicious node disguised as a normal node are discarded, all communication sessions that use a route including the node cannot get service. This type of attacks includes black hole, gray hole (selective forwarding), wormhole, message blocking, and message delivery to a wrong path. Such attacks are detected by the method of network monitoring that watches continuously whether messages are delivered properly to the next hop. This method basically uses watchdog. Watchdog observes through overhearing, which is a characteristic of communication technology based on wireless media, whether the node at the next hop delivers the message, which has been passed by the watchdog to the hop, to its next hop accurately. However, the use of watchdog has the difficulty that each message transmission has to be overheard continuously. Furthermore, it should have information on all messages transmitted. There are also technical limitations in watchdog itself. Thus, in this study, we reviewed problems in previous researches, and as a solution for the problems, proposed a new monitoring method that does not use overhearing watchdog. The proposed method can detect attacks in a more effective way while solving problems in the existing watchdog method. In the proposed method, each node accumulates statistical data on messages that it has processed in the communication process. Based on information accumulated in itself and neighbor nodes to be monitored, each node determines whether a neighbor node under monitoring is normal or damaging the network through frequent wrong routing behaviors. An experiment using a network simulator showed that the proposed method is more efficient than other existing methods. Wormhole attack is one of the most severe threats to ad hoc networks. There have been many researches to overcome the wormhole attack. These researches, however, still have some limitations to handle wormhole attacks properly such as burden of computation, complicated pre-work for each communication, and no defense method. In this study, we propose an effective wormhole attack defense mechanism that can properly detect wormhole attacks and respond to them. Each node maintains its neighbors’ information. According to the information, each node can identify replayed packet. We analyze the effectiveness of the proposed method and the efficiency of the approach by using traffic and memory space measure.-
Appears in Collections:
Special Graduate Schools > Graduate School of Information and Communication Technology > Department of Information and Communication > 3. Theses(Master)
Files in This Item:
There are no files associated with this item.

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Browse