No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
A survey on Intrusion Detection and Prevention in Wireless Ad-hoc Networks
Abstract
Ad hoc networks have been serving us in one way or the other, for two decades, through their vast variety of applications in majority fields. Due to their features such as hostile deployments, high level of mobility, limited resources and physical insecurity, they are in front line to attackers. First line of defense (cryptographic techniques, fire walls etc.) stops these attacks. But what would happen if the attacker break through this defense system? Second of line of defense also called intrusion detection system (IDS), would stop and mitigate these threats before they harm the network or its resources. Various schemes have been proposed to provide quality IDS that could mitigate the latest threats in ad hoc networks. In this review paper, we gave a detailed overview of ad hoc networks in the start. We explored ad hoc networks security followed by description about IDS. Next, we elaborated the taxonomy of IDS, containing types of IDS based on numerous parameters. In the trailing section, we compared wide variety of IDS schemes based on different methodology/techniques, to show their importance and performance in the field of intrusion detection. Finally, we concluded the paper with informative future research directions in the state of the art research fields that would open up ways for researchers in that area.
... Sharma [42]. Khan et al. (2020) proposed schemes to provide quality IDS that could mitigate the latest threats in ad hoc networks. In this review paper, authors gave a detailed overview of ad hoc networks in the start. ...
... In this review paper, authors gave a detailed overview of ad hoc networks in the start. Authors explored ad hoc networks security followed by description about IDS [43]. Few authors developed models for independent attacks [44], and analyzed with the existing dynamic source routing protocol under energy consumption, throughput, packet delivery ratio (PDR) and end-to-end delay as performance metric. ...
The advent growth of wireless networks and their applications in different fields has been more prominent in the previous few years and specifically mobile ad-hoc networks (MANETs) has gained the importance from consumers and researchers due to their reliability and sustainability. MANET is widely employed for communicating and sending and receiving packets in a network without any requirement of specific hardware structure, due to which these are employed in different sectors. Because of its wide applicability, there exist numerous challenges in handling MANETs, especially with respect to network security. Intrusion is one of the key security problem faced in MANETs during the transmission of data packets within the communication system. The occurrence of malicious node in MANETs shall lead to removal of information packets during data transfer and thus intrusion detection system (IDS) are successfully designed to handle the node behaviours and identify the malicious nodes in the network and their behaviours. Henceforth, this research study develops a novel IDS model using the proposed improved grey wolf optimizer (ImGWO) hybridized with that of the deep recurrent neural network (DRNN) model for predicting and observing the behaviour of malicious nodes in MANETs. The developed novel hybrid ImGWO-DRNN model is applied on the KDD Cup 1999 datasets and training and testing of the proposed IDS technique is studied. Evaluation metrics was set to analyse and validate the proposed IDS technique and the results prove the superiority of this ImGWO-DRNN intrusion detection system over the previous techniques from literature for the MANETs.
... Because they are able to counteract the efforts of assailants who target the IoT, IDSs serve as a protective barrier for IoT data transmissions. Anomaly-based and specification-based IDS approaches are the most useful IDSs in an RPL-based network for identifying internal threats [7]. Signature-based systems for intrusion detection keep monitoring for activity that is similar to that of recognised threats. ...
Routing Protocol for Low-Power and Lossy Networks (RPL) has been used in the Internet of Things (IoT) with Wireless Sensor Networks (WSNs), but it is does not give much focus to protect against routing attacks. Therefore, it is possible for an attacker to utilize the RPL routing system as an initial platform for devastating and crippling attacks on an IoT network. In IoT based networks, RPL provides a minimal level of protection against a wide variety of attacks, which are unique to RPL and are launched in WSNs. Moreover, the traditional Internet and routing security solutions also have memory, processing, and resource limitations that make them ineffective for IoT devices. Several mitigation schemes, such as those based on rule-based learning algorithms, Intrusion Detection Systems (IDSs), and trust computation and management techniques were proposed in the past to improve the safety of IoT networks and routing, but they do not provide the required security. To overcome these security issues, we propose an intelligent IDS in this article to detect and isolate the RPL attacks. For this purpose, we propose a new classification algorithm based on neural networks and genetic algorithms. Moreover, the proposed Neuro Genetic Classification Algorithm (NGCA) detects the nodes which launch RPL and other attacks more accurately and hence it increases the network security in IoT. From the experiments done with NSL-KDD data-set, it is proved that the proposed NGCA is detecting the attacks with higher accuracy than the other classifiers namely Decision Trees, Logistic Regression and Support Vector Machines. It also helps to reduce the RPL attacks in the routing process with enhanced detection rate with reduced false positives.
... Swarms of drones are nowadays employed for performing critical tasks, such as coastal and port inspection [26]. The communication between drones usually relies on Mobile Adhoc Networks (MANET) which are particularly vulnerable to network intrusion threats because of their infrastructure-less and open nature [15] [6]. As consequence, it is important to analyze the traffic to early identify intrusion attempts, thanks to the deployment of IDS on the network nodes. ...
... Environmental Monitoring [19] 1. Simulate data transmission within the network, where each sensor node sends data. 2. Evaluate the intrusion detection methods for their effectiveness in identifying potential intrusions. ...
With an emphasis on behavioral intrusion detection systems [BIDSs], this study investigates the field of intrusion detection in mobile ad hoc networks [MANETs]. Because they are dynamic and decentralized, MANETs are vulnerable to a range of security risks, such as infiltration attempts. In this situation, conventional intrusion detection techniques show their shortcomings, opening the door for BIDS research. We provide a thorough comparison study of several intrusion detection system [IDS] methods, such as behavioral analysis, rule-based detection, machine learning-based detection, statistical anomaly detection, and environmental-based detection. These techniques are assessed in a dynamic network setting that considers the increasing volume of data and sporadic changes in sensor characteristics. The simulation becomes more realistic with the addition of behavior scores, which complicate the intrusion detection procedure Among the evaluation criteria are detection rates, which provide information about how well each IDS strategy performs in dynamic MANETs. The results contribute to the ongoing effort to improve security in MANETs by highlighting the advantages and disadvantages of the various intrusion detection approaches.
... The attackers can send a flood of irrelevant data packets to the IDS host and create a false alarm. This can make IDS resources exhausted and make the system vulnerable [30] . Therefore, few approaches concentrate exclusively on alarm reduction [19 , 26 , 31] . ...
The article presents a secure edge computing model that utilizes machine learning for intrusion detection and isolation. It addresses the security challenges arising from the rapid expansion of IoT and edge computing. The proposed Intrusion Detection System (IDS) combines Linear Discriminant Analysis (LDA) and Logistic Regression (LR) to swiftly and accurately identify intrusions without alerting neighboring devices. The model outperforms existing solutions with an accuracy of 96.56%, precision of 95.78%, and quick training time (0.04 s). It is effective against various types of attacks, enhancing the security of edge networks for IoT applications.
•The methodology employs a hybrid model that combines LDA and LR for intrusion detection.
•Machine learning techniques are used to analyze and identify intrusive activities during data acquisition by edge nodes.
•The methodology includes a mechanism to isolate suspected devices and data without notifying neighboring edge nodes to prevent intruders from gaining control over the edge network.
... A robust and efficient IDS not only swiftly identifies and isolates malicious nodes but also minimizes false positives by accurately distinguishing legitimate activities from malicious ones [3]. IDS employ various detection methodologies, leading to their classification into two fundamental categories [22]: ...
Network security is of utmost importance due to the ever-increasing number of connected devices and the growing sophistication of threats. Mobile Ad hoc networks (MANETs), characterized by their non-infrastructure and self-configured peer networks, are particularly vulnerable to various types of attacks. Therefore, it is imperative to implement an efficient Intrusion Detection System (IDS) capable of rapidly detecting attacks and alerting users to any malicious activities occurring on the network. Among the numerous threats faced by MANETs, the black hole attack stands out as one of the most serious. Originating from Denial of Service attacks, this type of threat has been extensively studied, and several solutions have been proposed. However, these solutions have become ineffective against the emergence of a new generation of black holes, known as smart black holes, which can circumvent most existing countermeasures. To address the challenge posed by smart black holes, we propose an IDS that focuses on early detection and isolation of malicious nodes. Our approach leverages locally shared information from neighboring nodes and utilizes the universal sink detection method derived from graph theory. Through simulations conducted in NS2, we have evaluated the effectiveness of our proposed approach. The results validate the efficiency of our system, as it enables prompt detection and isolation of smart black holes, leading to significant improvements in Packet Delivery Ratio (PDR) and throughput, with average enhancements of 97% and 90%, respectively. Consequently, our approach not only preserves network performance but also mitigates the impact of smart black hole attacks.
... IDSs have been listed as one of the leading approaches for detecting and dealing effectively with the security challenges of VANETs. Practically, IDS could potentially be used in protecting any network against a variety of attack threats and damages by providing advance identification of misbehavior through the surveillance and analysis of network members' patterns [8,9]. IDSs are categorized under five types depending on their methods of detection. ...
The Vehicular Ad Hoc Network (VANET) is a novel and innovative technology which is part of the Intelligent Transportation Systems (ITS). VANET is a network composed of a collection of vehicles and other roadside components that are interconnected wirelessly. The intention underlying the development of this technology is the improvement of the vehicle environment and the enhancement of vehicle and driver safety. Nevertheless, since VANETs operate wirelessly and under complicated conditions, they are susceptible to a variety of attacks by malicious actors. Traditional techniques such as encryption are no longer effective, so new techniques using intrusion detection systems IDS have attracted the attention of a large number of researchers. The IDS scans the entire network and identifies all the possible harmful nodes present in the network. The present paper covers the problem of the identification of attacks in VANET by using XGBoost. The effectiveness analysis of the proposed models has been realized on the NSL-KDD and 5RoutingMetrics datasets combined with various feature selection techniques Boruta and Adaptive Synthetic Sampling Approach (ADASYN). Furthermore, the acquired results are being compared to two of the last most used ensemble methods CatBoost and convolutional neural networks CNN.In comparison with the other IDSs, our model approach achieves high performance in accuracy, recall and precision.
... For instance, in modern web-based intranets, firewalls, proxies, and any other centralised components that separate secure and non-secure domains are discrete vulnerabilities. As a result, it is important to ensure the physical security of such components [10]. ...
... Although anomaly-based detection examines for differences from expected network activity, signature-based detection compares the network traffic to known attack patterns. Behavior-based detection includes examining network users' and devices' actions to spot unusual activity (Khan et al., 2020).The existence now includes a significant amount of internet use. For everyone, using the internet has become essential. ...
Wireless sensor networks (WSNs) are made up of a large number of sensor nodes which collect data and send it to a centralized location. Nevertheless, the WSN has several security difficulties because of resource-constrained nodes, deployment methodologies, and communication channels. So, it is very necessary to identify illegal access in order to strengthen the safety measures of WSN. The use of network intrusion detection systems (IDS) to safeguard the network is now standard procedure for any communication system. While deep learning (DL) methods are often utilized in IDS, their efficacy falls short when faced with imbalanced attacks. An IDS based on a novel transfer deep multicolumn convolution neural network (TDMCNN) technique was presented in this study to address this problem and boost performance. The most significant features of the dataset are chosen using a cross-correlation procedure and then included into the suggested methods for detecting intrusions. The accuracy, precision, sensitivity, and specificity are used to conduct the analysis and comparison. The experimental findings verified the effectiveness of the suggested method over the status quo of deep learning models for attack detection.
... Node x is a trusted evaluator, node y is the evaluation target and node x z is the recommended of node x. Here, 12 { , z ,...., z } DTV is the DTV of node x z to y, where node x z is any public trusted neighbor of x and y. Node x z will be removed from the set of public trusted neighbors if the trust value of node x to x z is less than threshold. ...
Recent advances in Wireless Sensor Networks (WSNs) have brought the sensor based monitoring developments to the surface in many applications. In such a scenario, the security of communication is a major challenge in the effective delivery of the collected data due to the presence of malicious nodes. Moreover, since security and minimization of energy consumption are critical factors in designing techniques for multi-hop secure routing in wireless sensor networks, it is necessary to address the issues of security in the routing process. Hence, this paper proposes a novel intrusion detection system for enhancing the security and Fuzzy based Ant Colony Optimization based Secured Quality of Service Routing Protocol (F-ACO-SQoSRP) for increasing the security of communication and network performance in WSNs. Using this proposed Intrusion Detection System (IDS), the proposed model identifies the distinct and malicious behaviours of nodes. Additionally, a clustering algorithm has been proposed in this work, wherein the Cluster Head Selection (CHS) is based on Quality of Service (QoS) measures and the trust values of nodes are measured using the intrusion detection system results. The proposed ACO based routing framework also predicts the best optimum and secured path to allow for effective communication across each link. The simulation results obtained from this work proved that the proposed secured routing algorithm provides better performance in terms of security using robust trust values, increase in packet delivery ratio and network lifetime reduction in delay and energy consumption when this work is compared with the existing secured routing systems.
... There are different detection methodologies used by the IDS. Thus, intrusion detection systems are often classified into two categories [22]: ...
Nowadays, network security has become a very important aspect due to the increasing number of connected things and the multiple threats that become more and more intelligent. Mobile Ad hoc networks (MANET), known to be non-infrastructure and self-configured peer networks, are subject to multiple types of attacks. For this reason, it is essential to implement an Intrusion Detection System that realizes fast attack detection to alert users by any malicious activity taking place on the network. Black hole is one of the most serious threats in MANETs, witch is the origin of Denial of service attack. This type of threats has been widely studied and many solutions were proposed. Unfortunately these solutions has become inefficient against the new generation of black holes, known also as smart black holes, witch can deceive most of these solutions. To overcome smart black holes, we proposed an Intrusion Detection System based on the early detecting and isolating malicious nodes by exploiting local information shared by neighbors and using universal sink detection method in graph theory. We proved that smart black holes can defeat the sequence number threshold-based detection strategy by using leastsquare method. Simulations in NS2, showed the efficiency of the proposed approach, which can quickly detect and isolate smart black holes, improve the Packet delivery ratio (PDR) and throughput by an average of 97% and 90%, respectively, thus preserving the network performances.
... Signatures are the sole thing that preventive measures rely on. Reactive methods such as IDS, detect all types of threats [2]. ...
... In general, a perfect electric conductor (PEC) and a perfect magnetic conductor (PMC) are used to determining the boundary condition [39][40][41]. ...
The dielectric resonator antenna (DRA) can be modeled as a series and parallel combination of electrical networks consisting of a resistor (R), inductor (L), and capacitor (C) to address peculiar challenges in antennas suitable for application in emerging wireless communication systems for higher frequency range. In this paper, a multi-stacked DRA has been proposed. The performance and characteristic features of the DRA have been analyzed by deriving the mathematical formulations for dynamic impedance, input impedance, admittance, bandwidth, and quality factor for fundamental and high-order resonant modes. Specifically, the performance of the projected multi-stacked DRA was analyzed in MATLAB and a high-frequency structure simulator (HFSS). Generally, results indicate that variation in the permittivity of substrates, such as high and low, can potentially increase and decrease the quality factor, respectively. In particular, the impedance, radiation fields and power flow have been demonstrated using the proposed multi-stacked electrical network of R, L, and C components coupled with a suitable transformer. Overall, the proposed multi-stacked DRA network shows an improved quality factor and selectivity, and bandwidth is reduced reasonably. The multi-stacked DRA network would find useful applications in radio frequency wireless communication systems. Additionally, for enhancing the impedance, BW of DRA a multi-stacked DRA is proposed by the use of ground-plane techniques with slots, dual-segment, and stacked DRA. The performance of multi-stacked DRA is improved by a factor of 10% as compared to existing models in terms of better flexibility, moderate gain, compact size, bandwidth, quality factor, resonant frequency, frequency impedance at the resonance frequency, and the radiation pattern with Terahertz frequency range.
... This is the author's version which has not been fully edited and content may change prior to final publication. [103] 2018 N N Y N Y Elhadj Benkhelifa et al. [104] 2018 N Y Y N Y Preeti Mishra et al. [105] 2018 Y Y N N N Aldweesh et al. [106] 2018 Y N Y Y N Markus Ring et al. [107] 2018 Y N N Y Y Khalid Khan et al. [108] 2018 Y N Y N Y Ankit Thakkar et al. [109] 2018 Y Y N N Y Kelton A.P.et al. [110] 2018 N Y Y N Y Zolanvari [111] 2018 Y Y Y N Y Butun.I et al. [112] 2018 N N Y N Y Adnan et al. [113] 2021 Y Y N Y N Hanan Hindy et al. [114] 2020 N Y N Y Y Al-Garadi et al. [115] 2020 N Y Y N N Hassan Heba A et al. [116] 2021 attacks will be feasible to identify zero day vulnerability which has to be duly considered. • RQ-6: Which method is the most suitable for IoT? Solution:Light weight and resource compatible ad-hoc network IDS are required without degrading the security requirements. ...
The increasing number of connected devices in the era of Internet of Thing (IoT) has also increased the number intrusions. Intrusion Detection System (IDS) is a secondary intelligent system to monitor, detect, and alert about malicious activities; an Intrusion Prevention System (IPS) is an extension of a detection system that triggers relevant action when an attack is suspected in a futuristic aspect. Both IDS and IPS systems are significant and useful for developing a security model. Several studies exist to review the detection and prevention models; however, the coherence in the opportunistic or advancements in the models is missing. Besides, the existing models also have some limitations, which need to be surveyed to develop new security models. Our survey is the first one to present a study of risk factor analysis using mapping technique, and provide a proposal for hybrid framework for an efficient security model for intrusion detection and/or prevention. We explore the importance of various Artificial Intelligence (AI)-based techniques, tools, and methods used for the detection and/or prevention systems in IoTs. More specifically, we emphasize on Machine Learning (ML) and Deep Learning (DL) techniques for intrusion detection-prevention systems and provide a comparative analysis focusing on the feasibility, compatibility, challenges, and real-time issues. This present survey is beneficial for industry and academia to categorize the challenges and issues in the current security models and generate the new dimensions of developments of security frameworks with efficient ML or DL methods.
... However, only the network slicing capability of DAF is investigated. The data analytics for 5G networks will reportedly include cloud data centres, terminal devices, IoT networks (including the Internet of Medical Things, ad hoc networks [13], and others), augmented reality (AR), virtual reality (VR), and other services [14][15][16]. These services produce a significant amount of data, further broken down into user behaviour data and network load. ...
The incorporation of network data analytics can made a significant enhancement in the performance of 5G cellular networks. It enables the effective analysis of network data and the detection of abnormalities using machine and deep learning models. In this study, we used ensemble learning methods to improve the accuracy of network prediction. Anomalies are recognized and the network load is estimated. According to the simulation findings, ensemble learning based on bagging performs better in forecasting the network load than the current methods.
... Intrusion detection systems can be deployed in the network using different architectures [17]. These architectures can be classified into two broad categories; Standalone, and collaborative, as shown in Fig. 2. Early IDSs were implemented as stand-alone systems having only local monitors and analysis units at each node. ...
... Many IDS datasets are online available; but, most of them are wired network datasets. There are no datasets online available for MANETs [1,3]. Therefore, we have generated eleven different size subdatasets of MANET IDS (MIDS). ...
A mobile ad-hoc network is a small and temporary network. This network has a different working principle and structure than wired networks. A source node transfers data to the destination node through intermediate nodes. Due to mobility of node, this network is more vulnerable to routing attacks. Many security mechanisms protect the network from intrusions, such as cryptography based, lightweight, and heavyweight techniques. But, these are not powerful enough mechanisms for mobile ad-hoc networks to mitigate routing attacks. Therefore, we have proposed an enhanced intrusion detection system for the mobile ad-hoc network that handles routing attacks. This method mainly generates 11 sub-datasets and also evaluates their quality using a fuzzy logic system. We suggest a probabilistic approach for feature ranking. The next process removes ineffective features from training and test sets. We have applied a Bayesian rough set classifier that classifies the behavior of mobile nodes using incoming packets. The Bayes classifier is applied for ambiguous and unknown samples. Experimental results show that the average detection accuracy is 94.37% for blackhole attack and 99% for wormhole attack. The proposed method performs better than existing intrusion detection methods.
... Packet Delivery Ratio is the packet delivered at the receiver to the packet transmitted by the sender as given in Eqn (2). For a better packet delivery ratio, the network's throughput and routing protocol are ...
... Literature [29] proposed a fuzzy decision theory, which effectively improved the reliability and accuracy of assessment results. Literature [30] proposed a risk assessment method for information security based on Bayesian theory to deduce and calculate the probability of risk occurrence in an information system. Literature [31] used a Bayesian risk graph to model risks, so as to quantitatively calculate the risks faced by the system. ...
With the rapid development of modern society, the administrative information content rapid growth of e-government information resource sharing becomes the key of the government departments for effective social management. The cloud technology Internet big data are widely used and popular, which enable information resources to be shared among government data and are both an opportunity and challenge for effective e-government information resource sharing. It is of great significance to enhance government credibility. Information security risk assessment is a comprehensive evaluation of the potential risk of an uncertain stochastic process, traditional evaluation methods are deterministic models, and it is difficult to measure the security risk of uncertainty. On the other hand, with the opening and complexity of information system business functions, the nonlinearity and complexity of evaluation calculation also increase. By studying the relatively mature assessment criteria and methods in the field of information security, this study analyzes the information security status of small Internet of Things system based on the characteristics of Internet of Things information security. Combining the latest research results of information entropy neural network and other fields with the original risk assessment methods, the improved AHP information security risk assessment model is verified by simulation examples.
... In MANETs intrusion detection literature, a number of important techniques that have been proposed [12]- [14]. More potential can be seen in machine learning approaches. ...
span>Due to the extreme lack of a stable infrastructure, also self-organization of network components, unpredictable network topologies, and the lack of a central authority for routing, security assurance in mobile ad hoc networks (MANETs) is an important and difficult challenge. Among the famous threat that MANETs suffer from: blackhole, grayhole, and selfishness attacks, because the target of these attacks is to drop packets and disturb the routing operation of the network. A scalable, reliable, and robust network intrusion detection system (NIDS) should be created to effectively combat these families of network layer routing assaults in order to offer high availability for MANETs. In this paper, we present a MANETs-IDS based on machine learning algorithm against blackhole, grayhole, and selfishness attacks with Ad Hoc on-demand distance vector (AODV) routing protocol (RFC 3561) and optimized link state routing (OLSR) potocol (RFC 3626), using ns-3 simulation platform. Our simulation took into consideration the density of the network and a random mobility model of nodes. The obtained experimental results show that the proposed detection algorithm reached very promoting performances (in term of accuracy, processing time, time to build the model, precision, recall, F-measure).</span
... This section is a brief overview of related work in the field of IDS Ad Hoc Networks. In [6], the authors suggested an algorithm that a node in Ad Hoc Networks in its IDS to detect routing attacks that are done by malicious nodes in the network. The algorithm modifies the discovery phase in the existing Ad Hoc On-Demand Distance Vector (AODV) protocol. ...
Internet of Things devices (IoTDs) connect a huge number of physical objects in order to provide services to users. However, due to the limitation of IoTDs, applications which are latency-sensitive and require huge computation resources are critical for them to be served, such as online gaming and augmented reality. To support such applications, edge computing (EC) is proposed to shift the computing power, storage, and computational resources close to the user end. Unfortunately, EC confronts a variety of dangerous security risks, which lead to serious concerns for IoTDs. In this chapter, we present a survey of security issues in EC and discuss the requirements of reducing their risk in EC. In addition, we also review artificial intelligence (AI) techniques and how they can help in securing EC as well as explore the major challenges and security issues in them. Finally, we discuss many open challenges/issues, aiming to attract more attention of readers and motivate new research direction in handling security issues in EC.
The Internet of Things (IoT) aims to increase the physical device’s intelligence. These devices are capable of exchanging data without human intervention. But, IoT devices are resource-constrained and also prone to attacks during routing. These attacks deplete the energy and lifetime of each node in the network thereby gradually degrading the performance of the network and possibly bringing it to a halt. To overcome these problems, this paper proposes a novel Detection and Avoidance of IoT Routing Attacks using Machine Learning Techniques (DAIR-MLT) to detect and avoid Hello Flooding attacks, Rank attacks, and Version Number attacks. The Cooja simulator is used for simulating the proposed DAIR-MLT Techniques. In the DAIR-MLT, the detection and avoidance of attacks are carried out in two stages namely Detection of IoT routing Attacks and Avoidance of detected attacks. Two different datasets are used namely DA_IoT_Routing Normal Datasets and DA_IoT_Routing Abnormal Datasets to test and analyze the performance of proposed DAIR-MLT Techniques. From the simulation results, it is inferred that the proposed algorithm increases the packet delivery ratio by 41.55%, throughput by 39.56%, and network lifetime by 43.2% compared to existing algorithms. Further, it is found that the proposed DAIR-MLT algorithm decreases the energy consumption of nodes in IoT by 40.16% and End-to-End delay by 45.26%.
Network intrusions through jamming and spoofing attacks have become increasingly prevalent. The ability to detect such threats at early stages is necessary for preventing a successful attack from occurring. This survey chapter thoroughly overviews the demand for sophisticated intrusion detection systems (IDS) and how cutting-edge techniques, like federated learning-enabled IDS, can reduce privacy risks and protect confidential data during intrusion detection. It explores numerous mitigation strategies used to defend against these assaults, highlighting the significance of early detection and avoidance. The chapter comprehensively analyzes spoofing and jamming attacks, explores mitigation techniques, highlights challenges in implementing federated learning-based IDS, and compares diverse strategies for their real-world effects on network security. Lastly, it presents an unbiased evaluation of contemporary IDS techniques, assessing their advantages, disadvantages, and overall effect on network security while also discussing future challenges and prospects for academia and industry.
Vehicular Ad Hoc Networks (VANETs) are pivotal in modern intelligent transportation systems, enabling real-time vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication. These networks facilitate various applications like traffic management, collision avoidance, and infotainment services. However, the open and dynamic nature of VANETs exposes them to distinct security challenges, necessitating the deployment of Intrusion Detection Systems (IDS) to ensure the security and privacy of vehicular communications. This study introduces an innovative IDS for VANETs, focusing on addressing the unique security issues prevalent in this domain, particularly through advanced feature selection techniques, handling class imbalance with Synthetic Minority Oversampling Technique (SMOTE), and leveraging the Gradient Boost algorithm for classification. The efficacy of the proposed IDS is evaluated on the NSL-KDD dataset, demonstrating exceptional performance compared to existing models the Random Forest algorithm, renowned for its robustness, with an accuracy rate of 100 and 99% for precision, recall, and f1 score, as well as a precision-recall curve with an AP score of 1.0.
In the rapidly evolving information technology landscape, network attacks are becoming more sophisticated and pose significant threats. Intrusion Detection Systems (IDS) have emerged as crucial tools for mitigating network security risks. Despite the vast amount of research on IDS methods, there still remains a gap in comprehensive literature reviews that cover recent developments in techniques, datasets, and tools. This study conducted a comprehensive systematic literature review to address this gap, analyzing 67 selected articles. The review covered various aspects, including IDS research domains, techniques/methods, datasets, and simulators. By synthesizing the findings, the study provides valuable insights into the current state of IDS research and identifies future challenges and unexplored areas. This review sheds light on the strengths and limitations of existing IDS techniques and datasets, offering researchers and practitioners a holistic understanding of the field. The identified research gaps and unexplored topics will guide future research endeavors, leading to advancements in IDS techniques and bolstering network security.
Wireless Sensor Networks (WSNs) consist of numerous affordable, energy-efficient, compact wireless sensors. These sensors are designed to collect, process, and communicate data from their surrounding environment. Several energy-efficient protocols have been created specifically for WSNs to optimize data transfer rates and prolong network lifespan. Multi-channel protocols in WSN are one of the ways to optimize efficiency and enable seamless communication between nodes, thereby reducing interference and minimizing packet loss through multiple channels. Despite their numerous advantages in data sensing and monitoring, various attacks can pose a threat to a WSN. There are several types of attacks that a WSN may encounter, including spoofing, eavesdropping, jamming, sinkhole attacks, wormhole attacks, black hole attacks, Sybil attacks, and DoS attacks. One of the strategies for enhancing security in WSNs is implementing a cross-layer intrusion detection system (IDS) that can detect initial indicators of attacks that target vulnerabilities across multiple WSN layers. This paper reviews the existing IDS at each layer and the challenges in an energy-efficient cross-layer IDS for WSN in terms of the attacks and IDS approaches.
The significance of wireless networks is expanding very rapidly, and their increasing pervasiveness makes them a vital component of the activities involved in living in the modern world. While technological advancement in wireless networks offers numerous advantages, it also presents challenges like securing wireless networks. An Intrusion Detection System (IDS) is well-known for detecting and preventing various security threats in such a network environment. However, IDS deployed over wireless networks face various challenges due to infrastructure setup and computational inabilities. Motivated by these observations, this paper presents a comprehensive survey on IDS in a wireless network. It introduces some essential first-line defensive mechanisms. Further, infer the requirement for IDS in a wireless network. The paper provides a detailed analysis of IDS that includes the discussion of intruder type, intrusion behavior, and security basics. The analysis also includes different variants of IDS used in a wireless network. This paper thoroughly discusses the approaches to designing an effective IDS, illuminating readers to become aware of the current state-of-the-art techniques in wireless network domain. The study details many critical attacks that can compromise a wireless network. It covers the IDS frameworks to protect against different attacks. It delves into the diverse applications of IDS in wireless networks. The study discusses the challenges and limitations associated with modern wireless networks. This study encourages the young researchers to do their research in the domain of cyber security.
The most prevalent issue on the internet today is malware. Due to its dynamic nature and ability to inherit characteristics from other types, polymorphic malware constantly modifies its properties to avoid being identified by traditional signature methodologies. The activity is carried out either at a certain moment or after a specific period of time. This study investigates machine learning model-based behavior-based detection techniques for detecting malware families and predict their presence through static or dynamic analysis.
Wireless sensor networks have a broader application range in almost every field of human endeavours, which exposes them to a variety of security threats on a daily basis from cyber criminals. It is a remote monitoring system for events or phenomena in areas such as smart grids, intelligent healthcare, circular economies in smart cities, and underwater surveillance. Cybersecurity threats have long been a source of concern in the field of wireless sensor networks. The goal of cyber security in this era is to certify the authenticity of networks confidentiality, data integrity and availability of network assets. Various security mechanisms, particularly key management cryptographic, authentication mechanisms, and intrusion detection systems have been developed from several machine learning algorithms, and so on, which have been used to ensure network security. In this paper, we focused on outlining diverse application areas of wireless sensor networks with their security threats, major challenges and given some common mechanism to counter security threats for in-depth research insight on security in applications of wireless sensor networks. In addition, an analysis of the common attacks on wireless sensor networks has been provided.
With the rise of industrialization, the importance of the industrial Internet of Things (IIoT) has increased significantly, and with it comes a variety of security threats. Therefore, the security of these networks is critical. Industrial Response Systems (IRSs), as the last line of security, plays an important role in the security system of the Industrial Internet of Things. In this paper, a new IRS model based on the non‐cooperative game is proposed. First, by combining the Partially Observable Markov Decision Process (POMDP) model with the stochastic game model based on the expanded attack tree, our model could effectively perceive the changes at each node. Second, our model incorporates the alarms of intrusion detection system (IDS) and the physical quantities of sensors in Industrial Cyber‐Physical System (ICPS) into the quantization system so that the model can respond to intruders more accurately and comprehensively. Finally, we develop this model based on multiprocessors to speed up the solution process, and adopt an approximation algorithm to reduce the number of iterations of the POMDP
The sophistication of malicious software, known as malware, continues to advance. Previous approaches to detecting malware have predominantly focused on software-based detectors, which are susceptible to compromise. Consequently, recent efforts have suggested the adoption of hardware-assisted malware detection. In this research, we present a fresh framework for hardware-assisted malware detection that utilizes machine learning to monitor and classify patterns of memory access. This framework offers enhanced automation and coverage by reducing the reliance on specific malware signatures from the user. Our work is based on the fundamental understanding that malware must modify control flow and/or data structures, thereby leaving identifiable traces in program memory accesses. Expanding on this insight, we propose an online framework for malware detection that employs machine learning to classify malicious behaviour based on patterns of virtual memory access. Key elements of this framework include techniques for gathering and summarizing memory access patterns at the function and system call levels, as well as a two-level classification architecture
An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activities and issues alerts when such activities are discovered. If an intruder is able to exploit any kind of vulnerability then he/she is able to steal, modify, delete personal data of a person. The primary function of IDS is anomaly detection and reporting, but few intrusion detection systems are capable of taking actions when malicious activity or anomalous traffic is detected, including blocking traffic sent from suspicious IP addresses. The continued ability to detect malicious network intrusions has become an exercise in scalability, in which data mining techniques are playing an increasingly important role. The objective of this chapter is to simulate IDS using data mining technique on some public and private datasets such as virtualized, synthesized, and realistic.
MANETs are ad Hoc networks characterized by dynamic topologies over time, open wireless medium, infrastructure less to control communications... etc. These networks are susceptible to various denial of service attacks such as black holes, which are considered among the most dangerous and serious threats. In order to mitigate black hole attacks, several intrusion detection systems have been proposed, like sequence number-based systems and trust-based systems, unfortunately these systems has become inefficient against the new wave of black holes, known also by smart black holes. Indeed, for example smart black holes can defeat threshold-based systems, by predicting the fixed threshold of the sequence number and can defeat the trust-based systems by checking if the RREQ is valid or not. In this paper, we have studied the impact of smart black holes on sequence number based systems and trust-based systems. We simulated, in NS2.35, several ad hoc networks with different densities under different number of smart black holes. Through simulation, it has been found that the smart black holes can easily defeat most of the proposed IDS in the literature.
With the wide application of unmanned aerial systems, cyber security concerns of the system have attracted more and more attention. Accurate intrusion detection is an important prerequisite for the system to prevent and respond to cyber-attacks of the unmanned aerial system effectively. In this survey, the security issues are described firstly, and then several aspects of a general intrusion detection system such as detection mechanism, performance metrics are introduced. In particular, for unmanned aerial systems, their intrusion detection systems are categorized according to detection targets: modular intrusion detection, anomalous behavior monitoring in single UAV and malicious node identification in multiple UAVs. Finally, several research challenges and opportunities such as validation of intrusion detection system, anomaly-based detection are discussed.
In recent years, many realistic wireless ad hoc networks (WANETs) have taken on three‐dimensional characteristics due to the implementation of various structures such as viaducts, tunnels, and overpasses. An increasing amount of work has also been devoted to studying the challenges posed by 3D vanet scenarios. And research on routing methods for 3D vanet scenarios is a hot topic. However, the three‐dimensional scene routing decision schemes have some problems, such as low data transmission efficiency, high energy consumption, and low end‐to‐end delays. Therefore, an energy efficiency optimization routing decision system is proposed based on the establishment of a three‐dimensional Voronoi polygon topology model. First, we define a node state‐related attribute parameter that determines whether the source node and the forward node are linked. The data forwarding node is determined by comparing attribute differences. Then, a power control mechanism based on received signal strength is proposed to solve the energy consumption, which includes deterministic and random parts. Finally, the specific state of the network node is monitored by comparing the attribute decision matrix to ensure basic maintenance of network operation and improve network transmission reliability. The simulation results show that the proposed scheme not only ensures the communication performance index in WANETs but also improves the reliability of the network.
Nowadays, cybersecurity challenges and their ever-growing complexity are the main concerns for various information technology-driven organizations and companies. Although several intrusion detection systems have been introduced in an attempt to deal with zero-day cybersecurity attacks, computer systems are still highly vulnerable to various types of distributed denial of service (DDoS) attacks. This complicated cyber-attack caused many system failures and service disruptions, resulting in billions of dollars of financial loss and irrecoverable reputation damage in recent years. Considering the nonnegligible importance of business continuity in the Industry 4.0 era, this paper presents a comprehensive, systematic survey of DDoS attacks. It also proposes a hierarchy for this severe cyber threat, besides conducting deep comparisons from various perspectives between the studies published by reputed venues in this area. Furthermore, this paper recommends the most effective defensive strategies, with a focus on recently offered fuzzy-based detection methods, to mitigate such threats and bridge the gaps existing in the current intrusion detection systems and related works. The outcomes and key findings of this survey paper are highly advantageous for private companies, enterprises, and government agencies to be implemented in their local or global businesses to significantly improve business sustainability.
Mobile ad hoc networks (MANETs) are infrastructure-less, dynamic wireless networks and self-configuring, in which the nodes are resource constrained. With the exponential evolution of the paradigm of smart homes, smart cities, smart logistics, internet of things (IoT) and internet of vehicle (IoV), MANETs and their networks family, such as flying ad-hoc networks (FANETs), vehicular ad-hoc networks (VANETs), and wireless sensor network (WSN), are the backbone of the whole networks. Because of their multitude use, MANETs are vulnerable to various attacks, so intrusion detection systems (IDS) are used in MANETs to keep an eye on activities in order to spot any intrusions into networks. In this paper, we propose a knowledge-based intrusion detection system (KBIDS) to secure MANETs from two classes of distributed denial of service (DDoS) attacks, which are UDP/data and SYN flooding attacks. We use the approach of deep learning exactly deep neural network (DNN) with CICDDoS2019 dataset. Simulation results obtained show that the proposed architecture model can attain very interesting and encouraging performance and results (Accuracy, Precision, Recall and F1-score). © 2022, Institute of Advanced Engineering and Science. All rights reserved.
Mobile Ad hoc NETworks (MANET) are networks without infrastructure. The communication range among nodes is limited, where several hops are needed to transmit a packet from the source to the destination. These networks have a constantly changing topology due to its mobile nodes and their arbitrary connections, which make it vulnerable for diferent attacks. One of the most important attacks in MANET is the black hole attack which degrades the performance of the network by removing all the packets passing through it.
There are several techniques for detecting black hole attacks in the ad hoc on demand vector protocol. In this thesis, a new approach based on AACK Adaptative ACKnowledgement is proposed. The proposed system is to detect the single and multiple black hole attacks by intrusion detection system with SPlitted AACK technique. The system is robust enough to detect all black hole attacks by using an iterative split of the main path until the detection of the malicious nodes. Network simulator 2 (NS2) is used for simulation. We tested our system on diferent networks with diferent network sizes and diferent numbers of attacks, and we compared our results with some existing intrusion detection system techniques.
On the other hand a technique based on machine learning, more precisely on the random
forest algorithm with the selection of the best features,is also proposed. The latter is tested on the NSL-KDD dataset. The results found were very satisfying in terms of Accuracy 99,66%, Precision 99,85 %, Recall 99,83 % and F1-Score 99,84%. Thus, the results have improved when compared with those of other techniques.
This Malware detection is a field of computer security that deals with the study and prevention of malicious software. It is not the only way to defend a company against a cyber- attack. In order to be effective, companies should analyse their risk and identify the vulnerabilities. In this paper, we will examine different techniques used to detect computer malware and malicious websites as well as future directives in this area of study and also, we will discuss the growth in computer malware and how traditional methods of detection are being replaced by innovative techniques like behavioural-based model and Signature-based model. Future directives involve developing better security products in order to fight against cyber fraud which is on a rise in recent years especially in Asia Pacific region. With this increase in cyber frauds and other malicious activities, traditional methods are not enough to block computers from it as this method has many drawbacks. In order to tackle these issues, researchers have been developing new techniques such as heuristic analysis, static & dynamic analysis which can detect more than 90% of malware samples without any false positives or negatives. Keywords: Behaviour-based approach, Dynamic analysis, Heuristic, Malware, Ransomware, Signature-based model, Static analysis, Vulnerability.
A mobile ad-hoc network (MANET) is a network of mobile nodes short of Infrastructure, linked by wireless links. While mobility is the key feature of MANETs, the frequent movement of nodes may lead to link failure. A mobile multi-hop wireless ad hoc network carries a dynamic structure feature, and each node has mobility; due to this, the network has altered topology change dynamically. Developing the wireless ad hoc network protocol is the major challenge because, compared to the wired routing node, all node is mobile, energy limitation, the node's physical location, and multicast routing.
In this article, a comparative investigation of routing protocol performance for large wireless ad hoc networks (100 nodes) under the impact of the random mobile environment with the velocity of 30 m/sec for 1800 seconds with ten different results for each node-set.
The comparative analysis includes packet delivery ratio, throughput, packet dropping ratio, routing overhead, and end-to-end delay quality of service (QoS) metrics. It concludes that Ad-hoc On-demand Distance Vector protocol performance is more stable as the number of nodes & traffic increase in the random mobility environment.
Numerous technologies are being evolved in the everyday life. The researchers' concentration is gained increasingly by these growing modern technologies. A Mobile Ad-hoc Network (MANET) is a self-configuring along with a self-organizing network devoid of an infrastructure utilized by wireless mobile devices. Several kinds of security measures are being adopted; even then, there occur attacks often. Innovative methodologies are invented by the attacker for attacking. To guard data numerous technologies have been established whereas simultaneously, another methodology will be implemented to hack the information. All the technology is comprised of pros and cons, in the same way, MANETS are also included in that category. The MANETS' security threats, challenges, along with complications are reviewed in this paper. The various methodologies utilized in the latest literature to sort out the MANETS' security problems are significantly surveyed in this manuscript. On the regions of identification of malicious activity, malicious node detection, methodologies, performance evaluation, along with Energy Consumption (EC), the theoretical interpretation is performed.
A Mobile Ad hoc NETwork (MANET) is a group of mobile nodes that rely on wireless network interfaces, without the use of fixed infrastructure or centralized administration. In this respect, these networks are very susceptible to numerous attacks. One of these attacks is the black hole attack and it is considered as one of the most affected kind on MANET. Consequently, the use of an Intrusion Detection System (IDS) has a major importance in the MANET protection. In this paper, a new scheme has been proposed by using an Adaptive Neuro Fuzzy Inference System (ANFIS) and Particle Swarm Optimization (PSO) for mobile ad hoc networks to detect the black hole attack of the current activities. Evaluations using extracted database from a simulated network using the Network Simulator NS2 demonstrate the effectiveness of our approach, in comparison to an optimized IDS based ANFIS-GA.
Patients' health data is very sensitive and the access to individual's health data should be strictly restricted. However, many data consumers may need to use the aggregated health data. For example, the insurance companies needs to use this data to setup the premium level for health insurances. Therefore, privacy-preserving data aggregation solutions for health data have both theoretical importance and application potentials. In this paper, we propose a privacy-preserving health data aggregation scheme using differential privacy. In our scheme, patients' health data are aggregated by the local healthcare center before it is used by data comsumers, and this prevents individual's data from being leaked. Moreover, compared with the existing schemes in the literature, our work enjoys two additional benefits: 1) it not only resists many well known attacks in the open wireless networks, but also achieves the resilience against the human-factor-aware differential aggregation attack; 2) no trusted third party is employed in our proposed scheme, hence it achieves the robustness property and it does not suffer the single point failure problem.
A MANET (Mobile Adhoc Network) is an infrastructure-less self configuring wireless networks of routers. It has potential applications in totally unpredictable and dynamic environment. Routing protocol used here is a form of reactive routing called AODV. AODV (Adhoc On Demand Distance Vector) routes based on demand. The major benefit of AODV is minimum connection setup delay and assignment of sequence numbers to destination to identify the latest route. The route updates are done by periodic beaconing. This network is susceptible to various hazards. In specification based Intrusion Detection system, certain characteristics of vital objects are analyzed and any abnormality is detected. We propose a technique to analyze the exposure to attacks in AODV, specifically the most common network layer hazard, Black Hole attack and to develop a specification based Intrusion Detection System (IDS) using Genetic Algorithm approach. The proposed system is based on Genetic Algorithm, which analyzes the behaviors of every node and provides details about the attack. Genetic Algorithm Control (GAC) is a set of various rules based on the vital features of AODV such as Request Forwarding Rate, Reply Receive Rate and so on. The performance of MANET is analyzed based on GAC.
A mobile ad hoc network (MANET) is a self-configuring in-frastructure less network of mobile devices connected by wireless links. In this network, a mobile node behaves as a host and a router at the same time. MANETs are highly vulnerable to attacks than wired net-works due to their characteristics. Ad hoc network maximize the total network throughput by using all available nodes for routing and forward-ing. Hence, a node can misbehave and fail to establish route or route the data due to its malicious activity to decrease the performance of ad hoc network. In this paper, we propose an intrusion detection system to detect the malicious nodes in MANETs. The propose detection algo-rithm is divided into two phases: Detection during route establishment and Detection during data forwarding. The detection effectiveness of the proposed algorithm is more than 80% and for some cases detection ef-fectiveness may reach to 100%. The silent feature of propose scheme is its simplicity and effectiveness in detecting malicious nodes.
This paper describes the advantages of using the anomaly detec-tion approach over the misuse detection technique in detecting unknown net-work intrusions or attacks. It also investigates the performance of various clus-tering algorithms when applied to anomaly detection. Five different clustering algorithms: k-Means, improved k-Means, k-Medoids, EM clustering and dis-tance-based outlier detection algorithms are used. Our experiment shows that misuse detection techniques, which implemented four different classifiers (naïve Bayes, rule induction, decision tree and nearest neighbour) failed to detect network traffic, which contained a large number of unknown intrusions; where the highest accuracy was only 63.97% and the lowest false positive rate was 17.90%. On the other hand, the anomaly detection module showed promis-ing results where the distance-based outlier detection algorithm outperformed other algorithms with an accuracy of 80.15%. The accuracy for EM clustering was 78.06%, for k-Medoids it was 76.71%, for improved k-Means it was 65.40% and for k-Means it was 57.81%. Unfortunately, our anomaly detection module produces high false positive rate (more than 20%) for all four clustering algorithms. Therefore, our future work will be more focus in reducing the false positive rate and improving the accuracy using more advance machine learning techniques.
The advancement in wireless technologies and the high availability of wireless equipment in everyday devices is a factor in the success of infrastructure-less networks. MANETs are becoming more and more common due to their ease of deployment. The high availability of such networks and the lack in security measures of their routing protocols are alluring a number of attackers to intrude. A particular type of DoS attack; known as Wormhole is the topic of discussion in this paper. A number of solutions have been proposed catering a wide range of possibilities for detection and prevention of wormholes. Literature review shows that the paths in the routing table have not been used for the detection of the wormhole attack; with a little modification to the structure of the routing table we can be able to detect suspicious links. In this paper we have proposed the use of the modified routing table for detection of the suspicious links, confirmation of wormhole existence, at the end isolating the confirmed wormhole nodes. The approach has been applied to DSDV and the detection of self-sufficient wormhole nodes and attacks. Our future work will involve the use of our own approach for detection and prevention of wormhole attacks in other protocols as well as comparison the technique with other techniques present in literature.
Intrusion Detection Systems (IDS) is defined as a c omponent that analyses system and user op- erations in computer and network systems in search of activities considered undesirable from se- curity perspectives. Applying mobile agent (MA) to intrusion detection design is a recent devel- opment and it is aimed at effective intrusion detec tion in distributed environment. From the litera- ture, it is clear that most MA-based IDS that are a vailable are not quite effective because their time to detection is high and detect limited intrus ions.This paper proposes a way of classifying a typical IDS and then strategically reviews the exis ting mobile agent-based IDSs focusing on each of the categories of the classification, for exampl e architecture, mode of data collection, the tech- niques for analysis, and the security of these inte lligent codes. Their strengths and problems are stated wherever applicable. Furthermore, suggested ways of improving on current MA-IDS de- signs are presented in order to achieve an efficien t mobile agent-based IDS for future security of distributed network.
Wireless Sensor Networking is one of the most promising technologies that have applications ranging from health care to tactical military. Although Wireless Sensor Networks (WSNs) have appealing features (e.g., low installation cost, unattended network operation), due to the lack of a physical line of defense (i.e., there are no gateways or switches to monitor the information flow), the security of such networks is a big concern, especially for the applications where confidentiality has prime importance. Therefore, in order to operate WSNs in a secure way, any kind of intrusions should be detected before attackers can harm the network (i.e., sensor nodes) and/or information destination (i.e., data sink or base station). In this article, a survey of the state-of-the-art in Intrusion Detection Systems (IDSs) that are proposed for WSNs is presented. Firstly, detailed information about IDSs is provided. Secondly, a brief survey of IDSs proposed for Mobile Ad-Hoc Networks (MANETs) is presented and applicability of those systems to WSNs are discussed. Thirdly, IDSs proposed for WSNs are presented. This is followed by the analysis and comparison of each scheme along with their advantages and disadvantages. Finally, guidelines on IDSs that are potentially applicable to WSNs are provided. Our survey is concluded by highlighting open research issues in the field.
An overview on the usage of emergent self organizing maps is given. U-Maps visualize the distance structures of high dimensional data sets. P-Maps show their density structures and U*-Maps combine the advan- tages of the mentioned maps to a visualization suitable to detect non- trivial cluster structures. A concise summary on the usage of Emergent Self-organizing Maps (ESOM) for data mining is given. The tasks of vi- sualization, clustering, and classification as they can be performed with the Databionics ESOM Tools are described.
Intrusion detection is a significant focus of research in the security of computer systems and networks. This paper presents an analysis of the progress being made in the development of effective intrusion detection systems for computer systems and distributed computer networks. The technologies which are discussed are designed to detect instances of the access of computer systems by unauthorized individuals and the misuse of system resources by authorized system users. A review of the foundations of intrusion detection systems and the methodologies which are the focus of current development efforts are discussed. The results of an informal survey of security and network professionals is discussed to offer a real-world view of intrusion detection. Finally, a discussion of the future technologies and methodologies which promise to enhance the ability of computer systems to detect intrusions is provided.
The evolution of wireless network technologies and the recent advances in mobile computing hardware have made possible the introduction of various applications in mobile ad hoc networks. Not only is the infrastructure of these networks inherently vulnerable but they have increased requirements regarding their security as well. As intrusion prevention mechanisms, such as encryption and authentication, are not sufficient regarding security, we need a second line of defense, Intrusion Detection. The focus of this paper is on anomaly detection techniques in order to exploit their main advantage of being able to detect unknown attacks. First, we briefly describe intrusion detection systems and then we suggest a distributed schema applicable to mobile ad hoc networks. This anomaly detection mechanism is based on a neural network and is evaluated for packet dropping attacks using features selected from the MAC layer. The performance of the proposed architecture is evaluated under different traffic conditions and mobility patterns.
Nowadays, mobile devices have become the prevailing computation platform. Due to their battery-constraint nature, delivering excellent user experience with low energy consumption is highly desirable for mobile devices. Past researches on optimizing the energy efficiency for mobile devices are at either too high or too low levels. The former can explore different QoS requirements for applications, while the latter can model the interaction details. To get both advantages, we target a level in the middle, i.e., user behavior level. In this work, we characterize user behaviors, analyze their QoS requirements and propose corresponding QoS models for each behavior type. Then, we introduce U-ACT, a user behavior aware power management framework, which can optimize CPU frequencies for all different behavior types. Our evaluation shows the proposed framework can achieve up to 62% combined improvement, i.e., the summation of QoS and energy improvements in percentage, comparing with the state-of-the-art governors.
The energy issue of real-time applications with precedence-constrained tasks on heterogeneous systems has been studied recently. With the strikingly increasing power density due to the soaring system integration level, severe thermal issues arise which can in turn further aggravate the energy issues due to the strong temperature/leakage dependency. Any optimization should be insufficient if such dependency is not properly addressed. However, the state-of-the-art approaches either treat leakage power as a constant, or only adopt the dynamic power consumption as the heuristic metric to conduct the optimization, both of which cannot fully explore the optimization room for the two issues. To this end, we design an energy/thermal aware task scheduling approach by taking both the thermal and energy factors into consideration. The optimization is conducted from two aspects: first balance the energy/thermal loads of processors by assigning tasks in an energy/thermal aware heuristic way, and that of tasks by the deduced task-level deadlines; then reduce the waiting time between parallel tasks that share the same successor task. Extensive experiments conducted on real-world applications show that, the proposed approach can reduce more temperature by up to about 12∘C (depending on the specific application and related parameters) while keeping a competitive energy consumption compared with the state-of-the-arts.
As one of the security components in Network Security Monitoring System, Intrusion Detection System (IDS) is implemented by many organizations in their networks to detect and address the impact of network attacks. There are many machine-learning methods that have been widely developed and applied in the IDS. Selection of appropriate methods is necessary to improve the detection accuracy in the application of machine-learning in IDS. In this research we proposed an IDS that we developed based on machine learning approach. We use 28 features subset without content features of Knowledge Data Discovery (KDD) dataset to build machine learning model. From our analysis and experiment we get 28 features subset of KDD dataset that are most likely to be applied for the IDS in the real network. The machine learning model based on this 28 features subset obtained 99.9% accuracy for both two-class and multiclass classification. From our experiments using the IDS we have developed show good performance in detecting attacks on real networks.
Vehicular ad-hoc Network (VANET) is an emerging type of Mobile ad-hoc Networks (MANETs) with excellent applications in the intelligent traffic system. Applications in VANETs are life critical since human lives are at stake and therefore, interaction among nodes (vehicles) must be established in the most secure manner. To provide security for VANETs, various security measures are designed, the most popular of which is Intrusion Detection Systems (IDSs). IDS has already proved its worth in detection of malicious nodes in traditional networks but applying the IDS in VANET like networks is somehow different and difficult due to its peculiar characteristics such as resource constrained nodes, high mobility of nodes, specific protocols stacks, and standards. This paper presents a brief introduction about the various IDSs, in general, to get the readers well acquainted with the concept of IDS after which an in-depth survey of various IDSs that are propounded for VANETs is put forward followed by analyzing and comparing each technique along with merits and demerits. Some basic instructions have also been presented for developing IDSs that have a potential application in VANET and VANET Cloud. Our aim is to identify leading trends, open challenges, and future research directions in the deployment of IDS in VANET. In order to bridge the research gaps in terms of performance, detection rate and overhead, and also to overcome
the challenges of existing IDS in literature, a proactive bait based Honeypot optimized IDS system is also proposed with the aim to detect existing and zero-day attacks with minimal overhead. Finally, some open research works being carried out in the field is also proposed
Mobile Ad Hoc Networks (MANETs) enable versatile hosts to frame a correspondence arrange without a prefixed framework. In military applications portable specially appointed system assumes essential part since it is particularly planned network for on request necessity and in circumstances where set up of physical network isn't conceivable. Despite the fact that it gives high adaptability, it likewise conveys more difficulties for MANETs to battle against malicious assaults. In any case, the property of mobility and excess additionally motivates new plans to outline safeguard procedure. In this paper, we propose a procedure to relieve DDoS assaults in MANETs. Expect that a malicious attacker ordinarily targets particular victims. The attacker will surrender if the assault neglected to accomplish the coveted objectives after a specific length of assaulting time. In our assurance system, we exploit high excess and select a protection node. Once a DDoS attack has been identified, the suspicious movement will be diverted to the protection node. The victim will work typically, and it is sensible to expect that the attacker will stop the trivial endeavors. Through escalated recreation test utilizing NS-2, we have confirmed the viability of our approach and assessed the cost and overhead of the framework.
Intrusion Detection Systems (IDS) is defined as a component that analyses system and user operations in computer and network systems in search of activities considered undesirable from security perspectives. Applying mobile agent (MA) to intrusion detection design is a recent development and it is aimed at effective intrusion detection in distributed environment. From the literature, it is clear that most MA-based IDS that are available are not quite effective because their time to detection is high and detect limited intrusions.This paper proposes a way of classifying a typical IDS and then strategically reviews the existing mobile agent-based IDSs focusing on each of the categories of the classification, for example architecture, mode of data collection, the techniques for analysis, and the security of these intelligent codes. Their strengths and problems are stated wherever applicable. Furthermore, suggested ways of improving on current MA-IDS designs are presented in order to achieve an efficient mobile agent-based IDS for future security of distributed network.
In the past few years, an evolution in the wireless communication has been emerged, along with the evolution a new type of large potential application of wireless network appears, which is the Mobile Ad-Hoc Network (MANET). Black hole attack considers one of the most affected kind on MANET. Therefore, the use of intrusion detection system (IDS) has a major importance in the MANET protection. In this paper, an optimization of a fuzzy based intrusion detection system is proposed which automate the process of producing a fuzzy system by using an Adaptive Neuro- Fuzzy Inference System (ANFIS) for the initialization of the FIS and then optimize this initialized system by using Genetic Algorithm (GA). In addition, a normal estimated fuzzy based IDS is introduced to see the effect of the optimization on the system. From this study, it is proven that the optimized proposed IDS perform better that the normal estimated systems.
Resource exhaustion is one of the main challenges for the security of Wireless Sensor Networks (WSNs). The challenge can be addressed by using algorithms that are light weighted. In this paper use of light-weighted RContiguous Bit matching for attack detection in WSNs has been evaluated. Use of R-Contiguous bit matching in Negative Selection Algorithm (NSA) has improved the performance of anomaly detection resulting in low false positive, false negative and high detection rates. The proposed model has been tested against some of the attacks. The high detection rate has proved the appropriateness of RContiguous bit matching mechanism for anomaly detection in WSNs.
With the increasingly widespread application of information and communication technology, the smart grid has gradually evolved into a cyber physical system characterised by deep integration between the information space and physical space. All manner of intrusion attacks on cyber physical power systems are growing more and more frequent. Timely and accurate detection and identification of these intrusions are essential for the effective control and protection of cyber physical power systems. For massive and high-dimensional intrusion behaviour data in cyber physical power systems, distributed intrusion detection based on hybrid gene expression programming and cloud (DID-HGEPCloud) computing is proposed. In the DID-HGEPCloud, attribution reduction with noise data based on rough set and a global intrusion model based on non-linear least squares are applied to improve the efficiency and accuracy of intrusion detection. At the same time, the MapReduce programming framework of cloud computing is adopted, and parallelisation of the model of the proposed algorithm is performed to enhance its ability to manage massive and high-dimensional data. Comparative experiments show that the algorithm proposed in this paper has obvious advantages in terms of false attack rate, DAR, and average time consumed. Furthermore, the proposed algorithm possesses excellent parallel performance.
Cloud Computing Security is a new era of computer technology and opens a new research area and creates a lot of opportunity of exploration. One of the new implementation in Cloud is Intrusion Detection System (IDS).There are problems with existing IDS approach in Cloud environment. Implementing traditional IDS need a lot of self-maintenance and did not scale with the customer security requirements. In addition, maintenance of traditional IDS in Cloud Computing system requires expertise and consumes more time where not each Cloud user has. A decentralized traditional IDS approach where being deployed in current Cloud Computing infrastructure will make the IDS management become complicated. Each user's IDS will not be the same in term of type and configurations and each user may have outdated signatures. Inter VM's communication also become a big concern when we implementing Cloud Computing system where communication between Clouds are not monitored and controlled by the traditional IDS. A specific IDS model for Cloud computing is required to solve these problems. In this paper, we develop a prototype of Cloud IDS inspired by Dendritic Cell mechanism. Experiment result proved that Cloud IDS was able to detect any attempt to attack the Cloud environment. The experiments show that the Cloud IDS model based on Dendritic Cell algorithm able to identify and detect novel threat that targeting Cloud environment.
As a mobile ad hoc network (MANET) is dynamically formed by wireless mobile devices, which generally have limited computing resources, low network bandwidth accessibility, and limited power supply, and does not have any physical infrastructure and central base station, network management and operations are done cooperatively by all mobile devices in the network. In consequence, malicious mobile devices can easily join a MANET and launch attacks. Among those attacks, cooperative black hole attack requiring at least two malicious device nodes is a serious security threat since this attack is very easy to launch and hard to detect by other nodes. In this study, we introduce a secure routing protocol to defend against the cooperative black hole attack. Simulation experiments using QualNet has shown that our protocol provides up to 2.6 times performance in terms of the packet delivery ratio when comparing with AODV protocol under cooperative black hole attack.
This paper proposes an intelligent multi level classification technique for effective intrusion detection in Mobile Ad-hoc Networks. The algorithm uses a combination of a tree classifier which uses a labeled training data and an Enhanced Multiclass SVM algorithm. Moreover, an effective preprocessing technique has been proposed and implemented in this work in order to improve the detection accuracy and to reduce the processing time. From the experiments carried out in this work, it has been observed that significant improvement has been achieved in this model from the view point of both high detection rates as well as low false alarm rates.
Intrusion detection system aims at analyzing the severity of network in terms of attack or normal one. Due to the advancement in computer field, there are numerous number of threat exploits attack over huge network. Attack rate increases gradually as detection rate increase. The main goal of using data mining within intrusion detection is to reduce the false alarm rate and to improve the detection rate too. Machine learning algorithms accomplishes to solve the detection problem. In this study, first we analyzed the statistical based anomaly methods such as ALAD, LEARAD and PHAD. Then a new approach is proposed for hybrid intrusion detection. Secondly, the advantage of both supervised and unsupervised has been used to develop a semi-supervised method. Our experimental method is done with the help of KDD Cup 99 dataset. The proposed hybrid IDS detects 149 attacks (nearly 83%) out of 180 attacks by training in one week attack free data. Finally, the proposed semi-supervised approach shows 98.88% accuracy and false alarm rate of 0.5533% after training on 2500 data instances.
Data mining techniques have been successfully applied in many different fields including marketing, manufacturing, process control, fraud detection, and network management. Over the past five years, a growing number of research projects have applied data mining to various problems in intrusion detection. This chapter surveys a representative cross section of these research efforts. Moreover, four characteristics of contemporary research are identified and discussed in a critical manner. Conclusions are drawn and directions for future research are suggested.
In this chapter we consider bounds on the rate of uniform convergence. We consider upper bounds (there exist lower bounds as well (Vapnik and Chervonenkis, 1974); however, they are not as important for controlling the learning processes as the upper bounds).
The recent years realize a progressive transition where fixed computing reached maturity and the mobility age started to thrive. Nowadays, another transition from the mobility age to the “Internet of Everything” (IoE) is taking place. In the IoE vision, several types of quotidian objects will be able to communicate over the Internet. As a result, it is expected that within a decade, IoE will have an economic value of $14.4 trillion, as the number of devices connected to the Internet continues to increase exponentially. The support for security services in these emerging resource-constrained devices is considered a challenge but needs to take into account from the very early stages of the wireless network inception. This paper proposes a network-based intrusion detection system (IDS) for IPv6-enabled wireless sensor networks. The proposed IDS is used to detect security attacks based on traffic signatures and abnormal behaviors.
Pervasive mobile and low-end wireless technologies, such as radio-frequency identification (RFID), wireless sensor networks and the impending vehicular ad-hoc networks (VANETs), make the wireless scenario exciting and in full transformation. For all the above (and similar) technologies to fully unleash their potential in the industry and society, there are two pillars that cannot be overlooked: security and privacy. Both properties are especially relevant if we focus on ad-hoc wireless networks, where devices are required to cooperate – e.g. from routing to the application layer – to attain their goals.
In this paper, we survey emerging and established wireless ad-hoc technologies and we highlight their security/privacy features and deficiencies. We also identify open research issues and technology challenges for each surveyed technology.
A MANET (Mobile Adhoc Network) is an infrastructure-less self configuring wireless networks of routers. It has potential applications in totally unpredictable and dynamic environment. Routing protocol used here is a form of reactive routing called AODV. AODV (Adhoc On Demand Distance Vector) routes based on demand. The major benefit of AODV is minimum connection setup delay and assignment of sequence numbers to destination to identify the latest route. The route updates are done by periodic beaconing. This network is susceptible to various hazards. In specification based Intrusion Detection system, certain characteristics of vital objects are analyzed and any abnormality is detected. We propose a technique to analyze the exposure to attacks in AODV, specifically the most common network layer hazard, Black Hole attack and to develop a specification based Intrusion Detection System (IDS) using Genetic Algorithm approach. The proposed system is based on Genetic Algorithm, which analyzes the behaviors of every node and provides details about the attack. Genetic Algorithm Control (GAC) is a set of various rules based on the vital features of AODV such as Request Forwarding Rate, Reply Receive Rate and so on. The performance of MANET is analyzed based on GAC.
The objective of jamming attacks in a network is to deny service to the communicating nodes, thus reducing network throughput and availability. In this paper, we propose a game theoretic framework for detecting jamming attacks in wireless ad hoc networks. We formulate jamming as a two-player, non-cooperative game to analyze the interaction between the attacker and the monitoring nodes in the network. We propose hybrid detection strategies at the monitor node by using cross-layer features for attack detection. We solve the game by computing the mixed-strategy Nash equilibrium and derive the optimal attack and detection strategies. Numerical results show that game theoretic analysis can be used to determine the optimal steady-state monitoring strategies to provide higher detection accuracy, while balancing the monitoring energy costs. Copyright © 2011 John Wiley & Sons, Ltd.
The accuracy of detecting an intrusion within a network of intrusion detection systems (IDSes) depends on the efficiency of collaboration between member IDSes. The security itself within this network is an additional concern that needs to be addressed. In this paper, we present a trust-based framework for secure and effective collaboration within an intrusion detection network (IDN). In particular, we design a trust model that allows each IDS to evaluate the trustworthiness of other IDSes based on its personal experience. We also propose an admission control algorithm for the IDS to manage the acquaintances it approaches for advice about intrusions. We discuss the effectiveness of our approach in protecting the IDN against common attacks. Additionally, experimental results demonstrate that our system yields significant improvement in detecting intrusions. The trust model further improves the robustness of the collaborative system against malicious attacks. The experimental results also support that our admission control algorithm is effective and fair, and creates incentives for collaboration.
With the increasing amount of network throughput and security threat, the study of intrusion detection systems (IDSs) has received a lot of attention throughout the computer science field. Current IDSs pose challenges on not only capricious intrusion categories, but also huge computational power. Though there is a number of existing literatures to IDS issues, we attempt to give a more elaborate image for a comprehensive review. Through the extensive survey and sophisticated organization, we propose the taxonomy to outline modern IDSs. In addition, tables and figures we summarized in the content contribute to easily grasp the overall picture of IDSs.
Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, and lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. A distributed intrusion detection approach based on timed automata is given. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then the timed automata is constructed by the way of manually abstracting the correct behaviours of the node according to the routing protocol of dynamic source routing (DSR). The monitor nodes can verify the behaviour of every nodes by timed automata, and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, the approach is much more efficient while maintaining the same level of effectiveness. Finally, the intrusion detection method is evaluated through simulation experiments.
Mobile Ad hoc network (MANET) is a new paradigm in wireless revolution, which is a self-configured network of wireless mobile nodes. Due to proliferation of miniature yet powerful mobile computing devices, it is gaining acceptance and popularity. However, MANET is vulnerable to security attacks due to its inherent characteristics such as dynamic topology, lack of a centralized coordinator and open wireless channel. In this paper, we analyze some security attacks of MANET and we propose to identify the attack by using an Intrusion Detection System (IDS). The proposed IDS uses fuzzy logic to detect malicious behavior and identify the attacks.
The paper presents intrusion detection system which informs system administrator about potential intrusion incidence in a system. The designed architecture employes statistical method of data evaluation, that allows detection based on the knowledge of user activity deviation in the computer system from learned profile representing standard user behavior.
Recently, many Intrusion Detection Systems (IDS) have been proposed to detect and report about malicious nodes in Mobile Ad Hoc Networks (MANETs) by using various outlier detection algorithms. All these algorithms have limitations in terms of accuracy and speed. In this paper, we propose a new outlier detection algorithm called Weighted Distance Based Outlier Detection (WDBOD) algorithm to detect the intruders in wireless environment. The experimental results show that the proposed algorithm improves the detection accuracy and reduces the false alarm rate.
Networks are protected using many firewalls and encryption software's. But many of them are not sufficient and effective. Most intrusion detection systems for mobile ad hoc networks are focusing on either routing protocols or its efficiency, but it fails to address the security issues. Some of the nodes may be selfish, for example, by not forwarding the packets to the destination, thereby saving the battery power. Some others may act malicious by launching security attacks like denial of service or hack the information. The ultimate goal of the security solutions for wireless networks is to provide security services, such as authentication, confidentiality, integrity, anonymity, and availability, to mobile users. This paper incorporates agents and data mining techniques to prevent anomaly intrusion in mobile adhoc networks. Innuendo, presenting an anomaly detection system comprises of detection modules for detecting anomalies in each layer. Home agents present in each system collects the data from its own system and using data mining techniques to observed the local anomalies. The Mobile agents monitoring the neighboring nodes and collect the information from neighboring home agents to determine the correlation among the observed anomalous patterns before it will send the data. This system was able to stop all of the successful attacks in an adhoc networks and reduce the false alarm positives.
Intrusion Detection systems (IDSs) have previously been built by hand. These systems have difficulty successfully classifying intruders, and require a significant amount of computational overhead making it difficult to create robust real-time IDS systems. Artificial Intelligence techniques can reduce the human effort required to build these systems and can improve their performance. Learning and induction are used to improve the performance of search problems, while clustering has been used for data analysis and reduction. AI has recently been used in Intrusion Detection (ID) for anomaly detection, data reduction and induction, or discovery, of rules explaining audit data. We survey uses of artificial intelligence methods in ID, and present an example using feature selection to improve the classification of network connections. The network connection classification problem is related to ID since intruders can create "private" communications services undetectable by normal mea...
With the rapid development of the networking technology, the ad hoc technology has kept advancing apace. But wireless ad hoc networks present more security problems than the conventional wired and wireless networks. Therefore, the ever-increasing researchers are focusing on intrusion detection, as a complementary mechanism to the regular intrusion prevention approaches, which is needed to secure the wireless ad hoc networks. However, how to improve the accuracy of the intrusion detection efficiently in wireless ad hoc networks is still a challenging problem. In this paper, we propose a new approach for intrusion detection, which uses a novel Support Vector Machine Fuzzy Network (SVMFN) to make the detection more suitable and accurate in various wireless ad hoc network environments. The experimental results show that the generalization performance and the accuracy of identification are improved significantly compared to that of the traditional methods, and adapt to engineering applications.
In this paper, we consider the problem of node positioning in ad-hoc networks. We propose a distributed, infrastructure-free positioning algorithm that does not rely on Global Positioning system (GPS). The algorithm uses the distance between the nodes to build a relative coordinate system in which the node positions are computed in two dimensions. The main contribution of this work is to define and compute relative positions of the nodes in an ad-hoc network without using GPS. We further explain how the proposed approach can be applied to wide area networks.