22-11-2012, 04:08 PM
Risk-Aware Mitigation for MANET Routing Attacks
Risk-Aware Mitigation.pdf (Size: 650.96 KB / Downloads: 61)
Abstract
Mobile Ad hoc Networks (MANET) have been highly vulnerable to attacks due to the dynamic nature of its network
infrastructure. Among these attacks, routing attacks have received considerable attention since it could cause the most devastating
damage to MANET. Even though there exist several intrusion response techniques to mitigate such critical attacks, existing solutions
typically attempt to isolate malicious nodes based on binary or naı¨ve fuzzy response decisions. However, binary responses may result
in the unexpected network partition, causing additional damages to the network infrastructure, and naı¨ve fuzzy responses could lead to
uncertainty in countering routing attacks in MANET. In this paper, we propose a risk-aware response mechanism to systematically
cope with the identified routing attacks. Our risk-aware approach is based on an extended Dempster-Shafer mathematical theory of
evidence introducing a notion of importance factors. In addition, our experiments demonstrate the effectiveness of our approach with
the consideration of several performance metrics.
INTRODUCTION
MOBILEAd hoc Networks (MANET) are utilized to set up
wireless communication in improvised environments
without a predefined infrastructure or centralized administration.
Therefore, MANET has been normally deployed in
adverse and hostile environments where central authority
point is not necessary. Another unique characteristic of
MANET is the dynamic nature of its network topology
which would be frequently changed due to the unpredictable
mobility of nodes. Furthermore, each mobile node in
MANET plays a router role while transmitting data over the
network. Hence, any compromised nodes under an adversary’s
control could cause significant damage to the
functionality and security of its network since the impact
would propagate in performing routing tasks.
Routing Attack on OLSR
Based on the behavior of attackers, attacks against MANET
can be classified into passive or active attacks. Attacks can
be further categorized as either outsider or insider attacks.
With respect to the target, attacks could be also divided into
data packet or routing packet attacks. In routing packet
attacks, attackers could not only prevent existing paths
from being used, but also spoof nonexisting paths to lure
data packets to them. Several studies [14], [15], [16], [17]
have been carried out on modeling MANET routing
attacks. Typical routing attacks include black hole, fabrication,
and modification of various fields in routing packets
(route request message, route reply message, route error
message, etc.). All these attacks could lead to serious
network dysfunctions.
Expected Properties for Our Dempster’s Rule of
Combination with Importance Factors
The proposed rule of combination with importance factors
should be a superset of Dempster’s rule of combination. In
this section, we describe four properties that a candidate
Dempster’s rule of combination with importance factors
should follow. Properties 1 and 2 ensure that the combined
result is a valid evidence. Property 3 guarantees that the
original Dempster’s Rule of Combination is a special case of
Dempster’s Rule of Combination with importance factors,
where the combined evidences have the same priority.
Property 4 ensures that importance factors of the evidences
are also independent from each other.
RISK-AWARE RESPONSE MECHANISM
In this section, we articulate an adaptive risk-aware
response mechanism based on quantitative risk estimation
and risk tolerance. Instead of applying simple binary
isolation of malicious nodes, our approach adopts an
isolation mechanism in a temporal manner based on the
risk value. We perform risk assessment with the extended
D-S evidence theory introduced in Section 3 for both
attacks and corresponding countermeasures to make more
accurate response decisions illustrated in Fig. 1.
Overview
Because of the infrastructure-less architecture of MANET,
our risk-aware response system is distributed, which
means each node in this system makes its own response
decisions based on the evidences and its own individual
benefits. Therefore, some nodes in MANET may isolate
the malicious node, but others may still keep in cooperation
with due to high dependency relationships. Our riskaware
response mechanism is divided into the following
four steps shown in Fig. 1.
Evidence collection. In this step, Intrusion Detection
System (IDS) gives an attack alert with a confidence value,
and then Routing Table Change Detector (RTCD) runs to
figure out how many changes on routing table are caused
by the attack.
Risk assessment. Alert confidence from IDS and the routing
table changing information would be further considered as
independent evidences for risk calculation and combined
with the extended D-S theory. Risk of countermeasures is
calculated as well during a risk assessment phase. Based on
the risk of attacks and the risk of countermeasures, the entire
risk of an attack could be figured out.
Response to Routing Attacks
In our approach, we use two different responses to deal
with different attack methods: routing table recovery and
node isolation.
Routing table recovery includes local routing table
recovery and global routing recovery. Local routing
recovery is performed by victim nodes that detect the
attack and automatically recover its own routing table.
Global routing recovery involves with sending recovered
routing messages by victim nodes and updating their
routing table based on corrected routing information in real
time by other nodes in MANET.
Routing table recovery is an indispensable response and
should serve as the first response method after successful
detection of attacks. In proactive routing protocols like
OLSR, routing table recovery does not bring any additional
overhead since it periodically goes with routing control
messages. Also, as long as the detection of attack is positive,
this response causes no negative impacts on existing
routing operations.
Node isolation may be the most intuitive way to prevent
further attacks from being launched by malicious nodes
in MANET. To perform a node isolation response, the
neighbors of the malicious node ignore the malicious node
by neither forwarding packets through it nor accepting any
packets from it. On the other hand, a binary node isolation
response may result in negative impacts to the routing
operations, even bringing more routing damages than the
attack itself.
Adaptive Decision Making
Our adaptive decision-making module is based on quantitative
risk estimation and risk tolerance, which is shown in
Fig. 3. The response level is additionally divided into
multiple bands. Each band is associated with an isolation
degree, which presents a different time period of the
isolation action. The response action and band boundaries
are all determined in accordance with risk tolerance and can
be changed when risk tolerance threshold changes. The
upper risk tolerance threshold (UT) would be associated
with permanent isolation response. The lower risk tolerance
threshold (LT) would remain each node intact. The band
between the upper tolerance threshold and lower tolerance
threshold is associated with the temporary isolation
response, in which the isolation time (T) changes dynamically
based on the different response level given by (18) and
(19), where n is the number of bands and i is the
corresponding isolation band
Evaluation with Random Network Topologies
In order to test the effectiveness and scalability of our
solution, we evaluated our risk-aware approach with
DRCIF on five random network topologies. These five
topologies have 10, 20, 30, 40, and 50 nodes respectively.
Fig. 6 shows the performance results in these random
network topologies of our risk-aware approach with
DRCIF, risk-aware approach with DRC and binary isolation
approach. In Fig. 6a, as the number of nodes increases, the
packet delivery ratio also increases because there are more
route choices for the packet transmission. Among these
three response mechanisms, we also notice the packets
delivery ratio of our DRCIF risk-aware response is higher
than those of the other two approaches.
In Fig. 6b, we can observe that the routing cost of our
DRCIF risk-aware response is lower than those of the other
two approaches. Note that the fluctuations of routing cost
shown in Fig. 6b are caused by the random traffic
generation and random placement of nodes in our realistic
simulation.
RELATED WORK
Intrusion detection and response in MANET. Some
research efforts have been made to seek preventive
solutions [21], [22], [23], [24] for protecting the routing
protocols in MANET. Although these approaches can
prevent unauthorized nodes from joining the network, they
introduce a significant overhead for key exchange and
verification with the limited intrusion elimination. Besides,
prevention-based techniques are less helpful to cope with
malicious insiders who possess the legitimate credentials to
communicate in the network.
Numerous IDSs for MANET have been recently introduced.
Due to the nature of MANET, most IDS are
structured to be distributed and have a cooperative
architecture. Similar to signatured-based and anomalybased
IDS models for the wired network, IDSs for MANET
use specification-based or statistics-based approaches.
Specification-based approaches, such as DEMEM [25] and
[26], [27], [28], monitor network activities and compare
them with known attack features, which are impractical to
cope with new attacks. On the other hand, statistics-based
approaches, such as Watchdog [29], and [30], compare
network activities with normal behavior patterns, which
result in higher false positives rate than specification-based
ones. Because of the existence of false positives in both
MANET IDS models, intrusion alerts from these systems
always accompany with alert confidence, which indicates
the possibility of attack occurrence.
CONCLUSION
We have proposed a risk-aware response solution for
mitigatingMANETrouting attacks. Especially, our approach
considered the potential damages of attacks and countermeasures.
In order to measure the risk of both attacks and
countermeasures, we extended Dempster-Shafer theory of
evidence with a notion of importance factors. Based on several
metrics, we also investigated the performance and practicality
of our approach and the experiment results clearly
demonstrated the effectiveness and scalability of our riskaware
approach. Based on the promising results obtained
through these experiments, we would further seek more
systematic way to accommodate node reputation and attack
frequency in our adaptive decision model.