A trust mechanism-based channel assignment and routing scheme in cognitive wireless mesh networks with intrusion detection

Cognitive Wireless Mesh Networks (CWMN) is a novel wireless network which combines the advantage of Cognitive Radio (CR) and wireless mesh networks. CWMN can realize seamless integration of heterogeneous wireless networks and achieve better radio resource utilization. However, it is particularly vulnerable due to its features of open medium, dynamic spectrum, dynamic topology, and multi-top routing, etc.. Being a dynamic positive security strategy, intrusion detection can provide powerful safeguard to CWMN. In this paper, we introduce trust mechanism into CWMN with intrusion detection and present a trust establishment model based on intrusion detection. Node trust degree and the trust degree of data transmission channels between nodes are defined and an algorithm of calculating trust degree is given based on distributed detection of attack to networks. A channel assignment and routing scheme is proposed, in which selects the trusted nodes and allocates data channel with high trust degree for the transmission between neighbor nodes to establish a trusted route. Simulation results indicate that the scheme can vary channel allocation and routing dynamically according to network security state so as to avoid suspect nodes and unsafe channels, and improve the packet safe delivery fraction effectively.     

Anomaly detection in wireless sensor networks

Anomaly detection in wireless sensor networks is an important challenge for tasks such as fault diagnosis, intrusion detection, and monitoring applications. The algorithms developed for anomaly detection have to consider the inherent limitations of sensor networks in their design so that the energy consumption in sensor nodes is minimized and the lifetime of the network is maximized. In this survey article we analyze the state of the art in anomaly detection techniques for wireless sensor networks and discuss some open issues for research.     

A multilevel hybrid anomaly detection scheme for industrial wireless sensor networks

Real-time sensing plays an important role in ensuring the reliability of industrial wireless sensor networks (IWSNs). Sensor nodes in IWSNs have inherent limitations that give rise to different anomalies in the network. These anomalies can lead to disastrous and harmful situations or even serious system failures. This article presents a formulation to the design of an anomaly detection scheme for detecting the anomalous node along with the type of anomaly. The proposed scheme is divided into two major parts. First, spatiotemporal correlation within a cluster is obtained for the normal and anomalous behavior of sensor nodes. Second, the multilevel hybrid classifier is used by combining the sequential minimal optimization support vector machine (SMO-SVM) as a binary classifier with optimally pruned extreme learning machine (OP-ELM) as a multiclass classifier for detection of an anomalous node and type of anomalies, respectively. Mahalanobis distance-based lightweight K-Medoid clustering is used to build a new set of training datasets that represents the original training dataset, by significantly reducing the training time of a multilevel hybrid classifier. Results are analyzed using standard WSN datasets. The proposed model shows high accuracy, i.e., 94.79% and detection rate, i.e., 94.6% with a reduced false positive rate as compared to existing hybrid methods.     

Network intrusion and fault detection: a statistical anomaly approach

With the advent and explosive growth of the global Internet and electronic commerce environments, adaptive/automatic network/service intrusion and anomaly detection in wide area data networks and e-commerce infrastructures is fast gaining critical research and practical importance. We present and demonstrate the use of a general-purpose hierarchical multitier multiwindow statistical anomaly detection technology and system that operates automatically, adaptively, and proactively, and can be applied to various networking technologies, including both wired and wireless ad hoc networks. Our method uses statistical models and multivariate classifiers to detect anomalous network conditions. Some numerical results are also presented that demonstrate that our proposed methodology can reliably detect attacks with traffic anomaly intensity as low as 3-5 percent of the typical background traffic intensity, thus promising to generate an effective early warning.     

基于簇的移动Ad hoc网多层分布式入侵检测

动Ad hoc网络的独特网络特性导致其安全性特别脆弱，所以为其提供高安全的入侵检测系统势在必行。通过考虑在移动Ad hoc网络中入侵检测系统的分布式和协同工作的需要，提出了一种基于簇的多层分布式入侵检测技术，并给出模型。此模型采用统计学方法的异常检测技术结合数据挖据技术和簇技术对入侵进行检测．有效提高了移动Ad hoc网络的安全性和对分布式攻击的协同检测能力，并降低了网络的通信负荷。     

无线网格网络中基于非完全信息博弈的入侵检测模型

Wireless Mesh Networks (WMNs ) have many applications in homes, schools, enterprises, and public places because of their useful characteristics, such as high bandwidth, high speed, and wide coverage. However, the security of wireless mesh networks is a precondition for practical use. Intrusion detection is pivotal for increasing network security. Considering the energy limitations in wireless mesh networks, we adopt two types of nodes: Heavy Intrusion Detection Node (HIDN) and Light Intrusion Detection Node (LIDN). To conserve energy, the LIDN detects abnormal behavior according to probability, while the HIDN, which has sufficient energy, is always operational. In practice, it is very difficult to acquire accurate information regarding attackers. We propose an intrusion detection model based on the incomplete information game (ID-IIG). The ID-IIG utilizes the Harsanyi transformation and Bayesian Nash equilibrium to select the best strategies of defenders, although the exact attack probability is unknown. Thus, it can effectively direct the deployment of defenders. Through experiments, we analyze the performance of ID-IIG and verify the existence and attainability of the Bayesian Nash equilibrium.     

A unified approach of simultaneous state estimation and anomalous node detection in distributed wireless sensor networks

Detection of anomalous node in distributed wireless sensor networks is extremely important for powerful inference and network reliability. In this paper, we propose a powerful linear statistical model for estimating the state values of the sensor nodes longitudinally, and the estimated state values are used for detecting the anomalous nodes. Our proposed approach is powerful because it considers the effect of the nearest neighbors on the current state values and then detects the anomalous nodes based on the estimated state values. Our method can estimate the missing state values of the sensor nodes, which are kept in sleep mode for energy conservation. We also propose an alternative Bayesian model that is computationally faster for state estimation and anomaly detection. The effectiveness of the proposed model is investigated through extensive simulation studies, and the usefulness of our algorithm is numerically assessed. The performance of the proposed approach is compared to that of the traditional approaches through simulation studies. The proposed model can be effectively used in security surveillance, pattern recognition, habitat monitoring, etc.     

Link State Routing Based on Compressed Sensing

In table routing protocols such as link state routing, every node in the network periodically broadcasts its link state and the state of its neighbors. These routing updates result in the transmission of a large number of packets. Some of these packets contain correlated or even redundant data which could be compressed if there is central management in the network. However, in autonomous networks, each node acts as a router, in which case central coordination is not possible. In this paper, compressed sensing is used to reduce routing traffic overhead. This can be done at nodes which have greater processing capabilities and no power consumption limitations such as backbone nodes in wireless mesh networks. A method is proposed to select a subset of nodes and thus a subset of links to probe their state. The sensed states are encoded to generate a low dimension sampled vector. This compressed link state vector is broadcast to the entire network. Nodes can then reconstruct link states from this vector using side information. Performance results are presented which demonstrate accurate anomaly detection while adapting to topology changes. Further, it is shown that a proper choice of weighting coefficients in the sampling process can improve detection performance.     

Control theoretic approach to intrusion detection using a distributed hidden Markov model

Cooperative ad hoc wireless networks are more vulnerable to malicious attacks than traditional wired networks. Many of these attacks are silent in nature and cannot be detected by conventional intrusion detection methods such as traffic monitoring, port scanning, or protocol violations. These sophisticated attacks operate under the threshold boundaries during an intrusion attempt and can only be identified by profiling the complete system activity in relation to normal behavior. In this article we discuss a control- theoretic hidden Markov modelstrategy for intrusion detection using distributed observation across multiple nodes. This model comprises a distributed HMM engine that executes in a randomly selected monitor node and functions as a part of the feedback control engine. This drives the defensive response based on hysteresis to reduce the frequency of false positives, thereby avoiding inappropriate ad hoc responses.     

Performance evaluation of an IEEE 802.11g mesh network with multiradio nodes

Wireless mesh networks are usually formed by self‐organized nodes and characterized by high reliability and modularity, low‐cost deployment, and easiness of reconfigurability. In order to improve wireless mesh network performance, several approaches have been recently proposed. Among them, one promising solution seems to be the multiradio interface approach where nodes forming the mesh network are equipped with more than one radio interface. The aim of this paper is to provide an IEEE 802.11 distributed coordination function analytical model to study the behavior of single‐hop multi‐interface mesh networks in which nodes use a uniform random interface selection strategy to identify the radio interface to be used. The accuracy of the proposed analytical approach is validated by comparing analytical predictions with simulation results under actual conditions. Copyright © 2011 John Wiley & Sons, Ltd.     

无线网络数据安全模型研究及实现

根据无线网络的拓扑结构,比较了有线网络和无线网络存在的差异性,分析了无线网络存在的安全问题及其脆弱性;分析了WEP协议存在的严重缺陷,给出了改进方案;基于虚拟专用网技术,提出了无线网络的安全性架构;给出了针对无线网络的入侵检测模型和网络异常行为检测策略。     

A Game Theory Based Multi Layered Intrusion Detection Framework for Wireless Sensor Networks

Most of the existing intrusion detection frameworks proposed for wireless sensor networks (WSNs) are computation and energy intensive, which adversely affect the overall lifetime of the WSNs. In addition, some of these frameworks generate a significant volume of IDS traffic, which can cause congestion in bandwidth constrained WSNs. In this paper, we aim to address these issues by proposing a game theory based multi layered intrusion detection framework for WSNs. The proposed framework uses a combination of specification rules and a lightweight neural network based anomaly detection module to identify the malicious sensor nodes. Additionally, the framework models the interaction between the IDS and the sensor node being monitored as a two player non-cooperative Bayesian game. This allows the IDS to adopt probabilistic monitoring strategies based on the Bayesian Nash Equilibrium of the game and thereby, reduce the volume of IDS traffic introduced into the sensor network. The framework also proposes two different reputation update and expulsion mechanisms to enforce cooperation and discourage malicious behavior among monitoring nodes. These mechanisms are based on two different methodologies namely, Shapley Value and Vickery–Clark–Grooves (VCG) mechanism. The complexity analysis of the proposed reputation update and expulsion mechanisms have been carried out and are shown to be linear in terms of the input sizes of the mechanisms. Simulation results show that the proposed framework achieves higher accuracy and detection rate across wide range of attacks, while at the same time minimizes the overall energy consumption and volume of IDS traffic in the WSN.     

A survey of cross‐layer protocols for IEEE 802.11 wireless multi‐hop mesh networks

There has been an escalation in deployment and research of wireless mesh networks by both the business community and academia in the last few years. Their attractive characteristics include low deployment cost, a low‐cost option to extend network coverage and ease of maintenance due to their self‐healing properties. Multiple routes exist between the sender and receiver nodes because of the mesh layout that ensures network connectivity even when node or link failures occur. Recent advances among others include routing metrics, optimum routing, security, scheduling, cross‐layer designs and physical layer techniques. However, there are still challenges in wireless mesh networks as discussed in this paper that need to be addressed. Cross‐layer design allows information from adjacent and non‐adjacent layers to be used at a particular layer for performance improvement. This paper presents a survey of cross‐layer protocol design approaches applied to the IEEE 802.11 standards for wireless multi‐hop mesh networks that have been proposed over the last few years for improved performance. We summarize the current research efforts in cross‐layer protocol design using the IEEE 802.11 standard in identifying unsolved issues that are a promising avenue to further research. Copyright © 2016 John Wiley & Sons, Ltd.     

Intrusion Detection Techniques for Mobile Wireless Networks

The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective. We need to search for new architecture and mechanisms to protect the wireless networks and mobile computing application. In this paper, we examine the vulnerabilities of wireless networks and argue that we must include intrusion detection in the security architecture for mobile computing environment. We have developed such an architecture and evaluated a key mechanism in this architecture, anomaly detection for mobile ad-hoc network, through simulation experiments.     

Minimum latency joint scheduling and routing in wireless sensor networks

Wireless sensor networks are expected to be used in a wide range of applications from environment monitoring to event detection. The key challenge is to provide energy efficient communication; however, latency remains an important concern for many applications that require fast response. In this paper, we address the important problem of minimizing average communication latency for the active flows while providing energy-efficiency in wireless sensor networks. As the flows in some wireless sensor network can be long-lived and predictable, it is possible to design schedules for sensor nodes so that nodes can wake up only when it is necessary and asleep during other times. Clearly, the routing layer decision is closely coupled to the wakeup/sleep schedule of the sensor nodes. We formulate a joint scheduling and routing problem with the objective of finding the schedules and routes for current active flows with minimum average latency. By constructing a novel delay graph, the problem can be solved optimally by employing the M node-disjoint paths algorithm under FDMA channel model. We further present extensions of the algorithm to handle dynamic traffic changes and topology changes in wireless sensor networks.     

An adaptive load-aware routing algorithm for multi-interface wireless mesh networks

In wireless mesh networks, the number of gateway nodes are limited, when the nodes access to the internet by fixed gateway node, different requirements of nodes lead to the dataflow shows heterogeneity. Many new routing metrics and algorithms existing in traditional wired networks and the Ad Hoc network, can not be directly applied to wireless mesh networks, so how to design a routing metric and algorithm which can dynamically adapt to current networks topology and dataflow changes, avoid bottleneck node, and select the most stable and least congestion link to establish a route is very important. In this paper, we presented a new dynamic adaptive channel load-aware metric (LAM) to solve the link load imbalance caused by inter-flow and inner-flow interference, designed a self-adaptive dynamic load balancing on-demand routing algorithm through extending and improving AODV routing method with the LAM, to achieve flow balance, reduce the high packet loss ratio and latency because congestion and Packet retransmission, and can increase Network Throughput.     

Cross‐layer scheduling for multi‐users in cognitive multi‐radio mesh networks

A wireless mesh network has been popularly researched as a wireless backbone for Internet access. However, the deployment of wireless mesh networks in unlicensed bands of urban areas is challenging because of interference from external users such as residential access points. We have proposed Urban‐X, which is a first attempt towards multi‐radio cognitive mesh networks in industrial, scientific, and medical bands. Urban‐X first controls network topology with a distributed channel assignment to avoid interference in large timescale. In such a topology, we develop a new link‐layer transmission‐scheduling algorithm together with source rate control as a small‐timescale approach, which exploits receiver diversity when receivers of multi‐flows can have different channel conditions because of varying interference. For this purpose, mesh nodes probe the channel condition of received mesh nodes using group Request to Send and group Clear to Send. In this study, we establish a mathematical Urban‐X model in a cross‐layer architecture, adopting a well‐known network utility maximization framework. We demonstrate the feasibility of our idea using a simulation on the model. Simulation results show improved network throughput from exploiting receiver diversity and distributed channel assignment under varying external user interference. Copyright © 2012 John Wiley & Sons, Ltd.     

Network-coding-based scheduling and routing schemes for service-oriented wireless mesh networks - [Service-oriented broadband wireless network architecture]

Service-oriented wireless mesh networks have recently been receiving intensive attention as a pivotal component to implement the concept of ubiquitous computing due to their easy and cost-effective deployment. To deliver a variety of services to subscriber stations, a large volume of traffic is exchanged via mesh routers in the mesh backbone network. One of the critical problems in service-oriented wireless mesh networks is to improve the network throughput. Wireless network coding is a key technology to improve network throughput in multihop wireless networks since it can exploit not only the broadcast nature of the wireless channel, but also the native physical-layer coding ability by mixing simultaneously arriving radio waves at relay nodes. We first analyze the throughput improvement obtained by wireless network coding schemes in wireless mesh networks. Then we develop a heuristic joint link scheduling, channel assignment, and routing algorithm that can improve the network throughput for service-oriented wireless mesh networks. Our extensive simulations show that wireless network coding schemes can improve network throughput by 34 percent.     

无线传感器网络入侵检测系统

无线传感器网络与传统网络存在较大差异,传统入侵检测技术不能有效地应用于无线传感器网络。文中分析了无线传感器网络面临的安全威胁;总结了现有的无线传感器网络入侵检测方案;在综合现有无线传感器网络入侵检测方法的基础上,提出了一种分等级的入侵检测系统,该入侵检测体系结构通过减少错报能检测到大多数的安全威胁。     

A multiple relay‐based medium access control protocol in multirate wireless ad hoc networks with multiple beam antennas

The advanced technique of multiple beam antennas is recently considered in wireless networks to improve the system throughput by increasing spatial reuse, reducing collisions, and avoiding co‐channel interference. The usage of multiple beam antennas is similar to the concept of Space Division Multiple Access (SDMA), while each beam can be treated as a data channel. Wireless networks can increase the total throughput and decrease the transmission latency if the physical layer of a mobile node can support multirate capability. Multirate wireless networks incurs the anomaly problem, because low data rate hosts may influence the original performance of high data rate hosts. In this work, each node fits out multiple beam antennas with multirate capability, and a node can either simultaneously transmit or receive multiple data on multiple beams. Observe that the transmitting or receiving operation does not happen at the same time. In this paper, we propose a multiple relay‐based medium access control (MAC) protocol to improve the throughput for low data rate hosts. Our MAC protocol exploits multiple relay nodes and helps the source and the destination to create more than one data channel to significantly reduce the transmission latency. Observe that low data rate links with long‐distance transmission latencies are distributed by multiple relay nodes, hence the anomaly problem can be significantly alleviated. In addition, the ACK synchronization problem is solved to avoid the condition that source nodes do not receive ACKs from destination nodes. An adjustment operation is presented to reduce unnecessary relay nodes during the fragment burst period. Finally, simulation results illustrate that our multiple relay‐based MAC protocol can achieve high throughput and low transmission latency. Copyright © 2009 John Wiley & Sons, Ltd.