{"title":"ad hoc网络中的MAC层异常检测","authors":"Yu Liu, Yang Li, H. Man","doi":"10.1109/IAW.2005.1495980","DOIUrl":null,"url":null,"abstract":"It is evident that traditional end-to-end intrusion detection mechanisms developed on wireless local area networks (WLANs) and wired networks are no longer sufficient for breach investigation in ad hoc networks. Most existing intrusion detection techniques for ad hoc networks are proposed on the network layer. In general, these techniques have difficulty to localize attack source, and can not respond to attacks promptly. In this paper, we investigate the use of MAC layer traffic data to characterize normal behaviors in the neighborhood of a mobile node, and to detect misbehaving nodes through MAC layer anomalies. In particular, we evaluate and select a set of features from MAC layer to profile normal behaviors of mobile nodes, and then we apply cross-feature analysis on feature vectors constructed from training data according to the proposed feature set. We are able to reliably detect MAC layer anomalies, some of which may be in fact caused by misbehavior of network layer, since most routing attacks directly impact MAC layer operations. We validate our work through ns-2 simulations. Experimental results show the effectiveness of our method.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"54","resultStr":"{\"title\":\"MAC layer anomaly detection in ad hoc networks\",\"authors\":\"Yu Liu, Yang Li, H. Man\",\"doi\":\"10.1109/IAW.2005.1495980\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"It is evident that traditional end-to-end intrusion detection mechanisms developed on wireless local area networks (WLANs) and wired networks are no longer sufficient for breach investigation in ad hoc networks. Most existing intrusion detection techniques for ad hoc networks are proposed on the network layer. In general, these techniques have difficulty to localize attack source, and can not respond to attacks promptly. In this paper, we investigate the use of MAC layer traffic data to characterize normal behaviors in the neighborhood of a mobile node, and to detect misbehaving nodes through MAC layer anomalies. In particular, we evaluate and select a set of features from MAC layer to profile normal behaviors of mobile nodes, and then we apply cross-feature analysis on feature vectors constructed from training data according to the proposed feature set. We are able to reliably detect MAC layer anomalies, some of which may be in fact caused by misbehavior of network layer, since most routing attacks directly impact MAC layer operations. We validate our work through ns-2 simulations. Experimental results show the effectiveness of our method.\",\"PeriodicalId\":252208,\"journal\":{\"name\":\"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop\",\"volume\":\"17 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-06-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"54\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IAW.2005.1495980\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2005.1495980","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
It is evident that traditional end-to-end intrusion detection mechanisms developed on wireless local area networks (WLANs) and wired networks are no longer sufficient for breach investigation in ad hoc networks. Most existing intrusion detection techniques for ad hoc networks are proposed on the network layer. In general, these techniques have difficulty to localize attack source, and can not respond to attacks promptly. In this paper, we investigate the use of MAC layer traffic data to characterize normal behaviors in the neighborhood of a mobile node, and to detect misbehaving nodes through MAC layer anomalies. In particular, we evaluate and select a set of features from MAC layer to profile normal behaviors of mobile nodes, and then we apply cross-feature analysis on feature vectors constructed from training data according to the proposed feature set. We are able to reliably detect MAC layer anomalies, some of which may be in fact caused by misbehavior of network layer, since most routing attacks directly impact MAC layer operations. We validate our work through ns-2 simulations. Experimental results show the effectiveness of our method.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
