Juliette Dromard

Towards secure route discovery protocol in MANET

Wireless Mobile ad hoc network (MANET) has become an exciting and important technology in recent years because of a rapid proliferation of wireless devices. MANET is a self-organizing network of wireless links connecting mobile nodes. MANETs technology offers both new challenges and opportunities for many applications. One of the major challenges for ad hoc technology is routing security, due essentially to MANET features (e.g., open medium, lack of centralized management, nodes mobility). In this paper, we propose ASRP, an efficient secure routing protocol to ensure the routing security in ad hoc networks. ASRP provides powerful security extensions to the reactive AODV protocol, based on modified secure remote password protocol and Diffie-Hellman (DH) algorithms. The simulation results show the efficiency of the proposed ASRP protocol, and its cost towards both the users and the network.

A Watchdog extension scheme considering packet loss for a reputation system in wireless mesh network

Most trust and reputation systems in wireless mesh networks are based on the intrusion detection system (IDS) Watchdog. This IDS enables nodes to detect whether their next node on a path flow forwards correctly packets or not by overhearing its transmissions. However, as Watchdog does not consider the packet loss ratio, it can lead to false positives. Indeed, a node can accuse another node of misbehaving whereas in reality it suffers from link loss. In order to overcome this issue, we propose an extension scheme to the Watchdog IDS which enables a node to determine whether it does not overhear its next node due to packet loss issue or due to misbehavior. To reach this goal, we assume that malicious nodes drop both acknowledgements and forwarded packets with different frequencies. Thus, our scheme compares the distribution of a nodes acknowledgment with its distribution of forwarded packets of data to detect misbehaving nodes. Furthermore, we extend our scheme so that it enables a node to monitor both its next node and its previous node on a flow path.

Online and Scalable Unsupervised Network Anomaly Detection Method

Nowadays, network intrusion detectors mainly rely on knowledge databases to detect suspicious traffic. These databases have to be continuously updated which requires important human resources and time. Unsupervised network anomaly detectors overcome this issue by using “intelligent” techniques to identify anomalies without any prior knowledge. However, these systems are often very complex as they need to explore the network traffic to identify flows patterns. Therefore, they are often unable to meet real-time requirements. In this paper, we present a new online and real-time unsupervised network anomaly detection algorithm (ORUNADA). Our solution relies on a discrete time-sliding window to update continuously the feature space and an incremental grid clustering to detect rapidly the anomalies. The evaluations showed that ORUNADA can process online large network traffic while ensuring a low detection delay and good detection performance. The experiments performed on the traffic of a core network of a Spanish intermediate Internet service provider demonstrated that ORUNADA detects in less than half a second an anomaly after its occurrence. Furthermore, the results highlight that our solution outperforms in terms of true positive rate and false positive rate existing techniques reported in the literature.

Unsupervised Network Anomaly Detection in Real-Time on Big Data

Network anomaly detection relies on intrusion detection systems based on knowledge databases. However, building this knowledge may take time as it requires manual inspection of experts. Actual detection systems are unable to deal with 0-day attack or new user’s behavior and in consequence they may fail in correctly detecting intrusions. Unsupervised network anomaly detectors overcome this issue as no previous knowledge is required. In counterpart, these systems may be very slow as they need to learn traffic’s pattern in order to acquire the necessary knowledge to detect anomalous flows. To improve speed, these systems are often only exposed to sampled traffic, harmful traffic may then avoid the detector examination. In this paper, we propose to take advantage of new distributed computing framework in order to speed up an Unsupervised Network Anomaly Detector Algorithm, UNADA. The evaluation shows that the execution time can be improved by a factor of 13 allowing UNADA to process large traces of traffic in real time.

An efficient admission control model based on dynamic link scheduling in wireless mesh networks

BackgroundWireless mesh networks (WMNs) are a very attractive new field of research. They are low cost, easily deployed, and a high-performance solution to last-mile broadband Internet access. In WMNs, admission control (AC) is one of the key traffic management mechanisms that should be deployed to provide quality of service (QoS) support for real-time traffic.ResultsIn this paper, we introduce a novel admission control model, based on bandwidth and delay parameters, which integrates a dynamic link scheduling scheme. The proposed model is built on two different methods to access the medium: on a contention-based channel access method for control packets and on a dynamic time division multiple access (DTDMA) for data packets. Each time a new flow is admitted in the network, the WMN’s link scheduling is modified according to the flows’ requirement and network conditions while respecting the signal-to-interference-plus-noise ratio (SINR); this allows establishing collision-free transmissions.ConclusionsUsing extensive simulations, we demonstrate that our model achieves high resource utilization by improving throughput, establishing collision-free transmission, as well as respecting requirements of admitted flows in terms of delay and bandwidth.

An admission control scheme based on links' activity scheduling for wireless mesh networks

Wireless Mesh Networks (WMNs) are low cost, easily deployed and high performance solution to last mile broadband Internet access, however they have to deal with a lack of bandwidth which prevents the deployment of applications with strict constraints. To overcome this limitation, we introduce a novel WMN model integrating both a transmission scheduling algorithm and a bandwidth-based admission control scheme. Most existing admission control schemes under-exploit the channels capacity (due to approximations in nodes bandwidth and flows consumption estimation) and under exploit the possibilities of parallel transmissions. In this paper, we propose a network model based on relation between links to get an accurate estimation of nodes bandwidth and flows consumption. Based on this model, we present an admission control scheme which relies on a transmissions scheduling algorithm favouring parallel transmissions, and on an advertisements scheme enabling nodes to be aware of the activities going on in their vicinities. Thus, nodes gain control over their channel and can thus estimate more precisely their bandwidth and exploit the spatial reuse from parallel transmissions. The overall network capacity and fairness is so improved.

Integrating Short History for Improving Clustering Based Network Traffic Anomaly Detection

Traffic anomaly detection is of premier importance for network administrators as anomalies have a dramatic impact on network performances, and QoS perceived by users. It is, however, a very time consuming and costly task that often requires decision from network and security experts. For making anomaly detection autonomous, many research works started investigating the use of unsupervised machine learning techniques, and in most cases traffic clustering. Identifying the clusters corresponding to anomalous traffic classes among the full set of detected clusters still remains a challenge. This is mostly due to the nature of clustering techniques that work on traffic samples of a given duration, each cluster being classified after an uncertain post processing stage. In this paper, we show how anomaly detectors can benefit from keeping a temporal track of the clustering results along time. This improvement has been added to ORUNADA (Online Real-time Unsupervised Network Anomaly detection Algorithm) that aimed at providing efficient anomaly detection on high speed networks. This new ORUNADA version - called H-ORUNADA for History-ORUNADA - is then evaluated on a new ground truth, called SynthONTS, that is currently designed to provide a modern and complete dataset with labeled anomaly. H-ORUNADA has also been implemented on Spark Streaming for being able to work on very high speed networks (targeting several hundreds of Gbits/s), and evaluated on the Google Cloud Platform.

A statistical trust system in wireless mesh networks

Most trust and reputation solutions in wireless mesh networks (WMNs) rely on the intrusion detection system (IDS) Watchdog. Nevertheless, Watchdog does not consider packet loss on wireless links and may generate false positives. Consequently, a node that suffers from packet loss on one of its links may be accused wrongly, by Watchdog, of misbehaving. To deal with this issue, we propose in this paper a novel trust system which considers packet loss of links. Our trust system is based on a statistical detection method (SDM) implemented on each node of the network. Firstly, the SDM, via CUSUM test, analyzes the behavior of the packets loss in order to detect a dropping attack. Secondly, the SDM, through the Kolmogorov-Smirnov test, compares the behavior of the total packets loss with that of the control packets in order to identify the attack type. Our system allows every WMN’s node to assign to each of its neighbors, a trust value which reflects its real behavior. We have validated the proposed SDM method via extensive simulations on ns2 and have compared our trust system with an existing solution. The results display that our SDM solution offers better performance.

Towards combining admission control and link scheduling in wireless mesh networks

Wireless mesh networks (WMNs) have emerged recently as a key solution for next-generation wireless networks; they are low cost and easily deployed technology. However, WMNs have to deal with a low bandwidth which prevents them from guaranteeing the requirements of applications with strict constraints. To overcome this limitation, we propose in this paper a new admission control model which integrates a dynamic link scheduling scheme, named ACLS, in order to optimize the network bandwidth use. We formulate the admission control problem as a binary linear programming problem (BL2P). The proposed admission control integrates an algorithm, based on the Dakin’s branch and bound (B&B) method, which respects the bandwidth and delay required by the flows. The proposed ACLS solution has been validated on ns2, and the simulation results showed that ACLS model has better performance than the reference solution BRAWN; it accepts more flows while guaranteeing their delay and bandwidth.

Adaptive CUSUM Algorithm to Detect Malicious Behaviors in Wireless Mesh Networks

Wireless mesh networks (WMNs) are very attractive networks as they are low cost and able to extend Internet rapidly in areas where other networks (e.g., Wi-Fi, MANETs, wired networks, 3G) cannot access due to their technical and/or economical limitations. However, these networks have to deal with security issues which prevent their deployment. In this paper, we propose a new reputation scheme which aims at preventing nodes from falsely detecting their neighbors as misbehaving due to packet loss over their links. The proposed reputation scheme is based on the fact that a link’s packet loss ratio, when it is computed over a large quantity of observations, is quite stable over time. To detect misbehaving neighbors, a node, via its IDS, compares with the statistical method CUSUM (cumulative sum control chart) whether the distribution of packet loss rate observed for each of its neighbors follows the expected distribution or not. The validation of our solution shows that it allows to assign to nodes a trust value which reflects their real behavior.