臺灣博碩士論文加值系統

隨意網路(Ad Hoc Network)是一群可移動裝置，能夠自我動態組織互相溝通，而不需要中央集中式管理(Base Station)的區域網路模組，他們能夠自由的漫遊在彼此能收送訊息的範圍之內，互相傳送資料給對方。隨意網路的應用非常廣泛，舉凡軍事設施、個人電子設備、Ad Hoc視訊會議等等，皆可運用到相關的技術。儘管隨意網路帶來許多的便利，但是由於路由協定設計上的一些漏洞，使得隨意網路容易遭受到入侵者惡意的攻擊。黑洞攻擊(black hole attack)、灰洞攻擊(grey hold attack)、蟲洞攻擊(wormhole attack)、流量分析攻擊(traffic analysis attack)以及急送攻擊(rushing attack)皆為隨意網路上常見的攻擊。
在這個碩士論文中，我們介紹一個重要的攻擊叫做路由詢問封包(Route Request Packet)氾濫攻擊。在這種攻擊中，入侵者藉由不斷的發送路由詢問封包到網路上消耗網路頻寬以及其他裝置的資源，使得其他的裝置無法正常執行工作，最後導致整個網路的阻絶服務(denial of service)。針對這種攻擊，我們提出一個變動門檻的防治方法來偵測。我們使用到兩個門檻值來偵測惡意的行為，且門檻值是根據網路環境的狀態來設定，使得整個偵測系統更具有彈性。從模擬的結果可以發現我們所提出的防禦方法可以有效的抵擋單一甚至是多個惡意入侵者同時發動路由詢問封包的氾濫攻擊。

Mobile ad hoc network (MANET) is a group of mobile wireless nodes that communicate with each other without the aid of the infrastructure such as base station. It has been used in many applications, for example, military application, personal electronic device, ad hoc meeting, etc. Because of the shortcoming of the routing protocol, MANET is vulnerable to some kinds of attacks. Black hole attack, gray hole attack, wormhole attack, traffic analysis attack, and rushing attack are common attacks in ad hoc network.
In this thesis, we introduce a critical attack in MANET：the Route Request (RREQ) packets flooding attack. In RREQ packets flooding attack, malicious node floods RREQ packets rapidly and finally result in denial of service (DoS) in the network. Consequently, we develop a dynamic-threshold based scheme to detect this kind of attack. Our scheme uses two threshold values to defend the packets flooding attack. Besides, we adjust the thresholds according to the network status. Finally, the simulation results can verify the efficiency of our scheme.

Chapter 1 Introduction 1
1.1 Background 2
1.1.1 Routing Protocol in MANET 2
1.1.2 Overview of AODV 3
1.1.3 RREQ Packets Flooding Attack 7
1.1.4 DoS (denial of service) Attack 8
1.1.5 DDoS (distributed denial of service) Attack 9
1.2 Motivation 11
1.3 Contribution 12
1.4 Organization of the Thesis 13
Chapter 2 Related Works 15
2.1 RREQ Packets Flooding-attack Prevention 15
2.2 RREQ Packets Flooding-attack Detection 18
2.2.1 Support Vector Machine (SVM) Based Detection System 19
2.2.2 SVM With Finite State Machine (FSM) Detection System 24
2.2.3 Neighboring Suppression Mechanism 26
2.2.4 Statistical Analysis Detection System 28
2.2.5 Route Request Flooding Defense (RRFD) 30
Chapter 3 Proposed System 34
3.1 Notations and Assumptions 34
3.2 Proposed Scheme 35
3.2.1 System Overview 35
3.2.2 Maximum Threshold 38
3.2.3 Minimum Threshold 39
3.2.4 Enhancement of Thresholds 40
3.2.5 Defend Low-Rate Attack by Lowering Thresholds 44
3.2.6 Recovery Mechanism 44
Chapter 4 Simulation Result and Analysis 49
4.1 Simulation Environment 49
4.2 Attack Scenario 50
4.3 Evaluation Metrics 50
4.4 Simulation Results and Analyses 51
Chapter 5 Conclusion and Future Work 59
Bibliography 61
Appendix 64
Conference Paper 64
Submits 64

[1] A. Veres, A. Campbell, M. Barry, and L. Sun, “Supporting Service Differentiation in Wireless Packet Networks Using Distributed Control (SWAN),” IEEE J. Select. Areas in Communications, Volume19 Pages:2081-2093, 2001.
[2] M. Hejmo, B. L. Mark, C. Zouridaki, and R. K. Thomas,”Denial-of-Service Resistant Quality-of-Service Signaling for Mobile Ad hoc Networks”, in Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, Pages: 23 – 28, 2004.
[3] T. Thumthawatworn, T. Yeophantong, and P. Sirikriengkrai, “Adaptive Sinkhole Detection on Wireless Ad Hoc Networks,” 2006 IEEE Aerospace Conference, Page: 10, 2006.
[4] B. Sun, Y. Guan, J. Chen, and U. W. Pooch, “Detecting black-hole attack in mobile ad hoc networks,” Personal Mobile Communications Conference, 5th European, Pages: 490 – 495, 2003.
[5] A. Patwardhan, J. Parker, A. Joshi, M. Iorga, and T. Karygiannis,” Secure Routing and Intrusion Detection in Ad Hoc Networks”, Pervasive Computing and Communications, 2005.Third IEEE International Conference Pages: 191 – 199, 2005.
[6] Y. C. Hu, A. Perrig, and D. B. Johnson, “Wormhole attacks in wireless networks,” Selected Areas in Communications, IEEE Journal, Volume 24, Pages: 370 – 380, 2006.
[7] Y. C. Hu, A. Perrig, and D. B. Johnson, “Packet leashes: a defense against wormhole attacks in wireless networks,” INFOCOM 2003, Volume 3, Pages: 1976 – 1986, 2003.
[8] X. Wu, and E. Bertino, “Achieving K-anonymity in mobile ad hoc networks”, Secure Network Protocols, 1st IEEE ICNP Workshop, Pages: 37 – 42, 2005.
[9] M. Rahman, M. Mambo, A. Inomata, and E. Okamoto,” An anonymous on-demand position-based routing in mobile ad hoc networks”, Applications and the Internet, International Symposium, Pages: 7 pp, 2006.
[10] J. Kong, X. Hong, M.Y. Sanadidi, and M. Gerla,” Mobility changes anonymity: mobile ad hoc networks need efficient anonymous routing”, in Proceedings of Computers and Communications ISCC 2005, 10th IEEE Symposium, Pages: 57 – 62, 2005.
[11] Y. C. Hu, A. Perrig, and D. B. Johnson, “Rushing attacks and defense in wireless ad hoc network routing protocols,” in Proceedings of the 2003 ACM workshop on Wireless security, Pages: 30 – 40, 2003.
[12] M. T. Refaei, V. Srivastava, L. DaSilva, and M. Eltoweissy,” A reputation-based mechanism for isolating selfish nodes in ad hoc networks”, Mobile and Ubiquitous Systems: Networking and Services, 2005.The Second Annual International Conference, Pages: 3 – 11, 2005.
[13] L. Xu, Z. Lin, and A. Ye, ”Analysis and Countermeasure of Selfish Node Problem in Mobile Ad Hoc Network”, Computer Supported Cooperative Work in Design, 10th International Conference, Pages: 1 – 4, 2006.
[14] C. Perkins, and P. Bhagwat, “Highly dynamic destination-sequenced distance-vector routing for mobile computers”, In Proceedings of the Symposium on Communication Architectures and Protocols, pages: 234–244, 1994.
[15] C. Perkins, E. Belding-Royer, and S. Das, “Ad hoc On-Demand Distance Vector (AODV) Routing,” Internet Draft, draft-ietf-manet-aodv.txt, 2003.
[16] Q. Xie, “Dynamic Source Routing (DSR),” Internet Draft, draft – ietf-manet- dsr.txt, 2003.
[17] Z. J. Haas, and M. R. Pearlman “The Zone Routing Protocol (ZRP) for Ad Hoc Networks,” 1997.
[18] A. Hasswa, M. Zulkernine, and H. Hassanein, “Routeguard: An Intrusion Detection and Response System for Mobile Ad Hoc Networks,” WiMob'2005, IEEE International Conference, Volume 3, Pages: 336 – 343, 2005.
[19] L. Stamouli, P. G. Argyroudis, and H. Tewari, “Real-time intrusion detection for ad hoc networks,” WoWMoM 2005 Sixth IEEE International Symposium, Pages:374 – 380, 2005.
[20] T. Nakashima, and S. Oshima, “A Detective Method for SYN Flood Attacks,” ICICIC '06, Volume 1, Pages: 48 – 51, 2006.
[21] H. Farhat, “Protecting TCP services from denial of service attacks,” in Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, Pages: 155 - 160, 2006.
[22] Y. Fan, H. Hassanein, and P. Martin, “Proactive Control of Distributed Denial of Service Attack with Source Router Preferential Dropping,” The 3rd ACS/IEEE International Conference, Pages: 70-77, 2005.
[23] Y. Ohsita, S. Ata, and M. Murata, “Deployable overlay network for defense against distributed SYN flood attacks,” in Proceedings of ICCCN 2005, 14th International Conference, Pages: 407 – 412, 2005.
[24] A. Shevtekar, K. Anantharam, and N. Ansari, “Low rate TCP denial-of-service attack detection at edge routers,” IEEE COMMUNICATIONS LETTERS, Volume 9, Pages: 363 – 365, 2005.
[25] B. Wu, J. Wu, E. B. Fernandez, and S. Magliveras, ”Secure and efficient key management in mobile ad hoc networks,” in Proceedings 19th IEEE International 4-8, Pages:32 - 40, 2005.
[26] J. Biswas, and S. K. Nandy, “Efficient Key Management and Distribution for MANET,” 2006 IEEE International Conference on communications, Volume 5, Pages: 2256 – 2261, 2006.
[27] Y. C. Hu, A. Perrig, and D. B. Johnson, “A Secure On-Demand Routing Protocol for Ad Hoc Networks,” in Proceedings of the 8th annual international conference on Mobile computing and networking, Pages: 12 - 23 ,2002.
[28] P. Yi, Z. Dai, Y. Zhong, and S. Zhang, “Resisting flooding attacks in ad hoc networks,” ITCC 2005 International Conference, Volume 2, Pages: 657 - 662, 2005.
[29] S. Desilva, and R. V. Boppana, “Mitigating malicious control packet floods in ad hoc networks Wireless,” IEEE 2005 Communications and Networking Conference, Volume 4, Pages: 2112 – 2117, 2005.
[30] A. Zhi, and K. G. Winston, “Mitigating Route Request Flooding Attacks in Mobile Ad Hoc Networks,” in Proceedings of International Conference on Information networking, Page: 10, 2006.
[31] H. Deng, Q. A. Zeng, and D.P. Agrawal, “SVM-based Intrusion Detection System for Wireless Ad Hoc Networks”, Vehicular Technology Conference, IEEE 58th, Volume 3, Pages: 2147 – 2151, 2003.
[32] H. Ferng, and C. L. Liu, ”Design of a Joint Defense System for Mobile Ad Hoc Networks ”Vehicular Technology Conference, IEEE 63rd, Volume 2, Pages: 742 – 746, 2006.
[33] A. Perrig, C. Ran, D. Song, and J. D. Tygar, “Efficient and Secure Source Authentication for Multicast,” In NDSS ’01, Pages: 35–46, 2001.
[34] V. Vapnik, "The nature of statistical learning theory. springer," 1995.
[35] D. M. J. Tax and R. P. W. Duin, “Support Vector Domain Description,” Pattern Recognition Letters, Vol. 20, pp. 1191-1199, 1999.
[36] T. Joachims, SVMLight, http://svmlightjoachims.org/