Detecting Misbehaving Nodes in MANETs Nan Kang Jodrey School of Computer Science Acadia University Nova Scotia, Canada B4P 2R6
[email protected]
Elhadi M. Shakshuki
Tarek R. Sheltami
Jodrey School of Computer Science Computer Engineering Department Acadia University King Fahd University of Petroleum and Nova Scotia, Canada B4P 2R6 Minerals, Dhahran, Saudi Arabia
[email protected]
ABSTRACT There has been a tremendous growth in the use of wireless communication in the past few decades. Mobile Ad hoc NETwork (MANET) is one of the most important one among various wireless communication mechanisms. In MANET, each node in a network performs as both a transmitter and a receiver. They rely on each other to store and forward packets. Its unique infrastructureless network and self-configuring capability makes it ideal for many mission critical applications, including military use and remote exploration. However, these characteristics also make MANET vulnerable to passive and active attacks due to its open medium, changing topology and lack of centralized monitoring. To address the new security challenges, Intrusion Detection System (IDS) is required to detect the malicious attackers before they can accomplish any significant damages to the network. Many existing IDSs for MANETs are based upon Watchdog mechanism. In this paper, we propose a new IDS called Enhanced Adaptive ACKnowledgement (EAACK) that solves four significant problems of Watchdog mechanism, which are ambiguous collisions, receiver collisions, limited transmission power and false misbehavior report. We use Network Simulator 2 to simulate the proposed mechanism and compare the results with existing mechanisms.
General Terms Performance, Design, Experimentation, Security, Verification.
Keywords MANET, Intrusion Detection System, Watchdog, TWOACK, AACK, EAACK
1. INTRODUCTION With the help of improved techniques and reduced cost, wireless networks are taking the place of wired network in almost everywhere. Among various wireless networks, MANET is of its unique importance. MANET is a collection of mobile nodes that communicate with each other via bi-directional wireless links either directly or Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. iiWAS2010, 8-10 November, 2010, Paris, Copyright 2010 ACM 978-1-4503-0421-4/10/11...$10.00.
France.
[email protected]
indirectly. Figure 1 is an example of MANET. Each node is equipped with both a wireless transmitter and a receiver. There are two types of MANETs, namely single-hop and multi-hop. For single-hop network, nodes are free to directly communicate with other nodes in their radio range. For multi-hop network, to communicate with nodes that are out of its own radio range, the cooperation of other nodes in the network is needed. Nodes rely on other nodes to transmit packets to destination node.
Figure 1. Mobile Ad-hoc Network In contrast to traditional wireless or wired networks, MANET does not require a pre-existing infrastructure or a central station. Thus, the mobile nodes inside the network are free to move randomly [9]. This feature is of great importance when it comes to some mission critical areas like military conflicts or disaster recovery. In such circumstances, it is usually neither worthwhile nor feasible to deploy centralized networks with fixed infrastructure. MANETs are capable of dynamically constructing a short lived and self-configuring network without the support of centralized network infrastructure. Minimal configuration and quick deployment make MANETs suitable for using in emergency circumstances where an infrastructure is unavailable or unfeasible to install like natural or human-induced disasters, military conflicts and medical emergency situations [15]. Thanks to these unique characteristics and advantages, MANETs are now being widely used in the industry. However, when implemented in the real world environment, the network security issue must be well addressed. Most of the proposed routing protocols for MANETs assume that every node in the network behaves cooperatively with other nodes and presumably not malicious [3]. This assumption leaves malicious attackers with the opportunity to compromise the network by adding malicious or non-cooperative nodes to the network. The attacks to MANETs can be mainly divided into two categories, namely passive attack and active attack. For passive attacks, packets containing secret information might be eavesdropped, which violates confidentiality. Examples include eavesdropping, traffic analysis and monitoring. Active attacks, including injecting packets to invalid destinations into the network, deleting packets, modifying
the contents of packets, and impersonating other nodes violate availability, integrity, authentication, and non-repudiation [21]. Examples include jamming, spoofing, modification, replaying and Denial of Service (DoS). An individual mobile node may attempt to benefit from other nodes, but refuses to share its own resources. Such nodes are called selfish or misbehaving nodes, and their behavior is termed selfishness or misbehavior [3]. One of the major sources of energy consumption in mobile nodes of MANETs is wireless transmission [4]. A selfish or malicious node may agree on forwarding control packets while drop all or part of the data packets it received to conserve its energy. This type of attacks is termed as DoS or black hole attack. To alleviate the effects of such selfish or malicious nodes in MANETs, many researchers brought proactive security approaches like cryptography and authentication to improve the security level of MANETs [5][6][16][22]. However, all of these security mechanisms suffer from the problem of late detection of malicious attacks. This flaw leaves attackers plenty of time to defect the network performance. To address this challenge, it is important to incorporate Intrusion Detection System (IDS) into MANETs. IDS in MANETs can act as a second layer of defense. It can act as a great complement to the existing prevention techniques. Unfortunately, due to the unique mechanisms of MANETs like infrastructureless network and self-configuring capabilities, traditional IDSs are no longer suitable for MANETs. In respect to this urgent need of IDSs in MANETs, many researchers have attempted to develop various intrusion detection systems designated for MANETs [1][2][7][8][13][23]. Most of the well-known IDSs that have been proven to be effective and accurate in general cases are based on the Watchdog mechanism [13]. The Watchdog mechanism, which identifies the misbehaving node by overhearing on the wireless medium, is based on passive overhearing. Unfortunately, it can only determine whether or not the next-hop node sends out the data packet. The reception status of the next-hop link’s receiver is usually unknown to the observer [12]. In this paper, we propose a new IDS called Enhanced Adaptive ACKnowledgement (EAACK). The main aim of EAACK is to overcome collisions, limited transmission power and false misbehavior, which are three of the major challenges in Watchdog mechanism [13]. Furthermore, compared to the existing improved schemes such us TWOACK [12] and AACK [19], our proposed mechanism reduces routing overhead while guarantees security when malicious node falsely reports other nodes as misbehaving. The remainder of the paper is organized as follows. Section 2 presents the background review and related work that are important for the understanding of the proposed mechanism. Section 3 provides introduction to our proposed Enhanced Adaptive ACKnowledgement system. In section 4, the detailed simulation process and results are presented. Finally, we will conclude this paper and future work in Section 5.
2. RELATED WORK In this section, we provide an overview of the background information and related work that is important for the understanding of our proposed mechanism. First, we briefly introduce the major routing protocols in MANET. Then, we
describe the existed IDS for MANET, and discuss their strengths and weaknesses.
2.1 Routing Protocols in MANETs From all the routing protocols that have been proposed for MANETs, based on their routing algorithms, they can be categorized to three types: proactive, reactive and hybrid [20]. For proactive routing protocols, the routing protocol finds path to every other individual node in the network whether if there is a packet sending request or not, and update these paths frequently after a certain period of time. They react to topology changes regardless of whether there is a change or not. The constant update of routing information can potentially waste a great amount of bandwidth. They are also called table-driven method. Examples include Clusterhead Gateway Switch Routing protocol (CGSR) [18], destination-Sequenced Distance Vector routing protocol (DSDV) [17] and Wireless Routing Protocol (WRP) [14]. For reactive routing protocols, the routing protocol does not require constant update of paths. On the other hand, it only updates when there is demand for data transmission. This significantly reduces the routing overhead when the network traffic is light and the network topology does not change dramatically, since there is no need to update routing table frequently when there is no traffic. Examples of reactive routing protocols include: A Scalable Protocol for Unicasting and Multicasting in a Large Ad hoc Emergency Network (SENCAST) [18], Reliable Ad hoc On-demand Distance Vector routing protocol (RAODV) [18] and Dynamic Source Routing protocol (DSR) [11]. Hybrid routing protocol is a combination of proactive and reactive routing protocol. Zone-based Hierarchical Link State (ZHLS) [18] is a typical example. According to ZHLS routing protocol, the entire network is divided into several non-overlapping zones. If the source and destination nodes are within the same zone, ZHLS works as a passive routing protocol. Otherwise, it will work as a reactive routing protocol because it needs a location search to find the zone ID of the destination node. In our research, we concentrate on one of the reactive routing protocols, namely DSR. The reason being we need the source node to be able to know the identity of every other intermediate node in the network without consuming a great amount of routing overhead. This can be achieved by adopting routing protocols such as DSR. DSR is specifically designed for multi-hop MANETs. DSR allows the network to be completely selforganizing and self-configuring, without the need for any existing network infrastructure or administration [11]. It avoids the need of constantly updating routing information in the intermediate nodes while providing loop-free routing by adopting source routing technique.
2.2 Intrusion Detection Systems in MANETs There have been a lot of research efforts on developing efficient intrusion detection systems for MANETs. In this section, we examine three of them, including Watchdog and Pathrater, TWOACK and AACK, and then we compare them with our proposed mechanism in simulation.
2.2.1 Watchdog and Pathrater Marti et al. [13] proposed two techniques (Watchdog and Pathrater) that improve the network throughput with the existence of selfish or misbehaving nodes. It also serves as the basis for many of the intrusion detection techniques that were proposed in the recent years. Watchdog serves as an intrusion detection system that detects the presence of misbehaving nodes in the network, while Pathrater is proposed to respond to these misbehaving nodes by helping the routing protocol to avoid these nodes. A significant increase in network throughput [13] has been observed by incorporating Watchdog and Pathrater scheme in MANETs. Watchdog detects misbehaving node by promiscuously listens to thenextnode’stransmissions.Ifthenextnodefails to forward the packet, it increases its failure counter. If the counter exceeds a certain predefined threshold, it determines that the node is misbehaving, and Pathrater cooperates with the routing protocol to avoid using this node in the future transmission. This is achieved by choosing a new path from source to destination based upon a simple route rating algorithm. The advantages and disadvantages of Watchdog were discussed in [13]. The advantage of Watchdog is that it is capable of detecting misbehavior at the forwarding level instead of just on the link level. The disadvantage of Watchdog is that it may fail to detect a misbehaving node in the presence of 1) ambiguous collisions, 2) receiver collisions, 3) limited transmission power, 4) false misbehavior report, 5) collusion, and 6) partial dropping. In this paper, our focus on solving four of the six weaknesses of Watchdog mechanism, namely: ambiguous collisions, receiver collisions, limited transmission power and false misbehavior report. For ambiguous collisions, the collisions prevent node A from overhearing the transmission of Packet 1 from node B to node C due to another packet (i.e. Packet 2) sent from node S, as shown in Figure 2. Note that for the rest of the paper, all dotted arrow lines in the figure indicate the transmission over the rest of the route, and all solid arrow lines indicate the transmission that is actually involved in our discussion.
Figure 3. Receiver Collisions
Figure 4. Limited Transmission Power
Figure 5. False Misbehavior Report
2.2.2 TWOACK To enhance the Watchdog mechanism by solving the problem of collisions and limited transmission power, Balakrishnan et al. proposed a network-layer scheme called TWOACK [12]. When a node forwards a packet to its next hop, it verifies whether the packet has been successfully received by the node that is two hops away down the route. This is achieved by a special type of acknowledgement packet called TWOACK, which stores a fixed route of two hops in the opposite direction to the data packet. This scheme can be added into a source routing protocol such as DSR [11]. As shown in Figure 6, node A sends Packet 1 to node B and node B forward Packet 1 to node C. Upon receiving Packet 1 at node C, it will generate and send out a TWOACK packet which contains the route from node C to node A. The receiving of this TWOACK packet from node A indicates Packet 1 has already been forwarded by node B. On the other hand, if node A does not receive an acknowledgement packet from node C within a certain time period, it suspects node B to be misbehaving. This same process is carried along for each consecutive three nodes in the route.
Figure 2. Ambiguous Collisions In receiver collisions, node A assures that node B has forwarded Packet 1 to node C, but fails to detect that node C never received Packet 2 due to a collision with Packet 2, as shown in Figure 3. As for limited transmission power, in order to conserve energy, node B limits its transmission power so that it is strong enough to be overheard by node A but too weak to be received by node C, as shown in Figure 4. In case of false misbehavior report, although node B successfully forwarded Packet 1 to node C, node A still reports node B as misbehaving, as shown in Figure 5. Due to the open medium of MANETs, attackers can easily capture one or two nodes and compromise them to generate these false misbehavior reports.
Figure 6. TWOACK Scheme The TWOACK scheme solves the problem of detecting misbehaving nodes in the presence of collision and limited transmission power. However, as each data packet has to be acknowledged along the route, this generates considerate amount of overhead and degrade the network performance. Furthermore, the TWOACK scheme detects misbehaving links instead of nodes. This may either rule out normal nodes or leave the misbehaving nodes to continuously defect the network.
2.2.3 AACK The AACK is a network layer acknowledgement-based scheme that may be considered as a combined system of TWOACK scheme and end-to-end acknowledgement scheme. It aims to
solve the two problems of watchdog and improve the performance of TWOACK by reducing the routing overhead while maintaining better performance [19]. In order to reduce the overhead in TWOACK scheme, AACK scheme introduced an adaptive mechanism that consists of two parts controlled by a switching system. One is called ACK and the other one is called TACK. The default mode of the switching system is AACK where a simple end-to-end acknowledgement scheme is implemented. As shown in Figure 7, the source node S simply sends out the data packet without any overhead except for one bit of flag indicating the packet type (i.e. AACK or TACK). When the destination node D receives Packet 1, it generates an AACK packet and sends it back to the source node S in the opposite direction of route. If node S receives this acknowledgement packet within a certain period of time, the data transmission is successful. Otherwise, node S will switch to TACK mode where it works exactly like TWOACK. This adaptive scheme greatly reduces the overhead compared to TWOACK scheme.
Figure 7. ACK Scheme Furthermore, the combination of two schemes allows the AACK mechanism to be able to detect misbehaving node rather than links. When the sender receives an AACK acknowledgement packet from the destination, this implies that there is no misbehaving node along the path; therefore, each node forwards or overhears the AACK acknowledgement packet including the sender, which registers all nodes along that path as well-behaving nodes [19]. However, the AACK scheme suffers from the problem that it fails to detect misbehaving node when there is false misbehavior report in the network.
3. SCHEME DESCRIPTION In this section, we describe our proposed Enhanced Adaptive ACKnowledgement (EAACK) scheme. This scheme aims to overcome four of the weaknesses in traditional Watchdog mechanism, namely, ambiguous collisions, receiver collisions, limited transmission power and false misbehavior. In the proposed scheme, we assume that links between each node in MANET are bi-directional. The misbehaving nodes always cooperate to forward routing packets while dropping data packets. Also, they always generate false misbehavior report to its previous node and report their next nodes as malicious. The EAACK can be mainly divided into three parts, namely ACK, S-ACK and MRA. Figure 8 (next page) shows the control and data flow of EAACK scheme. As shown in the figure, EAACK scheme starts with ACK mode. The source node first sends out data packets along with a route that it gets from the DSR routing protocol. These data packets contain a two bit header that indicates the packet type. In our case, we define general data packet as “00”, ACK packet as “01”, S-ACK as “10” and MRA packetas“11”, as shown in Table 1. Upon sending out the data packet on the source node, it also registers the packet ID and sending time. When the destination node receives the data packet, it is required to generate an ACK
packet that contains the received packet ID and sends it back to the source node through the opposite direction of the same route. On the other end, if the source node does not receive the desired ACK packet from the destination node, it switches to S-ACK mode by sending out an S-ACK packet to the destination node through the same route. The S-ACK mode works similar to the TWOACK scheme as discussed in section 2. The only difference is that we added a flag to the packet indicating the type of the packet. Again, the source node stores the packet ID and the sending time. For every three consecutive nodes in the route, the third node is required to send back an S-ACK packet through the second node to the first node. By doing this, we solve the collision and limited transmission power issue that bothers the Watchdog scheme. Table 2. Packet type indicators Packet Type
General Data Pkt
ACK
SACK
MRA
Packet Flag
00
01
10
11
However, unlike TWOACK scheme, in S-ACK scheme, when a misbehavior report is received, instead of trusting the report and mark the node as misbehaving, we forward the misbehaving report to the source node. Then, the source node switches to MRA scheme by sending out a MRA packet to the destination node through a different route. The MRA packet contains the ID of the packet that has been sent out. If a different route does not exist in routing cache, the source node initiates a new DSR route request to find a new route. When the destination node receives this MRA packet, it searches its local memory to see if there is a match to the requested packet ID. If it exists, then we can conclude that the data packet has been received by the destination node, and whoever reported the misbehavior is the malicious node. If no match is found, it is safe to conclude that the misbehavior report is valid. In extreme conditions, when there are no other routes available for sending MRA packet, our scheme by default accept the misbehavior report. The MRA scheme is demonstrated in Figure 9.
Figure 9. MRA Scheme As discussed in Section 2, false misbehavior problem happens when the malicious node falsely report its next node as misbehaving. This attack is usually achieved when attackers successfully capture nodes in MANETs and compromise them to do false reports. In reputation based IDS such as Watchdog and TWOACK scheme, this kind of attack may break down the entire network by falsely reporting certain amounts of nodes as malicious. With the introduction of MRA scheme, EAACK is able to detect malicious node with the presence of false misbehaving report.
Start
Start with ACK Mode
Node Activity
ACK
S-ACK Packet Mode MRA
Send out ACK Pkt
Send out S-ACK Pkt
Send out MRA Pkt Yes
Yes
Reply from Destination No
Misbehavior Report Yes
No
No
Destination Node has the Pkt
Switch to MRA
Switch to ACK
Switch to S-ACK Mark Reporter as Malicious
Trust the Report
Switch to ACK
Figure 8. EAACK Scheme
4. PERFORMANCE EVALUATION In this section, we present our simulation results of EAACK schemes and compare it with Watchdog, TWOACK and AACK schemes.
4.1 Simulation Methodology The simulation is done with Network Simulator (NS) 2.34 on Ubuntu 9.10. The NS 2.34 includes a wireless extension by the CMU Monarch project [10]. We chose to use the default scenario file in NS 2.34 as our simulation configuration file. This brings more typical results and makes it easy to compare with the results of other works. Our simulation contains 50 nodes in a flat space with the size of 670× 670m. The maximum hops allowed in this scenario are four and the physical layer and 802.11 MAC layer are included in the wireless extensions of NS2.
In order to simulate different network topology, for each scheme we run three distinct network scenario and calculate the average performance. The moving speed of mobile node is set between the range of 1 to 20m/s and a pause time of 1000s. The UDP traffic with Constant Bit Rate (CBR) is implemented through a packet size of 512 bytes. In order to simulate the malicious nodes, we modified the network simulator to let certain amount of nodes behaves like malicious node. These malicious nodes cooperate in the source routing process. However, for any data packets they receive, they will deliberately drop the data packets and then send out misbehavior report whenever possible. By implementing this method, we can simulate the situation when attackers taking advantage of the false misbehavior report as described in section 2. To measure the performance of our proposed scheme, we introduce the following two performance metrics:
Packet Delivery Ration (PDR): PDR defines the ratio of the number of packets received by the destination node and the number of packets sent by the source node.
Routing Overhead (RO): RO defines the ratio of the amount of routing-related transmissions (RREQ, RREP, RERR, ACK, S-ACK and MRA) in byte to the amount of data transmissions in bytes in a network.
of our proposed scheme, EAACK still managed to keep similar or even lower overhead ratio compared to TWOACK and AACK.
4.2 Simulation Results and Discussions
Routing Overhead Overhead Ratio
In Figure 9, we compared the PDR for each individual IDS discussed in the previous sections. It was easy to find out that when there were no malicious nodes in the network, the PDR for each scheme were all at 100%. However, when the percentage of malicious nodes increased to 10%, TWOACK, AACK and EAACK outperformed Watchdog scheme. And the delivery ratio of our proposed scheme EAACK toped at this scenario. This situation remains to be true when the malicious node ratio is 20% and 30%. This is because the introduction of MRA scheme improved the detection performance and thus delivered more packets than all the other competitors.
0.6
DSR
0.4
WatchDog
0.2
TWOACK
0 0% 10% 20% 30% 40%
AACK
Malicious Nodes
EAACK
Figure 10. Routing Overhead Comparison
Delivery Ratio
Packet Delivery Ratio 1 0.9 0.8 0.7 0.6 0.5
DSR WatchDog TWOACK AACK 0% 10% 20% 30% 40% Malicious Nodes
EAACK
Figure 9. Packet Delivery Ratio Comparison However, the PDR of EAACK turned out to be slightly lower than AACK and TWOACK when the percentage of malicious nodes reached 40%. This is likely due to the fact that almost half the nodes in the network are malicious; it’s much harder for the source node to find another valid route to the destination node to carry on the MRA scheme. In Figure 10, we compared the routing overhead for all of the five schemes. As Watchdog do not have any extra overhead, its routing overhead is significantly lower than all the other schemes involved. For the rest of competitors, thanks to the adoption of adaptive scheme, both AACK and EAACK consumes less routing overheads than TWOACK in most of the cases. This is understood as for most of the time, adaptive scheme allows endto-end acknowledgement, which requires minimum routing overhead. Nevertheless, with the increase of malicious nodes in the network, it is more likely that the data transmission will encounter malicious nodes and have to switch to S-ACK scheme or even MRA schemeforEAACK’scase.Theseprocessesgreatly increased the routing overhead when there are more malicious nodes. From the comparison, we can conclude that although the increase of malicious node greatly affected the routing overhead
After carefully examined the simulation result, we can safely get the conclusion that our proposed scheme EAACK provide better packet delivery ratio in the presence of false misbehavior report with similar or even less overhead ratio compared to TWOACK and AACK.
5. CONCLUSIONS AND FUTURE WORK In this work, we proposed a new IDS scheme designated for MANETs. The motivation for our work is to develop an IDS scheme that is able to detect misbehaving node in case of collision, limited transmission power and false misbehavior report. We demonstrated the performance of our proposed scheme through an evaluation in the network simulator environment. The results showed that the proposed scheme is effective in detecting misbehaving nodes in MANETs. Although the simulation result showed that our proposed scheme outputs higher packet delivery ratio, it also has a higher overhead ratio with the increase of malicious nodes in the network. This is due to the introduction of MRA scheme. We believe the trading off between overhead ratio and packet delivery ratio is worthwhile if security issue is of top priority. Furthermore, our simulation showed that the increase in overhead ratio was strictly limited to a small amount. This makes our proposed scheme a better choice in the security sensitive environment than other schemes we have investigated. In the future, we plan to further our investigation on different schemes to reduce the overhead ratio of EAACK. On the other hand, in our simulation, in order to simulate the extreme condition when the malicious nodes try to maximize the packet drop rates, we configured the malicious nodes to drop all the data packets they received. However, it is possible that the malicious nodes perform a smart attack by only dropping some part of the packets. This is likely to affect the performance of our proposed schemes. In the future, we will investigate this scenario and propose with necessary adjustment on our scheme. Despite these limitations, most of the existing IDS schemes including EAACK surfer from the threat that they fail to detect misbehaving node when the attackers are smart enough to forge the acknowledgement packets. In our future work, we plan to investigate different encryption schemes to resolve this issue.
6. ACKNOWLEDGMENTS This project is supported in part by a grant from the Natural Sciences and Engineering Research Council of Canada (NSERC) and an internal grant from Acadia University. The authors would also like to thank King Fahd University of Petroleum & Minerals for their support.
7. REFERENCES [1] Buchegger, S. and Le Boudec, J-Y. 2002. Performance analysis of the CONFIDANT protocol: Cooperation of nodes, fairness in dynamic ad-hoc networks. In Proceedings ofMobiHoc’02. [2] Buttyan, L. and Hubaux, J-P. 2000. Enforcing service availability in mobile ad-hoc WANs. In Proceedings of the 1st ACM international Symposium on Mobile Ad Hoc Networking & Computing (Boston, Massachusetts). International Symposium on Mobile Ad Hoc Networking & Computing. IEEE Press, Piscataway, NJ, 87-96. [3] Buttyan, L. and Hubaux, J-P. 2007. Security and cooperation in wireless networks. Cambridge University Press (Aug. 2007) [4] Feeney, L.M. and Nilsson, M. 2001. Investigating the energy consumption of a wireless network interface in an ad hoc networking environment. In IEEE INFOCOM, 2001. 1548 1557 vol.3 [5] Hu, Y-C., Perrig, A., Johnson, D.: Ariadne. 2002. A secure on-demand routing protocol for ad-hoc networks. In Proceedings of the 8th ACM international Conference on Mobile Computing and Networking (Atlanta, GA). MobiCom’02. Modeling and Simulation Design. AK Peters Ltd., Natick, MA.
[12] Liu, K., Deng, J., Varshney, P. K., and Balakrishnan, K. 2007. An Acknowledgment-Based Approach for the Detection of Routing Misbehavior in MANETs. IEEE Transactions on Mobile Computing 6, 5 (May. 2007), 536550. DOI= http://dx.doi.org/10.1109/TMC.2007.1036 [13] Marti, S., Giuli, T. J., Lai, K., and Baker, M. 2000. Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of the 6th Annual international Conference on Mobile Computing and Networking (Boston, Massachusetts, United States, August 06 - 11, 2000). MobiCom '00. ACM, New York, NY, 255-265. DOI= http://doi.acm.org/10.1145/345910.345955 [14] Murthy, S. and Garcia-Luna-Aceves, J. J. 1996. An efficient routing protocol for wireless networks. Mob. Netw. Appl. 1, 2 (Oct. 1996), 183-197. DOI= http://dx.doi.org/10.1007/BF01193336 [15] Nasser, N and Chen, Y. 2007. Enhanced intrusion detection systems for discovering malicious nodes in mobile ad hoc network. In Proceedings of IEEE International Conference on Communication. (Glasgow, Scotland, June 24 – 28, 2007).ICC’07. [16] Parker, J., Undercoffer, J., Pinkston, J. and Joshi, A. 2002. Secure routing for mobile ad-hoc networks. In Proceedings of the SCS communication Networks and Distributed Systems Modeling and Simulation Conference. (Texas, SA, 2002).CNDS’02. [17] Perkins, C. E. and Bhagwat, P. 1994. Highly dynamic Destination-Sequenced Distance-Vector routing (DSDV) for mobile computers. SIGCOMM Comput. Commun. Rev. 24, 4 (Oct. 1994), 234-244. DOI= http://doi.acm.org/10.1145/190809.190336
[6] Hu, Y-C., Johnson, D.B. and Perrig, A. 2002. SEAD: secure efficient distance vector routing for mobile wireless ad-hoc networks. In Fourth IEEE Workshop on Mobile Computing Systems and Applications. Pp.3-13
[18] Sanzgiri, K., Dahill, B., Levine, B-N., Shields, C. and Belding-Royer, E-M. 1999. A review of current routing protocols for ad-hoc mobile wireless networks. Personal Communications Magazine, April 1999.
[7] Hubaux, J-P., Gross, T., Boudec, Le and Vetterli, M. 2001. Toward self-organized mobile ad hoc networks: The terminodes project. In IEEE Communications Magazine.
[19] Sheltami, T., Al-Roubaiey, A., Shakshuki, E. and Mahmoud, A. 2009. Video Transmission Enhancement in Presence of Misbehaving Nodes in MANETs. International Journal of Multimedia Systems, Springer, vol. 15, issue 5, 273-282.
[8] Jakobsson, M., Hubaux, J-P. and Buttyan, L. 2003. A micropayment scheme encouraging collaboration in multihop cellular networks. In Proceedings of Financial Crypto, Jan 2003.
[20] Sun, B. 2004. Intrusion Detection in Mobile Ad Hoc Networks. Doctoral Dissertation. Texas A&M University.
[9] Jayakumar, G and Gopinath, G. 2007. Ad Hoc Mobile Wireless Networks Routing Protocol – A Review. In Journal of Computer Science 3(8): 574-582.
[21] Wu, B., Chen, J., Wu, J. and Cardei, M.. 2006. A survey of attacks and countermeasures in mobile ad hoc networks. In Wireless Network Security, Xiao, Y., Shen, X. and Du, -Z, D. Net.
[10] Johnson, D.B., Broch, J., Hu, Y-C., Jetcheva, J. and Maltz, D.A.1998.TheCMUmonarchproject’sextensionstoNS.In Proceedings of the 42nd Internet Eng. Taskforce.
[22] Zhou, L. and Haas, Z. 1999. Securing ad-hoc networks. In IEEE Network Magazine. 13(6), 24-30
[11] Johnson, D-B. and Maltz, D-A. 1996. Dynamic source routing in ad hoc wireless networks. In Mobile Computing. Editer by Toasz Imielinski and Hank Korth, chapter 5, 153181. Kluwer Academic Publishers. 1996
[23] Zhong, S., Chen, J. and Yang, Y.R. 2003. Sprite: A simple, cheat-proof, credit-based system for mobile ad-hoc networks. In Proceedings of Infocom’03, San Francisco, CA, USA, March 30- April 2003.
