Visible to the public DAPV: Diagnosing Anomalies in MANETs Routing With Provenance and Verification

TitleDAPV: Diagnosing Anomalies in MANETs Routing With Provenance and Verification
Publication TypeJournal Article
Year of Publication2019
AuthorsLi, T., Ma, J., Pei, Q., Song, H., Shen, Y., Sun, C.
JournalIEEE Access
Keywordsabnormal nodes, Ad hoc networks, anomalies detection, anomalous nodes, AODV protocol, black-hole attack, central control program, Cognition, collaborative malicious nodes, compositionality, DAPV, data privacy, diagnosing anomalies, direct attacks, distributed verification, expected log information, indirect attacks, log entries, malicious intermediated routers, manet privacy, MANET routing mechanism, Merkle hash tree, Metrics, mobile ad hoc networks, mobile computing, mobile radio, paralyzed nodes, Peer-to-peer computing, privacy, privacy-preserving verification, provenance tracking, pubcrawl, Resiliency, Routing, routing phase, routing phases, Routing protocols, routing security, security, security of data, single nodes, telecommunication security, university campus networks, Wireless Network Security
AbstractRouting security plays an important role in the mobile ad hoc networks (MANETs). Despite many attempts to improve its security, the routing mechanism of MANETs remains vulnerable to attacks. Unlike most existing solutions that prevent the specific problems, our approach tends to detect the misbehavior and identify the anomalous nodes in MANETs automatically. The existing approaches offer support for detecting attacks or debugging in different routing phases, but many of them cannot answer the absence of an event. Besides, without considering the privacy of the nodes, these methods depend on the central control program or a third party to supervise the whole network. In this paper, we present a system called DAPV that can find single or collaborative malicious nodes and the paralyzed nodes which behave abnormally. DAPV can detect both direct and indirect attacks launched during the routing phase. To detect malicious or abnormal nodes, DAPV relies on two main techniques. First, the provenance tracking enables the hosts to deduce the expected log information of the peers with the known log entries. Second, the privacy-preserving verification uses Merkle Hash Tree to verify the logs without revealing any privacy of the nodes. We demonstrate the effectiveness of our approach by applying DAPV to three scenarios: 1) detecting injected malicious intermediated routers which commit active and passive attacks in MANETs; 2) resisting the collaborative black-hole attack of the AODV protocol, and; 3) detecting paralyzed routers in university campus networks. Our experimental results show that our approach can detect the malicious and paralyzed nodes, and the overhead of DAPV is moderate.
Citation Keyli_dapv_2019