DETECTION OF PACKET DROPPING ATTACKS FOR WIRELESS SENSOR NETWORKS

Chitra M.P.(PG Student)chitrampathreya@gmail.com

Monica R MundadaAssociate Professor

Department of Computer Science and Engineering ,M.S.Ramaiah Institute of Technology Bangalore 560054

Abstract: Packet dropping attacks are one category of DoS attacks. Denial-of-service (DoS) attacks on wireless sensor networks (WSNs) can deplete network resources and energy without much effort on the part of an adversary. It is very difficult to identify such attacks and this attack interrupts the communication in wireless sensor networks. Security is considered to be a critical parameter in sensor network due to the fact that they are mostly deployed in an environment where human interaction is less.Packet dropping is nothing but a bad node drops all or some of the packets that are supposed to be forwarded. It may also drop the data generated by itself for some malicious purpose such as blaming innocent nodes. Solution provided in this paper identifies paths that drop packets by using alternate paths that WSN finds earlier during route discovery. Solution does not require monitoring individual nodes, making it feasible for WSNs.

Keywords- Denial-of-service, intrusion detection, wireless sensor networks.

1.Introduction

WSN Provide a bridge between the real physical and virtual Worlds. They have a wide range of potential applications to industry, science, transportation, civil infrastructure and security.

Fig 1.1 Sensor network

Wireless sensor networks (WSNs) consist of small devices called sensor nodes with a radio, a processor, a memory, a battery and sensor hardware.

Fig1.2 Basic components of a WSN node.

The most notorious kind of attacks that is always threatening WSNs is denial of service attacks (DoS). This class of attacks is not concerned with the information that is transmitted.

1

Rather, the goal of the attacker is to deplete the resources of the networks and cause it not to function properly.Traffic is not random in wireless sensor networks.[KW03] classifies WSN traffic into 3categories:

1. Many-to-one: Many sensor nodes send readings to a base station or aggregation point in the network.2. One-to-many: A single node (typically a base station or an aggregator) floods several sensor nodes with query or control information.3. Local communication: Neighboring nodes send localized messages to discover and coordinate tasks.

There can be other reasons of packet dropping other than malicious intent like collisions, buffer overflows, congestion, etc. It is important to find solutions that take these factors into account, for example, to prevent false alarms. In order to provide accurate reports for and tracking in realistic environments, not only false alarms but also the impact of weather, terrain, and ground conditions on sensor readings should be taken into account. Existing solutions for detecting packet dropping Wireless sensor networks work by monitoring individual nodes. Sleep- wakeup schedules for nodes in a WSN make continuous monitoring impractical. Also, monitoring individual nodes is too expensive for WSNs.This paper uses the observation that alternate routing paths are readily available in WSNs, DPDSN monitors paths and detects whether any node on a path drops packets. Once we detect such an event, we switch to an alternate path for communication. We always keep an alternate path ready to minimize the switching delay. The cost of finding an alternate path is minimized by having it embedded in route discovery of source-initiated and receiver-initiated routing protocols.

2.Related work by others

B.Yu [6] proposes a method to detect selective forwarding attacks based on checkpoints. Firstly

choosing some nodes along the path randomly as the checkpoints node, then after receiving datapackets, there will generate corresponding acknowledgments and then transmit them to theupper way. If any checkpoints node doesn’t get enough acknowledgments, it will generatewarning messages to the source node, so that the detection of the selective forwarding attackscan be realized. But an apparent problem exists in this process is that the nodes have to sendacknowledgments continuously, which will greatly increase the cost of the network. By theway, this method can’t judge whether there malicious tamper action exists.

Sophia Kaplantzis et al [9] proposed a centralized intrusion detection scheme that uses only two features to detect selective forwarding and black hole based on Support Vector Machines (SVMs) and sliding windows. This intrusion detection is performed in the base station and hence the sensor nodes use no energy to support this added security feature. From this they conclude that the system can detect black hole attacks and selective forwarding attacks with high accuracy without depleting the nodes of their energy.

Marti et al. [M01] discussed two techniques that detect compromised nodes that agree to forward packets but fail to do so. The authors use watchdogs that identify misbehaving nodes and a pathrater that helps routing protocols avoid these nodes. When a node forwards a packet, the node.s watchdog verifies that the next node in the path also forwards the packet. The watchdog does this by listening promiscuously to the next node.s broadcast transmissions. If the next node does not broadcast the packet, it is misbehaving and the watchdog detects it. Every time a node fails to forward a packet, the watchdog increments the failure-tally. If the tally exceeds acertain threshold, it is determined that the node is misbehaving; this node is then avoided with the help of the pathrater. The pathrater combines knowledge of misbehaving nodes with link reliability data to pick the route most likely to be reliable. Each node maintains a rating for every other node it knows about in the network. It calculates a path

2

metric by averaging the node ratings in the path. The overhead of passive continuous passive listening is formidable for WSNs.Buchegger et al. [BB02] proposed a mechanism that detects misbehaving nodes by means of observations or reports about several types of attacks. This allows nodes to find routes around misbehaving nodes and to isolate them from the network. Nodes have a monitor for observations,reputation records for first-hand observations and trusted second-hand reports, trust records to control trust given to received warnings, and a path manager to adapt their behavioraccording to reputation of other nodes. This approach involves continuous monitoring similar to Marti.s approach and collecting information about intrusion detections at other places in the network. The overhead is prohibitive for WSNs.

Michiardi et al. [MM02] proposed a collaborative reputation mechanism that has a watchdog component.However, it is complemented by a reputation mechanism that differentiates between subjective reputation (observations), indirect reputation (positive reports by others), and functional reputation (task specific behavior). They are weighted for a combined reputation value used to make decisions about cooperation with or gradual isolation of a node. This approach involves continuous monitoring and collecting information about intrusion detections at other places in the network for specific functions. The overhead is too high for WSNs.

Huang et al. [HL03] proposed a mechanism that needs separate monitoring nodes, specifically one monitor per cluster (nodes that are in one-hop range form a cluster). The approach requires monitors to be active. If there is one monitor per cluster, the monitor does most of the work. In WSNs, there is a risk that monitor nodes run out of energy before the network does or before the network getspartitioned. This contradicts one of the main goals of prolonging WSN lifetime and keeping WSN connected as much as possible (since battery replacement is a very costly or unavailable alternative).

All the above approaches monitor individual nodes all the time. Continuous monitoring of each and every node is not feasible for resource-constrained WSNs especially when extending lifetime is the main goal in the design of WSNs. The proposed solution in this paper DPDSN avoids continuous monitoring of every node.

There are two solutions presented by this paper for detection of packet dropping attacks for wireless sensor networks. 3. SOLUTION IA WSN consist of tiny devices which can monitor physical or environmental conditions such as temperature, sound, pressure, motion or pollutants etc. based on their area of interest and in turn produces data. These sensed data are further forwarded to the sink (gateway, base station, and user). A sensor network is often deployed in an environment where human interaction is less in performing the monitoring and data collection tasks. Deploying in such an environment may result in lack of physical protection and leads to node compromising. Compromising node is a node on which an attacker has gained control.Once nodes are compromised in WSN an opponent may come up with several attacks which are passive or active in nature to disrupt the communication.

In this method a rooted tree is rooted at the sink and the sensed data is transmitted through the tree towards the sink along with additional parameters with the packets. Based on the received additional information, the sink can examine the dropping ratio with respect to the corresponding or every sensor node. Every participating node computes two MACs [YH02] (Message Authentication Code) over the event:

One using its key shared with the BS (Base station).

Other using its pair wise key shared with its upper associated node.

The node transmits the packet along with the MAC value produced and the forwarding node verifies the data integrity. Then the sink runs node categorization algorithm to identify nodes that are droppers/modifiers for sure or are

3

suspicious droppers/modifiers. As the tree structure dynamically changes every time interval, behaviors of sensor nodes can be observed in large variety of scenarios. Finally, as the information about behavior has been accumulated, the sink periodically runs the heuristic ranking algorithms to identify most likely bad nodes with small false positive. After finding out the compromised node secured routing path is found. A route request is broadcasted to all nodes which consist of a record listing the addressing of the intermediate nodes excluding the compromised nodes identified.

3.1 SYSTEM MODEL:System model is concentrated with selection of architecture elements their interaction and constrains to provide a framework. System model also specifies the components, connections, techniques, technologies and other functional and non-functional requirements.

Node ConfigurationDeployment phase is considered in node configuration which is further classified into Initialization and Transmission phase.

Initialization PhaseHere sensor nodes are deployed in such a way that it is DAG (Directed Acyclic Graph) and from that a routing tree is derived. Routing tree keeps on changing and the sink gathers the routing behavior. Each node is loaded pririorly with a unique id(SEQ NO)and necessary information that includes secret key, duration to establish pair wise key with other nodes.

Fig3.1.1 System model

Sensor Node

Base station

-------- Range

Transmission PhaseIn transmission phase, packets from the sensor nodes are transmitted through the routing tree. Every node computes two MAC, one using the key shared with the Base Station (BS) and the other using pair wise key that is shared. The node transmits the packet along with the MAC value produced and the forwarding node verifies the data integrity and after verifying the associated MAC value is removed and the corresponding nodes MAC is included and forwarded to the sink. Base Station also verifies data integrity.

Compromised Node s Identification Phase:The routing tree is reshaped and compromised nodes are identified using ENHCH. In ENHCH scheme packet droppers or modifiers are found by clustering the nodes depending on the risk factor and dropping ratio as good, moderate or bad. After finding, the nodes are further ranked to identify most nodes that are sure to drop packets.

Ranking TechniqueA routing table is maintained and an accused account is maintained in which nodes are ranked depending on their identification to be bad for several times. The most accused value node is fixed to be bad for sure. The accused value of nodes is reduced by the number of times it has been found together along with the bad node.

Secure Routing ProcessAfter identifying the compromised nodes a secure route is provided for data transmission. Route is initially discovered and later the founded route is maintained.

Route Discovery and MaintenanceTo initiate the Route Discovery, node transmits a "Route Request" as a single local broadcast packet to all the node that have been registered

4

with the base station and also the nodes that are present in the transmitting path. Each Route Request identifies the source and the destination of the Route Discovery, and also contains a unique id. Each Route Request also contains a record listing the address of each intermediate node excluding the compromised that has been identified earlier through which this particular copy of the Route Request has been forwarded.

4.SOLUTION II

Here we detection of compromised paths, embedding alternate path discovery in route discovery, overhead analysis, and discussion of malicious node discovery.

Detection of Compromised Paths

Our detection mechanism uses an alternate path between a source and a destination. We propose that the process of finding an alternate path be embedded in the route discovery phase of routing protocols like DSR[JM96] and Directed Diffusion [IG00].

4.1 ABOUT DSR AND DIRECTED DIFFUSION: With physical layer jamming , an attacker simply distorts radio communication.One way to achieve this is to place attacker nodes somewhere into the network and let them continuously send radio signals in sensor networks frequency band.Especially effective in such an attack when the attacker nodes are close to sink nodes,effectively reducing a users ability to control the network or to acquire data from it. A single attacker node can distort many neighbours at once and by strategical placement of a number of attacker nodes, the whole sensor network can be disabled. One possible counter measure is by routing protocols :If the attacker jams only the limited area , packets may be routed around.In protocols like directed diffusion , frequent interest dissemination can find working routes. Attacker node can drop packets in a random fashion or all of them .Routing or data dissemination protocols that cache routes like DSR or

directed diffusion are vulnerable to network layer attacks.

Ideally, the alternate path does not have any node in common with the original path. We assume that the source and the destination are not malicious or compromised. Since our goal is to detect packet-dropping attacks, we do not consider masquerading or forging packets.Packet loss can be caused by congestions due to heavy traffic, collisions at link layer, buffer overflows, etc. In WSNs, congestions and buffer overflows seem unlikely to happen because of low traffic rates. Reliable MAC protocol rules out collisions as a reason for packet dropping. Assuming reliable MAC protocol and assuming low traffic rates, the main possible reason for packet losses in WSNs is malicious non forwarding or packet dropping by an adversary or compromised nodes. We focus on this to detect paths that drop packets.

Algorithm for Detection of a packet-dropping path.Detect_compromised_path(source, destination)beginGet ns, nr.

/*ns- The no of packets sent by source in the given period of time.*/ /*nr- source periodically requests the destination to send the number of packets received [using alternate path found during route discovery].*/while (TRUE)if ns - nr > 0 thenPackets are being dropped by malicious nodes on the source-to-destination path.return TRUEelsereturn FALSEWait till next verification cycle.End

The source sends query to the destination using an alternate path, requesting it to send nr . The alternate path is used not only to verify whether ns=nr. If we find that packets are dropped by the original path, it can also be used for all subsequent communication.

5

Finding an alternate path during route discovery is a challenging problem and finding an optimal alternate path is beyond the scope of this paper. We address the embedding problem heuristically and show possible approaches for DSR and Directed Diffusion.

Embedding in DSR Let us consider an example shown in Fig. 4.1a and Fig. 4.2b for DSR. Node 1 is the source whereas Node 8 is the destination. Node 1 sends out a route request packet, which floods the network as shown by broken-line arrows in Fig. 4.1a. Node 8 responds by sending route reply packet as shown by single-line arrows in Fig. 4.1b. Double-line arrows in Fig. 4.1b indicate an alternate path that can be used later to verify the number of actual packets received by the destination. In this case, Node 8 determines if there is an alternate path to Node 1.

Fig 4.1a Source (Node 1) floods the network with DSR route request packet. Node 8 is the destination.

Fig 4.1b Destination (Node 8) sends route reply packet (single-line arrows). Destination finds alternate path (double-line arrows).

The destination node finds an alternate path that does not have any node in common with the nodes that are on the original path. Next, we need to discuss the difficulties one may face while addressing this problem In some cases it may not be possible to find an alternate path. For example, in Fig. 4.1c, the original path from Node 8 to Node 1 is through Nodes 5 and 2. The alternate path from Node 8 to Node 1 includes Nodes 4, 5 and 2. In this case, detecting whether packets are dropped on a path from Node 8 to Node 1 will not work if Node 2 drops packets. Note that even if we detect that Node 2 drops packets, there is no alternative path to use to avoid packet dropping on a path from Node 1 to Node 8. There can be cases for which even if there is an alternate path from the destination to the source, the destination cannot find it from the route request packets it receives. It happens because some information is lost when intermediate nodes forward a route request packet after receiving multiple route request packets from different neighbors. In Fig. 4.1a, Node 7 receives route request packets from Nodes 4 and 6 but it forwards only one of the packets to Node 8. In general suppose s is the source, d the destination and j the only neighbor of d. Also, assume that j receives multiple route request packets from its predecessors. Node j will forward only one route request packet to d. In this case there is no alternate path from d to s because j is the only neighbor of d that can forward packets from s to d or d to s. But there may be an alternate path from j to s. After receiving only one route request packet (of course from j), node d may ask node j to find an alternate path from j to s, if one exists. If j receives only one route request packet, then it can ask its predecessor k to find an alternate path from k to s. There can be a case in which node d receives multiple route request packets but it cannot find node-disjoint alternate path to reach s. It may find an alternate path to reach some intermediate node m

6

Fig 4.1c Alternate path from Node 8 to Node 1 does not existThe following algorithm outlines a heuristic process of finding an alternate path when DSR is used for route discovery. A straightforward solution is to perform route discovery using DSR and mark the edges of the original path. It incurs significant cost due to flooding. A better heuristic approach would be to keep two route requests at every node when a node receives multiple route requests. One of the route requests is used for establishing the path and second one will be used for alternate path. Obviously this algorithm is just one approach and my not result in an efficient alternate path. Finding optimal alternate path is a challenging problem as mentioned above and our future work involves designing efficient lightweight solutions. The described algorithm suffices for this paper to address packet-dropping attacks for WSNs

A heuristic algorithm to determine alternate path..Find_alternate_path(s, d, AP)begin// Let N be the number of nodes. Each node stores 2//route requests. Node j stores its route replies in//R[j, 0] and R[j, 1]. predecessor[x] is a function that//defines the set of nodes that can send route request//to node x. AP is initialized to {d}.if (d=s) then return.if (|predecessor [d]|=1) then //No alternate path to s exists.j= predecessor [d]

elseif(j R[d, 1])∈j= predecessor [d] //note j not in R[d, 0]AP=AP {i}∪Find_alternate_path(s, d, AP).End

Embedding in Directed Diffusion Let us consider the alternate path discovery problem for Directed Diffusion, a receiver-initiated protocol. In Directed Diffusion, the destination/sink (Node 8) floods the network in search of some data (called an interest) as shown by broken-line arrows in Fig. 4.2a. Whenever that message reaches the source (Node 1), it floods the network back as shown by solid line arrows. Then, the source reinforces only one path from the source to the sink, which is shown by single-line arrows in Fig. 4.2b. This path is used for all future communication. We modify the reinforcement step similar to the ideas used for DSR to identify an alternate path. The double line arrows in Fig. 4.2b show an alternate path discovered during reinforcement step.

Fig 4.2a Source (Node 1) sends out interest (solid lines).Sink (Node 8) replies back (broken lines).

7

Fig 4.2b Source (Node 1) reinforces a path (single-line arrows) to reach sink (Node 8) and finds alternate path (double-line arrows).

Probability of Success for DPDSNDPDSN works when we can correctly determine whether the original path is dropping packets. DPDSN succeeds whenever an alternate path does not have any malicious nodes that drop packets.

5. CONCLUSIONRecent techniques for detection of packet-dropping nodes in ad hoc networks incur heavy costs and are not suitable for resource-constrained WSNs. DPDSN detects whether a path is dropping packets. Overhead for a two-dimensional grid of N nodes is Ο( N ) packets, where N is the number of nodes.The cost is independent of the number of packets transmitted and the number of packet-dropping attacks being detected. DPDSN incurs no cost for the response following the detection of a packet-dropping attack because the alternate path, established during route discovery, is ready for the response.

6.ACKNOWLEDGEMENT

It gives me immense pleasure to thank the head of the department ,Dr .K.G. Srinivasa for giving me an opportunity to present this paper.I extend my sincere gratitude to Dr.Monica Mundada, Associate professor, Dept. of CSE for her regular input and constantly guiding us.

7.REFERENCES

[1] [KW03] C. Karlof and D. Wagner, “Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures”, Proc. IEEE First Int’l Workshop Sensor Network Protocols and Applications, 2003.[2] [BG05] Bhuse, V. and Gupta, A., .Anomaly intrusion detection in Wireless Sensor networks., accepted for publication in the Journal of High Speed Networks, 2005.

[3] [IG00] Intanagonwiwat, C., Govindan, R., and Estrin, D., .Directed Diffusion: A Scalable and Robust Communication Paradigm for Sensor Networks., Proc. 6th Annual Intl. Conf. on Mobile Computing and Networking (MobiCom.00), Boston, Massachusetts, August 2000, pp. 56-67. [4] DPDSN: Detection of packet dropping attacks for wireless sensor networks .

Vijay Bhuse, Student Member, IEEE, Ajay Gupta, Senior Member, IEEE, and Leszek Lilien, Senior Member, IEEE

[5] [JM96] Johnson, D. and Maltz, D., "Dynamic source routing in ad hoc wireless networks," in Mobile Computing, Kluwer Academic Publishers, Dordrecht, The Netherlands, 1996

[6] [YH02] Ye, W., Heidemann, J., and Estrin, D., .An Energy Efficient MAC Protocol for Wireless Sensor Networks., in Proc. IEEE INFOCOM 2002: The Conference onComputer Communications, New York, NY, June 2002, pp. 1567-1576.

[7] [BB02] Buchegger, S. and Le Boudec, J., .Performance Analysis of the CONFIDANT Protocol: Cooperation of Nodes - Fairness in Dynamic Ad-hoc Networks., Proc. 13th

IEEE/ACM Symp. on Mobile Ad Hoc Networking and Computing (MobiHoc), Lausanne, Switzerland, June 2002

8

[8] Detection of misbehaving packet droppers and modifiers in wireless sensor networks using an adaptive protocol International Journal of Computational Engineering Research||Vol, 03||Issue, 7||

[9] Enhanced Detection of Packet Droppers and Modifiers in Wireless Sensor Networks International Journal of Innovative Research in Science, Engineering and Technology Volume 3, Special Issue 3, March 2014 IEEE International Conference on Innovations in Engineering and Technology (ICIET’14)

[10] Catching Packet Droppers and Modifiers in Wireless Sensor Networks Chuang Wang, Taiming Feng Jinsook Kim, Guiling Wang, and Wensheng Zhang Department of Computer Science, Iowa State University Department of Computer Science, New Jersey Institute of Technology

[11] An Introduction to Wireless Sensor Networks Bhaskar Krishnamachari Autonomous Networks Research Group Department of Electrical Engineering USC Viterbi School of Engineering

[12] Protocols and Architectures for Wireless Sensor Networks By Holger Karl, Andreas Willig

[13] Identification of Packet Dropping and Modification in Wireless Sensor Networks B.Kishore Kumar, G.K.Venkata Narasimha Reddy, JNTUA University.

[14] Stann, R., Heidemann, J.: RMST Reliable data transport in sensor networks. In: the proceedings of IEEE SPNA, Anchorage, Alaska, pp. 102–112. IEEE Computer Society Press, Los Alamitos (2003)

[15] Park, S., Vedantham, R., Sivakumar, R., Akyildiz, I.: A Scalable Approach for ReliableDownstream Data Delivery in Wireless Sensor Networks. In: the proceedings of ACMMobiHoc, pp. 78–89. ACM Press, New York (2004)

[16]Wang, C., Sohraby, K., Li, B., Daneshmand, M., Hu, Y.: A survey of transport protocols for wireless sensor networks. IEEE Network Magazine 20(3), 34–40 (2006)

[17]A. Wood and J. Stankovic, “Denial of service in sensor networks”,IEEE Computer, pages 462,Oct. 2002

[18]Catching Packet Droppers and Modifiers in Wireless Sensor Networks using Message Authentication Code International Journal of IT, Engineering and Applied Sciences Research (IJIEASR) ISSN: 2319-4413 Volume 2, No. 5, May 2013

[19]V. Srinivasan, P. Nuggehalli, C. Chiasserini, and R. Rao, “Ananalytical approach to the study of cooperation in wireless as hoc networks,” IEEE Transactions on Wireless Communcations, vol. 4, pp.722–733, March 2005.

[20] H. Chan and A. Perrig, “Security and privacy in sensor networks”, IEEE Computer, Digital Object Identifier vol. 36, no. 10, pp. 103-105, Oct 2003 .

[21] K. Liu, J. Deng, P.K. Varshney, and K.Balakrishnan, “An Acknowledgement-Based Approach for the Detection of Routing Misbehavior in Manets”, IEEE Trans. Mobile Computing, vol. 6, no. 5, pp. 536-550, May2007

[22] [MV05] Miller, M. and Vaidya, N., .A MAC Protocol to Reduce Sensor Network Energy Consumption Using a Wakeup Radio., IEEE Transactions on Mobile Computing, May/June 2005, pp. 228-242.

[23] Chuang Wang, Taiming Feng, Jinsook Kim, Guiling Wang and Wensheng Zhang, “Catching Packet Droppers and Modifiers in Wireless Sensor Networks” in IEEE Trans on Parallel Distributed Systems, vol. 36, no. 5, May 2012.

[24] [JW04] Jourdan, D.B. and de Weck, O.L., .Layout Optimization for a Wireless

9

Sensor Network using a Multi-Objective Genetic Algorithm., IEEE Semiannual VehicularTechnology Conference, Milan, Italy, May 2004

[25] H. Chan and A. Perrig, “Security and privacy in sensor networks”, IEEE Computer, Digital Object Identifier vol. 36, no. 10, pp. 103-105, Oct 2003

[26] G.Padmavathi and D. Shanmugapriya “A survey of Attacks, security mechanisms and challenges in wireless Sensor Network”, Int’l Journal of Computer science and Information Security (IJCSIS), 2009.

[27] J.M. Mccune, E. Shi, A. Perrig, and M.K. Reiter, “Detection of Denial-of-Message Attacks on Sensor Network Broadcasts”, Proc. IEEE Symp. Security and Policy, 2005

[28] Onat, I., Miri, A.: An Intrusion Detection System for Wireless Sensor Networks. In: IEEEInternational Conference on Wireless And Mobile Computing, Networking And Communications. IEEE Computer Society Press, Los Alamitos (2005)

[29] Loo, C.E., Ng, M.Y., Leckie, C., Palaniswami, M.: Intrusion Detection for Routing Attacks in Sensor Networks. International Journal of Distributed Sensor Networks 2(4) (October–December 2006)

[30] [CK04] Chen, Z. and Khokhar, A., "Self Organization and Energy Efficient TDMA MAC Protocol by Wake Up For Wireless Sensor Networks", Proc. First Annual IEEE Intl Conf. on Sensor and Ad Hoc Communications and Networks (SECON 2004), Santa Clara, CA, October 2004

[31] [HL03] Huang, Y. and Lee, W., .A Cooperative Intrusion Detection System for Ad Hoc Networks,. ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN ’03), Fairfax, VA, October 2003

10