cross.rar

<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta charset="utf-8"> <meta name="generator" content="pdf2htmlEX"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <link rel="stylesheet" href="https://static.pudn.com/base/css/base.min.css"> <link rel="stylesheet" href="https://static.pudn.com/base/css/fancy.min.css"> <link rel="stylesheet" href="https://static.pudn.com/prod/directory_preview_static/625f96ae8cbeb85d5766461a/raw.css"> <script src="https://static.pudn.com/base/js/compatibility.min.js"></script> <script src="https://static.pudn.com/base/js/pdf2htmlEX.min.js"></script> <script> try{ pdf2htmlEX.defaultViewer = new pdf2htmlEX.Viewer({}); }catch(e){} </script> <title></title> </head> <body> <div id="sidebar" style="display: none"> <div id="outline"> </div> </div> <div id="pf1" class="pf w0 h0" data-page-no="1"><div class="pc pc1 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://static.pudn.com/prod/directory_preview_static/625f96ae8cbeb85d5766461a/bg1.jpg"><div class="t m0 x1 h2 y1 ff1 fs0 fc0 sc0 ls0 ws0">A<span class="_ _0"> </span>Cross-layer<span class="_ _0"> </span>based<span class="_ _0"> </span>Intrusion<span class="_ _0"> </span>Detection<span class="_ _0"> </span>Approach</div><div class="t m0 x2 h2 y2 ff1 fs0 fc0 sc0 ls0 ws0">for<span class="_ _0"> </span>W<span class="_ _1"></span>ireless<span class="_ _0"> </span>Ad<span class="_ _0"> </span>hoc<span class="_ _0"> </span>Networks</div><div class="t m0 x3 h3 y3 ff1 fs1 fc0 sc0 ls0 ws0">Geethapriya<span class="_ _2"> </span>Thamilarasu</div><div class="t m0 x4 h4 y4 ff2 fs2 fc0 sc0 ls0 ws0">1</div><div class="t m0 x5 h3 y3 ff1 fs1 fc0 sc0 ls0 ws0">,<span class="_ _2"> </span>Aruna<span class="_ _2"> </span>Balasubramanian</div><div class="t m0 x6 h4 y4 ff2 fs2 fc0 sc0 ls0 ws0">2</div><div class="t m0 x7 h3 y3 ff1 fs1 fc0 sc0 ls0 ws0">,<span class="_ _2"> </span>Sumita<span class="_ _2"> </span>Mishra</div><div class="t m0 x8 h4 y4 ff2 fs2 fc0 sc0 ls0 ws0">2</div><div class="t m0 x9 h3 y3 ff1 fs1 fc0 sc0 ls0 ws0">and<span class="_ _2"> </span>Ramalingam<span class="_ _2"> </span>Sridhar</div><div class="t m0 xa h4 y4 ff2 fs2 fc0 sc0 ls0 ws0">1</div><div class="t m0 xb h4 y5 ff2 fs2 fc0 sc0 ls0 ws0">1</div><div class="t m0 xc h5 y6 ff1 fs1 fc0 sc0 ls0 ws0">Uni<span class="_ _3"></span>versity<span class="_ _2"> </span>at<span class="_ _2"> </span>Buf<span class="_ _3"></span>f<span class="_ _3"></span>alo,<span class="_ _2"> </span>Buf<span class="_ _3"></span>falo,<span class="_ _2"> </span>NY<span class="_ _2"> </span>14260-2000;<span class="_ _2"> </span><span class="ff3 fs3">{</span>gt7,<span class="_ _2"> </span>rsridhar<span class="ff3 fs3">}</span>@cse.b<span class="_ _3"></span>uf<span class="_ _3"></span>falo.edu</div><div class="t m0 xd h4 y7 ff2 fs2 fc0 sc0 ls0 ws0">2</div><div class="t m0 xe h5 y8 ff1 fs1 fc0 sc0 ls0 ws0">CompSys<span class="_ _2"> </span>T<span class="_ _1"></span>echnologies<span class="_ _2"> </span>Inc.,<span class="_ _2"> </span>Amherst,<span class="_ _2"> </span>NY<span class="_ _2"> </span>14228<span class="_ _2"> </span>;<span class="_ _2"> </span><span class="ff3 fs3">{</span>arunab,<span class="_ _2"> </span>mishra<span class="ff3 fs3">}</span>@compsystech.com</div><div class="t m0 xf h6 y9 ff4 fs4 fc0 sc0 ls0 ws0">Abstract<span class="ff5">&#8212;<span class="_ _4"> </span>Wir<span class="_ _3"></span>eless<span class="_ _5"> </span>ad-hoc<span class="_ _5"> </span>networks<span class="_ _5"> </span>are<span class="_ _5"> </span>vulnerable<span class="_ _5"> </span>to<span class="_ _5"> </span>various</span></div><div class="t m0 x10 h7 ya ff5 fs4 fc0 sc0 ls0 ws0">kinds<span class="_ _6"> </span>of<span class="_ _6"> </span>security<span class="_ _6"> </span>threats<span class="_ _6"> </span>and<span class="_ _6"> </span>attacks<span class="_ _6"> </span>due<span class="_ _6"> </span>to<span class="_ _6"> </span>r<span class="_ _3"></span>elative<span class="_ _6"> </span>ease<span class="_ _6"> </span>of<span class="_ _6"> </span>access</div><div class="t m0 x10 h7 yb ff5 fs4 fc0 sc0 ls0 ws0">to<span class="_ _2"> </span>wir<span class="_ _3"></span>eless<span class="_ _7"> </span>medium<span class="_ _7"> </span>and<span class="_ _7"> </span>lack<span class="_ _2"> </span>of<span class="_ _7"> </span>a<span class="_ _7"> </span>centralized<span class="_ _2"> </span>infrastructure.<span class="_ _7"> </span>In</div><div class="t m0 x10 h7 yc ff5 fs4 fc0 sc0 ls0 ws0">this<span class="_ _7"> </span>paper<span class="_ _1"></span>,<span class="_ _7"> </span>we<span class="_ _7"> </span>seek<span class="_ _7"> </span>to<span class="_ _7"> </span>detect<span class="_ _7"> </span>and<span class="_ _7"> </span>mitigate<span class="_ _7"> </span>the<span class="_ _7"> </span>Denial<span class="_ _7"> </span>of<span class="_ _7"> </span>Ser<span class="_ _3"></span>vice</div><div class="t m0 x10 h7 yd ff5 fs4 fc0 sc0 ls0 ws0">(DoS)<span class="_ _8"> </span>attacks<span class="_ _8"> </span>that<span class="_ _8"> </span>pre<span class="_ _3"></span>vent<span class="_ _8"> </span>authorized<span class="_ _8"> </span>users<span class="_ _8"> </span>fr<span class="_ _3"></span>om<span class="_ _8"> </span>gaining<span class="_ _8"> </span>access</div><div class="t m0 x10 h7 ye ff5 fs4 fc0 sc0 ls0 ws0">to<span class="_ _9"> </span>the<span class="_ _9"> </span>networks.<span class="_ _9"> </span>These<span class="_ _9"> </span>attacks<span class="_ _9"> </span>affect<span class="_ _9"> </span>the<span class="_ _9"> </span>service<span class="_ _9"> </span>a<span class="_ _3"></span>vailability</div><div class="t m0 x10 h7 yf ff5 fs4 fc0 sc0 ls0 ws0">and<span class="_ _7"> </span>connectivity<span class="_ _8"> </span>of<span class="_ _7"> </span>the<span class="_ _7"> </span>wireless<span class="_ _7"> </span>networks<span class="_ _7"> </span>and<span class="_ _7"> </span>hence<span class="_ _8"> </span>reduce<span class="_ _7"> </span>the</div><div class="t m0 x10 h7 y10 ff5 fs4 fc0 sc0 ls0 ws0">network<span class="_ _a"> </span>performance.<span class="_ _2"> </span>T<span class="_ _b"></span>o<span class="_ _a"> </span>this<span class="_ _a"> </span>end,<span class="_ _c"> </span>we<span class="_ _a"> </span>propose<span class="_ _a"> </span>a<span class="_ _a"> </span>novel<span class="_ _a"> </span>Cross-</div><div class="t m0 x10 h7 y11 ff5 fs4 fc0 sc0 ls0 ws0">layer<span class="_ _a"> </span>based<span class="_ _a"> </span>Intrusion<span class="_ _c"> </span>Detection<span class="_ _a"> </span>System<span class="_ _a"> </span>(CIDS)<span class="_ _c"> </span>to<span class="_ _a"> </span>identify<span class="_ _c"> </span>the</div><div class="t m0 x10 h7 y12 ff5 fs4 fc0 sc0 ls0 ws0">malicious<span class="_ _d"> </span>node(s).<span class="_ _d"> </span>Exploiting<span class="_ _d"> </span>the<span class="_ _d"> </span>information<span class="_ _d"> </span>a<span class="_ _b"></span>vailable<span class="_ _d"> </span>across</div><div class="t m0 x10 h7 y13 ff5 fs4 fc0 sc0 ls0 ws0">different<span class="_ _6"> </span>layers<span class="_ _6"> </span>of<span class="_ _5"> </span>the<span class="_ _6"> </span>protocol<span class="_ _6"> </span>stack<span class="_ _5"> </span>by<span class="_ _6"> </span>triggering<span class="_ _5"> </span>multiple<span class="_ _6"> </span>levels</div><div class="t m0 x10 h7 y14 ff5 fs4 fc0 sc0 ls0 ws0">of<span class="_ _d"> </span>detection,<span class="_ _c"> </span>enhances<span class="_ _d"> </span>the<span class="_ _d"> </span>accuracy<span class="_ _d"> </span>of<span class="_ _c"> </span>detection.<span class="_ _d"> </span>W<span class="_ _b"></span>e<span class="_ _d"> </span>validate</div><div class="t m0 x10 h7 y15 ff5 fs4 fc0 sc0 ls0 ws0">our<span class="_ _e"> </span>design<span class="_ _e"> </span>through<span class="_ _e"> </span>simulations<span class="_ _e"> </span>and<span class="_ _e"> </span>also<span class="_ _e"> </span>demonstrate<span class="_ _e"> </span>lo<span class="_ _3"></span>wer</div><div class="t m0 x10 h7 y16 ff5 fs4 fc0 sc0 ls0 ws0">occurrence<span class="_ _8"> </span>of<span class="_ _8"> </span>false<span class="_ _7"> </span>positives.</div><div class="t m0 xf h6 y17 ff4 fs4 fc0 sc0 ls0 ws0">Index<span class="_ _2"> </span>T<span class="_ _1"></span>erms<span class="ff5">&#8212;<span class="_ _4"> </span>Denial<span class="_ _2"> </span>of<span class="_ _2"> </span>Service<span class="_ _2"> </span>(DoS)<span class="_ _2"> </span>attacks,<span class="_ _2"> </span>Intrusion<span class="_ _2"> </span>de-</span></div><div class="t m0 x10 h7 y18 ff5 fs4 fc0 sc0 ls0 ws0">tection,<span class="_ _8"> </span>Cross-layer<span class="_ _8"> </span>design</div><div class="t m0 x11 h8 y19 ff1 fs5 fc0 sc0 ls0 ws0">I<span class="_ _f"></span>.<span class="_ _9"> </span>I<span class="_ _f"></span><span class="fs2">N<span class="_ _f"></span>T<span class="_ _f"></span>R<span class="_ _f"></span>O<span class="_ _f"></span>D<span class="_ _f"></span>U<span class="_ _f"></span>C<span class="_ _f"></span>T<span class="_ _f"></span>I<span class="_ _f"></span>O<span class="_ _f"></span>N</span></div><div class="t m0 xf h8 y1a ff1 fs5 fc0 sc0 ls0 ws0">W<span class="_ _3"></span>ireless<span class="_ _2"> </span>networks<span class="_ _2"> </span>have<span class="_ _2"> </span>become<span class="_ _2"> </span>an<span class="_ _a"> </span>important<span class="_ _a"> </span>facet<span class="_ _2"> </span>in<span class="_ _a"> </span>our</div><div class="t m0 x10 h8 y1b ff1 fs5 fc0 sc0 ls0 ws0">e<span class="_ _3"></span>veryday<span class="_ _8"> </span>liv<span class="_ _3"></span>es<span class="_ _8"> </span>as<span class="_ _7"> </span>they<span class="_ _8"> </span>are<span class="_ _8"> </span>increasingly<span class="_ _7"> </span>deployed<span class="_ _8"> </span>in<span class="_ _7"> </span>numerous</div><div class="t m0 x10 h8 y1c ff1 fs5 fc0 sc0 ls0 ws0">applications.<span class="_ _8"> </span>Howe<span class="_ _3"></span>ver<span class="_ _b"></span>,<span class="_ _7"> </span>their<span class="_ _7"> </span>gro<span class="_ _3"></span>wing<span class="_ _8"> </span>popularity<span class="_ _7"> </span>is<span class="_ _7"> </span>challenged</div><div class="t m0 x10 h8 y1d ff1 fs5 fc0 sc0 ls0 ws0">by<span class="_"> </span>insecure<span class="_ _5"> </span>en<span class="_ _3"></span>vironment<span class="_"> </span>and<span class="_ _5"> </span>characteristics<span class="_ _5"> </span>of<span class="_"> </span>these<span class="_ _5"> </span>networks.</div><div class="t m0 x10 h8 y1e ff1 fs5 fc0 sc0 ls0 ws0">The<span class="_ _d"> </span>inherent<span class="_ _9"> </span>nature<span class="_ _d"> </span>of<span class="_ _d"> </span>the<span class="_ _9"> </span>wireless<span class="_ _d"> </span>medium<span class="_ _9"> </span>makes<span class="_ _d"> </span>it<span class="_ _d"> </span>sus-</div><div class="t m0 x10 h8 y1f ff1 fs5 fc0 sc0 ls0 ws0">ceptible<span class="_ _d"> </span>to<span class="_ _c"> </span>variety<span class="_ _d"> </span>of<span class="_ _c"> </span>security<span class="_ _d"> </span>attacks<span class="_ _d"> </span>ranging<span class="_ _d"> </span>from<span class="_ _c"> </span>passive</div><div class="t m0 x10 h8 y20 ff1 fs5 fc0 sc0 ls0 ws0">eav<span class="_ _3"></span>esdropping<span class="_ _8"> </span>to<span class="_ _7"> </span>active<span class="_ _8"> </span>interference.</div><div class="t m0 xf h8 y21 ff1 fs5 fc0 sc0 ls0 ws0">Moreov<span class="_ _3"></span>er<span class="_ _b"></span>,<span class="_ _10"> </span>in<span class="_ _e"> </span>a<span class="_ _10"> </span>truly<span class="_ _e"> </span>ad<span class="_ _10"> </span>hoc<span class="_ _e"> </span>wireless<span class="_ _10"> </span>network<span class="_ _e"> </span>domain,</div><div class="t m0 x10 h8 y22 ff1 fs5 fc0 sc0 ls0 ws0">network<span class="_ _a"> </span>services<span class="_ _a"> </span>such<span class="_ _c"> </span>as<span class="_ _a"> </span>routing<span class="_ _a"> </span>are<span class="_ _c"> </span>provided<span class="_ _a"> </span>by<span class="_ _a"> </span>the<span class="_ _c"> </span>nodes</div><div class="t m0 x10 h8 y23 ff1 fs5 fc0 sc0 ls0 ws0">themselves.<span class="_ _e"> </span>In<span class="_ _10"> </span>such<span class="_ _10"> </span>a<span class="_ _10"> </span>scenario,<span class="_ _e"> </span>a<span class="_ _10"> </span>malicious<span class="_ _10"> </span>entity<span class="_ _10"> </span>(apart</div><div class="t m0 x10 h8 y24 ff1 fs5 fc0 sc0 ls0 ws0">from<span class="_ _c"> </span>compromising<span class="_ _d"> </span>a<span class="_ _c"> </span>node),<span class="_ _d"> </span>can<span class="_ _c"> </span>deny<span class="_ _c"> </span>network<span class="_ _c"> </span>services<span class="_ _d"> </span>by</div><div class="t m0 x10 h8 y25 ff1 fs5 fc0 sc0 ls0 ws0">dropping<span class="_ _d"> </span>pack<span class="_ _3"></span>ets<span class="_ _d"> </span>that<span class="_ _c"> </span>need<span class="_ _d"> </span>to<span class="_ _d"> </span>be<span class="_ _d"> </span>forw<span class="_ _3"></span>arded,<span class="_ _d"> </span>by<span class="_ _c"> </span>misrouting</div><div class="t m0 x10 h8 y26 ff1 fs5 fc0 sc0 ls0 ws0">packets<span class="_ _d"> </span>or<span class="_ _d"> </span>by<span class="_ _d"> </span>launching<span class="_ _d"> </span>other<span class="_ _d"> </span>attacks.<span class="_ _d"> </span>Such<span class="_ _d"> </span>attacks,<span class="_ _d"> </span>called</div><div class="t m0 x10 h8 y27 ff1 fs5 fc0 sc0 ls0 ws0">Denial<span class="_ _2"> </span>of<span class="_ _2"> </span>Service<span class="_ _a"> </span>(DoS)<span class="_ _2"> </span>attacks<span class="_ _2"> </span>[1]<span class="_ _a"> </span>af<span class="_ _3"></span>fect<span class="_ _2"> </span>the<span class="_ _2"> </span>availability<span class="_ _7"> </span>of</div><div class="t m0 x10 h8 y28 ff1 fs5 fc0 sc0 ls0 ws0">the<span class="_ _7"> </span>nodes<span class="_ _2"> </span>signi&#64257;cantly<span class="_ _2"> </span>thereby<span class="_ _2"> </span>disrupting<span class="_ _7"> </span>the<span class="_ _2"> </span>entire<span class="_ _2"> </span>network.</div><div class="t m0 x10 h8 y29 ff1 fs5 fc0 sc0 ls0 ws0">Fortifying<span class="_ _5"> </span>the<span class="_ _8"> </span>wireless<span class="_ _8"> </span>infrastructure<span class="_ _5"> </span>against<span class="_ _8"> </span>intrusion<span class="_ _8"> </span>is<span class="_ _5"> </span>more</div><div class="t m0 x10 h8 y2a ff1 fs5 fc0 sc0 ls0 ws0">challenging<span class="_ _2"> </span>than<span class="_ _a"> </span>in<span class="_ _2"> </span>the<span class="_ _a"> </span>case<span class="_ _2"> </span>of<span class="_ _a"> </span>wired<span class="_ _2"> </span>networks<span class="_ _2"> </span>as<span class="_ _a"> </span>the<span class="_ _2"> </span>wired</div><div class="t m0 x10 h8 y2b ff1 fs5 fc0 sc0 ls0 ws0">network<span class="_"> </span>based<span class="_"> </span>access<span class="_"> </span>control<span class="_"> </span>mechanisms<span class="_"> </span>such<span class="_"> </span>as<span class="_"> </span>&#64257;rewalls<span class="_"> </span>are</div><div class="t m0 x10 h8 y2c ff1 fs5 fc0 sc0 ls0 ws0">inef<span class="_ _3"></span>fectiv<span class="_ _3"></span>e<span class="_ _5"> </span>in<span class="_ _8"> </span>these<span class="_ _8"> </span>networks<span class="_ _5"> </span>due<span class="_ _8"> </span>to<span class="_ _8"> </span>their<span class="_ _5"> </span>dynamically<span class="_ _8"> </span>varying</div><div class="t m0 x10 h8 y2d ff1 fs5 fc0 sc0 ls0 ws0">topology<span class="_ _b"></span>.</div><div class="t m0 xf h8 y2e ff1 fs5 fc0 sc0 ls0 ws0">In<span class="_ _2"> </span>the<span class="_ _2"> </span>presence<span class="_ _2"> </span>of<span class="_ _2"> </span>malicious<span class="_ _2"> </span>nodes,<span class="_ _2"> </span>traditionally<span class="_ _b"></span>,<span class="_ _2"> </span>intrusion</div><div class="t m0 x10 h8 y2f ff1 fs5 fc0 sc0 ls0 ws0">pre<span class="_ _3"></span>vention<span class="_ _9"> </span>mechanisms<span class="_ _e"> </span>such<span class="_ _9"> </span>as<span class="_ _e"> </span>secret<span class="_ _9"> </span>key<span class="_ _9"> </span>and<span class="_ _e"> </span>encryption</div><div class="t m0 x10 h8 y30 ff1 fs5 fc0 sc0 ls0 ws0">are<span class="_ _a"> </span>used.<span class="_ _a"> </span>Howe<span class="_ _b"></span>ver<span class="_ _3"></span>,<span class="_ _a"> </span>these<span class="_ _a"> </span>authentication<span class="_ _a"> </span>mechanisms<span class="_ _a"> </span>are<span class="_ _a"> </span>not</div><div class="t m0 x10 h8 y31 ff1 fs5 fc0 sc0 ls0 ws0">ef<span class="_ _3"></span>fectiv<span class="_ _3"></span>e<span class="_ _a"> </span>against<span class="_ _c"> </span>insider<span class="_ _c"> </span>attacks<span class="_ _c"> </span>as<span class="_ _c"> </span>the<span class="_ _c"> </span>physical<span class="_ _c"> </span>compromise</div><div class="t m0 x10 h8 y32 ff1 fs5 fc0 sc0 ls0 ws0">of<span class="_ _e"> </span>a<span class="_ _10"> </span>node<span class="_ _e"> </span>could<span class="_ _10"> </span>compromise<span class="_ _e"> </span>the<span class="_ _e"> </span>secret<span class="_ _10"> </span>ke<span class="_ _3"></span>y<span class="_ _1"></span>.<span class="_ _10"> </span>In<span class="_ _e"> </span>order<span class="_ _10"> </span>to</div><div class="t m0 x10 h8 y33 ff1 fs5 fc0 sc0 ls0 ws0">secure<span class="_ _5"> </span>wireless<span class="_ _8"> </span>networks,<span class="_ _5"> </span>we<span class="_ _8"> </span>need<span class="_ _5"> </span>a<span class="_ _8"> </span>second<span class="_ _5"> </span>line<span class="_ _8"> </span>of<span class="_ _8"> </span>defense<span class="_ _5"> </span>to</div><div class="t m0 x10 h8 y34 ff1 fs5 fc0 sc0 ls0 ws0">detect<span class="_ _8"> </span>the<span class="_ _5"> </span>intrusions<span class="_ _8"> </span>[2].<span class="_ _8"> </span>For<span class="_ _5"> </span>this<span class="_ _8"> </span>purpose,<span class="_ _8"> </span>Intrusion<span class="_ _8"> </span>Detection</div><div class="t m0 x10 h8 y35 ff1 fs5 fc0 sc0 ls0 ws0">Systems<span class="_ _8"> </span>(IDS)<span class="_ _5"> </span>are<span class="_ _8"> </span>deployed<span class="_ _8"> </span>to<span class="_ _8"> </span>identify<span class="_ _5"> </span>any<span class="_ _8"> </span>set<span class="_ _8"> </span>of<span class="_ _5"> </span>actions<span class="_ _8"> </span>that</div><div class="t m0 x10 h8 y36 ff1 fs5 fc0 sc0 ls0 ws0">compromise<span class="_ _d"> </span>the<span class="_ _d"> </span>integrity<span class="_ _1"></span>,<span class="_ _9"> </span>con&#64257;dentiality<span class="_ _d"> </span>and<span class="_ _d"> </span>av<span class="_ _b"></span>ailability<span class="_ _d"> </span>of</div><div class="t m0 x12 h8 y37 ff1 fs5 fc0 sc0 ls0 ws0">resources.<span class="_ _d"> </span>Misuse<span class="_ _d"> </span>and<span class="_ _d"> </span>anomaly<span class="_ _d"> </span>detection<span class="_ _c"> </span>are<span class="_ _d"> </span>common<span class="_ _d"> </span>IDS</div><div class="t m0 x12 h8 y38 ff1 fs5 fc0 sc0 ls0 ws0">techniques<span class="_ _9"> </span>that<span class="_ _9"> </span>are<span class="_ _9"> </span>used<span class="_ _9"> </span>to<span class="_ _9"> </span>study<span class="_ _9"> </span>the<span class="_ _9"> </span>abnormalities<span class="_ _9"> </span>in<span class="_ _9"> </span>the</div><div class="t m0 x12 h8 y39 ff1 fs5 fc0 sc0 ls0 ws0">system<span class="_ _a"> </span>to<span class="_ _c"> </span>detect<span class="_ _c"> </span>if<span class="_ _c"> </span>an<span class="_ _c"> </span>intrusion<span class="_ _c"> </span>has<span class="_ _c"> </span>occurred.<span class="_ _c"> </span>The<span class="_ _a"> </span>intr<span class="_ _11"></span>usion</div><div class="t m0 x12 h8 y3a ff1 fs5 fc0 sc0 ls0 ws0">detection<span class="_ _9"> </span>mechanisms<span class="_ _9"> </span>complement<span class="_ _9"> </span>the<span class="_ _9"> </span>intrusion<span class="_ _9"> </span>pre<span class="_ _3"></span>v<span class="_ _3"></span>ention</div><div class="t m0 x12 h8 y3b ff1 fs5 fc0 sc0 ls0 ws0">measures<span class="_ _7"> </span>and<span class="_ _7"> </span>help<span class="_ _8"> </span>enhance<span class="_ _7"> </span>the<span class="_ _7"> </span>security<span class="_ _7"> </span>of<span class="_ _7"> </span>the<span class="_ _7"> </span>networks.<span class="_ _7"> </span>The</div><div class="t m0 x12 h8 y3c ff1 fs5 fc0 sc0 ls0 ws0">intrusion,<span class="_ _e"> </span>in<span class="_ _e"> </span>the<span class="_ _e"> </span>case<span class="_ _e"> </span>of<span class="_ _e"> </span>DoS<span class="_ _e"> </span>attacks<span class="_ _e"> </span>is<span class="_ _e"> </span>often<span class="_ _e"> </span>manifested</div><div class="t m0 x12 h8 y3d ff1 fs5 fc0 sc0 ls0 ws0">as<span class="_ _a"> </span>non-av<span class="_ _3"></span>ailability<span class="_ _a"> </span>of<span class="_ _a"> </span>the<span class="_ _a"> </span>network<span class="_ _a"> </span>infrastructure.<span class="_ _c"> </span>In<span class="_ _a"> </span>order<span class="_ _a"> </span>to</div><div class="t m0 x12 h8 y3e ff1 fs5 fc0 sc0 ls0 ws0">detect<span class="_ _2"> </span>DoS<span class="_ _2"> </span>attacks,<span class="_ _2"> </span>con<span class="_ _b"></span>ventional<span class="_ _2"> </span>systems<span class="_ _2"> </span>use<span class="_ _2"> </span>a<span class="_ _2"> </span>network<span class="_ _2"> </span>IDS</div><div class="t m0 x12 h8 y3f ff1 fs5 fc0 sc0 ls0 ws0">that<span class="_ _2"> </span>resides<span class="_ _2"> </span>in<span class="_ _7"> </span>a<span class="_ _2"> </span>gateway<span class="_ _7"> </span>node<span class="_ _2"> </span>and<span class="_ _2"> </span>monitors<span class="_ _2"> </span>the<span class="_ _2"> </span>network<span class="_ _7"> </span>for</div><div class="t m0 x12 h8 y40 ff1 fs5 fc0 sc0 ls0 ws0">abnormal<span class="_ _2"> </span>network<span class="_ _2"> </span>behavior<span class="_ _b"></span>.<span class="_ _2"> </span>In<span class="_ _a"> </span>a<span class="_ _2"> </span>wireless<span class="_ _a"> </span>ad<span class="_ _2"> </span>hoc<span class="_ _2"> </span>network,<span class="_ _a"> </span>a</div><div class="t m0 x12 h8 y41 ff1 fs5 fc0 sc0 ls0 ws0">dedicated<span class="_ _d"> </span>gate<span class="_ _3"></span>way<span class="_ _c"> </span>node<span class="_ _d"> </span>cannot<span class="_ _d"> </span>be<span class="_ _d"> </span>assumed<span class="_ _d"> </span>because<span class="_ _c"> </span>of<span class="_ _d"> </span>the</div><div class="t m0 x12 h8 y42 ff1 fs5 fc0 sc0 ls0 ws0">transient<span class="_ _7"> </span>nature<span class="_ _7"> </span>of<span class="_ _7"> </span>the<span class="_ _7"> </span>network.</div><div class="t m0 x13 h8 y43 ff1 fs5 fc0 sc0 ls0 ws0">Additionally<span class="_ _b"></span>,<span class="_ _d"> </span>it<span class="_ _d"> </span>is<span class="_ _d"> </span>dif&#64257;cult<span class="_ _d"> </span>to<span class="_ _d"> </span>identify<span class="_ _d"> </span>intrusions<span class="_ _d"> </span>in<span class="_ _d"> </span>these</div><div class="t m0 x12 h8 y44 ff1 fs5 fc0 sc0 ls0 ws0">networks<span class="_ _5"> </span>as<span class="_ _5"> </span>nodes<span class="_ _5"> </span>may<span class="_ _8"> </span>fail<span class="_"> </span>to<span class="_ _8"> </span>pro<span class="_ _3"></span>vide<span class="_ _5"> </span>services<span class="_ _5"> </span>due<span class="_ _8"> </span>to<span class="_ _5"> </span>genuine</div><div class="t m0 x12 h8 y45 ff1 fs5 fc0 sc0 ls0 ws0">reasons<span class="_ _2"> </span>such<span class="_ _2"> </span>as<span class="_ _2"> </span>network<span class="_ _2"> </span>congestion,<span class="_ _a"> </span>link<span class="_ _2"> </span>failure<span class="_ _2"> </span>or<span class="_ _2"> </span>topology</div><div class="t m0 x12 h8 y46 ff1 fs5 fc0 sc0 ls0 ws0">changes,<span class="_ _9"> </span>thus<span class="_ _d"> </span>causing<span class="_ _9"> </span>high<span class="_ _9"> </span>false<span class="_ _d"> </span>positiv<span class="_ _3"></span>es.<span class="_ _9"> </span>F<span class="_ _3"></span>or<span class="_ _9"> </span>examp<span class="_ _3"></span>le,<span class="_ _9"> </span>a</div><div class="t m0 x12 h8 y47 ff1 fs5 fc0 sc0 ls0 ws0">node<span class="_ _a"> </span>could<span class="_ _c"> </span>drop<span class="_ _c"> </span>a<span class="_ _c"> </span>packet<span class="_ _a"> </span>due<span class="_ _c"> </span>to<span class="_ _c"> </span>collision<span class="_ _c"> </span>attack<span class="_ _c"> </span>caused<span class="_ _c"> </span>by</div><div class="t m0 x12 h8 y48 ff1 fs5 fc0 sc0 ls0 ws0">a<span class="_ _2"> </span>malicious<span class="_ _2"> </span>entity<span class="_ _2"> </span>or<span class="_ _2"> </span>simply<span class="_ _2"> </span>due<span class="_ _7"> </span>to<span class="_ _2"> </span>poor<span class="_ _2"> </span>channel<span class="_ _2"> </span>conditions.</div><div class="t m0 x12 h8 y49 ff1 fs5 fc0 sc0 ls0 ws0">Also,<span class="_ _8"> </span>DoS<span class="_ _8"> </span>attacks<span class="_ _8"> </span>could<span class="_ _8"> </span>be<span class="_ _8"> </span>launched<span class="_ _8"> </span>at<span class="_ _8"> </span>multiple<span class="_ _7"> </span>layers<span class="_ _8"> </span>of<span class="_ _8"> </span>the</div><div class="t m0 x12 h8 y4a ff1 fs5 fc0 sc0 ls0 ws0">protocol<span class="_ _c"> </span>suite<span class="_ _d"> </span>(T<span class="_ _1"></span>able<span class="_ _d"> </span>I).<span class="_ _c"> </span>By<span class="_ _d"> </span>detecting<span class="_ _c"> </span>abnormal<span class="_ _d"> </span>beha<span class="_ _3"></span>vior<span class="_ _c"> </span>at</div><div class="t m0 x12 h8 y4b ff1 fs5 fc0 sc0 ls0 ws0">dif<span class="_ _3"></span>ferent<span class="_ _a"> </span>layers<span class="_ _a"> </span>and<span class="_ _a"> </span>using<span class="_ _c"> </span>information<span class="_ _a"> </span>across<span class="_ _a"> </span>layers,<span class="_ _a"> </span>we<span class="_ _c"> </span>can</div><div class="t m0 x12 h8 y4c ff1 fs5 fc0 sc0 ls0 ws0">detect<span class="_ _7"> </span>malicious<span class="_ _7"> </span>nodes<span class="_ _7"> </span>with<span class="_ _7"> </span>increasing<span class="_ _7"> </span>accuracy<span class="_ _1"></span>.</div><div class="t m0 x13 h8 y4d ff1 fs5 fc0 sc0 ls0 ws0">In<span class="_ _2"> </span>this<span class="_ _2"> </span>paper<span class="_ _b"></span>,<span class="_ _2"> </span>we<span class="_ _2"> </span>provide<span class="_ _2"> </span>a<span class="_ _2"> </span>host<span class="_ _2"> </span>based<span class="_ _2"> </span>IDS<span class="_ _2"> </span>that<span class="_ _2"> </span>resides<span class="_ _2"> </span>in</div><div class="t m0 x12 h8 y4e ff1 fs5 fc0 sc0 ls0 ws0">e<span class="_ _3"></span>very<span class="_ _5"> </span>host<span class="_ _5"> </span>and<span class="_ _8"> </span>monitors<span class="_ _5"> </span>its<span class="_ _5"> </span>local<span class="_ _8"> </span>neighborhood<span class="_ _5"> </span>for<span class="_ _5"> </span>abnormali-</div><div class="t m0 x12 h8 y4f ff1 fs5 fc0 sc0 ls0 ws0">ties<span class="_ _8"> </span>in<span class="_ _8"> </span>the<span class="_ _5"> </span>network<span class="_ _8"> </span>activities.<span class="_ _5"> </span>W<span class="_ _b"></span>e<span class="_ _8"> </span>de<span class="_ _3"></span>velop<span class="_ _5"> </span>a<span class="_ _8"> </span>cross-layer<span class="_ _8"> </span>design</div><div class="t m0 x12 h8 y50 ff1 fs5 fc0 sc0 ls0 ws0">frame<span class="_ _3"></span>work<span class="_"> </span>that<span class="_ _5"> </span>will<span class="_ _5"> </span>exchange<span class="_"> </span>the<span class="_ _5"> </span>detection<span class="_ _5"> </span>information<span class="_ _5"> </span>across</div><div class="t m0 x12 h8 y51 ff1 fs5 fc0 sc0 ls0 ws0">the<span class="_"> </span>layers<span class="_"> </span>and<span class="_ _5"> </span>trigger<span class="_"> </span>multiple<span class="_"> </span>lev<span class="_ _3"></span>els<span class="_"> </span>of<span class="_"> </span>detection.<span class="_"> </span>This<span class="_ _5"> </span>enables</div><div class="t m0 x12 h8 y52 ff1 fs5 fc0 sc0 ls0 ws0">the<span class="_ _5"> </span>IDS<span class="_ _5"> </span>to<span class="_ _8"> </span>make<span class="_ _5"> </span>a<span class="_ _5"> </span>more<span class="_ _8"> </span>informed<span class="_ _5"> </span>decision<span class="_ _5"> </span>about<span class="_ _5"> </span>the<span class="_ _8"> </span>intrusion</div><div class="t m0 x12 h8 y53 ff1 fs5 fc0 sc0 ls0 ws0">in<span class="_ _a"> </span>the<span class="_ _a"> </span>network.<span class="_ _2"> </span>W<span class="_ _b"></span>e<span class="_ _a"> </span>simulate<span class="_ _a"> </span>our<span class="_ _a"> </span>approach<span class="_ _a"> </span>using<span class="_ _a"> </span>GloMoSim</div><div class="t m0 x12 h8 y54 ff1 fs5 fc0 sc0 ls0 ws0">for<span class="_ _5"> </span>proof<span class="_ _8"> </span>of<span class="_ _8"> </span>concept.<span class="_ _5"> </span>Results<span class="_ _8"> </span>indicate<span class="_ _5"> </span>that<span class="_ _8"> </span>attacks<span class="_ _8"> </span>are<span class="_ _5"> </span>detected</div><div class="t m0 x12 h8 y55 ff1 fs5 fc0 sc0 ls0 ws0">at<span class="_ _d"> </span>a<span class="_ _d"> </span>higher<span class="_ _d"> </span>percentage<span class="_ _d"> </span>with<span class="_ _c"> </span>considerable<span class="_ _d"> </span>reduction<span class="_ _d"> </span>in<span class="_ _d"> </span>false</div><div class="t m0 x12 h8 y56 ff1 fs5 fc0 sc0 ls0 ws0">positi<span class="_ _3"></span>ves.</div><div class="t m0 x14 h9 y57 ff1 fs2 fc0 sc0 ls0 ws0">T<span class="_ _1"></span>ABLE<span class="_ _5"> </span>I</div><div class="t m0 x15 h9 y58 ff1 fs2 fc0 sc0 ls0 ws0">D<span class="_ _11"></span><span class="fs6">E<span class="_ _f"></span>N<span class="_ _11"></span>I<span class="_ _f"></span>A<span class="_ _11"></span>L<span class="_ _6"> </span></span>O<span class="_ _f"></span><span class="fs6">F<span class="_ _6"> </span></span>S<span class="_ _11"></span><span class="fs6">E<span class="_ _f"></span>RV<span class="_ _11"></span>I<span class="_ _11"></span>C<span class="_ _f"></span>E<span class="_ _6"> </span></span>A<span class="_ _3"></span><span class="fs6">T<span class="_ _11"></span>TAC<span class="_ _11"></span>K<span class="_ _f"></span>S</span></div><div class="t m0 x16 h9 y59 ff1 fs2 fc0 sc0 ls0 ws0">Protocol<span class="_ _5"> </span>layer<span class="_ _12"> </span>DoS<span class="_ _5"> </span>Attacks</div><div class="t m0 x17 h9 y5a ff1 fs2 fc0 sc0 ls0 ws0">Link<span class="_ _5"> </span>Layer<span class="_ _13"> </span>Collision</div><div class="t m0 x15 h9 y5b ff1 fs2 fc0 sc0 ls0 ws0">Network<span class="_ _5"> </span>Layer<span class="_ _14"> </span>Packet<span class="_ _6"> </span>Drop</div><div class="t m0 x18 h9 y5c ff1 fs2 fc0 sc0 ls0 ws0">Misdirection</div><div class="t m0 x13 h8 y5d ff1 fs5 fc0 sc0 ls0 ws0">The<span class="_ _5"> </span>remainder<span class="_ _8"> </span>of<span class="_ _5"> </span>the<span class="_ _5"> </span>paper<span class="_ _8"> </span>is<span class="_ _5"> </span>organized<span class="_ _5"> </span>as<span class="_ _5"> </span>follows.<span class="_ _5"> </span>Section</div><div class="t m0 x12 h8 y5e ff1 fs5 fc0 sc0 ls0 ws0">II<span class="_ _e"> </span>discusses<span class="_ _9"> </span>the<span class="_ _e"> </span>related<span class="_ _9"> </span>work.<span class="_ _e"> </span>Section<span class="_ _9"> </span>III<span class="_ _e"> </span>gi<span class="_ _3"></span>ves<span class="_ _9"> </span>the<span class="_ _e"> </span>threat</div><div class="t m0 x12 h8 y5f ff1 fs5 fc0 sc0 ls0 ws0">model<span class="_ _9"> </span>and<span class="_ _d"> </span>the<span class="_ _9"> </span>assumptions<span class="_ _9"> </span>used<span class="_ _9"> </span>in<span class="_ _9"> </span>this<span class="_ _d"> </span>work.<span class="_ _9"> </span>Section<span class="_ _9"> </span>IV</div><div class="t m0 x12 h8 y60 ff1 fs5 fc0 sc0 ls0 ws0">describes<span class="_ _c"> </span>the<span class="_ _c"> </span>proposed<span class="_ _c"> </span>cross-layer<span class="_ _c"> </span>design<span class="_ _c"> </span>approach.<span class="_ _c"> </span>Section</div><div class="t m0 x12 h8 y61 ff1 fs5 fc0 sc0 ls0 ws0">V<span class="_ _7"> </span>presents<span class="_ _7"> </span>a<span class="_ _7"> </span>detailed<span class="_ _7"> </span>analysis<span class="_ _7"> </span>of<span class="_ _7"> </span>the<span class="_ _8"> </span>collis<span class="_ _11"></span>ion<span class="_ _7"> </span>detection<span class="_ _7"> </span>algo-</div><div class="t m0 x12 h8 y62 ff1 fs5 fc0 sc0 ls0 ws0">rithm<span class="_ _2"> </span>implemented.<span class="_ _2"> </span>Section<span class="_ _a"> </span>VI<span class="_ _2"> </span>and<span class="_ _a"> </span>VII<span class="_ _2"> </span>details<span class="_ _2"> </span>the<span class="_ _a"> </span>detection</div><div class="c x19 y63 w2 ha"><div class="t m1 x0 hb y64 ff6 fs7 fc0 sc0 ls0 ws0">0-7803-9466-6/05/$20.00 &#169;2005 IEEE MASS 2005 Workshop - WSNS05</div></div></div><div class="pi" data-data='{"ctm":[1.611639,0.000000,0.000000,1.611639,0.000000,0.000000]}'></div></div> </body> </html>

<div id="pf2" class="pf w0 h0" data-page-no="2"><div class="pc pc2 w0 h0"><img class="bi x0 y0 w1 h1" alt="" src="https://static.pudn.com/prod/directory_preview_static/625f96ae8cbeb85d5766461a/bg2.jpg"><div class="t m0 x10 h8 y65 ff1 fs5 fc0 sc0 ls0 ws0">procedure<span class="_ _5"> </span>for<span class="_ _5"> </span>packet<span class="_ _5"> </span>drop<span class="_ _5"> </span>and<span class="_ _5"> </span>the<span class="_ _8"> </span>misdirection<span class="_ _5"> </span>attack.<span class="_ _5"> </span>Section</div><div class="t m0 x10 h8 y66 ff1 fs5 fc0 sc0 ls0 ws0">VIII<span class="_ _5"> </span>elaborates<span class="_ _8"> </span>the<span class="_ _5"> </span>working<span class="_ _5"> </span>of<span class="_ _5"> </span>the<span class="_ _8"> </span>intrusion<span class="_ _5"> </span>detection<span class="_ _5"> </span>module.</div><div class="t m0 x10 h8 y67 ff1 fs5 fc0 sc0 ls0 ws0">Section<span class="_ _10"> </span>IX<span class="_ _10"> </span>illustrates<span class="_ _e"> </span>the<span class="_ _10"> </span>simulation<span class="_ _10"> </span>results<span class="_ _10"> </span>and<span class="_ _e"> </span>analysis.</div><div class="t m0 x10 h8 y68 ff1 fs5 fc0 sc0 ls0 ws0">Section<span class="_ _7"> </span>X<span class="_ _7"> </span>concludes<span class="_ _7"> </span>the<span class="_ _7"> </span>paper<span class="_ _b"></span>.</div><div class="t m0 x1a h8 y69 ff1 fs5 fc0 sc0 ls0 ws0">I<span class="_ _f"></span>I<span class="_ _f"></span>.<span class="_ _9"> </span>R<span class="_ _f"></span><span class="fs2">E<span class="_ _f"></span>L<span class="_ _f"></span>AT<span class="_ _11"></span>E<span class="_ _f"></span>D<span class="_ _5"> </span></span>W<span class="_ _f"></span><span class="fs2">O<span class="_ _f"></span>R<span class="_ _f"></span>K</span></div><div class="t m0 xf h8 y6a ff1 fs5 fc0 sc0 ls0 ws0">Intrusion<span class="_ _10"> </span>detection<span class="_ _e"> </span>systems<span class="_ _10"> </span>in<span class="_ _e"> </span>both<span class="_ _10"> </span>wired<span class="_ _e"> </span>and<span class="_ _10"> </span>wireless</div><div class="t m0 x10 h8 y6b ff1 fs5 fc0 sc0 ls0 ws0">networks<span class="_ _a"> </span>commonly<span class="_ _c"> </span>adopt<span class="_ _c"> </span>an<span class="_ _a"> </span>anomaly<span class="_ _c"> </span>or<span class="_ _c"> </span>misuse<span class="_ _c"> </span>based<span class="_ _a"> </span>de-</div><div class="t m0 x10 h8 y6c ff1 fs5 fc0 sc0 ls0 ws0">tection.<span class="_ _2"> </span>Misuse<span class="_ _a"> </span>detection<span class="_ _2"> </span>systems<span class="_ _2"> </span>are<span class="_ _a"> </span>accurate<span class="_ _2"> </span>in<span class="_ _a"> </span>identifying</div><div class="t m0 x10 h8 y6d ff1 fs5 fc0 sc0 ls0 ws0">the<span class="_"> </span>known<span class="_"> </span>attacks<span class="_"> </span>and<span class="_"> </span>has<span class="_"> </span>lo<span class="_ _3"></span>w<span class="_"> </span>false<span class="_"> </span>positi<span class="_ _3"></span>ves<span class="_"> </span>b<span class="_ _3"></span>ut<span class="_"> </span>cannot<span class="_"> </span>detect</div><div class="t m0 x10 h8 y6e ff1 fs5 fc0 sc0 ls0 ws0">ne<span class="_ _3"></span>wly<span class="_ _5"> </span>inv<span class="_ _3"></span>ented<span class="_ _5"> </span>attacks.<span class="_ _8"> </span>Anomaly<span class="_ _5"> </span>based<span class="_ _5"> </span>detection<span class="_ _8"> </span>schemes<span class="_ _5"> </span>are</div><div class="t m0 x10 h8 y6f ff1 fs5 fc0 sc0 ls0 ws0">more<span class="_ _9"> </span>effecti<span class="_ _b"></span>ve<span class="_ _9"> </span>in<span class="_ _9"> </span>detecting<span class="_ _9"> </span>unknown<span class="_ _d"> </span>attacks<span class="_ _9"> </span>howe<span class="_ _3"></span>ver<span class="_ _d"> </span>they</div><div class="t m0 x10 h8 y70 ff1 fs5 fc0 sc0 ls0 ws0">often<span class="_ _d"> </span>result<span class="_ _c"> </span>in<span class="_ _d"> </span>high<span class="_ _d"> </span>false<span class="_ _c"> </span>positives.<span class="_ _c"> </span>In<span class="_ _d"> </span>recent<span class="_ _d"> </span>years,<span class="_ _c"> </span>several</div><div class="t m0 x10 h8 y71 ff1 fs5 fc0 sc0 ls0 ws0">approaches<span class="_ _a"> </span>such<span class="_ _c"> </span>as<span class="_ _a"> </span>reputation<span class="_ _a"> </span>based<span class="_ _c"> </span>schemes<span class="_ _a"> </span>and<span class="_ _c"> </span>watchdog</div><div class="t m0 x10 h8 y72 ff1 fs5 fc0 sc0 ls0 ws0">mechanisms<span class="_ _c"> </span>hav<span class="_ _3"></span>e<span class="_ _c"> </span>been<span class="_ _c"> </span>proposed<span class="_ _c"> </span>in<span class="_ _c"> </span>the<span class="_ _c"> </span>literature<span class="_ _c"> </span>to<span class="_ _c"> </span>aid<span class="_ _d"> </span>the</div><div class="t m0 x10 h8 y73 ff1 fs5 fc0 sc0 ls0 ws0">detection<span class="_ _7"> </span>process<span class="_ _7"> </span>in<span class="_ _7"> </span>IDS<span class="_ _7"> </span>systems<span class="_ _7"> </span>[3],<span class="_ _7"> </span>[4].</div><div class="t m0 xf h8 y74 ff1 fs5 fc0 sc0 ls0 ws0">Michiardi<span class="_ _10"> </span>and<span class="_ _e"> </span>Molva<span class="_ _e"> </span>[3]<span class="_ _10"> </span>use<span class="_ _10"> </span>passi<span class="_ _3"></span>ve<span class="_ _e"> </span>eavesdropp<span class="_ _3"></span>ing<span class="_ _10"> </span>to</div><div class="t m0 x10 h8 y75 ff1 fs5 fc0 sc0 ls0 ws0">isolate<span class="_ _d"> </span>the<span class="_ _d"> </span>misbehaving<span class="_ _d"> </span>nodes<span class="_ _d"> </span>and<span class="_ _d"> </span>assign<span class="_ _d"> </span>reputation<span class="_ _d"> </span>to<span class="_ _d"> </span>the</div><div class="t m0 x10 h8 y76 ff1 fs5 fc0 sc0 ls0 ws0">nodes<span class="_ _2"> </span>such<span class="_ _2"> </span>that<span class="_ _a"> </span>only<span class="_ _2"> </span>good<span class="_ _a"> </span>nodes<span class="_ _2"> </span>in<span class="_ _2"> </span>the<span class="_ _a"> </span>network<span class="_ _2"> </span>are<span class="_ _2"> </span>trusted.</div><div class="t m0 x10 h8 y77 ff1 fs5 fc0 sc0 ls0 ws0">Marti<span class="_ _7"> </span><span class="ff7">et<span class="_ _7"> </span>al<span class="_ _7"> </span></span>[4]<span class="_ _7"> </span>proposed<span class="_ _7"> </span>the<span class="_ _7"> </span>popular<span class="_ _7"> </span>watchdog<span class="_ _8"> </span>mechanism<span class="_ _7"> </span>to</div><div class="t m0 x10 h8 y78 ff1 fs5 fc0 sc0 ls0 ws0">monitor<span class="_ _5"> </span>the<span class="_"> </span>neighbor<span class="_ _5"> </span>nodes<span class="_ _5"> </span>and<span class="_ _5"> </span>detect<span class="_ _5"> </span>misbehavior<span class="_"> </span>in<span class="_ _5"> </span>order<span class="_ _5"> </span>to</div><div class="t m0 x10 h8 y79 ff1 fs5 fc0 sc0 ls0 ws0">reliably<span class="_ _7"> </span>route<span class="_ _7"> </span>packets<span class="_ _7"> </span>around<span class="_ _2"> </span>the<span class="_ _7"> </span>good<span class="_ _7"> </span>nodes<span class="_ _2"> </span>in<span class="_ _7"> </span>the<span class="_ _7"> </span>network.</div><div class="t m0 x10 h8 y7a ff1 fs5 fc0 sc0 ls0 ws0">This<span class="_ _e"> </span>work<span class="_ _e"> </span>howe<span class="_ _3"></span>v<span class="_ _3"></span>er<span class="_ _e"> </span>fails<span class="_ _e"> </span>to<span class="_ _10"> </span>dif<span class="_ _3"></span>ferentiate<span class="_ _e"> </span>the<span class="_ _e"> </span>misbehaviors</div><div class="t m0 x10 h8 y7b ff1 fs5 fc0 sc0 ls0 ws0">caused<span class="_"> </span>in<span class="_"> </span>nodes<span class="_"> </span>due<span class="_"> </span>to<span class="_"> </span>collisions,<span class="_"> </span>collusions<span class="_"> </span>and<span class="_"> </span>other<span class="_"> </span>reasons.</div><div class="t m0 x10 h8 y7c ff1 fs5 fc0 sc0 ls0 ws0">Kachirski<span class="_ _8"> </span>and<span class="_ _5"> </span>Guha<span class="_ _8"> </span>[5],<span class="_ _8"> </span>propose<span class="_ _5"> </span>the<span class="_ _8"> </span>idea<span class="_ _8"> </span>of<span class="_ _8"> </span>a<span class="_ _5"> </span>distributed<span class="_ _5"> </span>IDS</div><div class="t m0 x10 h8 y7d ff1 fs5 fc0 sc0 ls0 ws0">where<span class="_ _a"> </span>cluster<span class="_ _2"> </span>heads<span class="_ _a"> </span>are<span class="_ _a"> </span>elected<span class="_ _a"> </span>and<span class="_ _a"> </span>the<span class="_ _a"> </span>IDS<span class="_ _a"> </span>functionality<span class="_ _a"> </span>is</div><div class="t m0 x10 h8 y7e ff1 fs5 fc0 sc0 ls0 ws0">distributed<span class="_ _c"> </span>among<span class="_ _d"> </span>them.<span class="_ _d"> </span>This<span class="_ _d"> </span>approach<span class="_ _c"> </span>minimizes<span class="_ _d"> </span>the<span class="_ _d"> </span>total</div><div class="t m0 x10 h8 y7f ff1 fs5 fc0 sc0 ls0 ws0">processing<span class="_ _5"> </span>time<span class="_ _8"> </span>spent<span class="_ _5"> </span>by<span class="_ _5"> </span>each<span class="_ _8"> </span>node.<span class="_ _5"> </span>Howe<span class="_ _3"></span>v<span class="_ _3"></span>er<span class="_ _b"></span>,<span class="_ _8"> </span>it<span class="_ _5"> </span>may<span class="_ _8"> </span>not<span class="_ _5"> </span>be<span class="_ _5"> </span>a</div><div class="t m0 x10 h8 y80 ff1 fs5 fc0 sc0 ls0 ws0">suitable<span class="_ _7"> </span>approach<span class="_ _2"> </span>in<span class="_ _2"> </span>an<span class="_ _7"> </span>ad<span class="_ _2"> </span>hoc<span class="_ _2"> </span>network<span class="_ _7"> </span>scenario,<span class="_ _2"> </span>where<span class="_ _7"> </span>care</div><div class="t m0 x10 h8 y81 ff1 fs5 fc0 sc0 ls0 ws0">should<span class="_ _a"> </span>be<span class="_ _c"> </span>taken<span class="_ _a"> </span>to<span class="_ _a"> </span>av<span class="_ _3"></span>oid<span class="_ _a"> </span>malicious<span class="_ _c"> </span>cluster<span class="_ _a"> </span>heads<span class="_ _a"> </span>or<span class="_ _c"> </span>prev<span class="_ _3"></span>ent</div><div class="t m0 x10 h8 y82 ff1 fs5 fc0 sc0 ls0 ws0">cluster<span class="_ _7"> </span>heads<span class="_ _7"> </span>from<span class="_ _7"> </span>being<span class="_ _7"> </span>compromised.</div><div class="t m0 xf h8 y83 ff1 fs5 fc0 sc0 ls0 ws0">The<span class="_ _8"> </span>necessity<span class="_ _8"> </span>of<span class="_ _7"> </span>accurately<span class="_ _8"> </span>identifying<span class="_ _7"> </span>the<span class="_ _8"> </span>cause<span class="_ _8"> </span>of<span class="_ _7"> </span>misbe-</div><div class="t m0 x10 h8 y84 ff1 fs5 fc0 sc0 ls0 ws0">havior<span class="_ _a"> </span>has<span class="_ _c"> </span>recently<span class="_ _a"> </span>gained<span class="_ _c"> </span>some<span class="_ _c"> </span>attention<span class="_ _c"> </span>[2],<span class="_ _c"> </span>[6].<span class="_ _c"> </span>Rao<span class="_ _c"> </span>and</div><div class="t m0 x10 h8 y85 ff1 fs5 fc0 sc0 ls0 ws0">K<span class="_ _3"></span>esidis<span class="_ _8"> </span>[6],<span class="_ _8"> </span>dif<span class="_ _3"></span>ferentiate<span class="_ _8"> </span>intruder<span class="_ _8"> </span>beha<span class="_ _3"></span>vior<span class="_ _8"> </span>in<span class="_ _8"> </span>the<span class="_ _8"> </span>network<span class="_ _5"> </span>that</div><div class="t m0 x10 h8 y86 ff1 fs5 fc0 sc0 ls0 ws0">cause<span class="_ _8"> </span>DoS<span class="_ _7"> </span>attacks<span class="_ _7"> </span>from<span class="_ _8"> </span>the<span class="_ _7"> </span>congestion<span class="_ _7"> </span>beha<span class="_ _3"></span>vior<span class="_ _8"> </span>of<span class="_ _7"> </span>the<span class="_ _7"> </span>nodes</div><div class="t m0 x10 h8 y87 ff1 fs5 fc0 sc0 ls0 ws0">by<span class="_ _c"> </span>selecting<span class="_ _c"> </span>traf&#64257;c<span class="_ _a"> </span>transmission<span class="_ _c"> </span>patterns<span class="_ _c"> </span>and<span class="_ _c"> </span>by<span class="_ _c"> </span>performing</div><div class="t m0 x10 h8 y88 ff1 fs5 fc0 sc0 ls0 ws0">veri&#64257;cation<span class="_ _a"> </span>at<span class="_ _a"> </span>the<span class="_ _a"> </span>receiver<span class="_ _1"></span>.<span class="_ _c"> </span>Howe<span class="_ _b"></span>ver<span class="_ _3"></span>,<span class="_ _a"> </span>this<span class="_ _a"> </span>approach<span class="_ _c"> </span>may<span class="_ _a"> </span>not</div><div class="t m0 x10 h8 y89 ff1 fs5 fc0 sc0 ls0 ws0">be<span class="_ _7"> </span>suitable<span class="_ _7"> </span>for<span class="_ _7"> </span>bandwidth<span class="_ _7"> </span>limited<span class="_ _7"> </span>ad<span class="_ _7"> </span>hoc<span class="_ _7"> </span>networks.</div><div class="t m0 xf h8 y8a ff1 fs5 fc0 sc0 ls0 ws0">Most<span class="_ _c"> </span>of<span class="_ _d"> </span>the<span class="_ _d"> </span>e<span class="_ _3"></span>xisting<span class="_ _c"> </span>intrusion<span class="_ _d"> </span>detection<span class="_ _c"> </span>techniques<span class="_ _d"> </span>focus</div><div class="t m0 x10 h8 y8b ff1 fs5 fc0 sc0 ls0 ws0">on<span class="_ _d"> </span>identifying<span class="_ _d"> </span>the<span class="_ _d"> </span>abnormalities<span class="_ _d"> </span>in<span class="_ _d"> </span>the<span class="_ _d"> </span>network<span class="_ _d"> </span>by<span class="_ _d"> </span>placing</div><div class="t m0 x10 h8 y8c ff1 fs5 fc0 sc0 ls0 ws0">the<span class="_ _9"> </span>detection<span class="_ _e"> </span>module<span class="_ _9"> </span>at<span class="_ _e"> </span>a<span class="_ _9"> </span>particular<span class="_ _9"> </span>layer<span class="_ _e"> </span>of<span class="_ _9"> </span>the<span class="_ _e"> </span>protocol</div><div class="t m0 x10 h8 y8d ff1 fs5 fc0 sc0 ls0 ws0">stack,<span class="_"> </span>mostly<span class="_"> </span>the<span class="_"> </span>network<span class="_"> </span>layer<span class="_ _b"></span>.<span class="_ _5"> </span>The<span class="_"> </span>vulnerabilities<span class="_"> </span>of<span class="_"> </span>multiple</div><div class="t m0 x10 h8 y8e ff1 fs5 fc0 sc0 ls0 ws0">layers<span class="_ _2"> </span>in<span class="_ _a"> </span>the<span class="_ _a"> </span>wireless<span class="_ _a"> </span>ad<span class="_ _2"> </span>hoc<span class="_ _a"> </span>network<span class="_ _a"> </span>(as<span class="_ _2"> </span>shown<span class="_ _2"> </span>in<span class="_ _a"> </span>T<span class="_ _b"></span>able<span class="_ _2"> </span>I)</div><div class="t m0 x10 h8 y8f ff1 fs5 fc0 sc0 ls0 ws0">has<span class="_ _8"> </span>necessitated<span class="_ _8"> </span>the<span class="_ _8"> </span>need<span class="_ _8"> </span>for<span class="_ _7"> </span>an<span class="_ _8"> </span>integrated<span class="_ _8"> </span>intrusion<span class="_ _8"> </span>detection</div><div class="t m0 x10 h8 y90 ff1 fs5 fc0 sc0 ls0 ws0">module<span class="_ _c"> </span>that<span class="_ _c"> </span>runs<span class="_ _d"> </span>across<span class="_ _a"> </span>the<span class="_ _c"> </span>different<span class="_ _c"> </span>layers<span class="_ _c"> </span>of<span class="_ _c"> </span>t<span class="_ _11"></span>he<span class="_ _c"> </span>protocol</div><div class="t m0 x10 h8 y91 ff1 fs5 fc0 sc0 ls0 ws0">stack.<span class="_ _c"> </span>Zhang<span class="_ _d"> </span>and<span class="_ _c"> </span>Lee<span class="_ _c"> </span>[2],<span class="_ _d"> </span>de<span class="_ _3"></span>v<span class="_ _3"></span>elop<span class="_ _c"> </span>a<span class="_ _d"> </span>cross-layer<span class="_ _c"> </span>based<span class="_ _c"> </span>IDS</div><div class="t m0 x10 h8 y92 ff1 fs5 fc0 sc0 ls0 ws0">architecture<span class="_ _a"> </span>to<span class="_ _c"> </span>study<span class="_ _a"> </span>the<span class="_ _c"> </span>abnormalities<span class="_ _a"> </span>in<span class="_ _c"> </span>the<span class="_ _a"> </span>network<span class="_ _a"> </span>using</div><div class="t m0 x10 h8 y93 ff1 fs5 fc0 sc0 ls0 ws0">anomaly<span class="_ _7"> </span>detection.<span class="_ _7"> </span>They<span class="_ _7"> </span>introduce<span class="_ _2"> </span>the<span class="_ _7"> </span>concept<span class="_ _7"> </span>of<span class="_ _2"> </span>integrating</div><div class="t m0 x10 h8 y94 ff1 fs5 fc0 sc0 ls0 ws0">multiple<span class="_ _d"> </span>layers<span class="_ _9"> </span>of<span class="_ _d"> </span>the<span class="_ _9"> </span>protocol<span class="_ _d"> </span>stack<span class="_ _9"> </span>for<span class="_ _d"> </span>ef&#64257;cient<span class="_ _d"> </span>intrusion</div><div class="t m0 x10 h8 y95 ff1 fs5 fc0 sc0 ls0 ws0">detection.</div><div class="t m0 xf h8 y96 ff1 fs5 fc0 sc0 ls0 ws0">Liu<span class="_ _5"> </span><span class="ff7">et<span class="_ _8"> </span>al<span class="_ _5"> </span></span>[7]<span class="_ _8"> </span>recently<span class="_ _5"> </span>proposed<span class="_ _8"> </span>a<span class="_ _5"> </span>cross-layer<span class="_ _8"> </span>based<span class="_ _5"> </span>anomaly</div><div class="t m0 x10 h8 y97 ff1 fs5 fc0 sc0 ls0 ws0">detection<span class="_ _7"> </span>by<span class="_ _2"> </span>adapting<span class="_ _2"> </span>a<span class="_ _7"> </span>rule<span class="_ _2"> </span>based<span class="_ _7"> </span>data<span class="_ _2"> </span>mining<span class="_ _2"> </span>technique.<span class="_ _7"> </span>In</div><div class="t m0 x10 h8 y98 ff1 fs5 fc0 sc0 ls0 ws0">this<span class="_ _a"> </span>work,<span class="_ _a"> </span>a<span class="_ _a"> </span>speci&#64257;c<span class="_ _c"> </span>feature<span class="_ _a"> </span>set<span class="_ _a"> </span>is<span class="_ _c"> </span>de&#64257;ned<span class="_ _a"> </span>to<span class="_ _a"> </span>pro&#64257;le<span class="_ _c"> </span>normal</div><div class="t m0 x10 h8 y99 ff1 fs5 fc0 sc0 ls0 ws0">user<span class="_ _d"> </span>beha<span class="_ _3"></span>vior<span class="_ _d"> </span>by<span class="_ _d"> </span>correlating<span class="_ _d"> </span>information<span class="_ _c"> </span>obtained<span class="_ _d"> </span>from<span class="_ _d"> </span>the</div><div class="t m0 x10 h8 y9a ff1 fs5 fc0 sc0 ls0 ws0">MA<span class="_ _3"></span>C<span class="_ _2"> </span>and<span class="_ _a"> </span>the<span class="_ _a"> </span>network<span class="_ _a"> </span>layers.<span class="_ _2"> </span>The<span class="_ _a"> </span>IDS<span class="_ _a"> </span>system<span class="_ _a"> </span>dev<span class="_ _3"></span>eloped<span class="_ _a"> </span>is</div><div class="t m0 x10 h8 y9b ff1 fs5 fc0 sc0 ls0 ws0">ef<span class="_ _3"></span>fectiv<span class="_ _3"></span>e<span class="_ _7"> </span>in<span class="_ _2"> </span>localizing<span class="_ _2"> </span>the<span class="_ _2"> </span>attacks<span class="_ _2"> </span>within<span class="_ _2"> </span>one<span class="_ _2"> </span>hope<span class="_ _2"> </span>perimeter<span class="_ _3"></span>.</div><div class="t m0 x10 h8 y9c ff1 fs5 fc0 sc0 ls0 ws0">Inter<span class="_ _5"> </span>layer<span class="_ _8"> </span>interactions<span class="_ _5"> </span>can<span class="_ _8"> </span>be<span class="_ _5"> </span>exploited<span class="_ _5"> </span>in<span class="_ _5"> </span>numerous<span class="_ _8"> </span>ways<span class="_ _5"> </span>for</div><div class="t m0 x12 h8 y9d ff1 fs5 fc0 sc0 ls0 ws0">detecting<span class="_ _a"> </span>intrusions<span class="_ _a"> </span>in<span class="_ _a"> </span>the<span class="_ _a"> </span>wireless<span class="_ _a"> </span>ad<span class="_ _a"> </span>hoc<span class="_ _a"> </span>networks.<span class="_ _a"> </span>T<span class="_ _b"></span>o<span class="_ _a"> </span>the</div><div class="t m0 x12 h8 y9e ff1 fs5 fc0 sc0 ls0 ws0">best<span class="_ _8"> </span>of<span class="_ _8"> </span>our<span class="_ _8"> </span>knowledge<span class="_ _5"> </span>a<span class="_ _8"> </span>multi-layer<span class="_ _8"> </span>detection<span class="_ _7"> </span>module<span class="_ _8"> </span>has<span class="_ _8"> </span>not</div><div class="t m0 x12 h8 y9f ff1 fs5 fc0 sc0 ls0 ws0">been<span class="_ _d"> </span>utilized<span class="_ _c"> </span>to<span class="_ _d"> </span>detect<span class="_ _c"> </span>DoS<span class="_ _d"> </span>attacks<span class="_ _c"> </span>in<span class="_ _d"> </span>ad<span class="_ _c"> </span>hoc<span class="_ _d"> </span>networks.<span class="_ _c"> </span>In</div><div class="t m0 x12 h8 ya0 ff1 fs5 fc0 sc0 ls0 ws0">our<span class="_ _2"> </span>work,<span class="_ _7"> </span>we<span class="_ _2"> </span>provide<span class="_ _7"> </span>a<span class="_ _2"> </span>nov<span class="_ _3"></span>el<span class="_ _2"> </span>cross-layer<span class="_ _7"> </span>detection<span class="_ _2"> </span>model<span class="_ _2"> </span>to</div><div class="t m0 x12 h8 ya1 ff1 fs5 fc0 sc0 ls0 ws0">detect<span class="_"> </span>malicious<span class="_"> </span>behavior<span class="_"> </span>of<span class="_"> </span>nodes<span class="_"> </span>using<span class="_"> </span>information<span class="_"> </span>from<span class="_"> </span>one</div><div class="t m0 x12 h8 ya2 ff1 fs5 fc0 sc0 ls0 ws0">layer<span class="_ _5"> </span>in<span class="_ _5"> </span>another<span class="_ _5"> </span>layer<span class="_ _b"></span>.<span class="_ _5"> </span>W<span class="_ _b"></span>e<span class="_ _5"> </span>also<span class="_ _5"> </span>distinguish<span class="_ _5"> </span>between<span class="_ _5"> </span>the<span class="_ _5"> </span>normal</div><div class="t m0 x12 h8 ya3 ff1 fs5 fc0 sc0 ls0 ws0">and<span class="_ _8"> </span>malicious<span class="_ _8"> </span>behavior<span class="_ _5"> </span>of<span class="_ _8"> </span>nodes<span class="_ _8"> </span>thus<span class="_ _8"> </span>enhancing<span class="_ _8"> </span>the<span class="_ _8"> </span>detection</div><div class="t m0 x12 h8 ya4 ff1 fs5 fc0 sc0 ls0 ws0">accuracy<span class="_ _1"></span>.<span class="_ _7"> </span>In<span class="_ _7"> </span>this<span class="_ _8"> </span>paper,<span class="_ _8"> </span>we<span class="_ _8"> </span>speci&#64257;cally<span class="_ _7"> </span>target<span class="_ _8"> </span>the<span class="_ _7"> </span>detection<span class="_ _8"> </span>of</div><div class="t m0 x12 h8 ya5 ff1 fs5 fc0 sc0 ls0 ws0">DoS<span class="_ _7"> </span>attacks<span class="_ _7"> </span>in<span class="_ _7"> </span>the<span class="_ _7"> </span>link<span class="_ _7"> </span>and<span class="_ _7"> </span>the<span class="_ _7"> </span>network<span class="_ _8"> </span>layers.</div><div class="t m0 x1b h8 ya6 ff1 fs5 fc0 sc0 ls0 ws0">I<span class="_ _f"></span>I<span class="_ _f"></span>I<span class="_ _f"></span>.<span class="_ _9"> </span>T<span class="_ _f"></span><span class="fs2">H<span class="_ _f"></span>R<span class="_ _f"></span>E<span class="_ _f"></span>AT<span class="_ _5"> </span></span>M<span class="_ _11"></span><span class="fs2">O<span class="_ _f"></span>D<span class="_ _f"></span>E<span class="_ _f"></span>L<span class="_ _8"> </span>A<span class="_ _11"></span>N<span class="_ _f"></span>D<span class="_ _8"> </span></span>A<span class="_ _11"></span><span class="fs2">S<span class="_ _f"></span>S<span class="_ _f"></span>U<span class="_ _f"></span>M<span class="_ _f"></span>P<span class="_ _f"></span>T<span class="_ _f"></span>I<span class="_ _f"></span>O<span class="_ _f"></span>N<span class="_ _f"></span>S</span></div><div class="t m0 x13 h8 ya7 ff1 fs5 fc0 sc0 ls0 ws0">In<span class="_"> </span>this<span class="_ _5"> </span>section,<span class="_"> </span>we<span class="_"> </span>discuss<span class="_ _5"> </span>the<span class="_"> </span>nature<span class="_ _5"> </span>of<span class="_"> </span>the<span class="_ _5"> </span>adversary<span class="_"> </span>model</div><div class="t m0 x12 h8 ya8 ff1 fs5 fc0 sc0 ls0 ws0">considered<span class="_ _7"> </span>in<span class="_ _7"> </span>our<span class="_ _7"> </span>work.<span class="_ _8"> </span>Some<span class="_ _7"> </span>basic<span class="_ _7"> </span>assumptions<span class="_ _7"> </span>are:</div><div class="t m0 x13 h8 ya9 ff1 fs5 fc0 sc0 ls0 ws0">1)<span class="_ _e"> </span>The<span class="_ _5"> </span>adversary<span class="_"> </span>node<span class="_"> </span>attacks<span class="_"> </span>the<span class="_"> </span>infrastructure<span class="_"> </span>by<span class="_ _5"> </span>denying</div><div class="t m0 x1c h8 yaa ff1 fs5 fc0 sc0 ls0 ws0">service<span class="_ _7"> </span>av<span class="_ _b"></span>ailability<span class="_ _7"> </span>to<span class="_ _7"> </span>the<span class="_ _7"> </span>nodes<span class="_ _7"> </span>in<span class="_ _7"> </span>the<span class="_ _7"> </span>network.</div><div class="t m0 x13 h8 yab ff1 fs5 fc0 sc0 ls0 ws0">2)<span class="_ _e"> </span>The<span class="_ _d"> </span>adversary<span class="_ _d"> </span>node<span class="_ _d"> </span>is<span class="_ _d"> </span>limited<span class="_ _d"> </span>in<span class="_ _d"> </span>terms<span class="_ _d"> </span>of<span class="_ _d"> </span>its<span class="_ _d"> </span>energy</div><div class="t m0 x1c h8 yac ff1 fs5 fc0 sc0 ls0 ws0">resources<span class="_ _7"> </span>just<span class="_ _7"> </span>as<span class="_ _7"> </span>any<span class="_ _8"> </span>other<span class="_ _7"> </span>node<span class="_ _7"> </span>in<span class="_ _7"> </span>the<span class="_ _7"> </span>network.</div><div class="t m0 x13 h8 yad ff1 fs5 fc0 sc0 ls0 ws0">3)<span class="_ _e"> </span>Number<span class="_ _7"> </span>of<span class="_ _8"> </span>adversary<span class="_ _8"> </span>nodes<span class="_ _8"> </span>do<span class="_ _8"> </span>not<span class="_ _8"> </span>outnumber<span class="_ _7"> </span>the<span class="_ _8"> </span>good</div><div class="t m0 x1c h8 yae ff1 fs5 fc0 sc0 ls0 ws0">nodes<span class="_ _7"> </span>in<span class="_ _7"> </span>the<span class="_ _7"> </span>wireless<span class="_ _7"> </span>network.</div><div class="t m0 x13 h8 yaf ff1 fs5 fc0 sc0 ls0 ws0">4)<span class="_ _e"> </span>The<span class="_ _8"> </span>adversary<span class="_"> </span>node<span class="_ _8"> </span>may<span class="_ _5"> </span>or<span class="_ _5"> </span>may<span class="_ _5"> </span>not<span class="_ _8"> </span>be<span class="_ _5"> </span>an<span class="_ _5"> </span>authenticated</div><div class="t m0 x1c h8 yb0 ff1 fs5 fc0 sc0 ls0 ws0">member<span class="_ _7"> </span>of<span class="_ _7"> </span>the<span class="_ _7"> </span>network.</div><div class="t m0 x13 h8 yb1 ff1 fs5 fc0 sc0 ls0 ws0">W<span class="_ _1"></span>e<span class="_"> </span>brie&#64258;y<span class="_"> </span>describe<span class="_ _15"> </span>each<span class="_"> </span>of<span class="_ _15"> </span>the<span class="_"> </span>DoS<span class="_ _15"> </span>attacks<span class="_"> </span>in<span class="_ _15"> </span>consideration.</div><div class="t m0 x13 h8 yb2 ff7 fs5 fc0 sc0 ls0 ws0">Collision<span class="ff1">:<span class="_ _8"> </span>In<span class="_ _7"> </span>wireless<span class="_ _8"> </span>networks,<span class="_ _7"> </span>the<span class="_ _8"> </span>channel<span class="_ _7"> </span>is<span class="_ _8"> </span>reserved<span class="_ _8"> </span>for</span></div><div class="t m0 x12 h8 yb3 ff1 fs5 fc0 sc0 ls0 ws0">transmission<span class="_"> </span>through<span class="_"> </span>R<span class="_ _b"></span>TS/CTS<span class="_"> </span>packets.<span class="_"> </span>In<span class="_"> </span>spite<span class="_"> </span>of<span class="_"> </span>the<span class="_"> </span>channel</div><div class="t m0 x12 h8 yb4 ff1 fs5 fc0 sc0 ls0 ws0">reserv<span class="_ _3"></span>ation,<span class="_ _a"> </span>an<span class="_ _a"> </span>adversary<span class="_ _a"> </span>node<span class="_ _c"> </span>can<span class="_ _a"> </span>induce<span class="_ _a"> </span>a<span class="_ _c"> </span>collision<span class="_ _a"> </span>in<span class="_ _c"> </span>the</div><div class="t m0 x12 h8 yb5 ff1 fs5 fc0 sc0 ls0 ws0">wireless<span class="_ _9"> </span>channel<span class="_ _d"> </span>by<span class="_ _9"> </span>transmitting<span class="_ _9"> </span>when<span class="_ _d"> </span>another<span class="_ _9"> </span>node<span class="_ _9"> </span>in<span class="_ _9"> </span>its</div><div class="t m0 x12 h8 yb6 ff1 fs5 fc0 sc0 ls0 ws0">range<span class="_ _a"> </span>is<span class="_ _c"> </span>already<span class="_ _c"> </span>in<span class="_ _a"> </span>transmission.<span class="_ _c"> </span>The<span class="_ _c"> </span>purpose<span class="_ _a"> </span>of<span class="_ _c"> </span>this<span class="_ _c"> </span>attack</div><div class="t m0 x12 h8 yb7 ff1 fs5 fc0 sc0 ls0 ws0">is<span class="_ _7"> </span>to<span class="_ _7"> </span>either<span class="_ _7"> </span>pre<span class="_ _3"></span>vent<span class="_ _8"> </span>access<span class="_ _7"> </span>to<span class="_ _7"> </span>a<span class="_ _7"> </span>certain<span class="_ _7"> </span>node<span class="_ _7"> </span>or<span class="_ _7"> </span>to<span class="_ _7"> </span>exhaust<span class="_ _7"> </span>the</div><div class="t m0 x12 h8 yb8 ff1 fs5 fc0 sc0 ls0 ws0">transmitting<span class="_ _7"> </span>node&#8217;<span class="_ _b"></span>s<span class="_ _7"> </span>resources<span class="_ _7"> </span>by<span class="_ _7"> </span>continuous<span class="_ _7"> </span>retransmissions.</div><div class="t m0 x13 h8 yb9 ff7 fs5 fc0 sc0 ls0 ws0">P<span class="_ _1"></span>acket<span class="_ _8"> </span>dr<span class="_ _3"></span>op<span class="ff1">:<span class="_ _8"> </span>The<span class="_ _7"> </span>adversary<span class="_ _7"> </span>node<span class="_ _8"> </span>can<span class="_ _7"> </span>randomly<span class="_ _7"> </span>drop<span class="_ _7"> </span>either</span></div><div class="t m0 x12 h8 yba ff1 fs5 fc0 sc0 ls0 ws0">the<span class="_ _2"> </span>control<span class="_ _2"> </span>or<span class="_ _2"> </span>data<span class="_ _2"> </span>packets<span class="_ _2"> </span>at<span class="_ _2"> </span>the<span class="_ _2"> </span>network<span class="_ _7"> </span>layer<span class="_ _3"></span>.<span class="_ _2"> </span>This<span class="_ _2"> </span>results</div><div class="t m0 x12 h8 ybb ff1 fs5 fc0 sc0 ls0 ws0">in<span class="_ _5"> </span>denying<span class="_ _8"> </span>service<span class="_ _5"> </span>to<span class="_ _8"> </span>the<span class="_ _5"> </span>destination<span class="_ _8"> </span>node,<span class="_ _5"> </span>hence<span class="_ _8"> </span>af<span class="_ _3"></span>fecting<span class="_ _5"> </span>the</div><div class="t m0 x12 h8 ybc ff1 fs5 fc0 sc0 ls0 ws0">av<span class="_ _b"></span>ailability<span class="_ _7"> </span>of<span class="_ _7"> </span>the<span class="_ _7"> </span>node.</div><div class="t m0 x13 h8 ybd ff7 fs5 fc0 sc0 ls0 ws0">Misdir<span class="_ _3"></span>ection<span class="ff1">:<span class="_"> </span>Misdirection<span class="_"> </span>attack<span class="_"> </span>occurs<span class="_"> </span>when<span class="_ _15"> </span>the<span class="_"> </span>adversary</span></div><div class="t m0 x12 h8 ybe ff1 fs5 fc0 sc0 ls0 ws0">node<span class="_ _8"> </span>forwards<span class="_ _7"> </span>the<span class="_ _7"> </span>data<span class="_ _8"> </span>packet<span class="_ _7"> </span>to<span class="_ _7"> </span>the<span class="_ _8"> </span>wrong<span class="_ _7"> </span>destination<span class="_ _7"> </span>node.</div><div class="t m0 x12 h8 ybf ff1 fs5 fc0 sc0 ls0 ws0">In<span class="_ _5"> </span>another<span class="_ _8"> </span>kind<span class="_ _5"> </span>of<span class="_ _8"> </span>misdirection<span class="_ _5"> </span>attack,<span class="_ _8"> </span>the<span class="_ _5"> </span>adversary<span class="_ _5"> </span>node<span class="_ _8"> </span>can</div><div class="t m0 x12 h8 yc0 ff1 fs5 fc0 sc0 ls0 ws0">deny<span class="_ _8"> </span>the<span class="_ _8"> </span>a<span class="_ _3"></span>v<span class="_ _3"></span>ailability<span class="_ _8"> </span>of<span class="_ _8"> </span>an<span class="_ _8"> </span>existing<span class="_ _8"> </span>route<span class="_ _8"> </span>to<span class="_ _8"> </span>the<span class="_ _8"> </span>destination<span class="_ _8"> </span>by</div><div class="t m0 x12 h8 yc1 ff1 fs5 fc0 sc0 ls0 ws0">sending<span class="_ _2"> </span>false<span class="_ _2"> </span>Route<span class="_ _2"> </span>Error<span class="_ _2"> </span>(RERR)<span class="_ _a"> </span>messages<span class="_ _2"> </span>thus<span class="_ _2"> </span>preventing</div><div class="t m0 x12 h8 yc2 ff1 fs5 fc0 sc0 ls0 ws0">service<span class="_ _7"> </span>to<span class="_ _7"> </span>the<span class="_ _7"> </span>destination<span class="_ _7"> </span>in<span class="_ _7"> </span>the<span class="_ _7"> </span>absence<span class="_ _7"> </span>of<span class="_ _7"> </span>alternate<span class="_ _7"> </span>routes.</div><div class="t m0 x13 h8 yc3 ff1 fs5 fc0 sc0 ls0 ws0">In<span class="_"> </span>our<span class="_"> </span>adversary<span class="_"> </span>model,<span class="_"> </span>(speci&#64257;c<span class="_"> </span>to<span class="_"> </span>the<span class="_"> </span>DoS<span class="_"> </span>attacks<span class="_"> </span>in<span class="_"> </span>T<span class="_ _1"></span>able</div><div class="t m0 x12 h8 yc4 ff1 fs5 fc0 sc0 ls0 ws0">I)<span class="_ _c"> </span>we<span class="_ _d"> </span>assume<span class="_ _c"> </span>that<span class="_ _d"> </span>the<span class="_ _a"> </span>adversary<span class="_ _d"> </span>can<span class="_ _a"> </span>launch<span class="_ _d"> </span>any<span class="_ _c"> </span>and<span class="_ _c"> </span>all<span class="_ _d"> </span>of</div><div class="t m0 x12 h8 yc5 ff1 fs5 fc0 sc0 ls0 ws0">the<span class="_ _c"> </span>attacks<span class="_ _c"> </span>discussed<span class="_ _c"> </span>above.<span class="_ _a"> </span>Howe<span class="_ _b"></span>ver<span class="_ _3"></span>,<span class="_ _c"> </span>because<span class="_ _c"> </span>the<span class="_ _c"> </span>collision</div><div class="t m0 x12 h8 yc6 ff1 fs5 fc0 sc0 ls0 ws0">attack<span class="_ _7"> </span>in<span class="_ _3"></span>volv<span class="_ _3"></span>es<span class="_ _7"> </span>the<span class="_ _7"> </span>adversary<span class="_ _7"> </span>node<span class="_ _7"> </span>expending<span class="_ _7"> </span>a<span class="_ _7"> </span>large<span class="_ _7"> </span>amount</div><div class="t m0 x12 h8 yc7 ff1 fs5 fc0 sc0 ls0 ws0">of<span class="_ _7"> </span>energy<span class="_ _2"> </span>of<span class="_ _7"> </span>its<span class="_ _2"> </span>own,<span class="_ _7"> </span>it<span class="_ _2"> </span>is<span class="_ _7"> </span>assumed<span class="_ _2"> </span>that<span class="_ _2"> </span>the<span class="_ _7"> </span>number<span class="_ _2"> </span>of<span class="_ _2"> </span>times</div><div class="t m0 x12 h8 yc8 ff1 fs5 fc0 sc0 ls0 ws0">the<span class="_ _8"> </span>adversary<span class="_ _5"> </span>repeats<span class="_ _8"> </span>the<span class="_ _8"> </span>collision<span class="_ _8"> </span>attack<span class="_ _8"> </span>is<span class="_ _8"> </span>less.<span class="_ _8"> </span>Other<span class="_ _8"> </span>Denial</div><div class="t m0 x12 h8 yc9 ff1 fs5 fc0 sc0 ls0 ws0">of<span class="_ _a"> </span>Service<span class="_ _a"> </span>attacks<span class="_ _c"> </span>such<span class="_ _a"> </span>as<span class="_ _a"> </span>packet<span class="_ _a"> </span>drop<span class="_ _c"> </span>and<span class="_ _a"> </span>misdirection<span class="_ _c"> </span>are</div><div class="t m0 x12 h8 yca ff1 fs5 fc0 sc0 ls0 ws0">assumed<span class="_ _7"> </span>to<span class="_ _7"> </span>occur<span class="_ _7"> </span>more<span class="_ _7"> </span>frequently<span class="_ _7"> </span>in<span class="_ _7"> </span>the<span class="_ _7"> </span>network.</div><div class="t m0 x1d h8 ycb ff1 fs5 fc0 sc0 ls0 ws0">I<span class="_ _f"></span>V<span class="_ _1"></span>.<span class="_ _e"> </span>C<span class="_ _11"></span><span class="fs2">R<span class="_ _11"></span>O<span class="_ _f"></span>S<span class="_ _f"></span>S<span class="_ _f"></span></span>-<span class="_ _f"></span><span class="fs2">L<span class="_ _f"></span>A<span class="_ _3"></span>Y<span class="_ _f"></span>E<span class="_ _f"></span>R<span class="_ _5"> </span>B<span class="_ _11"></span>A<span class="_ _f"></span>S<span class="_ _f"></span>E<span class="_ _f"></span>D<span class="_ _5"> </span><span class="fs5">I<span class="_ _f"></span></span>N<span class="_ _f"></span>T<span class="_ _f"></span>R<span class="_ _11"></span>U<span class="_ _f"></span>S<span class="_ _f"></span>I<span class="_ _f"></span>O<span class="_ _f"></span>N<span class="_ _5"> </span><span class="fs5">D<span class="_ _f"></span></span>E<span class="_ _f"></span>T<span class="_ _f"></span>E<span class="_ _f"></span>C<span class="_ _f"></span>T<span class="_ _f"></span>I<span class="_ _f"></span>O<span class="_ _f"></span>N<span class="_ _8"> </span><span class="fs5">(<span class="_ _11"></span>C<span class="_ _f"></span>I<span class="_ _f"></span>D<span class="_ _f"></span>S<span class="_ _f"></span>)</span></span></div><div class="t m0 x13 h8 ycc ff1 fs5 fc0 sc0 ls0 ws0">In<span class="_"> </span>this<span class="_ _5"> </span>work,<span class="_"> </span>we<span class="_ _5"> </span>propose<span class="_ _5"> </span>a<span class="_"> </span>novel<span class="_"> </span>cross-layer<span class="_ _5"> </span>based<span class="_"> </span>intr<span class="_ _11"></span>usion</div><div class="t m0 x12 h8 ycd ff1 fs5 fc0 sc0 ls0 ws0">detection<span class="_ _2"> </span>system<span class="_ _2"> </span>(CIDS)<span class="_ _2"> </span>that<span class="_ _2"> </span>exploits<span class="_ _2"> </span>information<span class="_ _2"> </span>across<span class="_ _2"> </span>the</div><div class="t m0 x12 h8 yce ff1 fs5 fc0 sc0 ls0 ws0">layers<span class="_ _a"> </span>to<span class="_ _a"> </span>effecti<span class="_ _3"></span>vely<span class="_ _2"> </span>identify<span class="_ _c"> </span>an<span class="_ _a"> </span>intrusion.<span class="_ _a"> </span>Multiple<span class="_ _c"> </span>le<span class="_ _3"></span>vels<span class="_ _a"> </span>of</div><div class="t m0 x12 h8 ycf ff1 fs5 fc0 sc0 ls0 ws0">detection<span class="_ _2"> </span>is<span class="_ _7"> </span>performed<span class="_ _2"> </span>across<span class="_ _2"> </span>dif<span class="_ _3"></span>ferent<span class="_ _2"> </span>layers<span class="_ _7"> </span>of<span class="_ _2"> </span>the<span class="_ _2"> </span>protocol</div><div class="t m0 x12 h8 yd0 ff1 fs5 fc0 sc0 ls0 ws0">stack<span class="_ _7"> </span>before<span class="_ _2"> </span>con&#64257;rming<span class="_ _2"> </span>the<span class="_ _7"> </span>malicious<span class="_ _2"> </span>behavior<span class="_ _7"> </span>of<span class="_ _2"> </span>the<span class="_ _7"> </span>nodes,</div><div class="t m0 x12 h8 yd1 ff1 fs5 fc0 sc0 ls0 ws0">thus<span class="_ _2"> </span>reducing<span class="_ _a"> </span>false<span class="_ _2"> </span>positiv<span class="_ _3"></span>es.<span class="_ _2"> </span>Also,<span class="_ _2"> </span>the<span class="_ _a"> </span>approach<span class="_ _2"> </span>leads<span class="_ _a"> </span>to<span class="_ _2"> </span>an</div><div class="t m0 x12 h8 yd2 ff1 fs5 fc0 sc0 ls0 ws0">increase<span class="_ _9"> </span>in<span class="_ _9"> </span>the<span class="_ _e"> </span>number<span class="_ _9"> </span>of<span class="_ _9"> </span>nodes<span class="_ _9"> </span>detected<span class="_ _9"> </span>correctly<span class="_ _b"></span>,<span class="_ _e"> </span>hence</div><div class="t m0 x12 h8 y62 ff1 fs5 fc0 sc0 ls0 ws0">increasing<span class="_ _7"> </span>the<span class="_ _7"> </span>true<span class="_ _7"> </span>positi<span class="_ _3"></span>ves<span class="_ _8"> </span>in<span class="_ _7"> </span>the<span class="_ _7"> </span>network.</div></div><div class="pi" data-data='{"ctm":[1.611639,0.000000,0.000000,1.611639,0.000000,0.000000]}'></div></div>