www.ietdl.

org

Published in IET Information Security

Received on 30th September 2009
Revised on 15th June 2010
doi: 10.1049/iet-ifs.2009.0196

Special Issue on Multi-Agent & Distributed Information

Security

ISSN 1751-8709

Adaptive link-state routing and intrusion

detection in wireless mesh networks
S. Misra1 P.V. Krishna2 K.I. Abraham2
1
School of Information Technology, Indian Institute of Technology, Kharagpur, West Bengal, India
2
School of Computing Sciences, VIT University, Vellore, Tamil Nadu, India
E-mail: smisra.editor@gmail.com

Abstract: Security in wireless mesh networks (WMNs) has always been a major concern ever since the existence
of these networks. The open medium and the lack of physical security make the WMNs susceptible to various
kinds of attacks. This study addresses the problem of intrusion detection in WMNs. The authors propose a
routing protocol that is capable of detecting intrusions, while undertaking the tasks of routing in WMNs. The
authors base the routing tasks in the existing protocol on the existing optimised link-state routing protocol.
This protocol uses the sampling mechanism for the detection of malicious information in the network.
Concepts of learning automata have been introduced to optimise the sampling process. Two new frame
formats and its associated handling procedures have been developed. The authors evaluated the performance
of our protocol using network simulator 3. In the experiments performed, the highest achieved intrusion
detection rate with the proposed protocol was observed to be 94%.

1 Introduction alongside is capable of effectively detecting intrusions.

Wireless mesh networks (WMNs) [1 – 4] are envisioned to
provide various applications in the future, including
broadband services, distributed information sharing and
storage and different multimedia applications at very low
costs. Such networks can be deployed in both the urban
and rural areas to offer a wide range of wireless coverage.
WMNs offer cost-effective and flexible wireless solution.
WMNs are reliable, and the key advantages of these
networks include robustness, higher bandwidth and spatial
reuse. Securing WMNs from various threats is challenging
because of its growing demands.
The critical security challenges of WMNs [1 – 4] include
detection of corrupt access points (APs), securing the
routing mechanism and definition of a proper fairness
metric to ensure a certain level of fairness in the WMN.
Security in WMNs explores key challenges, which include
authentication, attacks, privacy, trust, encryption, key
management, identity management, denial-of-service
attacks, intrusion detection and prevention, secure routing
and security policies [1 – 4]. In this paper, we focus on
developing a secure routing protocol for WMNs, which
There are many recent published works that discuss and
propose different security solutions/protocols for use in
these networks. In this paper, we present some of the
works carried out recently.
Ferreira et al. [5] proposed an intrusion detection
mechanism for WMNs using a hybrid approach. In this
approach, the concepts of wavelets and neural networks are
used for detection and classification of attacks. Gao et al.
[6] developed a community intrusion detection and pre-
warning system for WMNs. This system is used to detect
human intrusions by capturing human signals using
multihop communication mechanisms.
Zhang et al. [7] developed a protocol called RADAR –
reputation-based scheme for detecting anomalous nodes in
WMNs. RADAR presents a reputation-based anomaly
detection scheme for detecting anomalous nodes in these
networks. Xuyanga et al. [8] discuss about providing
security at communication level, based on encryption
methods for WMNs. The communication encryption
scheme is used to encrypt data packets and develops a risk
avoidance scheme to avoid the malicious nodes during

374 IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
& The Institution of Engineering and Technology 2010 doi: 10.1049/iet-ifs.2009.0196

communications using multipath communication. But it is
very difficult to defend the WMN from various security
threats based on encryption methods only. Hakami et al.
[9] proposed principal component analysis (PCA)-based
anomaly detection for WMNs. An anomaly identification
scheme is discussed and it is used to detect packet flow
inequalities. However, PCA is effective for wired networks
when compared with wireless networks. Li et al. [10]
proposed a multipath routing protocol to prevent attacks in
WMNs. The routing policy is designed based on game
theory concepts. The main focus in their study was to
improve the network throughput for WMNs when it is
under attack.
One of the crucial security problems is the detection of
potential intrusions into the network. There are several
proposals for building intrusion detection systems (IDSs).
Recent literature addressing the problem of intrusion
detection and proposing different intrusion detection
solutions include [11 – 16].
The OLSR request for comment (RFC) [16] clearly states
the lack of security features in OLSR: ‘Currently, OLSR does
not specify any special security measures. As a proactive
routing protocol, OLSR makes a target for various attacks.’
The various attacks that OLSR is vulnerable to are also
discussed in RFC [16].
In one of our recent works [17], we suggested another
learning automata (LA)-based protocol for intrusion
detection (LAID) in wireless sensor networks (WSNs).
LAID functions in a distributed manner, and the LA are
used to optimise the selection of routes on which sampling
has to be performed. The system, in essence, tries to
identify or approximate the location of the attacker and,
thus, catch the malicious packets sent by the attacker. We
have further simplified the LAID protocol with a focus on
energy conservation and it is named as simple LA-based
protocol for intrusion detection (S-LAID) [18]. The
S-LAID protocol considers each node in the network
individually and functions without any coordination
between the nodes. Each node in the network identifies
and removes malicious information from the network in an
energy-efficient manner.
In our search for existing solutions for intrusion detection
in WMNs, we found that most of the existing literatures
discuss specifically about intrusion detection in mobile
ad hoc networks (MANETs) and very few papers present
intrusion detection schemes specifically for WMNs [5 – 10]
and these proposals are very preliminary. A lot of research
has been done in the field of intrusion detection in
MANETs and again not many papers use OLSR as the
base protocol. It is to be noted that MANET scenario can
be extended to WMN scenario and thereby the protocol
discussed in [19] is perfectly applicable within the WMN
domain. Fourati and Agha [19] propose a modification to
OLSR topology control (TC) messages by introducing
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389
doi: 10.1049/iet-ifs.2009.0196
www.ietdl.org
threshold cryptography to verify the authenticity of the
messages. The use of Shamir’s k-share key-based
encryption [20] ensures that the security mechanism cannot
be broken and make the solution attractive. But, the
algorithm is computationally expensive. Fourati and Agha
[19] argued that the time delay in receiving the TC
message is within acceptable limits, but there is no mention
about the energy efficiency of this method.
The following makes the algorithm in [19]
computationally expensive. As it can be seen, the
cryptographic techniques are not energy efficient. In this
approach [19], the TC messages are sent through a set of
selected trusted neighbours with K one hop neighbours
each signing the message with their respective portion of
the share. For every TC message sent (time period 6 s), k
nodes need to sign this message and this will require a lot
of processing power. The selection of trusted neighbours
also requires some amount of processing power.
In addition to this, the source node sends a TC messages
to ‘k ’ of its trusted neighbours. The trusted neighbours sign
the copy of the TC message and send it to the destination
node. The destination node, on receiving the source TC
message from k trusted nodes, can verify the integrity of
the message. The destination node must receive k TC
messages. Energy is not only consumed in signing of these
k TC messages by k different nodes, but also the
destination node needs to decrypt and compare k messages
to authenticate and verify the contents of the TC message.
The public key of each node in the network needs to
flooded [19].
The use of Shamir’s algorithm [20] makes this method
secure, but the application of it to secure the TC messages
puts a serious load on the TC nodes involved. This load on
the node is analogous to the maximum budget of a node
(MAX_RATE parameter) in simple link-state routing
(SLSR). Fourati and Agha [19] assumed that the nodes
have enough energy to execute the encryption, decryption
and verification of the messages. This is similar to a
situation where SLSR is run with a high system budget. In
Section 6.5, it can be seen that as MAX_RATE increases,
the detection rate also increases. Secondly, Fourati and
Agha [19] assumed that all nodes are capable of executing
the protocol. In a real-life situation we cannot expect the
nodes to be homogeneous. On the other hand, our
protocol takes the heterogeneous nature into consideration
and allows each node to be configured with a sampling
budget (MAX_RATE). Further, the routing components
preference to route through nodes experiencing the least
load makes sure that the intrusion detection does not hurt
any node. Also, Fourati and Agha [19] analysed the mean
TC arrival delay due to the overhead of cryptographic
functions being introduced. Fourati and Agha [19] found
that as the size of the network increases, the delay in the
arrival of TC also increases. The increase in TC delay may
result in incorrect routing information within the network.
375
& The Institution of Engineering and Technology 2010
www.ietdl.org
As we will see in Experiment 2 in Section 6, the proposed
protocol’s performance actually increases with the increase
in size of network.
Our approach relies on the concept of packet sampling,
which was also used by Kodialam and Lakshman [21] to
detect network intrusions using a game theory-based
approach. In packet sampling, some portions of the packets
taking certain paths are sampled to examine whether they
are malicious ones of any intruder or not. In our work, this
fundamental concept of sampling has been juxtaposed
within the framework of LA to obtain a novel and robust
IDS for WMNs. Also, we present LA framework for the
OLSR protocol that includes a new route selection
algorithm.
The main contributions of our paper include development
of an IDS for WMNs, meticulously intertwining ‘fine’
concepts of LA to make the sampling process more energy
efficient, extension of the already existing OLSR protocol
by introducing two new message formats for exchange of
LA information, development of handling functions for the
two new messages formats and development of a new route
selection algorithm.
Our motivation to use OLSR [16] for a wireless mesh
scenario is due to the fact that OLSR maintains routing
information for the nodes. OLSR maintains an updated list
of its neighbours in the neighbour table. Additionally, the
use of multi-point relays reduces the number of messages
that flood the network. Also, the use of OLSR facilitates
the extension of the protocol for MANETs.
2 Learning automata
LA is a self-operating learning model, where ‘learning’ refers
to the process of gaining knowledge during the execution
of a simple machine/code (automaton) and using the gained
knowledge to decide on actions to be taken in the future.
This model has three main components – the automaton,
the environment and the reward/penalty structure.
The automaton refers to the self-learning system. The
medium on which this machine functions is called the
environment. The automaton continuously performs
actions on the environment and the environment responds
to the actions. This response may be either positive or
negative and serves as the feedback to the automaton,
which, in effect, leads to the automaton either getting
rewarded or penalised.
LA can be used for any optimisation problem. Over a
period of time, the automaton learns the characteristics of
the environment and identifies ‘optimal’ actions that can be
performed on the environment. A comprehensive overview
of LA can be found in the classic text by Narendra and
Thathachar [22] and in the recent book chapter by
376
& The Institution of Engineering and Technology 2010
Oommen and Misra [23]. Examples of applications of LA
in the domain of networks include [24 – 33].
2.1 Automaton
The learning automaton can be represented as a quintuple
represented as {Q, A, B, F, H}, where [22]
† Q is the finite set of internal states. Q ¼ {q1 , q2 , q3 , . . . ,
qn}, where qn is state of the automaton at instant n.
† A is a finite set of actions performed by the automaton.
A ¼ {a1 , a2 , . . . , an}, where an is the action performed by
the automaton at instant n.
† B is a finite set of responses from the environment.
B ¼ {b1 , b2 , b3 , . . . , bn}, where bn is the response from
the environment at instant n.
† F is a mapping function that maps the current state and
input to the next state of the automaton. Q × B  Q.
† H is a mapping function that maps the current state and
response from the environment to determine the next
action to be performed.
2.2 Environment
The environment corresponds to the medium in which the
automaton functions. Mathematically, an environment can
be abstracted by a triple {A, B, C}. A, B and C are defined
as follows [22].
A ¼ {a1 , a2 , . . . , ar} represents a finite input set;
B ¼ {b1 , b2 , . . . , br} is the output set of the environment;
C ¼ {c1 , c2 , . . ., cr} is a set of penalty probabilities, where
element ci [ C corresponds to an input action ai .
We now provide a few important definitions used in the
field of LA. Given an action probability vector P (t) at time
‘t ’, the average penalty is defined as [22]
M(t) = E[b(t)|P(t)] = Pr[b(t) = 1|P(t)]

r
= Pr[b(t) = 1|a(t) = ai ] × Pr[a(t) = ai ]
i=1

r
= ci pi (t) (1)
i=1
The average penalty for the ‘pure-chance’ automaton is given
by [18]
1 r
M0 = c (2)
r i=1 i
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
doi: 10.1049/iet-ifs.2009.0196

As t  1, if the average penalty M(t) , M0 , at least
asymptotically, the automaton is generally considered to be
better than the pure-chance automaton. E[M(t)] is given
by [22]
E[M(t)] = E{E[b(t)|P(t)]} = E[b(t)] (3)
3 System model
3.1 Network model
The SLSR protocol has two distinct components. The first
component is the LA system, which makes the sampling
process energy efficient. The second component involves
the routing of packets. This is done to increase the chance
of detection of malicious packets sent by the attacker/
intruder. The functioning of the proposed LA system is
independent of the network topology. The LA system in
one node is independent from the functioning of the LA
component in another node. The objective is that, given an
input traffic, the node should filter out the malicious traffic
and pass the legitimate traffic to the next node. Depending
on various circumstances, the node may detect all the
malicious packets that pass through the node or detect only
a portion of the malicious packets that traverse through it.
Fig. 1 shows the LA component of a node in a WMN.
The second component, that is, the routing component,
functions with the knowledge of the LA system being
employed in the adjacent nodes. Messages are passed
between the neighbour nodes to inform each other about
each other’s LA system. Fig. 2 shows a typical SLSR
system consisting of two wireless mesh nodes.
3.2 Identification of malicious
information
The wireless medium used by WMNs is prone to a wide
range of attacks. This is because of the open and ad hoc
nature of the WMN. Lack of physical security and limited
processing power of ad hoc nodes make cryptographic
techniques difficult to implement. There are many types of
attacks, but the ultimate aim of any attacker is to take
control over the network. The attacker may do so by
capturing packets from the network or inject new/malicious
packets into the network. Both the methods possess an
eminent security threat. But injecting packets into the
Figure 1 LA component of a node in the network
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389
doi: 10.1049/iet-ifs.2009.0196
www.ietdl.org
Figure 2 SLSR system
network can be more damaging. Not only does this allow
the attacker to flood the network with malicious
information, but also the processing and the routing of
these packets consumes a lot of energy. This injection of
malicious packets will eventually lead to latency in the
network. Therefore it is important to scan for malicious
packets to remove them in a timely and efficient manner.
This work is based on the concept of packet sampling [21,
34, 35]. In any packet sampling technique for intrusion
detection, a portion of the packets traversing through the
node is sampled and examined to ascertain whether the
packets are malicious or not. In IDS, typically, a thorough
scan of packet header is required. Therefore it is important
to associate an energy cost with this. We think, it is worth
emphasising that the sampling approach is not new to our
work – it has been used previously in different networking
problems, both not involving (e.g. [34 – 36]) and involving
(e.g. [17, 18, 37]) intrusion detection.
3.3 Need for a learning system
IDS can be modelled as a two-player game between the
attacker and the system. The attacker sends malicious
packets into the network. The system tries to detect and
remove them. On the one hand, the goal of the attacker is
to maximise the number of packets that go undetected by
the system. On the other hand, the goal of the system is to
minimise the number of malicious number of packets that
go undetected and thus maximising the number of detected
packets. In a real-life situation, both the players would be
constraint by some budget. For example, the attacker will
have some hardware constraints that limit the maximum
number of packets that can be sent within a given period of
time. The system also has constraints. Scanning and
sampling all the packets would result in a large processing
overhead. This processing overhead will not only waste
energy but also introduce latency into the network.
When we design the IDS, we associate a cost with
sampling of one packet. We define this cost as the cost of
thorough scan of packet header and any additional cost
(latency) involved in routing of the packet. Now, we can
associate a budget for this IDS. For example, a budget of
60 packets would mean that the complete examination
of the 60 packets will only result in an acceptable amount
of energy utilisation and any latency introduced will also be
377
& The Institution of Engineering and Technology 2010
www.ietdl.org
tolerable. The budget is not defined for the system as a whole,
but instead on a per node basis. In a WMN, the ad hoc wireless
nodes are heterogeneous and will have different budget.
The simplest solution to this game would be for the system
to sample continuously at its maximum budget. Even though
this will maximise the number of malicious packets that get
detected, it is not an efficient solution. Controlling the
sampling rate in an energy-efficient manner requires the
nodes to be self-learning in nature. Further, in the context of
WMN, the learning system employed should have low space
and time complexity. One such learning system is LA [18].
In our proposed algorithm, we design a simple LA-based
solution to efficiently control the packet sampling rate,
making it suitable for use in resource constrained WMN.
3.4 Need for a routing system
The LA discussed in the above section works independent of
the neighbouring nodes. Unlike other networks, such as
WSNs, WMNs are not strictly bound by battery life. This
provides us the flexibility of introducing some
communication overhead between the nodes. As already
mentioned in Section 3.1, there also exists a routing
component. This routing component is responsible for the
exchange of LA information between the nodes. The need
for this routing component can be explained using an example.
Let us consider the network configuration shown in Fig. 3.
Nodes A, B and C are neighbours. Node D is a neighbour of
node B. Nodes B and C are neighbours with E. Let us
assume that node A wishes to send data to E. In a typical
scenario, OLSR [16] would have already established a best
route. Let us say, the gateway for A to send to E is
B. OLSR will continue to use the route as long as it is
active. In IDS, all nodes are actively on the watch for any
attempts to intrude the network. If OLSR [16] continues
to send all the packets through the best route (A – B –E)
the resources on this path will get depleted and intrusion
detection will be difficult. Instead, we suggest balancing the
load on the IDS by choosing alternative paths (A – C –E).
We propose the maintenance of a table to store LA
information of neighbouring nodes. This new table and the
route selection algorithm are discussed in detail in Section 5.
Figure 3 Example of a wireless mesh network
378
& The Institution of Engineering and Technology 2010
4 SLSR – the learning component
4.1 Learning automata model
In Fig. 4, we present the proposed LA-based model for
intrusion detection in WMN.
Let us define the following parameters:
a: {a1 , a2 , . . . , ar} be the set of sampling rates in the system;
b: environment response set for an action ai;
n: the time instant of the automaton;
Z: reward constant (0 , Z , 1). Used in the reward function
discussed in Section 4.4;
Y: penalisation constant (0 , Y , 1). Used in the
penalisation function discussed in Section 4.5.
Also, we consider the following parameters:
MAX_RATE: The maximum allowed sampling rate for the
node. This value is dependent on the hardware capabilities of
the nodes. In a homogeneous network, all nodes will have the
same MAX_RATE. In a heterogeneous network, all nodes
need not have the same value of MAX_RATE. The higher
value of MAX_RATE signifies that the node is capable of
scanning more number of incoming packets within a time
period.
MIN_RATE: The minimum sampling rate at which the
nodes sample the network.
MAX_SESSION_BUDGET and step value (S): The
maximum session budget and the step value S are used to
make sure that the system performs in an energy-efficient
manner. The MAX_SESSION_BUDGET is the maximum
rate at which the node can sample during the next instant of
the automaton. The MAX_SESSION_BUDGET allows
the learning system to gradually adjust itself to the attack.
The MAX_SESSION_BUDGET is used and modified in
the resource allocator algorithm, which is discussed in detail
in Section 4.6. The step value (S) is also used in the
resource request algorithm. The step value is used along with
the MAX_SESSION_BUDGET to control the increase in
sampling rate.
Figure 4 Learning automata model for intrusion detection
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
doi: 10.1049/iet-ifs.2009.0196

Figure 5 Flowchart – LA component strategy
Penalty threshold (P): (0 , P , 1) It is used to measure the
system’s performance.
4.2 Sketch of the functionalities: system’s
strategy
Definition 1: Detection ratio is defined as the ratio between
the number of malicious packets detected and the number of
packets sampled.
The system’s strategy is shown in Fig. 5. In SLSR, each
node continuously samples its interface at a minimum
sampling budget. If malicious packets are found and the
Figure 6 SLSR – learning component
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389
doi: 10.1049/iet-ifs.2009.0196
www.ietdl.org
detection rate is higher than the penalty threshold, then the
sampling rate is increased. Sampling is again performed
with the new sampling rate. If the detection rate is still
high, the rate may be further increased. When the
detection rate reduces below the penalty threshold, the
sampling rate is reduced.
4.3 Learning component algorithm
The learning component algorithm is given in Fig. 6.
4.4 Reward function
The algorithm for reward function is given in Fig. 7. The
reward function is used to reduce the node’s sampling rate.
The reward function is called when the detection ratio is
lower than the penalty threshold, that is, the rate of
sampling the node uses was not yielding very energy-
efficient results. The function in turn ‘rewards’ the node by
reducing its rate. During the next instant, the node will
need to spend less energy onto the sampling process.
4.5 Penalisation function
The algorithm for penalisation function is given in Fig. 8.
The penalisation function is used to increase the node’s
sampling rate. The penalisation function is called when the
detection ratio is larger than the penalty threshold. This
signifies that the node detected a lot of malicious packets
passing through it. This could be because the attacker is
close to the node or the node lies on the best path taken by
the routing protocol. The high detection ratio signifies the
high probability of an attack in progress. In response to
this, the function increases the rate of sampling, so as to
detect more number of packets. This is called ‘penalisation’
because during the next instant, the node will need to
spend more energy onto the sampling process.
379
& The Institution of Engineering and Technology 2010
www.ietdl.org
Figure 7 SLSR – Algorithm for reward function
Figure 8 Algorithm for penalisation function
4.6 Resource allocator algorithm
Correctly predicting the nature of attack is an extremely
difficult problem. Conventional methods employed in
wired networks cannot be efficiently used in wireless
networks. In WMNs, the constantly changing environment
makes the problem worse. The learning system discussed
earlier tries to learn the characteristics of the attack in a
distributed manner. Although the routing component
shares information between the nodes, the shared
information is not used by the learning component. The
learning component may be, thus, vulnerable to bursty
traffic. If an attacker sends malicious packets is a bursty
manner, the nodes will suddenly increase and decrease
sampling rates. The sudden increase in sampling rates may
not result in more packets being caught and will also waste
a lot of energy.
In principle, increasing the sampling rate does not
guarantee that all the malicious packets are caught.
Increasing the sampling rate could also lead to lower
sampling efficiencies. In order to maintain efficiency, we
bound the value by which the sampling rate is allowed to
increase. This allows for a more moderate increase in
sampling rate. After each increase/decrease, the system
Figure 9 Resource request algorithm
380
& The Institution of Engineering and Technology 2010
checks whether it is profitable (detection rate . penalty
threshold) to increase the sampling budget. This allows the
system to make sure that it is performing in energy-
efficient manner. The algorithm for rate control is given
below in Fig. 9.
4.7 Evaluating the system’s performance
Compared to nodes in wired networks, the nodes in wireless
networks generally have lower processing capabilities.
Therefore it is not just important to associate a cost and a
budget with the sampling process, but also to measure the
efficiency with which the available budget will be used.
Sampling with the maximum available budget might result
in more malicious packets being detected. This is only true
when the network is under an attack. During other times,
monitoring for the malicious packets will prove to be very
expensive. Our solution is more cost effective by moderately
increasing the sample budget. Whenever the system feels
that the sampling process is not efficient, it reduces the rate.
When evaluating an IDS, we suggest that one should not
only consider the total number of malicious packets that the
network was able to successfully detect and remove, but also
the efficiency with which it performed this task. In a wireless
networks, this sampling efficiency is crucial.
Definition 2: Sampling efficiency is defined as the ratio
between the total number of malicious packets detected and
the total number of packets sampled during the duration of
the attack.
We have evaluated the performance of our protocol by not
just analysing the percentage of packets that were successfully
detected but also the efficiency with which it was detected.
5 SLSR – the routing component
5.1 LA-TABLE
The routing component maintains a table called LA-
TABLE. This table is used by the route selection
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
doi: 10.1049/iet-ifs.2009.0196

Figure 10 Blank LA-TABLE
Figure 11 LA STATUS frame format
algorithm given in Section 5.4. Sections 5.2 and 5.3 explain
how the LA-TABLE is updated. The template for the LA-
TABLE is shown in Fig. 10.
The fields in the LA-TABLE are explained below:
Neighbour address: The IP address of the neighbour node.
Balance budget: This field contains the balance sampling
budget for the neighbour node. This value is set when the
LA STATUS message (Section 5.2) is received and updated
when the LA UPDATE (Section 5.3) message is received.
SRATE: The sampling rate of the neighbouring node. This
value is set by the LA STATUS message.
LOAD: The sampling load being experienced by the
neighbouring node. The load of the neighbouring is
calculated and sent by the neighbour. The route selection
algorithm uses this to decide the next hop.
UpdateID: The update ID is used to differentiate between
the update messages sent by the neighbour nodes.
Tuple expiration time: The time when the tuple should
expire. This is normally set to one instant of the automaton.
5.2 LA STATUS packet
We wish to propose a new routing message called LA
STATUS. The frame format for LA STATUS is shown
Figure 12 Send LA STATUS
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389
doi: 10.1049/iet-ifs.2009.0196
www.ietdl.org
below in Fig. 11. The LA STATUS packet is sent out by a
node at the end of each instant of the automaton. The
purpose of this message is to inform the other nodes on
the new sampling rate being used by the node.
When a node receives an LA STATUS packet it assumes
that the sender node has just started the LA automaton
instant. The receiving node sets the ‘Tuple expiration time’
in the LA-TABLE to one instant of automation. The
proposed protocol does not require the any time/
‘automation instant’ synchronisation between the nodes.
The proposed protocol, however, requires that the time of
one instant of the automation to be the same. For example,
we have assumed in our simulations that the value of time
for one instant of the automation be equal to 60 s.
Definition 3: Sampling load is defined as the ratio between
the current rate of sampling and the maximum rate at which
the node is capable of sampling.
‘Sampling rate’ is the rate of sampling that will be used by
the node. ‘Sampling load’ is the relative load experienced by
the node. It is calculated as per the above definition.
‘Sampling load’ is used by the routing algorithm to
determine the next hop for an outgoing packet. ‘Address of
the node’ is the IP address of the node.
Below is the algorithm used to send a ‘LA STATUS’
message. The algorithm fills the LA STATUS packet
header with the required information. The packet is not
intended to be forwarded. For this, the hop count is set to
one (Fig. 12).
Upon receiving this message, the neighbouring nodes
update the LA-TABLE. The balance budget in the LA-
TABLE will be reset to the sampling rate specified in the
LA STATUS packet. The ‘Process LA STATUS’
algorithm is followed by the nodes, when a LA STATUS
packet is received (Fig. 13).
5.3 LA UPDATE packet
We propose a new routing message called LA UPDATE.
The frame format for LA UPDATE is shown below in
Fig. 14. The LA UPDATE packet is sent out by a node
during the instant of the automaton. For simulation
purposes, we considered that this packet is sent twice
during the instant of the automation. The purpose of this
381
& The Institution of Engineering and Technology 2010
www.ietdl.org
Figure 13 Process LA STATUS
Figure 14 LA UPDATE format
message is to inform other nodes on the amount of sampling
budget that is left in the node. This allows neighbour nodes
to be updated on the status of the LA component.
This message is particularly important in WMNs. This
message help in reducing problems caused due to hidden
node problems. Let us consider that two nodes A and B
want to send data through C. But each of them is a
neighbour to C, but are hidden from each other’s view.
From the LA STATUS message, both A and B would
have got information about the sampling rate being used at
node C. Both A and B will send packets to C assuming
that C will be able to sample them. The update message
allows C to keep its neighbours updated about its available
sampling budget. This way A and B will be better
informed about C’s available budget. Based on this
information, their routing algorithms may change its path
(Fig. 15).
5.4 Routing selection algorithm
The route selection algorithm is summarised in Fig. 16.
5.5 Theoretical characterisations
Lemma 1: The performance of the system is dependent on
the penalty threshold.
Proof: The LA algorithm for SLSR uses penalty threshold
to decide on whether to increase or decrease the system’s
sampling rate. If the detection ratio is greater than
the penalty threshold, then the rate is increased. If the
382
& The Institution of Engineering and Technology 2010
detection ratio is lesser than the penalty threshold then the
rate is decreased. A
If the system uses a low penalty threshold, the sampling
rate of the system will easily increase. Increasing the
sampling rate will result in higher probability of detection
of malicious packets. This will improve the detection rate at
the node.
If the system uses a high penalty threshold, the sampling
rate of the system will not increase very easily. In order to
do sampling of most of the packets, the routing component
will route the packets in such a way that its gets sampled.
The smaller sampling rate ensures that the sampling of the
packets is done is a very energy-efficient manner. The
routing algorithm distributes the sampling load among the
nodes in the network. Thus, the systems performance is
dependent on the penalty threshold.
Lemma 2: The sampling efficiency of the system is
dependent on the intensity of the attack.
Proof: Let the total number of packets that traverse through
a node (during an instant of automation) be T. Let the
number of malicious packets be M and the number of
legitimate packet be L. Now, T ¼ M + L
The probability of detecting a malicious packet during the
sampling process ¼ M/T. Therefore as the intensity of the
attack increases, the probability of detecting a malicious
packet increases. This will result in more malicious packets
being found per sampling and thus increases the sampling
efficiency. A
Lemma 3: The performance of the system is inversely
proportional to the rate at which the attacker is attacking at.
Proof: Let the attacker be injecting one packet every l
seconds. Let us now consider the first node that this packet
is traversing through. The budget for the node is designed
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
doi: 10.1049/iet-ifs.2009.0196

Figure 15 Algorithms to send and process LA status
for one instant of the automaton. For example, let one instant
of the automaton be a 60 s time period.
Now, the number of packets that the attacker inject during
one instant of the automaton is 60/l. The larger the value of
l, the smaller the number of packets received by the node.
The smaller the value of l, larger the number of packets
received by the node. In Lemma 2, we have already proved
the relation of the intensity of the attack and sampling
efficiency (or system’s performance). Thus, the system’s
Figure 16 Route selection algorithm
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389
doi: 10.1049/iet-ifs.2009.0196
www.ietdl.org
performance is inversely proportional to the rate at which
the attacker is attacking at. A
Lemma 4: The probability of detecting all the malicious
packets that traverse through the node is numerically equal
to (M! × (T 2 R)!/(M 2 R)! × T ).
Proof: Let the total number of packets passing through a
node (per instant of the automaton) be T. Let the number
of malicious packets be M.
383
& The Institution of Engineering and Technology 2010
www.ietdl.org

Assume that the system is sampling at a rate of R packets. Table 2 Experimental parameters for experiments 1 and 2
Now, the probability of detecting all the malicious packets
that passes through the node is given by Parameters Value
LA reward parameter 0.1
M
CR M! × (T − R)!
= LA penalisation parameter 0.7
TC
R (M − R)! × T !
penalty threshold 0.6
A MAX_RATE 20
MIN_RATE 5
6 Experimental evaluation
step value (S) 5
We simulated the proposed protocol using network simulator
3 (NS3) [38]. We have evaluated the proposed protocol’s no. of mesh nodes 25
performance with the performance of S-LAID [18]. We
have studied the effects of the various protocol parameters
order to ensure a fair comparison, OLSR was used during
on the protocol’s efficiency. The important simulation
the simulation of the S-LAID protocol. The parameters for
parameters set in NS3 are given in Table 1.
this experiment are given below in Table 2.

6.1 Experiment 1: performance We considered three different scenarios. In each scenario,

evaluation between SLSR and S-LAID
In this experiment, we studied the performance of the
proposed system with the existing S-LAID system [18].
Even though S-LAID was designed for WSNs, it is can be
employed on mesh networks also. In this experiment, we
have adapted the S-LAID protocol [18] for the WMN
scenario. Although comparison of a protocol designed for
sensor networks to a protocol designed for mesh networks
is not a recommended practice, we feel that this
comparison here is important. First, because this
experiment not only tests the performance of the SLSR
system with S-LAID [18], it also studies the impact of the
routing component in the IDS. S-LAID [18] was designed
so as to work irrespective of the routing protocol being
used. SLSR, on the other hand, is designed to work with
OLSR. Secondly, both the protocols are LA-based
protocols. We feel that the comparison of one self-learning
protocol with another is important.
we varied the number of malicious packets that the attacker
injected into the network and studied the percentage of
packets that the two protocols were able to successfully
detect and remove. The rate at which the attacker was
injecting packets was different in three scenarios. In the
first scenario, we considered that the attacker was sending
one packet every 0.4 s, that is, l ¼ 0.4. The result of this
simulation is shown in Fig. 17.
In the second scenario, we considered that the attacker was
sending packets every 0.5 s, that is, l ¼ 0.5 s. In the third
scenario, we again increased the value of l. This time we
considered that the attacker was sending packets every
0.8 s, that is, l ¼ 0.8 s. The result of this experiment is
important. From Fig. 17, we see that SLSR outperforms
S-LAID [18]. For example, at l ¼ 0.4 when the attacker
sent 250 packets, SLAID was able to detect 28% of
packets, whereas SLSR detected 37.2% of the packets.

Owing to the use of LA, SLSR and S-LAID [18] have

many similar parameters; for example, reward and
penalisation parameters and the penalty threshold. In our
experiment, while comparing S-LAID and SLSR,
common parameters were configured with the same values.
S-LAID works independent of the routing protocol, but in

Table 1 NS3 parameters

Parameters Value
channel helper YansWifiChannel Helper
channel propagation ns3::ConstantSpeedPropagation
delay DelayModel
physical medium YansWifiPhyHelper::Default
helper
MAC type AdhocWifiMac Figure 17 Performance of SLSR against SLAID when
l ¼ 0.4

384 IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
& The Institution of Engineering and Technology 2010 doi: 10.1049/iet-ifs.2009.0196
 www.ietdl.org

Also, at l ¼ 0.8, when the attacker sent 350 packets,

S-LAID [18] was able to detect 31%, whereas SLSR
detected 45% of the malicious packets sent. One of the
major reasons why SLSR was able to outperform SLAID
was because of its routing component. When a node is out
of energy to sample packets, its routing component tries to
find a route in such a way that the packet can get sampled.
This ensures that every packet gets thoroughly checked and
also better utilises the available sampling budget of the
other nodes which otherwise might not fall along OLSR’s
best route to destination.

If the sampling budget is very high or the number of

malicious packets sent is very small in number, then the
routing component may not surface out. But whenever the
attacker’s budget is high, the sampling budget of the node
will get exhausted and the routing component will come
into play. This is evident from Fig. 17. In all the three
figures, the performance of SLSR increases with increase in
number of packets that the attacker sent. For example, in
Fig. 17 we see that as the duration of the attack (attacker
sending more packets) increases, the performance of
S-LAID drops from 40% to 32%. On the other hand,
SLSR was unaffected by the increase in number of packets
being sent. SLSR maintained a detection rate close to 40%.
The gap between the performance of SLSR and S-LAID
is most evident when l was set to 0.8. As the number of
packets sent by the attacker increased beyond 300, the
SLSR started to detect around 15% more packets.
One more observation can be made. If the value of l
increases, the rate of detection increases. This has already
been proved earlier. We observe that in Fig. 17, the
SLSR’s average detection rate is between 30 and 40%. As l
increases to 0.5, SLSR’s average detection rate also
increases to between 40 and 50% of total malicious packets.
In Fig. 17, when l ¼ 0.8 then average detection rate lies
between 45 and 50% of total malicious packets.
6.2 Experiment 2: performance of
SLSR – effect of network size
Figure 18 Performance of SLSR when network size is 25
nodes
with 25 nodes caught 41.25% of malicious packets, whereas
the network with 50 nodes caught 82% of malicious packets.
The observation that the performance of the network
improves with an increase in l can be made in this
experiment also. In Fig. 19, we see that when the 300
packets were sent by the attacker, SLSR was able to detect
77% when l ¼ 0.5. When l increased to 0.8, the
performance also increased with 84% of packets being
caught. When the attacker attacked at an interval of 1 s,
SLSR caught 91% of the packets.
We observe that as the duration of the attack increases,
SLSR adjusted itself to capture more number of packets.
For example, in Fig. 18, when the number of packets sent
at l ¼ 0.8 is 100, SLSR caught 32% of the packets,
whereas when 700 packets were sent, SLSR caught 70% of
the packets.
6.3 Experiment 3: performance of
SLSR – study of sampling efficiency
of the network
In this experiment, we study the sampling efficiency of
the network varying the penalty threshold values. This

In this experiment, we aimed to study the impact of network

size on the performance of SLSR algorithm. We simulated
two scenarios with 25 and 50 nodes in the network.
Fig. 18 shows the percentage of malicious packets caught
against the number of malicious packets sent by the
attacker for different attack interval l rate when
the network consists of 25 nodes. Fig. 19 shows the
performance of the SLSR system with the varying number
of malicious packets sent by the attacker for various values
of l when the network consists of 50 nodes.

Comparing Figs. 18 and 19, we can notice that the

performance of SLSR improves with an increase in
network size. For example, when the attack interval was 0.5 Figure 19 Performance of SLSR when network size is 50
and 400 packets were sent by the attacker, the network nodes

IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389 385
doi: 10.1049/iet-ifs.2009.0196 & The Institution of Engineering and Technology 2010
www.ietdl.org

experiment was conducted in order to prove that the
proposed protocol distributes its load among all the nodes
and does so in an efficient manner. Figs. 20– 22 show the
sampling efficiency at nodes in the network when the
penalty threshold was set to 0.1, 0.5 and 0.9, respectively.
The parameters for this experiment are given below in
Table 3.
We observe from Fig. 20 that when the penalty threshold
is 0.1, very few nodes are able to sample at an efficiency
greater than 0.5. Only two nodes achieved sampling
efficiency above 0.75. From Fig. 21, we observe that setting
the penalty threshold to 0.5 resulted in more nodes
sampling at efficiencies above 0.5. In total, eight nodes are
sampled at efficiencies above 0.5.

Figure 20 Sampling efficiency of the network when penalty threshold is 0.1

Figure 21 Sampling efficiency of the network when penalty threshold is 0.5

Figure 22 Sampling efficiency of the network when penalty threshold is 0.9

386 IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
& The Institution of Engineering and Technology 2010 doi: 10.1049/iet-ifs.2009.0196
 www.ietdl.org

Table 3 Experimental parameters for experiment 3

Parameters Value
LA reward parameter 0.1
LA penalisation parameter 0.7
penalty threshold 0.6
MAX_RATE 20
MIN_RATE 5
step value (S) 5 Figure 23 Number of malicious packets detected against
MAX_RATE
no. of mesh nodes 40
L 0.5 6.5 Experiment 5: performance of
SLSR – varying step value (S)
The step value (S) plays an important role in the LA system.
Table 4 Experimental parameters for experiment 4 The step value controls the increase in LA sampling rate.
This experiment is designed to study the effect of step
Parameters Value
value on the performance of the SLSR protocol. The
LA reward parameter 0.1 parameters for this experiment are given below in Table 5.
LA penalisation parameter 0.7
Fig. 24 shows the performance of the SLSR protocol when
penalty threshold 0.6 the step value was varied. Theoretically, increase in step value
MIN_RATE MAX_RATE/4 will allow the LA component to suddenly increase its
sampling budget. This sudden increase will not be
step value (S) 5
no. of mesh nodes 40 Table 5 Experimental parameters for experiment 5
L 0.3 Parameters Value
LA reward parameter 0.1
LA penalisation parameter 0.7
From Fig. 22, we observe that setting the penalty threshold
to 0.9 resulted in two nodes sampling at full efficiency. A penalty threshold 0.6
total of eight nodes are sampled at efficiencies above 0.5. MAX_RATE 40
Out of this seven nodes maintained sampling efficiencies
above 0.6. MIN_RATE 10
step value (S) 5

6.4 Experiment 4: performance of no. of mesh nodes 40

SLSR – varying MAX_RATE L 0.3
MAX_RATE is the maximum rate at which a node is
capable of scanning. In this experiment, we evaluate the
effect of MAX_RATE on the performance of SLSR. In
this experiment, we study the performance of SLSR
varying the MAX_RATE of the node. The parameters for
this experiment are given below in Table 4.

We notice that as the MAX_RATE increases for the

node, the performance of SLSR increases. In Fig. 23, we
see that when the MAX_RATE was 10 packets, SLSR
detected only 49% of packets. On the other hand, when
the MAX_RATE was increased to 40 packets, SLSR
detected 72% of the packets that were injected. When
MAX_RATE was further increased to 80 packets, SLSR Figure 24 Number of malicious packets detected against
detected 91% of the malicious packets. step value

IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389 387
doi: 10.1049/iet-ifs.2009.0196 & The Institution of Engineering and Technology 2010
www.ietdl.org
beneficial if the attack is for a very short duration. But, if the
attacker plans to inject a lot of packets, the increase will be
beneficial for the network. But large increase in the rate is
not advisable, because this will lead to one node being
burdened with the sampling process. Also, increasing the
rate does not guarantee that more number of packets will
be detected. It only increases the probability of detection of
malicious packets.
We observe from Fig. 24 that increase in step value results in
an increase in performance. When S was 5, SLSR detected
432 packets out of the 600 packets sent by the attacker. On
the other hand, when S was set to 15, the SLSR detected
518 packets out of the 600 packets sent by the attacker.
Another observation that can be made is that the increase of
step value from 10 to 15 resulted only in 15 more packets
being detected. That is, in terms of percentage there was
only about 3% increase in detection rate. This shows that
the increase in sampling rate does not guarantee that all the
packets will be detected. This is because the additional
budget could be used in sampling legitimate network traffic.
7 Conclusions
In this paper, we proposed a simple link-state routing
protocol for intrusion detection in WMNs. The protocol
uses a mechanism of sampling packets. Each node is
assigned a sampling budget. The aim of the protocol is not
for each node to sample at full budget, but instead that
each node samples at a rate which is favourable to it and
the whole network. The routing protocol is designed to
distribute the sampling load among all the nodes in the
network. Each node in the network identifies and removes
malicious information from the network in an energy-
efficient manner. The routing protocol then routes the
packet in such a way that the packet during its traversal
through the network will be thoroughly checked. The
combined effort of all the nodes and the routing protocol
helps in removing most of the malicious packets from the
network. The nodes are self-learning in nature and the LA
is used to optimise the packet sampling efficiency in the
nodes. The results from the experiments show that the
system can successfully detect and remove malicious packets
from the WMN. We have compared the performance of
the proposed protocol with other LA-based protocols. The
performance of the proposed protocol has been found to be
satisfactory. The LA packet headers can be modified to
support IPv6 address. Since this change does not affect
functioning of the LA or the routing component, we feel
that simulations for this are not required.
In future, we intend to study the different scenarios
depicting WMNs and test our solution in real-life
environments. Further, the solution proposed in this paper
considers a generic WMN. In future, we plan to study the
behaviour of the proposed protocol in different application
domains characterised by different network conditions.
388
& The Institution of Engineering and Technology 2010
8 References
[1] SALEM N., HUBAUX J.-P.: ‘Securing wireless mesh networks’,
IEEE Wirel. Commun., 2006, 13, (2), pp. 50 – 55, doi:
10.1109/MWC.2006.1632480
[2] AKYILDIZ I., WANG X., WANG W.: ‘Wireless mesh networks:
a survey’, Comput. Netw., 2005, 47, (4), pp. 445 – 487,
doi: 10.1016/j.comnet.2004.12.001
[3] PING Y., TIANHAO T., NING L., YUE W., JIANQING M.: ‘Security in
wireless mesh networks: challenges and solutions’. Proc.
Sixth Int. Conf. on Information Technology: New
Generations, ITNG, 2009, pp. 423– 428
[4] GLASS S., PORTMANN M., MUTHUKKUMARASAMY V.: ‘Securing
wireless mesh networks’, IEEE Internet Comput., 2008, 12,
(4), pp. 30– 36, doi:10.1109/MIC.2008.85
[5] FERREIRA E.W.T., OLIVEIRA R.DE., CARRIJO G.A., BHARGAVA B.:
‘Intrusion detection in wireless mesh networks using a
hybrid approach’. 29th IEEE Int. Conf. on Distributed
Computing Systems Workshops, ICDCSW, 2009, pp. 451–454
[6] GAO M., TIAN J., LI K., WU H.: ‘Community intrusion
detection and pre-warning system based on wireless
mesh network’. 2008 IEEE Conf. Robotics, Automation and
Mechatronics, 2008, pp. 1066 – 1070
[7] ZHANG Z. , NAIT-ABDESSELAM F. , HO P.H., LIN X. : ‘RADAR:
a reputation-based scheme for detecting anomalous
nodes in wireless mesh networks’. Proc. WCNC, 2008,
pp. 2621 – 2626
[8] XUYANGA D., MINGYUA F., XIAOJUNA L., DAYONGA Z., JIAHAOA W.:
‘Multi-path based secure communication in wireless mesh
networks’, J. Syst. Eng. Electron., 2007, 18, (4), pp. 818– 824
[9] HAKAMI S., ZAIDI Z., LANDFELDT B., MOORS T.: ‘Detection and
identification of anomalies in wireless mesh networks
using principal component analysis (PCA)’. Proc. Int.
Symp. on Parallel Architectures, Algorithms, and Networks
(I-SPAN 2008), 2008, pp. 266– 271
[10] LI X.-Y., WU Y., WANG W.: ‘Stochastic security in wireless
mesh networks via saddle routing policy’. Proc. WASA,
2007, pp. 121 – 128
[11] LI Z., GARCIA-LUNA-ACEVES J.J.: ‘Non-interactive key
establishment in wireless mesh networks’ in ZHANG Y. ,
ZHENG J. , HU H. (EDS.) : ‘Security in wireless mesh networks’
(Auerbach, Boca Raton, FL, 2008)
[12] CHANDRASEKAR R., MISRA S., OBAIDAT M.S.: ‘FORK: a novel
strategy for an agent-based intrusion detection scheme in
mobile ad hoc networks’, Comput. Commun., 2008, 31,
(16), pp. 3855 – 3869
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
doi: 10.1049/iet-ifs.2009.0196

[13] CHANDRASEKAR R., OBAIDAT M.S., MISRA S., PEÑA-MORA F.: ‘A
secure data-centric scheme for group-based routing in
heterogeneous ad hoc sensor networks and its simulation
analysis’, SIMULATION: Trans. Soc. Model. Simul. Int.,
2008, 84, (23), pp. 131– 146
[14] LOO C. , NG M. , LECKIE C., PALANISWAMI M.:
‘Intrusion detection for routing attacks in sensor
networks’, Int. J. Distrib. Sens. Netw., 2006, 2, (4),
pp. 313– 332
[15] WANG Y., WANG X., XIE B., WANG D., AGRAWAL D.P.: ‘Intrusion
detection in homogeneous and heterogeneous wireless
sensor networks’, IEEE Trans. Mobile Comput., 2008, 7,
(6), pp. 698– 711
[16] CLAUSEN J.: ‘OLSR’. RFC 3626, http://www.ietf.org/rfc/
rfc3626.txt
[17] MISRA S. , ABRAHAM K.I. , OBAIDAT M.S., KRISHNA P.V.: ‘LAID:
a learning automata-based approach for intrusion
detection in wireless sensor networks’, Secur. Commun.
Netw., 2009, 2, (2), pp. 215 – 224
[18] MISRA S., KRISHNA P.V. , ABRAHAM K.I. : ‘S-LAID: a simple
learning automata-based solution for intrusion
detection in wireless sensor networks’. Communicated
to Wireless Communications and Mobile Computing
(WCMC), 2010
[19] FOURATI A., AGHA K.A.: ‘A shared secret-based algorithm
for securing the OLSR routing protocol’ (Springer
Telecommun Systems, 2006), pp. 213 – 226
[20] SHAMIR A. : ‘How to share a secret’, Commun. ACM,
1979, 22, (11), pp. 612– 613
[21] KODIALAM M., LAKSHMAN T.V.: ‘Detecting network intrusion
via sampling: a game theoretic approach’. Proc. IEEE
INFOCOM, 2003
[22] NARENDRA K.S., THATHACHAR M.A.L. : ‘Learning automata’
(Prentice-Hall, 1989)
[23] OOMMEN B.J. , MISRA S.: ‘Cybernetics and learning
automata’ in SHIMON N. (ED.) : ‘Handbook of automation’
(Springer, 2009), Ch. 12
[24] NICOPOLITIDIS P., PAPADIMITRIOU G.I., POMPORTSIS A.S.: ‘Using
learning automata for adaptive push-based data
broadcasting in asymmetric wireless environments’, IEEE
Trans. Veh. Technol., 2002, pp. 1652 – 1660
[25] BEIGY H. , MEYBODI M.R. : ‘Learning automata based
dynamic guard channel algorithms’, J. High Speed Netw.,
2009
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389
doi: 10.1049/iet-ifs.2009.0196
www.ietdl.org
[26] ESNAASHARI M., MEYBODI M.R.: ‘Data aggregation in sensor
networks using learning automata’, Wirel. Netw., 2009,
pp. 687– 699
[27] NICOPOLITIDIS P., PAPADIMITRIOU G.I., POMPORTSIS A.S.: ‘Learning
automata-based polling protocols for wireless LANs’, IEEE
Trans. Commun., 2003, 51, (3), pp. 453– 463
[28] PAPADIMITRIOU G.I., POMPORTSIS A.S.: ‘Self-adaptive TDMA
protocols for WDM star networks: a learning-automata-
based approach’, IEEE Photon. Technol. Lett., 1999, 11,
(10), pp. 1322 – 1325
[29] PAPADIMITRIOU G.I., MARITSAS D.G. : ‘Learning automata-
based receiver conflict avoidance algorithms for WDM
broadcast-and-select star networks’, IEEE/ACM Trans.
Network., 1996, 4, (3), pp. 407– 412
[30] MISRA S., MOHANTA D.: ‘Adaptive listen for energy-efficient
medium access control in wireless sensor networks’,
Multimedia Tools Appl., 2010, 47, (1), pp. 121–145
[31] MISRA S., KRISHNA P.V., ABRAHAM K.I.:: ‘An adaptive learning
scheme for medium access with channel reservation in
wireless networks’, Wirel. Pers. Commun., 2009, pp. 1–18
[32] MISRA S., OOMMEN B.J., YANAMANDRA S., OBAIDAT M.S.: ‘Random
early detection for congestion avoidance in wired networks:
the discretized pursuit learning-automata-like solution’, IEEE
Trans. Syst. Man Cybern. – Part B, 2010, 40, pp. 66–76
[33] MISRA S. , TIWARI V., OBAIDAT M.S.: ‘LACAS: learning
automata-based congestion avoidance scheme for
healthcare wireless sensor networks’, IEEE J. Sel. Areas
Commun., 2009, 27, (4), pp. 466 – 479
[34] AGAH A., DAS S.K., BASU K.: ‘A game theory based approach
for security in wireless sensor networks’. Proc. Int.
Performance Computing and Communications Conf.
(IPCC), Phoenix, AZ, April 2004
[35] BANERJEE S., GROSAN C., ABRAHAM A., MAHANTI P. :
‘Intrusion detection on sensor networks using emotional
ants’, Int. J. Appl. Sci. Comput., 2005, 12, (3), pp. 152– 173
[36] VOGT H. , RINGWALD M., STRASSER M.: ‘Intrusion
detection and failure recovery in sensor nodes’.
Tagungsband INFORMATIK 2005 Workshop Proc. LNCS,
Heidelberg, Germany, September 2005
[37] AVANCHA A., UNDERCOFFER J., JOSHI A., PINKSTON J.: ‘Security
for wireless sensor networks’ in ‘Wireless Sensor
Networks’ (Kluwer Academic Publishers, Norwell, Ch. 1,
pp. 253– 275
[38] NS3: Network Simulator 3, http://www.nsnam.org/
389
& The Institution of Engineering and Technology 2010