Professional Documents
Culture Documents
50 Adaptive Link-State Routing and Intrusion Detection in Wireless Mesh Networks
50 Adaptive Link-State Routing and Intrusion Detection in Wireless Mesh Networks
org
ISSN 1751-8709
Abstract: Security in wireless mesh networks (WMNs) has always been a major concern ever since the existence
of these networks. The open medium and the lack of physical security make the WMNs susceptible to various
kinds of attacks. This study addresses the problem of intrusion detection in WMNs. The authors propose a
routing protocol that is capable of detecting intrusions, while undertaking the tasks of routing in WMNs. The
authors base the routing tasks in the existing protocol on the existing optimised link-state routing protocol.
This protocol uses the sampling mechanism for the detection of malicious information in the network.
Concepts of learning automata have been introduced to optimise the sampling process. Two new frame
formats and its associated handling procedures have been developed. The authors evaluated the performance
of our protocol using network simulator 3. In the experiments performed, the highest achieved intrusion
detection rate with the proposed protocol was observed to be 94%.
374 IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
& The Institution of Engineering and Technology 2010 doi: 10.1049/iet-ifs.2009.0196
www.ietdl.org
communications using multipath communication. But it is threshold cryptography to verify the authenticity of the
very difficult to defend the WMN from various security messages. The use of Shamir’s k-share key-based
threats based on encryption methods only. Hakami et al. encryption [20] ensures that the security mechanism cannot
[9] proposed principal component analysis (PCA)-based be broken and make the solution attractive. But, the
anomaly detection for WMNs. An anomaly identification algorithm is computationally expensive. Fourati and Agha
scheme is discussed and it is used to detect packet flow [19] argued that the time delay in receiving the TC
inequalities. However, PCA is effective for wired networks message is within acceptable limits, but there is no mention
when compared with wireless networks. Li et al. [10] about the energy efficiency of this method.
proposed a multipath routing protocol to prevent attacks in
WMNs. The routing policy is designed based on game The following makes the algorithm in [19]
theory concepts. The main focus in their study was to computationally expensive. As it can be seen, the
improve the network throughput for WMNs when it is cryptographic techniques are not energy efficient. In this
under attack. approach [19], the TC messages are sent through a set of
selected trusted neighbours with K one hop neighbours
One of the crucial security problems is the detection of each signing the message with their respective portion of
potential intrusions into the network. There are several the share. For every TC message sent (time period 6 s), k
proposals for building intrusion detection systems (IDSs). nodes need to sign this message and this will require a lot
Recent literature addressing the problem of intrusion of processing power. The selection of trusted neighbours
detection and proposing different intrusion detection also requires some amount of processing power.
solutions include [11 – 16].
In addition to this, the source node sends a TC messages
The OLSR request for comment (RFC) [16] clearly states to ‘k ’ of its trusted neighbours. The trusted neighbours sign
the lack of security features in OLSR: ‘Currently, OLSR does the copy of the TC message and send it to the destination
not specify any special security measures. As a proactive node. The destination node, on receiving the source TC
routing protocol, OLSR makes a target for various attacks.’ message from k trusted nodes, can verify the integrity of
The various attacks that OLSR is vulnerable to are also the message. The destination node must receive k TC
discussed in RFC [16]. messages. Energy is not only consumed in signing of these
k TC messages by k different nodes, but also the
In one of our recent works [17], we suggested another destination node needs to decrypt and compare k messages
learning automata (LA)-based protocol for intrusion to authenticate and verify the contents of the TC message.
detection (LAID) in wireless sensor networks (WSNs). The public key of each node in the network needs to
LAID functions in a distributed manner, and the LA are flooded [19].
used to optimise the selection of routes on which sampling
has to be performed. The system, in essence, tries to The use of Shamir’s algorithm [20] makes this method
identify or approximate the location of the attacker and, secure, but the application of it to secure the TC messages
thus, catch the malicious packets sent by the attacker. We puts a serious load on the TC nodes involved. This load on
have further simplified the LAID protocol with a focus on the node is analogous to the maximum budget of a node
energy conservation and it is named as simple LA-based (MAX_RATE parameter) in simple link-state routing
protocol for intrusion detection (S-LAID) [18]. The (SLSR). Fourati and Agha [19] assumed that the nodes
S-LAID protocol considers each node in the network have enough energy to execute the encryption, decryption
individually and functions without any coordination and verification of the messages. This is similar to a
between the nodes. Each node in the network identifies situation where SLSR is run with a high system budget. In
and removes malicious information from the network in an Section 6.5, it can be seen that as MAX_RATE increases,
energy-efficient manner. the detection rate also increases. Secondly, Fourati and
Agha [19] assumed that all nodes are capable of executing
In our search for existing solutions for intrusion detection the protocol. In a real-life situation we cannot expect the
in WMNs, we found that most of the existing literatures nodes to be homogeneous. On the other hand, our
discuss specifically about intrusion detection in mobile protocol takes the heterogeneous nature into consideration
ad hoc networks (MANETs) and very few papers present and allows each node to be configured with a sampling
intrusion detection schemes specifically for WMNs [5 – 10] budget (MAX_RATE). Further, the routing components
and these proposals are very preliminary. A lot of research preference to route through nodes experiencing the least
has been done in the field of intrusion detection in load makes sure that the intrusion detection does not hurt
MANETs and again not many papers use OLSR as the any node. Also, Fourati and Agha [19] analysed the mean
base protocol. It is to be noted that MANET scenario can TC arrival delay due to the overhead of cryptographic
be extended to WMN scenario and thereby the protocol functions being introduced. Fourati and Agha [19] found
discussed in [19] is perfectly applicable within the WMN that as the size of the network increases, the delay in the
domain. Fourati and Agha [19] propose a modification to arrival of TC also increases. The increase in TC delay may
OLSR topology control (TC) messages by introducing result in incorrect routing information within the network.
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389 375
doi: 10.1049/iet-ifs.2009.0196 & The Institution of Engineering and Technology 2010
www.ietdl.org
As we will see in Experiment 2 in Section 6, the proposed Oommen and Misra [23]. Examples of applications of LA
protocol’s performance actually increases with the increase in the domain of networks include [24 – 33].
in size of network.
LA can be used for any optimisation problem. Over a The average penalty for the ‘pure-chance’ automaton is given
period of time, the automaton learns the characteristics of by [18]
the environment and identifies ‘optimal’ actions that can be
performed on the environment. A comprehensive overview
1 r
of LA can be found in the classic text by Narendra and M0 = c (2)
r i=1 i
Thathachar [22] and in the recent book chapter by
376 IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
& The Institution of Engineering and Technology 2010 doi: 10.1049/iet-ifs.2009.0196
www.ietdl.org
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389 377
doi: 10.1049/iet-ifs.2009.0196 & The Institution of Engineering and Technology 2010
www.ietdl.org
tolerable. The budget is not defined for the system as a whole, 4 SLSR – the learning component
but instead on a per node basis. In a WMN, the ad hoc wireless
nodes are heterogeneous and will have different budget. 4.1 Learning automata model
In Fig. 4, we present the proposed LA-based model for
The simplest solution to this game would be for the system
intrusion detection in WMN.
to sample continuously at its maximum budget. Even though
this will maximise the number of malicious packets that get
Let us define the following parameters:
detected, it is not an efficient solution. Controlling the
sampling rate in an energy-efficient manner requires the
a: {a1 , a2 , . . . , ar} be the set of sampling rates in the system;
nodes to be self-learning in nature. Further, in the context of
WMN, the learning system employed should have low space
b: environment response set for an action ai;
and time complexity. One such learning system is LA [18].
In our proposed algorithm, we design a simple LA-based
n: the time instant of the automaton;
solution to efficiently control the packet sampling rate,
making it suitable for use in resource constrained WMN.
Z: reward constant (0 , Z , 1). Used in the reward function
discussed in Section 4.4;
3.4 Need for a routing system
Y: penalisation constant (0 , Y , 1). Used in the
The LA discussed in the above section works independent of
penalisation function discussed in Section 4.5.
the neighbouring nodes. Unlike other networks, such as
WSNs, WMNs are not strictly bound by battery life. This
provides us the flexibility of introducing some Also, we consider the following parameters:
communication overhead between the nodes. As already
mentioned in Section 3.1, there also exists a routing MAX_RATE: The maximum allowed sampling rate for the
component. This routing component is responsible for the node. This value is dependent on the hardware capabilities of
exchange of LA information between the nodes. The need the nodes. In a homogeneous network, all nodes will have the
for this routing component can be explained using an example. same MAX_RATE. In a heterogeneous network, all nodes
need not have the same value of MAX_RATE. The higher
Let us consider the network configuration shown in Fig. 3. value of MAX_RATE signifies that the node is capable of
Nodes A, B and C are neighbours. Node D is a neighbour of scanning more number of incoming packets within a time
node B. Nodes B and C are neighbours with E. Let us period.
assume that node A wishes to send data to E. In a typical
scenario, OLSR [16] would have already established a best MIN_RATE: The minimum sampling rate at which the
route. Let us say, the gateway for A to send to E is nodes sample the network.
B. OLSR will continue to use the route as long as it is
active. In IDS, all nodes are actively on the watch for any MAX_SESSION_BUDGET and step value (S): The
attempts to intrude the network. If OLSR [16] continues maximum session budget and the step value S are used to
to send all the packets through the best route (A – B –E) make sure that the system performs in an energy-efficient
the resources on this path will get depleted and intrusion manner. The MAX_SESSION_BUDGET is the maximum
detection will be difficult. Instead, we suggest balancing the rate at which the node can sample during the next instant of
load on the IDS by choosing alternative paths (A – C –E). the automaton. The MAX_SESSION_BUDGET allows
the learning system to gradually adjust itself to the attack.
We propose the maintenance of a table to store LA The MAX_SESSION_BUDGET is used and modified in
information of neighbouring nodes. This new table and the the resource allocator algorithm, which is discussed in detail
route selection algorithm are discussed in detail in Section 5. in Section 4.6. The step value (S) is also used in the
resource request algorithm. The step value is used along with
the MAX_SESSION_BUDGET to control the increase in
sampling rate.
Figure 3 Example of a wireless mesh network Figure 4 Learning automata model for intrusion detection
378 IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
& The Institution of Engineering and Technology 2010 doi: 10.1049/iet-ifs.2009.0196
www.ietdl.org
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389 379
doi: 10.1049/iet-ifs.2009.0196 & The Institution of Engineering and Technology 2010
www.ietdl.org
Figure 7 SLSR – Algorithm for reward function 4.7 Evaluating the system’s performance
Compared to nodes in wired networks, the nodes in wireless
networks generally have lower processing capabilities.
Therefore it is not just important to associate a cost and a
budget with the sampling process, but also to measure the
efficiency with which the available budget will be used.
Sampling with the maximum available budget might result
Figure 8 Algorithm for penalisation function in more malicious packets being detected. This is only true
when the network is under an attack. During other times,
monitoring for the malicious packets will prove to be very
4.6 Resource allocator algorithm expensive. Our solution is more cost effective by moderately
Correctly predicting the nature of attack is an extremely increasing the sample budget. Whenever the system feels
difficult problem. Conventional methods employed in that the sampling process is not efficient, it reduces the rate.
wired networks cannot be efficiently used in wireless
networks. In WMNs, the constantly changing environment When evaluating an IDS, we suggest that one should not
makes the problem worse. The learning system discussed only consider the total number of malicious packets that the
earlier tries to learn the characteristics of the attack in a network was able to successfully detect and remove, but also
distributed manner. Although the routing component the efficiency with which it performed this task. In a wireless
shares information between the nodes, the shared networks, this sampling efficiency is crucial.
information is not used by the learning component. The
learning component may be, thus, vulnerable to bursty Definition 2: Sampling efficiency is defined as the ratio
traffic. If an attacker sends malicious packets is a bursty between the total number of malicious packets detected and
manner, the nodes will suddenly increase and decrease the total number of packets sampled during the duration of
sampling rates. The sudden increase in sampling rates may the attack.
not result in more packets being caught and will also waste
a lot of energy. We have evaluated the performance of our protocol by not
just analysing the percentage of packets that were successfully
In principle, increasing the sampling rate does not detected but also the efficiency with which it was detected.
guarantee that all the malicious packets are caught.
Increasing the sampling rate could also lead to lower 5 SLSR – the routing component
sampling efficiencies. In order to maintain efficiency, we
bound the value by which the sampling rate is allowed to 5.1 LA-TABLE
increase. This allows for a more moderate increase in The routing component maintains a table called LA-
sampling rate. After each increase/decrease, the system TABLE. This table is used by the route selection
380 IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
& The Institution of Engineering and Technology 2010 doi: 10.1049/iet-ifs.2009.0196
www.ietdl.org
LOAD: The sampling load being experienced by the Upon receiving this message, the neighbouring nodes
neighbouring node. The load of the neighbouring is update the LA-TABLE. The balance budget in the LA-
calculated and sent by the neighbour. The route selection TABLE will be reset to the sampling rate specified in the
algorithm uses this to decide the next hop. LA STATUS packet. The ‘Process LA STATUS’
algorithm is followed by the nodes, when a LA STATUS
UpdateID: The update ID is used to differentiate between packet is received (Fig. 13).
the update messages sent by the neighbour nodes.
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389 381
doi: 10.1049/iet-ifs.2009.0196 & The Institution of Engineering and Technology 2010
www.ietdl.org
382 IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
& The Institution of Engineering and Technology 2010 doi: 10.1049/iet-ifs.2009.0196
www.ietdl.org
for one instant of the automaton. For example, let one instant performance is inversely proportional to the rate at which
of the automaton be a 60 s time period. the attacker is attacking at. A
Now, the number of packets that the attacker inject during Lemma 4: The probability of detecting all the malicious
one instant of the automaton is 60/l. The larger the value of packets that traverse through the node is numerically equal
l, the smaller the number of packets received by the node. to (M! × (T 2 R)!/(M 2 R)! × T ).
The smaller the value of l, larger the number of packets
received by the node. In Lemma 2, we have already proved Proof: Let the total number of packets passing through a
the relation of the intensity of the attack and sampling node (per instant of the automaton) be T. Let the number
efficiency (or system’s performance). Thus, the system’s of malicious packets be M.
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389 383
doi: 10.1049/iet-ifs.2009.0196 & The Institution of Engineering and Technology 2010
www.ietdl.org
Assume that the system is sampling at a rate of R packets. Table 2 Experimental parameters for experiments 1 and 2
Now, the probability of detecting all the malicious packets
that passes through the node is given by Parameters Value
LA reward parameter 0.1
M
CR M! × (T − R)!
= LA penalisation parameter 0.7
TC
R (M − R)! × T !
penalty threshold 0.6
A MAX_RATE 20
MIN_RATE 5
6 Experimental evaluation
step value (S) 5
We simulated the proposed protocol using network simulator
3 (NS3) [38]. We have evaluated the proposed protocol’s no. of mesh nodes 25
performance with the performance of S-LAID [18]. We
have studied the effects of the various protocol parameters
order to ensure a fair comparison, OLSR was used during
on the protocol’s efficiency. The important simulation
the simulation of the S-LAID protocol. The parameters for
parameters set in NS3 are given in Table 1.
this experiment are given below in Table 2.
Parameters Value
channel helper YansWifiChannel Helper
channel propagation ns3::ConstantSpeedPropagation
delay DelayModel
physical medium YansWifiPhyHelper::Default
helper
MAC type AdhocWifiMac Figure 17 Performance of SLSR against SLAID when
l ¼ 0.4
384 IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
& The Institution of Engineering and Technology 2010 doi: 10.1049/iet-ifs.2009.0196
www.ietdl.org
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389 385
doi: 10.1049/iet-ifs.2009.0196 & The Institution of Engineering and Technology 2010
www.ietdl.org
experiment was conducted in order to prove that the We observe from Fig. 20 that when the penalty threshold
proposed protocol distributes its load among all the nodes is 0.1, very few nodes are able to sample at an efficiency
and does so in an efficient manner. Figs. 20– 22 show the greater than 0.5. Only two nodes achieved sampling
sampling efficiency at nodes in the network when the efficiency above 0.75. From Fig. 21, we observe that setting
penalty threshold was set to 0.1, 0.5 and 0.9, respectively. the penalty threshold to 0.5 resulted in more nodes
The parameters for this experiment are given below in sampling at efficiencies above 0.5. In total, eight nodes are
Table 3. sampled at efficiencies above 0.5.
386 IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
& The Institution of Engineering and Technology 2010 doi: 10.1049/iet-ifs.2009.0196
www.ietdl.org
Parameters Value
LA reward parameter 0.1
LA penalisation parameter 0.7
penalty threshold 0.6
MAX_RATE 20
MIN_RATE 5
step value (S) 5 Figure 23 Number of malicious packets detected against
MAX_RATE
no. of mesh nodes 40
L 0.5 6.5 Experiment 5: performance of
SLSR – varying step value (S)
The step value (S) plays an important role in the LA system.
Table 4 Experimental parameters for experiment 4 The step value controls the increase in LA sampling rate.
This experiment is designed to study the effect of step
Parameters Value
value on the performance of the SLSR protocol. The
LA reward parameter 0.1 parameters for this experiment are given below in Table 5.
LA penalisation parameter 0.7
Fig. 24 shows the performance of the SLSR protocol when
penalty threshold 0.6 the step value was varied. Theoretically, increase in step value
MIN_RATE MAX_RATE/4 will allow the LA component to suddenly increase its
sampling budget. This sudden increase will not be
step value (S) 5
no. of mesh nodes 40 Table 5 Experimental parameters for experiment 5
L 0.3 Parameters Value
LA reward parameter 0.1
LA penalisation parameter 0.7
From Fig. 22, we observe that setting the penalty threshold
to 0.9 resulted in two nodes sampling at full efficiency. A penalty threshold 0.6
total of eight nodes are sampled at efficiencies above 0.5. MAX_RATE 40
Out of this seven nodes maintained sampling efficiencies
above 0.6. MIN_RATE 10
step value (S) 5
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389 387
doi: 10.1049/iet-ifs.2009.0196 & The Institution of Engineering and Technology 2010
www.ietdl.org
beneficial if the attack is for a very short duration. But, if the 8 References
attacker plans to inject a lot of packets, the increase will be
beneficial for the network. But large increase in the rate is [1] SALEM N., HUBAUX J.-P.: ‘Securing wireless mesh networks’,
not advisable, because this will lead to one node being IEEE Wirel. Commun., 2006, 13, (2), pp. 50 – 55, doi:
burdened with the sampling process. Also, increasing the 10.1109/MWC.2006.1632480
rate does not guarantee that more number of packets will
be detected. It only increases the probability of detection of [2] AKYILDIZ I., WANG X., WANG W.: ‘Wireless mesh networks:
malicious packets. a survey’, Comput. Netw., 2005, 47, (4), pp. 445 – 487,
doi: 10.1016/j.comnet.2004.12.001
We observe from Fig. 24 that increase in step value results in
an increase in performance. When S was 5, SLSR detected [3] PING Y., TIANHAO T., NING L., YUE W., JIANQING M.: ‘Security in
432 packets out of the 600 packets sent by the attacker. On wireless mesh networks: challenges and solutions’. Proc.
the other hand, when S was set to 15, the SLSR detected Sixth Int. Conf. on Information Technology: New
518 packets out of the 600 packets sent by the attacker. Generations, ITNG, 2009, pp. 423– 428
Another observation that can be made is that the increase of
step value from 10 to 15 resulted only in 15 more packets [4] GLASS S., PORTMANN M., MUTHUKKUMARASAMY V.: ‘Securing
being detected. That is, in terms of percentage there was wireless mesh networks’, IEEE Internet Comput., 2008, 12,
only about 3% increase in detection rate. This shows that (4), pp. 30– 36, doi:10.1109/MIC.2008.85
the increase in sampling rate does not guarantee that all the
packets will be detected. This is because the additional [5] FERREIRA E.W.T., OLIVEIRA R.DE., CARRIJO G.A., BHARGAVA B.:
budget could be used in sampling legitimate network traffic. ‘Intrusion detection in wireless mesh networks using a
hybrid approach’. 29th IEEE Int. Conf. on Distributed
Computing Systems Workshops, ICDCSW, 2009, pp. 451–454
7 Conclusions
In this paper, we proposed a simple link-state routing [6] GAO M., TIAN J., LI K., WU H.: ‘Community intrusion
protocol for intrusion detection in WMNs. The protocol detection and pre-warning system based on wireless
uses a mechanism of sampling packets. Each node is mesh network’. 2008 IEEE Conf. Robotics, Automation and
assigned a sampling budget. The aim of the protocol is not Mechatronics, 2008, pp. 1066 – 1070
for each node to sample at full budget, but instead that
each node samples at a rate which is favourable to it and [7] ZHANG Z. , NAIT-ABDESSELAM F. , HO P.H., LIN X. : ‘RADAR:
the whole network. The routing protocol is designed to a reputation-based scheme for detecting anomalous
distribute the sampling load among all the nodes in the nodes in wireless mesh networks’. Proc. WCNC, 2008,
network. Each node in the network identifies and removes pp. 2621 – 2626
malicious information from the network in an energy-
efficient manner. The routing protocol then routes the [8] XUYANGA D., MINGYUA F., XIAOJUNA L., DAYONGA Z., JIAHAOA W.:
packet in such a way that the packet during its traversal ‘Multi-path based secure communication in wireless mesh
through the network will be thoroughly checked. The networks’, J. Syst. Eng. Electron., 2007, 18, (4), pp. 818– 824
combined effort of all the nodes and the routing protocol
helps in removing most of the malicious packets from the [9] HAKAMI S., ZAIDI Z., LANDFELDT B., MOORS T.: ‘Detection and
network. The nodes are self-learning in nature and the LA identification of anomalies in wireless mesh networks
is used to optimise the packet sampling efficiency in the using principal component analysis (PCA)’. Proc. Int.
nodes. The results from the experiments show that the Symp. on Parallel Architectures, Algorithms, and Networks
system can successfully detect and remove malicious packets (I-SPAN 2008), 2008, pp. 266– 271
from the WMN. We have compared the performance of
the proposed protocol with other LA-based protocols. The [10] LI X.-Y., WU Y., WANG W.: ‘Stochastic security in wireless
performance of the proposed protocol has been found to be mesh networks via saddle routing policy’. Proc. WASA,
satisfactory. The LA packet headers can be modified to 2007, pp. 121 – 128
support IPv6 address. Since this change does not affect
functioning of the LA or the routing component, we feel [11] LI Z., GARCIA-LUNA-ACEVES J.J.: ‘Non-interactive key
that simulations for this are not required. establishment in wireless mesh networks’ in ZHANG Y. ,
ZHENG J. , HU H. (EDS.) : ‘Security in wireless mesh networks’
In future, we intend to study the different scenarios (Auerbach, Boca Raton, FL, 2008)
depicting WMNs and test our solution in real-life
environments. Further, the solution proposed in this paper [12] CHANDRASEKAR R., MISRA S., OBAIDAT M.S.: ‘FORK: a novel
considers a generic WMN. In future, we plan to study the strategy for an agent-based intrusion detection scheme in
behaviour of the proposed protocol in different application mobile ad hoc networks’, Comput. Commun., 2008, 31,
domains characterised by different network conditions. (16), pp. 3855 – 3869
388 IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374– 389
& The Institution of Engineering and Technology 2010 doi: 10.1049/iet-ifs.2009.0196
www.ietdl.org
[13] CHANDRASEKAR R., OBAIDAT M.S., MISRA S., PEÑA-MORA F.: ‘A [26] ESNAASHARI M., MEYBODI M.R.: ‘Data aggregation in sensor
secure data-centric scheme for group-based routing in networks using learning automata’, Wirel. Netw., 2009,
heterogeneous ad hoc sensor networks and its simulation pp. 687– 699
analysis’, SIMULATION: Trans. Soc. Model. Simul. Int.,
2008, 84, (23), pp. 131– 146 [27] NICOPOLITIDIS P., PAPADIMITRIOU G.I., POMPORTSIS A.S.: ‘Learning
automata-based polling protocols for wireless LANs’, IEEE
[14] LOO C. , NG M. , LECKIE C., PALANISWAMI M.: Trans. Commun., 2003, 51, (3), pp. 453– 463
‘Intrusion detection for routing attacks in sensor
networks’, Int. J. Distrib. Sens. Netw., 2006, 2, (4), [28] PAPADIMITRIOU G.I., POMPORTSIS A.S.: ‘Self-adaptive TDMA
pp. 313– 332 protocols for WDM star networks: a learning-automata-
based approach’, IEEE Photon. Technol. Lett., 1999, 11,
[15] WANG Y., WANG X., XIE B., WANG D., AGRAWAL D.P.: ‘Intrusion (10), pp. 1322 – 1325
detection in homogeneous and heterogeneous wireless
sensor networks’, IEEE Trans. Mobile Comput., 2008, 7, [29] PAPADIMITRIOU G.I., MARITSAS D.G. : ‘Learning automata-
(6), pp. 698– 711 based receiver conflict avoidance algorithms for WDM
broadcast-and-select star networks’, IEEE/ACM Trans.
[16] CLAUSEN J.: ‘OLSR’. RFC 3626, http://www.ietf.org/rfc/ Network., 1996, 4, (3), pp. 407– 412
rfc3626.txt
[30] MISRA S., MOHANTA D.: ‘Adaptive listen for energy-efficient
[17] MISRA S. , ABRAHAM K.I. , OBAIDAT M.S., KRISHNA P.V.: ‘LAID: medium access control in wireless sensor networks’,
a learning automata-based approach for intrusion Multimedia Tools Appl., 2010, 47, (1), pp. 121–145
detection in wireless sensor networks’, Secur. Commun.
Netw., 2009, 2, (2), pp. 215 – 224 [31] MISRA S., KRISHNA P.V., ABRAHAM K.I.:: ‘An adaptive learning
scheme for medium access with channel reservation in
[18] MISRA S., KRISHNA P.V. , ABRAHAM K.I. : ‘S-LAID: a simple wireless networks’, Wirel. Pers. Commun., 2009, pp. 1–18
learning automata-based solution for intrusion
detection in wireless sensor networks’. Communicated [32] MISRA S., OOMMEN B.J., YANAMANDRA S., OBAIDAT M.S.: ‘Random
to Wireless Communications and Mobile Computing early detection for congestion avoidance in wired networks:
(WCMC), 2010 the discretized pursuit learning-automata-like solution’, IEEE
Trans. Syst. Man Cybern. – Part B, 2010, 40, pp. 66–76
[19] FOURATI A., AGHA K.A.: ‘A shared secret-based algorithm
for securing the OLSR routing protocol’ (Springer [33] MISRA S. , TIWARI V., OBAIDAT M.S.: ‘LACAS: learning
Telecommun Systems, 2006), pp. 213 – 226 automata-based congestion avoidance scheme for
healthcare wireless sensor networks’, IEEE J. Sel. Areas
[20] SHAMIR A. : ‘How to share a secret’, Commun. ACM, Commun., 2009, 27, (4), pp. 466 – 479
1979, 22, (11), pp. 612– 613
[34] AGAH A., DAS S.K., BASU K.: ‘A game theory based approach
[21] KODIALAM M., LAKSHMAN T.V.: ‘Detecting network intrusion for security in wireless sensor networks’. Proc. Int.
via sampling: a game theoretic approach’. Proc. IEEE Performance Computing and Communications Conf.
INFOCOM, 2003 (IPCC), Phoenix, AZ, April 2004
[22] NARENDRA K.S., THATHACHAR M.A.L. : ‘Learning automata’ [35] BANERJEE S., GROSAN C., ABRAHAM A., MAHANTI P. :
(Prentice-Hall, 1989) ‘Intrusion detection on sensor networks using emotional
ants’, Int. J. Appl. Sci. Comput., 2005, 12, (3), pp. 152– 173
[23] OOMMEN B.J. , MISRA S.: ‘Cybernetics and learning
automata’ in SHIMON N. (ED.) : ‘Handbook of automation’ [36] VOGT H. , RINGWALD M., STRASSER M.: ‘Intrusion
(Springer, 2009), Ch. 12 detection and failure recovery in sensor nodes’.
Tagungsband INFORMATIK 2005 Workshop Proc. LNCS,
[24] NICOPOLITIDIS P., PAPADIMITRIOU G.I., POMPORTSIS A.S.: ‘Using Heidelberg, Germany, September 2005
learning automata for adaptive push-based data
broadcasting in asymmetric wireless environments’, IEEE [37] AVANCHA A., UNDERCOFFER J., JOSHI A., PINKSTON J.: ‘Security
Trans. Veh. Technol., 2002, pp. 1652 – 1660 for wireless sensor networks’ in ‘Wireless Sensor
Networks’ (Kluwer Academic Publishers, Norwell, Ch. 1,
[25] BEIGY H. , MEYBODI M.R. : ‘Learning automata based pp. 253– 275
dynamic guard channel algorithms’, J. High Speed Netw.,
2009 [38] NS3: Network Simulator 3, http://www.nsnam.org/
IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 374 – 389 389
doi: 10.1049/iet-ifs.2009.0196 & The Institution of Engineering and Technology 2010