Professional Documents
Culture Documents
無線網狀網路入侵檢測系統的設計與分析
無線網狀網路入侵檢測系統的設計與分析
A R T I C L E I N F O A B S T R A C T
Keywords: Intrusion is any unwanted activity that can disrupt the normal functions of wired or wireless networks. Wireless
Wireless mesh networking technology has been pivotal in providing an affordable means to deploy a network and allow
Mesh network omnipresent access to users on the Internet. A multitude of emerging public services rely on the widespread, high-
Intrusion detection
speed, and inexpensive connectivity provided by such networks. The absence of a centralized network infra-
Cross-layer
Security
structure and open shared medium makes WMNs particularly susceptible to malevolent attacks, especially in
multihop networks. Hence, it is becoming increasingly important to ensure privacy, security, and resilience when
designing such networks. An effective method to detect possible internal and external attack vectors is to use an
intrusion detection system. Although many Intrusion Detection Systems (IDSs) were proposed for Wireless Mesh
Networks (WMNs), they can only detect intrusions in a particular layer. Because WMNs are vulnerable to
multilayer security attacks, a cross-layer IDS are required to detect and respond to such attacks. In this study, we
analyzed cross-layer IDS options in WMN environments. The main objective was to understand how such schemes
detect security attacks at several OSI layers. The suggested IDS is verified in many scenarios, and the experimental
results show its efficiency.
https://doi.org/10.1016/j.dcan.2022.05.013
Received 2 July 2020; Received in revised form 13 May 2022; Accepted 17 May 2022
Available online 21 May 2022
2352-8648/© 2022 Chongqing University of Posts and Telecommunications. Publishing Services by Elsevier B.V. on behalf of KeAi Communications Co. Ltd. This is an
open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).
F.S. Al-Anzi Digital Communications and Networks 8 (2022) 1068–1076
WMNs. Regarding network security, an IDS does not provide primary classification and detection, along with the type of deviation, which is
defense against security attacks; it is rather passive in nature and better based on an attack database; this IDS relies heavily on classification and
provides a secondary line of defense. As the name suggests, IDSs can only detection. When an intrusion is detected, all the neighboring nodes
detect ongoing security attacks by raising a specified alarm to inform the within the transmission range are alerted. The proposed IDS was sub-
appropriate users. Two main classes of IDSs are used in practice: one class jected to various security attacks in variable scenarios. The proposed
of IDSs, i.e., rule-based IDs (signature-based IDs) uses is acquired from a methodology was concluded to be highly efficient in detecting countless
catalog of existing attack signatures for intrusion detection. The other attacks. The rest of the paper is organized as follows. In section 2, the
class, i.e., anomaly-based IDs, tracks the network pattern and tags de- related works on different IDSs are analyzed with emphasis on cross-
viations from said pattern as a potential attack [4–10,11]. One may also layer-based IDSs. Section 3 delves into the possibility of introducing a
observe a third kind of IDS when categorized based on the proposed secure routing protocol along with the proposed IDS. This protocol helps
detection methodology. In this case specific behavior of programs are preserve the security and privacy of the WMN. Section 4 presents a
tagged to identify abnormal activities; known as Specification based IDS. detailed evaluation of the design and performance of the proposed IDS.
Whilst considering the OSI layer that an IDS impacts; a majority of most Section 5 addresses different types of attacks that are not detected by the
related studies focuses on the network layer followed by MAC Layer and proposed IDS. Section 6 concludes the paper and explores future
therein physical layer. Therefore, they may be classified into single layer, possibilities.
cross-layer, reputation-based and reputation based cross-layer IDS [7].
2. Literature review
1.3. Single-layer vs cross-layer IDSs
Network security has become one of the primary research subjects
Single-layer IDSs exclusively focus on a specific layer, i.e., a physical with the emergence of multihop wireless networks emerges in the mar-
layer, MAC layer, or network layer; however, they have some demerits. A ket. IDS design has a long history, and it is one of the classic approaches
dedicated IDS for each layer could result in redundant deductions that for ensuring network security. Traditionally, IDSs are intended to detect
may to be inefficient, particularly if resources are constrained. Another network layer anomalies, and hence, they function at the network layer.
disadvantage is that the single-layer IDS may find it difficult to adapt Multihop wireless networks can realize disseminated operations and are
more complex attacks that trigger behaviors(recognizable patterns) on susceptible to attacks at different OSI layers, such as the network,
different layers [1,8,12–16]. Although such IDSs are adept at detecting transport, physical, data-linking, and application layers [18–25]. To
an extensive array of security attacks on a certain layer, they cannot monitor and analyze security attacks at multiple layers, cross-layer IDSs
detect intrusions in other layers. Therefore, a cross-layer methodology is are gaining importance owing to their unique feature of multilayer-attack
adopted in WMNs to detect multilayer security outbreaks for identifying detection. A wide range of IDSs has been proposed. For example, Xiao
the attack and triggering an alert [17]. In the aforesaid method, different et al. provided a cross-layer solution that catered to multihop networks
parameters from multiple layers are considered for better decision [9]. The mechanism is efficient for detecting multilayer anomalies;
making. Similarly, cross-layer mechanisms are highly effective for however, the exchange of many parameters may lead to high resource
monitoring multiple layers, enabling them to detect anomalies and se- consumption. A real-time detection solution was proposed by Khan et al.;
curity attacks on various layers. Their scheme had a cross-layer design and targeted WMNs [10,26]. The
Single-layer IDSs can detect intrusions in a single layer. For example, mechanism exchanges parameters between the MAC and network layers
an IDS designed for network-layer can only detect network layer security to detect different attacks. It also maintains three profiles to categorize
attacks, such as routing loops, packet misdirection, black-hole attack, and the severity of an attack. Although this mechanism has a high detection
gray-hole attack etc. rate; it can only detect flooding attacks. Regarding distributed ad hoc
Although multilayer IDSs operates and exchange information on networks, the cross-layer IDS was conceived by Thamilarasu et al. [12].
multiple layers and can detect multilayer security attacks such as the In this scheme, intrusion detection is divided into two levels of detection,
following: namely, level 1 and level 2. Malicious activities are detected via infor-
mation exchange between the network and data-linking layers. It is a
1. MAC spoofing at the media access layer highly efficient mechanism to detect attacks such as packet drop or
2. Black-hole, gray-hole, routing loop attacks at the network layer packet misdirection. However, despite the cross-layer information ex-
3. Session hijacking at the session layer change, this scheme can only detect attacks in network layer. The same
4. Sync flooding at transport layer authors devised another cross-layer security mechanism for detectings
jamming attacks [13]. This mechanism uses cross-layer methodology for
Single-layer IDSs detects anomalies in a particular layer. Because detecting jamming attacks only, but it is not feasible for
different threats may exist in different layers, single-layer detection resource-constrained networks. An anomaly-based detection method for
model is inefficient. Therefore, we need a multilayer IDS for detecting WMNs is defined by Wang et al. [14]. This method can also be regarded a
anomalies and intrusions in different layers. Anomalies in each layer are cross-layer-based anomaly detection method. In this research, a proto-
detected using different parameters for different layers. The multilayer type was designed, and information exchange was implemented between
IDSs consider all these parameters to detect anomalies in different layers. the network and data-linking layers. The information exchange was
The design and implementation of the single-layer IDS is simpler than categorized as cross-layered in nature and the performance of this
that of the multilayer IDS, because the former operates on a single layer method was compared to that of a single-layer IDS. The cross-layer IDS
and takes and computes parameters from that layer only. However, the has better detection and response rates than the single-layer IDS. An
design of the multilayer IDS is more complex because it takes and com- alternative cross-layer-based IDS was suggested by Liu et al. that works in
putes parameters from multiple layers and then uses them for decision tandem with data-mining methods. In this technique, a specific set of
making, which is a complex task. features that facilitate the discovery of attacks present within a hop range
In this study, we propose an intrusion detection framework based on a was categorized [15]. The literature reports certain mechanisms for se-
cross-layer design in a wireless mesh context to improve the detection curity in the form of Watchdog/Pathrater protocols [10,27–29]. Using
rate of the IDS. First, it is important to comprehend how such techniques such protocols, a secure path is selected. The said path is extremely
identify security intrusions across several OSI layers. The proposed IDS proficient in detecting attacks at the network layer. CONFIDANT [30] is
maintains a normal profile, which records typical behaviors of several also a security solution used to spot activities and anomalous behavior of
parameters on every specified interval. When it detects a deviation from neighbors. TIARA [31] reports any broken paths and ensures the
the normal behavior, it sends this information to the module in charge of encryption of key packets. The above [27–31] security mechanisms were
1069
F.S. Al-Anzi Digital Communications and Networks 8 (2022) 1068–1076
devised only for routing attacks. In this study, a cross-layer-detection transmission nodes to dynamically choose the next stage with the largest
system is defined. The key to this mechanism lies in the exchange of bandwidth available to resume communication.
parameters between the network and MAC layers, thus providing a Bluetooth Low Energy (BLE) mesh networks are gaining attraction as
multilayer and broad-spectrum defense to counter multiple attacks for a revolutionary short-burst communication protocol. While typical
ensuring security. Experimental results of the proposed scheme demon- cryptographic techniques ensure communication security, little work has
strated the detection of multilayer attacks. been done to effectively secure the entire network in the event of attacks
Eavesdropping is a common passive threat in wireless Ad Hoc Net- aimed at compromising its integrity. Although numerous network risk-
works (AHNets), that constitute the Internet of Vehicles (IOVs). While assessment and mitigation approaches are now available, they
many malicious attacks commonly track eavesdropping actions, the frequently require a large volume of information from authorized and
AHNets’ eavesdropping protection has attracted attention. However, malicious situations to distinguish between the two situations, thereby
several recent investigations solely focused on employing encryption often necessitating a complete explanation of the traffic passing across
methods to either mitigate eavesdropping operations or safeguard com- the network. In addition, freely accessible datasets are not available for
munications between a sender and receiver (also known as good nodes). BLE mesh networks at this level due to the standard's infancy and lack of
Surprisingly, few studies explored the eavesdropping activities of rogue particular implementation tools. To generate a secure wireless assess-
nodes. Li et al. [32] presented an analytical framework for modeling ment mechanism suitable for BLE, Lacava et al. [35] recommended an
eavesdropping threats in wireless networks that considers channel cir- IDS based on machine learning techniques such as pattern recognition
cumstances and antenna designs. The analytical and experimental results and classification of the most common DoS attacks negatively impacting
agree well, implying that the eavesdropping actions of eavesdroppers can this type of network. Their IDS works on a single internal node and thus
be effectively approximated using the proposed analytical techniques. requires a limited amount of information for operation. Furthermore,
Furthermore, their findings suggest that whenever the impact of route they described their data collecting system based on ESP32, which en-
attenuation is small, aiming at directional antennas targeting eaves- ables the gathering of packets from the network and model levels of the
droppers may increase the possibility of eavesdropping attacks. BLE mesh stack and performed a set of tests to gather the data needed to
Furthermore, when the influence of such route loss grows significantly, train the IDS.
employing directional antennas at eavesdroppers can minimize the Xu et al. [36] conducted a study on a QoS-aware safe routing archi-
chance of eavesdropping attempts. They discovered that the unpredict- tecture for a multihop wireless network with authentic nodes, malevolent
ability introduced by the shadow-fading effect can increase the likeli- eavesdroppers, and selfish jammers associated with physical layer secu-
hood of eavesdropping attempts. The research presented in this paper rity technologies. They first performed theoretical modeling for a specific
prepares the ground for future attempts at avoiding eavesdropping. path to show the effects of the transmission power of authentic nodes
An innovative strategy against eavesdropping attacks is to divide the along the route and the jamming strength of jammers in the network on
traffic packets from one stream into different network pathways. This the end-to-end security/QoS effectiveness. Subsequently, they devised a
approach can make successful eavesdropping more challenging. How- noncooperative game framework to address the problem of jamming
ever, because of the varied network parameters, routing traffic packets power setting and an incentive mechanism to encourage jammers to
across various networks generates a severe out-of-order issue. Further- generate artificial jamming for security purposes. Xu et al. [37] investi-
more, the issue creates a hurdle for aggregating bandwidth across several gated a common decentralized IoT situation with peer genuine gadgets,
network paths. It causes inefficient use of the bandwidth resources of eavesdroppers, and selfish jammers and presented a unique incentivized
several network pathways. Zhou et al. [33] proposed an Adaptive jamming-based secure routing mechanism. They employed a two-stage
Multipath Scheduling (AMS) method that not only increases eavesdrop- Stackelberg game framework for establishing the optimum source in-
ping challenges but also properly aggregates network bandwidths across centives and jamming power by designing an incentive scheme, wherein
several channels. The network-path-selection block and the source provides certain incentives to drive artificial jamming among
packet-scheduling block are the two basic forwarding blocks in AMS. To selfish jammers.
protect against eavesdropping attacks, the network-path-selection block
estimates the networking properties for various possible routes, selects 3. Preserving privacy in wireless mesh networks
three network paths with similar features, and spreads the traffic packets
among the selected tracks. Compared to the baseline method, the AMS IDSs actively address various types of attacks on a network. Although
reduces the out-of-order ratio by 48% and enhances transmission this is the primary functionality, it is increasingly crucial to ensure that
throughput by 74%. the implemented security measures are reliable and preserve privacy.
Recently, many Internet users have been seeking WMNs. All the With advancing security features in networks, privacy was often
participating nodes, naively, do not allow malevolent routing protocol. neglected or not prioritized. With the emergence of several attacks that
Malicious attackers can take the advantage of the open design, multishop specifically threatens privacy, it is of great importance to include this
connectivity, diverse management approaches, and wireless connection functionality while designing the security of a network. The mobile and
of the WMNs. Intruders can use hidden weaknesses in the multiway mesh open nature of WMNs makes it crucial to consider measures that safe-
routing algorithm to implement an assault such as the black-hole attack. guard the security and privacy of internal network nodes. Meghanathan
With ping mesh nodes configured with multiradios set to non- and Palanichamy proposed a Privacy Preserved and Secured Reliable
overlapping channels, the WMN significantly enhances. Therefore, Routing Protocol (PSRR) for WMNs that meet these requirements [38].
several data exchange connection ranges exist between a pair of nodes, Their methodology is an amalgamation of the Cross-layer and Subject
and the bandwidth between them varies constantly. A mesh node in this Logic based Dynamic Reputation (CLSL-DR) technology that can be
scenario employs machine learning to choose a smart data bandwidth. A implemented during the route discovery phase.
new heterogeneous key management system that coupled logical key
hierarchies with localized threshold mechanism has been proposed. 3.1. Design scheme and premise
WMNs are becoming more heterogeneous. Rao et al. [34] introduced a
cross-layer diagnosis methodology that uses machine learning techniques An infrastructure-based WMN was considered for their (Meghanathan
to leverage linked routing properties to distinguish profiles and in- and Palanichamy [38] experiment that includes mesh clients and routers.
cursions. They tackle the wireless network automatic intrusion response Such a combination of routers forms the pillar of the WMN [39,40]. The
challenge using a generic response architecture to create systems and study assumes the flow of traffic from the source to the destination node
resource-dependent services. Based on the research technique, they via this router backbone. The design is fundamentally a combination of
provide a dispersion estimation depending on machine that allows ID-based and scheme encryption systems [41–45]. The design scheme
1070
F.S. Al-Anzi Digital Communications and Networks 8 (2022) 1068–1076
3.3. Performance analysis The algorithm relies on the premise that mobile and static nodes are
present within this WMN. The infrastructure-less network has no support
Initially a packet delivery ratio analysis was conducted depending on of mesh routers or gateways [1]. Altogether, the nodes possess routing
the number of malevolent nodes [15]. Successful receipt of the packets capabilities to communicate with one another, forming a communication
was considered. Thus, the computation time required for the proposed model (i.e., multihop).
1071
F.S. Al-Anzi Digital Communications and Networks 8 (2022) 1068–1076
4.2. Framework
● Network layer: TTL, sent and received packets, and route failure in-
formation frequency
● Transport layer: Transmission control information, and Congestion
control information
● Physical layer: Battery power, and signal strength
● MAC Layer: Throughput information, and link parameters
1072
F.S. Al-Anzi Digital Communications and Networks 8 (2022) 1068–1076
4.3. Cross-layer information exchange node(s). In addition to targeting battery exhaustion, i.e., to consume the
battery power of the target node(s), flooding attacks can also create
In traditional protocols stack, information or parameters cannot be network congestion. Note that battery exhaustion is a physical layer
exchanged among different layers. All the layers are independent and attack. Similarly, packet dropping or misdirecting [1] is a network layer
cannot instruct each other. In cross-layer methodology, parameters and attack. One must be vigilant to observe a delay from one end to another at
information are exchanged for the joint optimization of processes or the data-linking layer. Hence, there is emphasis on cross-layer security
systems. The proposed IDS can successfully exchange parameters for mechanisms are emphasized because the operational performance of one
detecting a variety of attacks. Fig. 4 shows the cross-layered information layer can possibly degrade the execution of the other. Cross-layer security
exchange mechanism of the IDS proposed in the paper. Algorithm 2 mechanisms provide a platform to counter multilayer security attacks.
shows the algorithm of this layered information exchange. Physical layer
parameters cannot be exchanged directly with the network layer; thus 4.5. Attack model
the proposed IDS first records the physical layer parameters. This initial
transaction is conducted at the application layer. Once the parameter is In this section, few results are generated using Network Simulator-2
recorded, the information is passed on to the network layer. (NS-2) to demonstrate a network layer flooding attack to serve conse-
The proposed multilayer IDS considers different parameters, such as quences at other layers such as:
data rates, link strengths, hop count, packet freshness, and total sessions
created and terminated from different layers and takes few parameters ● Impact on the battery power of the target nodes (at the physical layer)
from three-way handshaking at the transport layer. ● Impact on delay (end to end) at the data link layer
● Impact on congestion at the transport layer
Fig. 5(a) shows the normal traffic transmission at both nodes. Node 1
generates less traffic because it is located at the edge of the scenario,
whereas node 2 generates more traffic owing to its location such that it
not only sends its own traffic but also relays traffic for its neighboring
nodes. Fig. 5(b) presents a scenario wherein node 1 is malicious and
sends hundreds of unnecessary packets towards the target node(s). This
type of abnormal traffic flow creates congestion at the transport layer,
increasing the end-to-end delay at the MAC layer. However, such
abnormal traffic flow significantly affects the battery power at the
physical layer. Energy consumption heavily depends on the location of a
node in the network. As node 1 is located at the edge, it consumes less
energy than node 2 in a normal scenario.
Fig. 6(a) presents the energy consumption of nodes in a normal sce-
nario. Fig. 6(b) presents a scenario, where node 1 is experiencing normal
traffic flow, while node 2 is the target of abnormal or malicious traffic
flow. Node 2 is found to deplete the battery power soon.
4.4. Multilayer attack correlation NS-2 simulator was used with the same parameters as discussed in
Table 2 to evaluate the performance of the proposed IDS. A few malicious
In WMNs, any threat of an attack to a layer significantly affects the scenarios were created to test the efficiency of this cross-layer IDS. First,
operations and parameters of further alternate layer(s). For example, the network and data-linking layer flooding attacks were implemented
flooding [26] can be categorized as a type of network attack in which the and launched [26]. Network layer flooding attacks are used to transmit
adversary transmits hundreds of unnecessary packets toward the target hundreds of packets toward the destination to create congestion and
1073
F.S. Al-Anzi Digital Communications and Networks 8 (2022) 1068–1076
Fig. 7. Detection rate for the Proposed IDS in different attack scenarios.
1074
F.S. Al-Anzi Digital Communications and Networks 8 (2022) 1068–1076
Table 3
Detection and false positive rates.
Attack Type Detection Rate (%) False Positive Rate (%)
1075
F.S. Al-Anzi Digital Communications and Networks 8 (2022) 1068–1076
Acknowledgment [25] R. Kaur, Role of cross layer based intrusion detection system for wireless domain,
Int. J. Communications, Network and System Sciences 5 (01 2012) 81–85.
[26] S. Khan, J. Loo, Real-time Cross-Layer Design for Large-Scale Flood Detection and
The authors would like to thank the Research Administration at Attack Trace-Back Mechanism in Ieee 802.11 Wireless Mesh Networks, Network
Kuwait University for their sponsorship. This paper is part of the research Security, 05 2009, pp. 9–16.
project number EO 05/11. [27] E.J. Caballero, Vulnerabilities of intrusion detection systems in mobile ad-hoc
networks - the routing problem, in: TKK T110.5290, 2006. Seminar on
Networksecurity12-11/12.
References [28] T.M. Chen, G.-S. Kuo, Z.-P. Li, G.-M. Zhu, Intrusion detection in wireless mesh
networks, in: Intrusion Detection in Wireless Mesh Networks, 2008.
[1] K.L.S. Khan, Denial of service attacks and challenges in broadband wireless [29] M. Kuchaki Rafsanjani, A. Movaghar F. Koroupi, Investigating intrusion detection
networks, Int. J. Computer Sci. Network. Security. 8 (7) (July 2008) 1–6. systems in manet and comparing idss for detecting misbehaving, nodes, in x (2008)
[2] S. Shah, B. Shams, S. Khan, A survey on secure routing in wireless sensor networks, 8.
Int. J. Sensor. Wireless Commun. Control 3 (12) (2013). [30] A.J. Rocke, R.F. Demara, Confidant: collaborative object notification framework for
[3] D. Boubiche, A. Bilami, Cross layer intrusion detection system for wireless sensor insider defense using autonomous network transactions, Aut. Agents Multi-Agent
network, Int. J. Netw. Secur. Appl. 4 (3) (2012) 35–52. Syst. 12 (2005) 93–114.
[4] S. Northcutt, J. Novak, Network Intrusion Detection, third ed., SAMS, 2002. [31] H.E. Shrobe, T. Knight A, D. Hon, Tiara: trust management, intrusion-tolerance,
[5] S. Khan, J. Loo, Z. Ziauddin, Framework for intrusion detection in ieee 802.11 accountability reconstitution architecture, in: Computer Science and Artificial
wireless mesh networks, Int. Arab J. Inf. Technol. 7 (12) (2010) 435–440. Intelligence Lab, CSAIL), 2007.
[6] S. Khan, N. Alrajeh, J. Loo, Secure route selection in wireless mesh networks, [32] X. Li, J. Xu, H.N. Dai, Q. Zhao, C.F.C.Q. Wang, On modeling eavesdropping attacks
Comput. Network. 56 (2012) 491–503, 02. in wireless networks, J. Comput. Sci. 11 (2015) 196–204.
[7] K. Reddy, V.P. Raju, P. Thilagam, An effective analysis on intrusion detection [33] C. Zhou, et al., Adaptive Multipath Scheduling Mechanism against Eavesdropping
systems in wireless mesh, Networks (09 2017) 2213–2220, https://doi.org/ Attacks with Programmable Data Planes, 2021 IEEE 5th Advanced Information
10.1109/ICACCI.2017.8126174. Technology, Electronic and Automation Control Conference, (IAEAC) (2021)
[8] S. Halder, A. Ghosal, Cross layer–based intrusion detection techniques in wireless, 2357–2361, https://doi.org/10.1109/IAEAC50856.2021.9390985.
Networks 1 (2014) 361–390. [34] A. Narayana Rao, P. Ramesh Babu, A. Rajasekhar Reddy, Analysis of Wireless Mesh
[9] M. Xiao, X. Wang, G. Yang, Cross-layer design for the security of wireless sensor, Networks in Machine Learning Approaches, 20, Springer, Singapore, 2021. https
Networks (2006) 104–108, https://doi.org/10.1109/WCICA.2006.1712371.8. ://doi.org/10.1007/978-981-15-9293-5_28.
[10] F. Al-Anzi, S. Khan, Wireless mesh network cross-layer intrusion detection, [35] A. Lacava, E. Giacomini, F. D’Alterio, F. Cuomo, Intrusion Detection System for
J. Comput. Sci. 10 (12) (2014) 2366–2373. Bluetooth Mesh Networks: Data Gathering and Experimental Evaluations, 2021
[11] A. Drewek-Ossowicka, M. Pietrołaj, J. Rumi nski, A survey of neural networks usage IEEE International Conference on Pervasive Computing and Communications
for intrusion detection systems, J. Ambient Intell. Hum. Comput. 12 (2021) Workshops and other Affiliated Events (PerCom Workshops) (2021) 661–666,
497–514. https://doi.org/10.1109/PerComWorkshops51409.2021.9430966.
[12] G. Thamilarasu, A. Balasubramanian, S. Mishra, R. Sridhar, A cross-layer based [36] Y. Xu, J. Liu, Y. Shen, X. Jiang, Y. Ji, N. Shiratori, QoS-Aware Secure Routing Design
intrusion detection approach for wireless ad, hoc networks, in (2005) 7, https:// for Wireless Networks With Selfish Jammers, IEEE Transactions on Wireless
doi.org/10.1109/MAHSS.2005.1542882.12. Communications 20 (8) (2021) 4902–4916, https://doi.org/10.1109/
[13] G. Thamilarasu, S. Mishra, R. Sridhar, A cross-layer approach to detect jamming TWC.2021.3062885.
attacks in wireless ad hoc networks, MILCOM (10) (2006) 1–7, 0. [37] Y. Xu, J. Liu, Y. Shen, J. Liu, X. Jiang, T. Taleb, Incentive Jamming-Based Secure
[14] X. Wang, J.S. Wong, F. Stanley, S. Basu, Cross-layer based anomaly detection in Routing in Decentralized Internet of Things, IEEE Internet of Things Journal 8 (4)
wireless mesh networks, in: Ninth Annual International Symposium on Applications (2021) 3000–3013, https://doi.org/10.1109/JIOT.2020.3025151.
and the Internet, July 2009, 2009, pp. 9–15. [38] N. T M, Y. Palanichamy, Privacy preserved and secured reliable routing protocol for
[15] Y. Liu, Y. Li H. Man, A distributed cross-layer intrusion detection system forad hoc wireless mesh networks, Sci. World J. 9 (2015).
networks, Annal Telecommun. 61 (2006) 357–378, 04. [39] E. Stai, S. Papavassiliou, J.S. Baras, Performance-aware cross-layer design in
[16] J. Sharma, C. Giri, O.C. Granmo, et al., Multilayer intrusion detection system with wireless multihop networks via a weighted backpressure approach, IEEE/ACM
ExtraTrees feature selection, extreme learning machine ensemble softmax Trans. Netw. 24 (2016) 245–258.
aggregation, EURASIP J. Inf. Secur. 15 (2019). [40] H.A. Mogaibel, M. Othman, Review of Routing Protocols and It’s Metrics for
[17] J. Granjal, A. Pedroso, An Intrusion Detection and Prevention Framework for Wireless Mesh Networks, International Association of Computer Science and
Internet-Integrated CoAP WSN, Security and Communication Networks, 2018, Information Technology - Spring Conference, 2009, pp. 62–70.
pp. 1–14. [41] Z. Wan, K. Ren M. Gu, Usor: an unobservable secure on-demand routing protocol for
[18] A. Karygiannis, E. Antonakakis A. Apostolopoulos, Detecting Critical Nodes for mobile ad-hoc networks, IEEE Trans. Wireless Commun. 11 (05 2012) 1922–1932.
Manet Intrusion Detection Systems, Second International Workshop on Security, [42] S. Paris, C. Nita-Rotaru, F. Martignon A. Capone, Cross-layer metrics for reliable
Privacy and Trust in Pervasive and Ubiquitous Computing, SecPerU’06), 2006, routing in wireless mesh networks, IEEE/ACM Trans. Netw. 21 (06 2013)
pp. 9–15. 1003–1016.
[19] G. Vigna, S. Gwalani, K. Srinivasan, E.M. Belding-Royer R.A. Kemmerer, An [43] S. Khan, J. Loo, N. Mast N. Tahir, Srpm: secure routing protocol for ieee 802.11
Intrusion Detection Tool for Aodv-Based Ad Hoc Wireless Networks, 20th Annual infrastructure based wireless mesh networks, J. Netw. Syst. Manag. 18 (1) (2011)
Computer Security Applications Conference, 2004, pp. 16–27. 190–209.
[20] J. Parker, A. Patwardhan, A. Joshi, Cross-layer analysis for detecting wireless [44] S. Khan, N. Mast, J. Loo A. Salahuddin, Passive security threats and consequences in
misbehavior, in: IEEE Consumer Communications and Networking Conference ieee 802.11 wireless mesh networks, JDCTA (2008) 4–8, 201.
Special Sessions, 2, 2006, pp. 6–9. [45] Y. Rebahi, V. Mujica, V.D. Sisalem, A reputation-based trust mechanism for ad hoc,
[21] F. Kargl, S. Schlott, M. Weber, Sensors for detection of misbehaving nodes in Networks 7 (2005) 37–42, https://doi.org/10.1109/ISCC.2005.17.
manets, in: Praxis der Informationsverarbeitung und Kommunikation, 2004. [46] K. Reddy, P. Thilagam, Reputation-based cross-layer intrusion detection system for
[22] Y. Zhang, Y. Fang, Arsa: an attack-resilient security architecture for multihop wormhole attacks in wireless mesh networks, Secur. Commun. Network. 7 (12)
wireless mesh networks, IEEE J. Sel. Area. Commun. 24 (10) (10 2006) 1916–1928. (2014).
[23] N.B. Salem, J.P. Hubaux, Securing wireless mesh networks, IEEE Wireless Commun. [47] X. Wang, J.S. Wong, An end-to-end detection of wormhole attack in wireless ad-hoc
13 (2006) 50–55. networks, 31st Annual International Computer Software and Applications
[24] I.G. Askoxylakis, B. Bencsath, L. Buttyan, L. Dora, V.A. Siris, A. Traganitis, Cross- Conference, COMPSAC 2007) 1 (2007) 39–48.
layer security and resilience in wireless mesh networks, in: Future Wireless
Networks and Information Systems, 2010.
1076