Upload
prince-jain
View
229
Download
2
Embed Size (px)
Citation preview
8/8/2019 node6
1/6
44International Journal of Research and Reviews in Computer Science (IJRRCS) Vol. 1, No. 3, September 2010
Secured Packet Transmission by implementing
Enhanced IDS in MANET1
S..Vardhaganapathy,
2
A.M.Natarajan1Department of Information Technology Kongu Engineering College [email protected]
2Department of Electronics and Communication Engineering, Bannari Amman Institute of
Technology, Sathyamangalam
Abstract: MANET is a self-configuring network of mobile routers
connected by wireless links. Routers are free to move randomly and
organize themselves arbitrarily. Topology change occurs rapidly
and unpredictably in the MANET due to mobility of nodes and due
to ad hoc criteria. MANET needs no infrastructure for
intercommunication. In ad hoc networks, misuse detection relies on
the use of unauthorized known patterns. The most concern
requirement is to detect intrusion when the transmitted trafficcontains abnormal packets based on signatures of attacks. For
deploying misuse detection, nodes should execute the sniffing and
analyze software modules. Mobility is often a problem for
providing security services in ad hoc networks. Numerous protocols
exist for forming ad hoc networks among cooperative mobile,
radio-equipped nodes. There are more possibilities of attacks by
multiple mobile intruders. Providing higher security for the mobile
users is partially possible by different algorithms like distributed
polynomial and complexity selection algorithms. The existing
solution uses an algorithm GODOM (GeOmetric DOMinated set) to
find out more number of active nodes. However geometric domains
with even spaces were carried out for the resultant intrusion
detection. The proposed work aims to provide an enhanced version
of GODOM algorithm in the uneven geometric subspaces. The
status IDS will checkout every packet using some threshold values
and if the packet transmission crosses the threshold values then that
packet is marked as an abnormal packet. The proposed system has
many advantages such as finding more number of active nodes,
improved status based IDS which detects more number of DSR
attacks with higher efficiency and lower cost of execution.
1. IntroductionThe emergence of the Mobile Ad Hoc Networking
(MANET) technology advocates self-organized wireless
interconnection of communication devices that would either
extend or operate in concert with the wired networking
infrastructure or, possibly, evolve to autonomous networks.
In either case, the proliferation of MANET-based
applications depends on a multitude of factors, with
trustworthiness being one of the primary challenges to be
met. Despite the existence of well-known security
mechanisms, additional vulnerabilities and features pertinent
to this new networking paradigm might render such
traditional solutions inapplicable. The provision of security
services in the MANET context faces a set of challenges
specific to this new technology. The insecurity of the
wireless links, energy constraints, relatively poor physical
protection of nodes in a hostile environment, and the
vulnerability of statically configured security schemes havebeen identified as such challenges. The absence of
infrastructure and the consequent absence of authorization
facilities impede the usual practice of establishing a line of
defense, separating nodes into trusted and non-trusted. Such
a distinction would have been based on a security policy, the
possession of the necessary credentials and the ability for
nodes to validate them. In the MANETcontext, there may be
no ground for an apriori classification, since all nodes are
required to cooperate in supporting the network operation,
while no prior security association can be assumed for all the
network nodes.The presence of even a small number of adversarial nodes
could result in repeatedly compromised routes, and, as a
result, the network nodes would have to rely on cycles of
time-out and new route discoveries to communicate. This
would incur arbitrary delays before the establishment of a
non-corrupted path, while successive broadcasts of route
requests would impose excessive transmission overhead. In
particular, intentionally falsified routing messages would
result in a denial-of-service (DoS) experienced by the end
nodes. The proposed scheme combats such types of
misbehavior and safeguards the acquisition of topological
information.
1.1. Secured Packet Transmission
To secure the data transmission phase, Secure Message
Transmission (SMT) provides an end-to-end secure data
forwarding protocol tailored to the MANET communication
requirements. The secure message transmission protocol
safeguards pair-wise communication across an unknown
frequently changing network, possibly in the presence of
adversaries that may exhibit arbitrary behavior. It combines
four elements, end-to-end secure and robust feedback
mechanism, dispersion of the transmitted data, simultaneous
usage of multiple paths, and adaptation to the network
changing conditions. SMT detects and tolerates
compromised transmissions, while adapting its operation to
provide secure data forwarding with low delays. The goal is
to ensure secure routing over available routes, despite of the
presence of adversaries.
1.2. Security Requirements in MANET
One way to counter security attacks would be to
cryptographically protect and authenticate all control and
data traffic. But to accomplish this, nodes would have to
have the means to establish the necessary trust relationshipswith each and every peer they are transiently associated with,
including nodes that just forward their data. Even if this were
feasible, such cryptographic protection cannot be effective
8/8/2019 node6
2/6
45International Journal of Research and Reviews in Computer Science (IJRRCS) Vol. 1, No. 3, September 2010
against denial of service attacks, with adversaries simply
discarding data packets. The security requirements in ad hoc
networks are similar to those in other networks. The goal is
to protect information transmitted and resources in the
network from malicious activities (Deng et al, 2002). These
requirements include availability of network services,
authentication of the users in order to ensure that a malicioususer cannot masquerade as a trusted user, confidentiality of
the information transmitted in the network, integrity of the
information in order to ensure that the information is not
modified by an unauthorized entity and non-repudiation in
order to ensure that a node cannot refuse the sending of a
message that it originated (Subhadrabandhu et al., 2004).
1.3 Intrusion Detection System
An Intrusion Detection System (IDS) is software and/or
hardware designed to detect unwanted attempts (Alia
Fourati, Khaldoun Al Agha, 2007) at accessing,manipulating, and/or disabling computer systems, mainly
through a network, such as the Internet. These attempts may
take the form of attacks, as examples, by crackers, malware
and/or disgruntled employees. An IDS cannot directly detect
attacks within properly encrypted traffic. An intrusion
detection system is used to detect several types of malicious
behaviors that can compromise the security and trust of a
computer system. This includes network attacks against
vulnerable services, data driven attacks on applications, host
based attacks such as privilege escalation, unauthorized
logins and access to sensitive files, and malware (viruses,
trojan horses, and worms).
An IDS can be composed of several components: Sensors
which generate security events, a console to monitor events
and alerts and control the sensors, and a central engine that
records events logged by the sensors in a database and use a
system of rules to generate alerts from security events
received. There are several ways to categorize IDS
depending on the type and location of the sensors and the
methodology used by the engine to generate alerts. In many
simple IDS implementations all three components are
combined in a single device or appliance.
2. Related Work
The classification among the proposed IDS of
MANET can be composed using the parameters discussed in
the previous sections, i.e.: architecture, attacks, and IDS
detection techniques [2]. Most of the MANET IDSs tend to
have the distributed architectures and their variants. The IDS
architecture may depend on the network infrastructure. But
the most important thing is the reasons the architecture to be
configured in distributed manner.
As the nature of MANET is so open, attacks can be
generated from any node within the MANET itself or nodes
of neighboring networks. Unfortunately, this network lacks
in central administration. It is difficult for implementingfirewall or the IDS on the strategic points. Moreover, each
node can work as client, server or router. Delivery packets
need collaboration work among the nodes participating in the
network. For these reasons, the IDS of MANET should have
characteristics that follow these natures, distributed and
collaborative. Advantage using distributed architecture is the
security accident can be detected earlier. However, this
architecture needs huge resources, which is difficult to be
implemented in small wireless devices such as PDA.
The existing MANET IDSs have various methods to detectand to respond regarding these attacks. The proposed IDSs
are designed for detecting the intrusion activities in the
routing protocol of MANET. The proposed one extends the
GODOM algorithm on MANET to detect misbehavior nodes
and reacted if they originated from outside communitys
network or inside (both the cases). The proposed IDS in DSR
has the following advantages compared to existing GODOM
a. Effective coverage of given network terrain to detect
attacks, (Uncovered subspaces)
b. Detect more number of DSR attacks, and
c. Higher efficiency and lower cost of execution
There are three main types of systems in which IDS can beused. They are network, applications and hosts. In a network-
based intrusion-detection system (NIDS), the sensors are
located at choke points in network to be monitored, often in
the demilitarized zone (DMZ) or at network borders. The
sensor captures all network traffic and analyzes the content
of individual packets for malicious traffic. In systems, PIDS
and APIDS[2] are used to monitor the transport and
protocols for illegal or inappropriate traffic or constructs of a
language. For example, forged SQL queries attempt to delete
database records, virus in emails.
In a host-based system, the sensor usually consists of a
software agent, which monitors all activity of the host on
which it is installed. For example, attempt to modify the
master boot record, key logger, file access. Depending on the
detection techniques used, IDS can be classified into three
main categories (A. Hijazi and N. Nasser 2005) signature or
misuse based IDS, anomaly based IDS, and specification
based IDS, which is a hybrid both of the signature and the
anomaly based IDS.
The signature-based IDS uses pre-known attack scenarios (or
signatures) and compare them with incoming packets traffic.
There are several approaches in the signature detection,
which they differ in representation and matching algorithm
employed to detect the intrusion patterns. The detection
approaches, such as expert system (T. F. Lunt, R.Jagannathan 1998) , pattern recognition (M. Esposito, C.
Mazzariello, 2005), colored Petri nets (S. Kumar and E.
Spafford, 1994), and state transition analysis (P.A. Porras
and R. Kemmerer, 1992) are grouped on the misuse.
Meanwhile, the anomaly-based IDSattempts (Bo Sun
And Lawrence Osborne, Yang Xiao, Sghaier Guizani, 2007)
to detect activities that differ from the normal expected
system behavior. This detection has several techniques, i.e.:
statistics (P. Porras and A. Valdes, 1998), neural networks
(H. Debar, M. Becker and D. Siboni 1992), and other
techniques such as Chi-square test utilization (N. Ye, X. Li,
2001).The specification-basedIDS monitors current behaviorof systems according to specifications that describe desired
functionality for security-critical entities (C. Ko, J. Rowe, P.
8/8/2019 node6
3/6
46International Journal of Research and Reviews in Computer Science (IJRRCS) Vol. 1, No. 3, September 2010
Brutch, K. Levitt 2001). A mismatch between current
behavior and the specifications will be reported as an attack.
In misuse detection (Signature detection) each instance in a
data set is labeled as normal or intrusive and a learning
algorithm is trained over the labeled data. These techniques
are able to automatically retrain intrusion detection models
on different input data that include new types of attacks; aslong as they have been labeled appropriately. Unlike
signature-based IDS [9], models of misuse are created
automatically and can be more sophisticated and precise than
manually created signatures. (Subhadrabandhu, D., S. Sarkar
and F. Anjum, 2004) The signature IDS [9] has high degree
of accuracy in detecting known attacks and their variants. Its
disadvantage is that it cannot detect unknown intrusions and
they rely on signatures extracted by human experts. This
method uses specifically known patterns of unauthorized
behavior to predict and detect subsequent similar attempts.
These specific patterns are called signatures.
For host based intrusion detection [10], one example of asignature is "three failed logins". For network intrusion
detection, a signature can be as simple as a specific pattern
that matches a portion of a network packet. The occurrence
of a signature might not signify an actual attempted
unauthorized access. Depending on the robustness and
seriousness of a signature that is triggered, some alarm,
response, or notification should be sent to the proper
authorities
3. Proposed System
The proposed work presents an enhanced GODOM
algorithm for secured packet transmission in DSR protocol.
It improves the effective detection coverage in the given
ad hoc network scenario. It also improvises the GODOM
algorithm to handle intrusion attacks even in undefined
geometric subspaces.
Every communicative node is able to reach the active packet
monitoring nodes. The proposed enhanced GODOM
evaluates the pre-specified number of hops the protocol
should adapt. It also identifies active nodes even in the
subspaces where its geometry is undefined. The status IDS
will checkout every packet using threshold values generated
in due course of secured transmission with enhanced
GODOM. Packets abnormality is marked when itstransmission value crosses the specified threshold values.
The scalability of the intrusion attacks in larger networks is
handled efficiently by its effective active node proposition
across the network terrain even in uneven subspaces.
The proposed solution uses the existing GODOM
(GeOmetric DOMinated set) algorithm to find out more
number of active nodes in a MANET. GODOM algorithm
helps a node to find out number of neighboring nodes present
over it and if it has more number of neighbor nodes then it is
selected as an active node. This algorithm will be installed
with DSR protocol algorithm. If the DSR protocol starts
execution then the GODOM algorithm will also executealong with it. The proposed solution uses STAT (State
Transition Analysis Technique) based IDS designed for
detecting attacks against the DSR routing protocol.
4. Geometric Dominated Set Algorithm
The GODOM algorithm uses a special technique to find the
active insider nodes called dominated set, meaning that
giving supremacy to the particular nodes in which they help
to monitor the network threats. In control flow graphs, a
node 'd' dominates a node 'n' if every path from the start nodeto 'n' must go through 'd. Every node dominates itself. The
dominators of a node 'n' are given by the maximal solution to
the following data-flow equations: Where, 'n_0' is the start
node, the dominator of the start node is the start node itself.
The set of dominators for any other node 'n' is the
intersection of the set of dominators for all predecessors 'p of
n'.
Dominated set pseudocode algorithm solution:
// Dominator of the start node is the start itself
Dom (n_0) = {n_0}
// for all other nodes, set all nodes as the dominators
for each n in N - {n_0}Dom (n) =N;
// iteratively eliminate nodes that are not dominators
While changes in any Dom (n)
for each n in N - {n_0} :
Dom (n) = {n} union with intersection over all p in
predom (n) of Dom (p)
Direct solution is quadratic in the number of nodes, or O
(n2).
This algorithm, which is almost linear, but its
implementation tends to be not much more complex and time
consuming for a graph of several 100 nodes or less. The
proposed algorithm uses geometric information to select the
IDS active insiders. This heuristic can be used in topologies
where all insiders have equal transmission ranges denoted as
'r'. Thus, 2 insiders are neighbors if and only if the distance
between them is less than or equal to 'r'. The network is
covered by the minimum possible number of circles each
with ranges 'r'. Each IDS capable insider knows or computes
the coordinates of the centers of the circles. Each insider
knows its coordinates (e.g., by using Global Positioning
System (GPS) or other existing techniques). An insider
Figure 1. Finding Active Nodes using GODOM Algorithm
8/8/2019 node6
4/6
47International Journal of Research and Reviews in Computer Science (IJRRCS) Vol. 1, No. 3, September 2010
selects an IDS capable neighbor, which is the nearest to the
center of a circle it currently resides in to execute the IDS (an
insider may select itself as well since by definition it is its
own neighbor). For this, each IDS capable insider broadcasts
its distance from the center of each circle it resides in to its
neighbors. It sends this broadcast packet when it joins thesystem and thereafter, each time it moves. GODOM detects
many IDS active insiders so as to cover the entire network.
Now GODOM is generalized so as to select fewer IDS active
insiders at the expense of obtaining lower detection rates.
Now, each insider selected by GODOM decides whether to
execute the IDS with a probability which can be selected so
as to regulate the resource consumed and detection rate. This
version is referred as Generalized Geometric Dominating set
Algorithm (GGODOM). The disadvantage of these schemes
is that they consume significant energy and computational
resource due to involvement of every node in the detection
scheme which is not efficient especially when the threat levelis too high.
5. Results and Discussion
GODOM-STATIDS using DSR is simulated using ns-2 to
validate its efficiency and ability under volatile MANETs
environment. Active Nodes, Packet Sent, Malicious Packet
detection, Packet Delivery ratio were used as metrics to
compare the performance of GODOM-STAIDS using DSR
and using AODV. Simulation results are shown below.
The Simulated parameters are
Selecting active nodes No. of Packets sent Malicious packets detected Packet Delivery Ratio without malicious packets
Simulation Environment: In the Simulation study, first 25
nodes were considered. Then two protocols were considered
by executing each. The TCL file executed first to know how
many nodes were selected as active nodes from respective
nodes and at the end of NAM (Network Animator) files is
opened to view the network movements eventually. The
nodes were increased up to 100 and performance was
calculated using C file. The Trace.cfile is used to extract
the trace file in which the Packet send, Active nodes,
malicious packet detection, Packet Delivery Ratio. The
nodes were divided into Static (without mobility) and
Dynamic (with mobility) in which their performance were
calculated using respective algorithms.
5.1 Scenario Metrics
Scenario metrics define the environment in which the ad hoc
network functions. These metrics do not contribute to the
performance evaluation of the network, but it is critical to
consider these metrics to ensure comparable results for use inany performance evaluation/comparison.
Performance Metrics: Four metrics were taken into
consideration: Selecting active nodes, Packet delivery ratio,
Malicious packet detection, packet send.
5.2 Simulation Results
5.2.1 Scenario for selecting active nodes: The simulationresult gives number of active nodes from 20,40,60,80 nodes.
Each simulation result was compared.
5.2.2 Scenario for sending Malicious Packet: The simulation
result under attacker node sends malicious packets. The
active nodes are simulated to checkout every packet and drop
if it has a signature of attack.
5.2.3 Packet sent by AODV and DSR in Dynamic nodes:
Packet sent was same with slight variations in both the
protocols in dynamic nodes. Increasing the number of nodes
by keeping all scenarios constant leads to some increase inpackets sending at the stage of hundred nodes by the
proposed algorithm. (Fig. 2).
Packets Sent
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
25
50
75
100
Number of nodes
Num
berofPackets
AODV
DSR
Figure 2: GODOM: Nodes vs packet sent
5.2.4. Malicious packet detection by DSR (static vs dynamic
nodes): The DSR protocol detects more number of malicious
packets in static nodes and also the detection ratio shows
sequential increment when number of nodes has been
increased but in the case of dynamic nodes, it shows only
random detection increment ratios. The Fig. 3 gives the
malicious packet detection ratios.
5.2.5 Malicious packet detection by AODV (static vs dynamic
nodes): The AODV protocol detects more number of
malicious packets in static nodes and also the detection ratio
shows sequential increment when number of nodes has been
increased but dynamic nodes show only random detection
increment ratios. The Fig. 4 gives the malicious packet
detection ratios
5.2.6 Malicious packet detection by AODV and DSR in
Dynamic nodes: The DSR Protocol detects more number ofmalicious packets than AODV in dynamic nodes. When the
number of nodes is increased, the detection rate is also
increased in the proposed algorithm and protocol but in
8/8/2019 node6
5/6
48International Journal of Research and Reviews in Computer Science (IJRRCS) Vol. 1, No. 3, September 2010
existing system when number of nodes is increased, the
detection rate shows slight increment. The Fig. 5 gives the
malicious packet detection ratios
Malicious Packets Detected
0
100
200
300
400
500
600700
800
25
50
75
100
Number of nodes
NumberofPackets
DSR-D
DSR-S
Fig 3: DSR: Nodes vs malicious packet detected-s vs D
Malicious Packets Detected
0
100
200
300
400
500
600
700
25
50
75
100
Number of nodes
NumberofPackets
AODV-D
AODV-S
Figure 4: AODV:Nodes vs malicious packet detected-s vs D
Malicious Packets Detected
0
100
200
300
400
500
600
700
800
25
50
75
100
No. of Nodes
NumberofPackets
AODV
DSR
Fig 5: AODV Vs DSR : Malicious packet detected -D
5.2.7 Selecting active nodes by DSR and AODV in GODOM:
The DSR protocol detects more number of active nodes in
GODOM than compared to that of AODV protocol and the
proposed systems selection ratio shows sequential increment
when number of nodes has been increased compared to the
existing system. The Fig. 6 gives the active node selection
comparison ratios.
Selecting Active Nodes
0
1020
30
40
50
60
70
25
50
75
100
No. of Nodes
NumberofActivenode
AODV
DSR
Figure 6: DSR vs AODV: Nodes vs Selecting active nodes.
5.2.8 Packet delivery ratio by AODV and DSR in Dynamic
nodes: The delivery ratio of DSR and AODV protocol in
dynamic nodes shows that DSR protocol shows better
performance than AODV. The Fig. 7 gives delivery ratio
comparisons.
5.2.9 Packet delivery ratio by DSR (static vs Dynamic
nodes): The delivery ratio of DSR protocol in static and
dynamic nodes shows only slight variations. The Fig. 8 gives
delivery ratio comparisons.
Figure 7: DSR vs AODV: Nodes vs delivery ratio-D
Packet Delivery Ratio
86
88
90
92
94
96
98
100
25
50
75
100
Number of nodes
PacketsDelivered
DSR-D
DSR-S
Figure 8: DSR: Nodes vs delivery ratios-S vs D
Delivery Ratio
0
20
40
60
80
100
120
25
50
75
100
N u mb e r o f n o d e s
AODV
DSR
8/8/2019 node6
6/6
49International Journal of Research and Reviews in Computer Science (IJRRCS) Vol. 1, No. 3, September 2010
6. Conclusion
The proposed work enhances the GODOM algorithm and
deploys it in DSR protocol along with the security measures.
In the systemic model, every communicative node is able to
reach the active packet monitoring nodes. The improved
security algorithm evaluates the pre-specified number ofhops the protocol should adapt. The STAT-IDS checks out
every packet using threshold values. Packets abnormality is
marked when its transmission value crosses the specified
threshold values. Scalability of the intrusion attacks in larger
networks are handled. In terms of efficiency, the proposed
model shows an improvement of 13% to 16% compared to
that of the existing GODOM algorithm. The enhanced
GODOM security algorithm helps a node to find out number
of neighbor nodes to select a safety active node with a raise
of 8% higher probability.
The proposed solution uses STAT based IDS designed for
detecting attacks against the DSR routing protocol. Theactive nodes are capable of executing the STAT-IDS and
detecting 10% more of DSR attacks. The proposed work
further analyzed and presented security scheme for more
number of intruders participate in the network and
collaborate it by attack packets. It is done by improving the
performance of the GODOM algorithm and intrusion
detection systems to prevent against Sybil attack and DoS
attacks.
References
1. Belding-Royer, E.M. and C.E. Perkins, Transmission
range effects on aodv multicast communication
ACMTKluwer MONET, 7(6): 455-470.http: //alpha.ece.
ucsb.edu/~eroyer/txt/monet.ps. DOI: 10. 1023/A:
1020708701096. 2002
2. Denning, D., An intrusion detection model IEEE Trans.
Soft. Eng., IEEE Press Piscataway, NJ, USA, 13(2): 222-
223. DOI: 10.1109/TSE.1987.232894. 1987
3. Deng, H.D.P. Agrawal and W.L. Routing, Security in
wireless adhoc networks IEEE Commun. Mag., 40(10): 70-
75. DOI: 10.1109/MCOM.2002. 1039859. INSPEC:
7422917. 2002
4. Perkins, CE. and E.M. Royer, AODV: Adhoc on-
demand distance vector routing In: Proc. of the 2nd IEEE
Workshop on Mobile Computing Systems and Applications,
pp:90-100. 2002 http://www. cs. cmu. Edu /People/bumba
/filing_cabinet/./papers/perkins-aodv. ps.gz.
5. Rao, R. and G. Kesidis, Detecting of malicious packet
dropping using statistically regular traffic pattern in multihop
wireless networks that are not bandwidth limited In: Proc.
IEEE GLOBECOM, 5: 2957-2961. ISBN: 0-7803-7974-8.DOI: 10.1109/ GLOCOM.2003.1258776. INSPEC:
8330047. 2002
6. Subhadrabandhu, D., S. Sarkar and F. Anjum, a. A
framework for misuse detection in adhoc networks part I.
IEEE J. S selected Areas on Communications (Special
Issues on Security in Wireless Adhoc Networks), 24 (2):
274-289. DOI: 10.1109/JSAC. 2005.861387. INSPEC:
8765864. 2006
7. Subhadrabandhu, D., S. Sarkar and F. Anjum, A
framework for misuse detection in adhoc networks part II.
IEEE J. Selected Areas on Communications (Special issues
on security in wireless adhoc networks), 24 (2): 290-304.
DOI: 10.1109/JSAC. 2005.861388. INSPEC: 8765865. 2006
8. Subhadrabandhu, D., S. Sarkar and F. Anjum, Efficacy
of misuse detection in adhoc networks In: Proceedings of
IEEE SECON, 4-7: 97-107. DOI: 10. 1109 /SAHCN. 2004.
1381907.INSPEC: 8371304. ISBN: 0-7803-8796-1. 2004
9. Fereshteh Amini, M.,Moazzam khan, N.,Jelena Misic, K.,Signature Based Intrusion Detection in Wireless Sensor
Networks In :Proc. of the 4th
IEEE Workshop on Wireless
Sensor Networks,pp:80-86. 2008
10. David Wagner.J.,Paloo Soto. D, Mimicy attacks on Host
Based Intrusion Detection System In Proceedings of the 9th
ACM Conference on Computer and Communications
Security.pp:45-51.2005
11. Alia Fourati, Khaldoun Al Agha, An IDS First Line of
Defense for Ad Hoc Networks, Proceedings of the WCNC
2007, pg. No.2621-2626.
12. Bo Sun And Lawrence Osborne, Yang Xiao, Sghaier
Guizani, intrusion detection techniques in mobile ad hoc
and wireless sensor networks, IEEE Wireless Communi-
cations, October 2007.