| In the past decades, network technology was prevailing and facilitating our daily lives. Typically in the era of computer network, the connection among people becomes much stronger, and the information circulation tends to be more effective as well. In the perspective of networking techniques, network technology is typically undergoing evolution from the wired network, e.g. copper networks, to the wireless network, e.g. Wireless Local Area Networks(WLANs), Wireless Ad hoc Networks(MANETs), Wireless Sensor Networks(WSNs), Wireless Mesh Networks(WMNs). Specifically, WMN has been rising as the dominant network architecture of wireless metropolitan area network infrastructure since ten years a go due to the fact that WMNs have several promising and unique characteristics, such as high speed wireless access, stable network topology, multi-hop relay, traffic aggregation, weak resource constraints of mesh devices, etc. However, the security of the WMN draws greater attentions of academia and industry along with its research and application further developing. Confidentiality, integrity, authentification, non-repudiation, availability and privacy face severe security threats at different protocol layers of WMNs, which affect s large-scale application and deployment of the network. Furthermore, the availability is the most vulnerable security attribute among the above ones. There are two reasons here: Firstly, cryptography based defending schemes are weak to protect the availability from diverse security threats, especially those launched from inner networks; Secondly, since the WMN has both conventional characteristics of the wireless multi-hop network and some features of the wired network, it is much easier for adversaries to launch Denial-of-Service(Do S), resulting in more harmful impacts on the network security. Thus, it is practically important to do in-depth studies on Do S detection and restoration for WMNs. On the other hand, although the research on the availability of WMNs is independent from that on other security attributes, it can serve as a complementation with other studies to promote the research in the field of network security. Therefore, it is also theoretically important to do studies on Do S detection and restoration.Considering that Do S threats at multiple protocol layers challenge the security of WMNs and cryptography based defending schemes are weak to defeating such threats, we select the network availability as the goal and do studies on Do S detection and restoration for WMNs. The outcomes of our studies can serve as the second line of defense to ensure the overall security of the network. Since wireless devices transmit radio signals using the shared physical medium, signal interference and jamming are the most common phenomenon at the physical layer. Considering the intelligent jamming is highly possible to occur and induces severe impacts on the overall performance, we propose a distributed detection and restoration of intelligent jamming based on adaptive immune system in order to enhance the cap ability of defending intelligent jammers. Since mesh routers are typically stationary and multiple routers relay packets in a hop-by-hop fashion in WMNs, there are various security threats that further challenge the overall security at the routing layer. Due to the fact that most of routing protocols do not consider their security at the initial stage of protocol design, the abuse of routing protocols would incur diverse anomalies including low-rate flooding, which is able to reduce the overall performance of WMNs without inducing significant traffic changes. Therefore, we propose a real-time low-rate Do S detection and restoration based on protocol specifications to defeat low-rate flooding at the routing layer. Moreover, when the selective forwarding occurs in a key mesh router aggregating traffic and drops sensitive data, the anomaly would significantly reduce quality of service(Qo S) of WMNs. Existing detection methods focus on detecting the stand-alone selective forwarding based on channel overhearing, however, these methods fail to defeat the collaborative selective forwarding. So, we propose a forwarding assessment based detection and restoration of collaborative selective forwarding to enhance packet delivery ratio of the WMN at a low overhead. To overcome security threats at the application layer, we propose a fast anomaly detection scheme based on extreme learning machine(ELM). Since mesh devices in wireless network infrastructure have weak resource constraints, we utilize a dimension reduction technique and an improved localized generalization error model to select the optimal number of hidden nodes of Single-hidden Layer Feedforward Networks(SLFNs) trained with ELM, resulting in a significant improvement of generalization ability and classification speed. To overcome the uplink bandwidth request anomaly(UL-BRA) occurring in the uplink transmission that appears along with the evolution of WMNs to 4G networks, we propose a real-time anomaly detection and restoration of UL-BRA, which combines a detection and restoration algorithm based on multi-source correlation statistics with an adaptive algorithm of threshold determination, to significantly improve the throughput of the uplink transmission. There are following main contributions:1. Distributed detection and restoration of intelligent jamming based on adaptive immune system. The proposed scheme consists three function modules, i.e., the monitoring agent for monitoring the packet reception, the decision agent for detecting attacks and the recovery agent for restoring the network from the ongoing attacks. Furthermore, the scheme adopts an improved situation- aware routing method in the procedure of recovery in order to determine an alternative path with high quality. Simulation results show that the proposed scheme is effective to defeat the intelligent jamming and to eliminate the performance impacts induced by the anomaly. Results also demonstrate that the proposed routing method can achieve a higher throughput with lower transmission delay. 2. Real-time low-rate Do S detection and restoration based on protocol specifications. The abuse of routing protocols induces the low-rate flooding, which does not trigger a dramatic change of network traffic. Then, the traffic burst based anomaly detection methods are weak to detect such anomaly. We propose an exponential backoff restoration algorithm based on protocol specifications to tackle the challenge brought by the low-rate flooding. Simulation results validate that the proposed scheme is able to maintain the overall network performance under the low-rate flooding. 3. Forwarding assessment based detection and restoration of collaborative grey hole attacks. Specifically, the scheme detects collaborative grey hole attacks by means of forwarding assessments aided by two-hop acknowledgement monitoring. We analyze the optimal detection threshold that minimizes the sum of false positive rate and false negative rate of the proposed scheme, considering the network dynamics due to degraded channel quality or medium access collisions. Theoretical and experimental results demonstrate that the proposed scheme is able to eliminate the impacts on network performance induced by stand-alone or collaborative grey hole attacks and can adapt to network dynamics. The packet delivery ratio can be improved to be more than 80% even if the grey hole attack occurs. 4. Fast anomaly detection scheme based on ELM. We propose an improved classifier using a SLFN trained with ELM. The novel classifier first utilizes principal component analysis to reduce the feature dimension and then selects the optimal architecture of the SLFN based on a new localized generalization error model in the principal component space. Experimental and statistical results demonstrate that the proposed classifier can achieve a significant improvement on generalization ability and classification speed compared with previous classifiers. 5. Real-time anomaly detection and restoration of uplink denial-of-service. We propose a bandwidth request anomaly detection and restoration algorithm based on multi-source correlation statistics to detect UL-BRA induced by malicious subscribers in a real-time manner. Moreover, we propose an adaptive algorithm of threshold determination to adjust the detection threshold, considering the network dynamics due to bandwidth contention originated from multiple uplink data flows that are transmitted simultaneously. Simulation results show that the proposed scheme can achieve a significant improvement on uplink throughput with the presence of such anomalies.
|
PDF Full Text Request