Shanmuga vadivu G & Umamaheswari A  analyzed cluster based intrusion detection method. In this method, the cluster head is selected based on the clique and cluster head computation methods to watch the whole process in the cluster. The hierarchical state routing (HSR) protocol is a distributed multi-level hierarchical routing protocol that does clustering at different levels with efficient membership management at every level of clustering. Clustering increases efficient resource allocation and management. HSR works by classifying different levels of cluster. Clustering algorithm is used for selecting leaders at each level. The first level of physical clustering is done among the nodes which are reachable in a single wireless hop. Members of the first level of this cluster are called as leaf nodes. The next higher level of physical clustering is done among the nodes that are elected as leaders of each of these first-level clusters. Cluster leader is responsible for monitoring security management, intrusion detection computations and data reduction.
Yongjin Kim & Ahmed Helmy  developed a new protocol framework for attacker called CATCH, It is a mechanism towards mobile multi-hop networks (MANET, wireless mesh and sensor networks), which has been concentrated on MAC and network cross-layer approach. CATCH trace back protocol consists of the following four parts: (1) abnormality detection, (2) abnormality characterization, (3) abnormality searching and (4) countermeasures. All the nodes in the network monitor abnormality. Each node monitors the activity of network and MAC layer. If abnormality is detected, the information is captured and logged. Based on the observation of increased packets at network layer, increased collisions at MAC layer, increased frames at MAC layer, increased busy time at MAC layer abnormality is detected. After abnormality detection, it is characterized as time series. After that, Searching of abnormality is implemented by the methods of Traffic pattern matching and Kolmogorov-Smirnov (KS) -fitness test. They have discussed the counter measures like packet filtering and rate limiting. The advantage of this method is computation and memory overhead is low.
Prajeet Sharma et.al  introduced a new Intrusion Detection System (IDS) against DDOS attacks. They have simulated the results through three different criteria like NORMAL case, DDoS attack case and IDS intrusion detection case. In IDS Case, they have selected one node as IDS node which monitors all the mobile nodes within the radio range. If any abnormality is detected in the network behavior, IDS checks the misbehavior with the symptoms of the attack and detects the attack in the attacker node which will be blocked from the network. The advantage of this scheme is throughput and packet delivery fraction is high. End to End delay is reduced.
Prajeet Sharma et.al  proposed a proactive scheme that can prevent a specific kind of DoS attack and identify the misbehaving node as well as it prevents DDoS. The proposed scheme is based on the application of two parameters: RREQ_ACCEPT_LIMIT and RREQ_BLACKLIST_LIMIT. RREQ_ACCEPT_LIMIT represents the number of RREQs that can be accepted and processed per unit time by a node. The reason of this parameter usage is to specify a value that ensures uniform usage of a node's resources by its neighbors. RREQs more than this limit is dropped, but their timestamps are recorded. This information will help in monitoring the neighbor's activities. In their simulations, three RREQs can be accepted per unit time. The RREQ_BLACKLIST_LIMIT parameter is used to specify a value which determines whether a node is acting as malicious or not. It tracks the number of RREQs forwarded by a neighboring node per unit time. If this count exceeds the value of RREQ_BLACKLIST_LIMIT, the corresponding neighboring node is trying to flood the network with possibly fake RREQs. On identifying a neighboring node as malicious, it will be blacklisted. This will prevent further flooding of the fake RREQs in the network. The advantage of this scheme provides a better solution than existing approaches with no extra overhead.
Rizwan Khan & A. K. Vatsa  implemented new architecture of Detection and control of DDoS attacks in MANET. That architecture consists of Monitor, Reputation System, Trust Manager/ Co-operation system, Path Manager. Monitor gathers information about the behavior of nodes in the network. From the observation, Monitoring systems detect misbehavior like Packet dropping, Modification, Fabrication, Timing misbehavior. Reputation System is responsible for monitoring evaluation, Detection &Reaction. Trust manager acts as a Co-operation system among the nodes performing the extensive task of Alarm Count and Trust Builder. It keeps track of the incoming and outgoing ALARM messages. Trust manager sends ALARM messages to warn others regarding malicious nodes. As a trust builder it performs the task to differentiate the consequences of packet is lost or drop naturally or whether is it due to likely collision in the network. Path Manager assigns reputation to path or route which successfully leads packets successfully from source to destination. Advantage of this approach improves overall network performance and functionality by prevention and detection and control of DoS and DDoS attack.
Shideh Saraeian et.al  discussed one kind of DDoS attack called black hole attack in MANET on most vulnerability protocol called Ad-hoc On Demand Vector (AODV). AODV is a reactive routing protocol which produce routes and maintain them only if it is needed. So it may be called as on demand routing protocols. They usually use distance-vector routing algorithms and uses traditional routing tables. It means that for each destination exist one entry in routing table and uses sequence number, that this number ensure the freshness of routes and guarantee the loop-free routing. This protocol is based on two phases: 1) route discovery 2) route maintenance. These phases donââ‚¬â„¢t do any job until the network needs to establish a route between source and destination. If the node has no route entry for the destination, the RREQ message (Route Request message) will be broadcasted. In this time, if the next node is the destination, or has a valid route to the destination, a RREP message (Route Reply message) will be generated and sent back to the source. If some malicious nodes send RREP to source, then it is difficult to identify that it is an attacker node due to mobility of adhoc network. All nodes monitor their own neighborhood when a node in an active route gets lost. A route error message (RERR message) is generated to notify the other nodes. This protocol uses another message called HELLO to inform the neighbors that the link is still alive.
Mirjana Stojanovic et.al  provided a survey of possible solutions for Intrusion Detection System (IDS) against DDoS attacks. IDS are a system that supervises network for malicious activities or policy violations and generates reports based on gathered information. Since DDoS attack traffic may appear similar to legitimate traffic, a detection scheme has a high risk of interpreting legitimate traffic as attack traffic, which is called false positive. Particular attention is focused to IDS that minimizes false positives, with respect to different MANET mobility models. IDS performance is mainly evaluated through two metrics: detection scheme coverage and false positives. Coverage represents a proportion of actual attacks that can be detected. Actually, it is a measure of IDS detection effectiveness. In the case of DoS attacks this is relatively easy to measure, as this type of attacks expose themselves with obvious degradation of targetââ‚¬â„¢s services (e.g. high packet drop rate), though they can be easily detected. False positive is each event in the network that is, by mistake, reported as malicious. Usually, this metric is represented as value obtained by normalizing number of reported false positives versus the number of reported attacks. According to this, the perfect IDS will have the coverage of 100% and 0% false positives. In addition to these two metrics, the intrusion detection time should be as short as possible. The advantage of this approach is to minimize false positive.
Xiaoxin Wu & David K. Y. Yau  proposed a DoS mitigation technique that uses digital signatures to verify legitimate packets, and drop packets that do not pass the verification. Since nodes are selfish, they may not perform the verification in order to avoid paying the overhead. A bad packet that escapes verification along the whole network path will bring a penalty to all its forwarders. A network game can be formulated in which nodes along a network path, in optimizing their own benefits, are encouraged to act collectively to filter out bad packets. In their approach, the packets from legitimate sources should be digitally signed by their respective senders. The signed SIG with the certificate is used to verify that the packet is from the claimed legitimate source. If the SIG carried in the packet does not match the SIG that a forwarder generates from the received packet, the packet is classified as a bad packet and therefore dropped. The advantage of this approach is that filters bad packets. A limitation of this method is the design of protocols to accurately estimate the severity of attack.
Mieso K. Denko  proposed a reputation-based incentive mechanism for detecting and preventing DoS attacks. They investigated DoS attacks committed by selfish and malicious nodes. Their scheme encouraged nodes to cooperate and exclude them from the network, only if they fail to do so. They have adopted a combination of detection and prevention measures in their proposal. When an attacker is a mobile, traceback mechanisms can be effective in determining the attack path or attack generating domain, but inefficient in identifying the attacking host. By giving incentives to cooperating nodes and some form of penalty to non-cooperating nodes may improve the performance and make sure security in MANETs. They proposed a reputation-based scheme for motivating nodes in ad hoc networks to prevent both active and passive DoS attacks. They investigated the effect of both selfish and malicious nodes. They did not immediately exclude misbehaving nodes. Instead they first motivated them to cooperate before excluding them. A node which becomes indifferent and act malicious continuously can be excluded from the network. If nodes do not cooperate, their reputation gradually goes down and they are finally eliminated from the network. The advantage of this scheme is packet delivery ratio is increased and the routing and communication overhead is reduced. A Limitation of this scheme is the investigation of DDoS in MANET and integrated wireless networks.
Xin Jin et.al  introduced a new algorithm called zone sampling-based traceback (ZSBT) to trace the DoS attackers in MANETs. While a node forwards a packet, the node writes its zone ID into the packet with a probability. After receiving these packets, the victim can reconstruct the path between the attacker and itself. The ZSBT algorithm consists of three processes: initialization process, zone sampling process, and path reconstruction process. In the initialization process, each node constructs a chain and allow the victim be the head. The chain is used to reconstruct the attack path by sorting the zone ID information in the packets. When a node receives a packet, if the node is the victim, the ZSBT algorithm executes the path reconstruction process. Otherwise, the ZSBT algorithm executes the zone sampling process In the path reconstruction process, the victim reconstructs the zone path from the attacker to itself using the zone information in each packet. In the Zone Sampling process, the node writes its zone ID into the node with a probability p and then forwards the packet. There are two static fields, zone ID, and distance in each packet are reserved. Zone ID is used to record the zone ID of the node on the path. Distance denotes the distance from current node to the victim and its initial value is set as zero. The advantage of this method is communication overhead is low. A limitation of this method is focus on locating the exact DDoS attackers.
Xianjun geng et.al  proposed a conceptual model which incorporates both cooperative technological solutions and economic incentive mechanisms built on usage-based fees. The Cooperative technological solutions are device security improvement, User level traffic control, Coordinated filters, Tracing back. First User level traffic control and coordinated filters have been implemented simultaneously to achieve better defense. User-level traffic control is embodied in a set of traffic control rules specifically for a given network device. Even if user-level traffic control fails, DDoS attack is defeated by identifying the attacking traffics and stopping them by using coordinated filters. The purpose of coordination among filters is to stop the traffic as early as possible along the attacking paths to prevent the damage from aggregated traffic. If suppose the coordinated filters cannot effectively stop the attack, there still existed another technological solution to trace back to the zombie devices to shut down the attack from the source. The characteristics of that four coordinated technological solutions are improving the security of all relevant devices. The advantage of this approach is cost effectiveness has been addressed.
S.A.Arunmozhi & Y.Venkataramani  proposed a new defense mechanism which has a flow monitoring table (FMT) at each node. FMT contains flow id, source id, destination id and packet sending rate. Data transfer rate is calculated for each flow at the intermediate nodes. With each flow, the updated FMT is sent to the destination. After monitoring the MAC(Media Access Control)layer, the destination sends the Explicit Congestion Notification (ECN) bit to alert the sender nodes about the congestion. After seeing these packets with ECN marking, the sender nodes reduce their sending rate. If the channel becomes congested continuously due to some sender nodes do not reduce their sending rate, it can be found by the destination using the updated FMT. It checks current sending rate with the previous sending rate of a flow. When both the rates are same, the corresponding sender of the flow is considered as an attacker. Once the DDoS attackers are found, all the packets from those nodes will be rejected. An advantage of this scheme is to improve the performance of Adhoc network, high bandwidth, high packet delivery ratio, reduced packet drop for legitimate users.
Adnan Nadeem & Michael Howarth  focused on preventing denial-of-service (DoS) attacks. They have proposed an anomaly-based intrusion detection system that uses a combination of chi-square test & control chart to first detect intrusion and then identify an intruder. They have discussed some types of DDOS attacks like Sleep Deprivation and Rushing attack. These attacks are done due to malicious RREQ flooding (MRF). They have described Adaptive Intrusion Detection and Prevention (AIDP) which uses anomaly-based intrusion detection (ABID) to detect DoS attacks caused by MRF in MANETs. AIDP consists of two modules: training and a testing module. After establishing a network, the cluster head (CH) continuously gathers information and applies the AIDP training module for N time intervals (TI), resulting in an initial training profile (ITP). The ITP reflects the normal behavior of the nodes in the network. In the testing phase the CH then applies the testing module after each TI. This test consists of several tasks, the first of which detects intrusion. If there is no intrusion then it updates the ITP in order to adapt the variation in the network behavior as time progresses. If there is intrusion in the second task the CH identifies the intruding nodes. To optimize the probability of identifying intruders correctly with a low level of false positives, it maintains a test sliding window (TSW), in which detections of a node are required in P time intervals (TI). If this detection threshold is passed then the CH will Blacklist (BL) the node and isolate the node by informing all Cluster Nodes. The advantage of this method is reduced overhead, increased throughput.
Quan Jia et.al  introduced and analyzed a novel capability-based security mechanism called CapMan(Capability-based Defense against Multi-Path Denial of Service Attacks). This mechanism is particularly against multi path communication in MANET. It consists of two main components: the capability distribution and the capability enforcement. The capability distribution protocol empowers the responder of a traffic flow to issue and distribute a capability to all the nodes along the routing path. After the responder received a connection request from an initiator, it sends a capability packet to the initiator as a notification of the acceptance of an end-to-end flow and the discovery of a new routing path. The capability is not only used as a ticket by the initiator to send data packets, but also saved by all intermediate nodes to restrict the number of packets they will forward for the flow. In addition, the capability enforcement mechanism implements the capability constraint on a per-hop basis across multiple routing paths. They assume multi-path routing between end nodes and that the routing paths do change dynamically. To account for that, all nodes periodically exchange bandwidth consumption reports. This enables each node to maintain a global view of per flow throughput and capability between any pair of initiator and responder. Thus, their approach can effectively identify and mitigate sophisticated DoS attacks that target multi-path routing protocols, even if both the initiator and the responder are colluding malicious insiders. The advantage of this method is capable of protecting both the network and the end nodes from sophisticated DoS attacks.
Bin Xiao et.al  proposed a novel cooperative system which consists of a client detector and a server detector for producing warning of a DDoS attack. The client detector uses a Bloom filter-based detection scheme is placed on the client side to generate accurate detection results and it consumes minimal storage and computational resources. Its main task is to monitor the TCP control packets entering and leaving a domain. The detection scheme is developed from a modified hash table. They have designed the new hash table based on the Bloom filter method. States of each TCP three-way handshake are recorded in the hash table and the abnormal asymmetric three-way handshake can be clearly seen inside the client detector. The client detector thus can issue a DDoS attack after analyzing suspicious alarms. They proposed using a modified Bloom filter in order to construct a hash table that can record three-way TCP control packets at a limited storage cost. The modified structure of the novel hash table makes it possible to capture abnormal handshakes even where the volume of traffic is large. The server detector can actively assist the warning process by sending requests to innocent hosts. With the assistance of client detectors, a server detector can detect a forthcoming DDoS attack at an early stage. The Advantage of this approach is that can both passively and actively detect DDoS attacks. A limitation of this approach is to design the hash function to reduce the occurrence of hash collision, which should also reduce potential false negatives and false positives.
Fei Xing Wenye Wang  introduced a dynamic DoS attack. The dynamic DoS attack is characterized in exploiting the node mobility, dynamic power control, and compromised nodes to spread new DoS attacks dynamically. And they have discussed static and dynamic DoS attacks. The DoS attacks launched on link layer and network layer is called as static DoS attack. Eg. Black hole and Jelly fish attack. Malicious nodes may be able to move around the entire network, to adjust transmission power dynamically, or even to propagate DoS attacks by compromising their cooperative neighbors. Therefore, the DoS attacks may become dynamic in terms of the expansion of attack coverage and the propagation of attack impact.
Vrizlynn L. L. Thing & Henry C. J. Lee  conducted qualitative analysis and simulations to investigate the feasibility and evaluate the attack path detection performance of existing IP Traceback techniques like Source Path Isolation Engine, Probabilistic Packet Marking, and ICMP Traceback on wireless ad-hoc networks, using proactive (DSDV) or reactive (AODV) routing protocol. To trace the true source of the attackers, several IP Traceback mechanisms have been proposed to maintain accountability. In SPIE, every intermediate router maintains the digests of processed packets. After a particular time interval, the processed packets specifics are transferred to a central server for longer-term storage and analysis. In this scheme, only one attack packet is required to reconstruct the attack path. In PPM, packets are marked by intermediate routers probabilistically to contain fragments of the path information. When the victim has collected sufficient number of marked packets, it would be able to reconstruct the attack path. In ITrace, each intermediate router generates a new ICMP packet, called the ITrace message at a low probability for each packet it processed. The message contains information about this router and the packet, and is sent to the same destination of the packet. Upon reception of sufficient number of ITrace messages, the victim would be able to reconstruct the attack path.
Lili Zhang et.al  introduced a new method to improve the topology stability of the MANET on stable topology. Due to free mobility of nodes, an attack path in MANET might dynamically change on the routing path. Since the topology is keep on changing, the detected attack path is no longer valid and need to trace back again, or the in-processing trace back procedure cannot be completed within the prospective time. For this reason, a stable environment for trace back has been created on stable topology to bring higher trace back efficiency. They used the Identity Replacement based AODV (IR-AODV) protocol to enhance the stability of MANET topology so that the host could have sufficient time to trace back. Research indicates that it greatly improve the trace back success ratio. The advantage of this approach is to improve the topology stability of MANET and also trace back efficiency is improved.
Yinghua Guo & Matthew Simon  presented a quantitative model to characterize the DDoS flooding attack and its traffic statistics. They also proposed an analytical model for looking for specific patterns of the attack traffic, aiming to achieve: (1) Decide if there is an anomaly in the traffic and whether the anomaly is the DDoS attack (2) Decide the time when the attack is launched. Network forensics is the process of capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents. The flooding attack considered in their work performs at the network layer. It aims to paralyze the entire network, rather than any particular node, by injecting overwhelming attack traffic (e.g. RREQ broadcasting) into the MANET. Because all or most of key resources of mobile nodes are meaninglessly consumed on processing and transmitting the attack traffic, legitimate usersââ‚¬â„¢ traffic is denied. As a result, a network-wide congestion, instead of the congestion surrounding a individual node as in conventional Internet DDoS attacks, is created. The advantage of this method is to detect DDoS attacks more effectively by traffic pattern identification proposed in their work.
S.A.Arunmozhi and Y.Venkataramani  proposed the wireless ad hoc networks are highly vulnerable to distributed denial of service (DDoS) attacks because of its unique characteristics such as open network architecture, shared wireless medium and stringent resource constraints. These attacks throttle the tcp throughput heavily and reduce the quality of service (QoS) to end systems gradually rather than refusing the clients from the services completely. In this paper, the researchers discussed the DDoS attacks and proposed a defense scheme to improve the performance of the ad hoc networks. Their proposed defense mechanism uses the medium access control (MAC) layer information to detect the attackers. The status values from MAC layer that can be used for detection are Frequency of receiving RTS/CTS packets, Frequency of sensing a busy channel and the number of RTS/DATA retransmissions. Once the attackers are identified, all the packets from those nodes will be blocked. The network resources are made available to the legitimate users. The researchers perform the simulation with Network Simulator NS2 and the researchers proved that their proposed system improves the network performance.
L. Buttyan and J. Hubaux  presented in military and rescue applications of mobile ad hoc networks, all the nodes belong to the same authority; therefore, they are motivated to cooperate in order to support the basic functions of the network. In this paper, the researchers consider the case when each node is its own authority and tries to maximize the benefits it gets from the network. More precisely, the researchers assume that the nodes are not willing to forward packets for the benefit of other nodes. This problem may arise in civilian applications of mobile ad hoc networks. In order to stimulate the nodes for packet forwarding, the researchers propose a simple mechanism based on a counter in each node. The researchers study the behavior of the proposed mechanism analytically and by means of simulations, and detail the way in which it could be protected against misuse.
S. Zhong et.al  presented mobile ad hoc networking has been an active research area for several years. How to stimulate cooperation among selfish mobile nodes, however, is not well addressed yet. In this paper, the researchers proposed Sprite, a simple, cheat-proof, credit-based system for stimulating cooperation among selfish nodes in mobile ad hoc networks. Their system provides incentive for mobile nodes to cooperate and report actions honestly. Compared with previous approaches, their system does not require any tamper-proof hardware at any node. Furthermore, the researchers present a formal model of their system and prove its properties. Evaluations of a prototype implementation show that the overhead of their system is small. Simulations and analysis show that mobile nodes can cooperate and forward each other's messages, unless the resource of each node is extremely low.
S. Marti et.al  described two techniques that improve throughput in an ad hoc network in the presence of nodes that agree to forward packets but fail to do so. To mitigate this problem, the researchers propose categorizing nodes based upon their dynamically measured behavior. The researchers use a watchdog that identifies misbehaving nodes and a path rater that helps routing protocols avoid these nodes. Through simulation the researchers evaluate watchdog and path rater using packet throughput, percentage of overhead (routing) transmissions, and the accuracy of misbehaving node detection. When used together in a network with moderate mobility, the two techniques increase throughput by 17% in the presence of 40% misbehaving nodes, while increasing the percentage of overhead transmissions from the standard routing protocol's 9% to 17%. During extreme mobility, watchdog and path rater can increase network throughput by 27%, while increasing the overhead transmissions from the standard routing protocol's 12% to 24%.
S. Buchegger and J.Y.L Boudec  proposed mobile ad-hoc networking works properly only if the participating nodes cooperate in routing and forwarding. However, it may be advantageous for individual nodes not to cooperate. The researchers proposed a protocol, called CONFIDANT, for making misbehavior unattractive; it is based on selective altruism and utilitarianism. It aims at detecting and isolating misbehaving nodes, thus making it unattractive to deny cooperation. Trust relationships and routing decisions are based on experienced, observed, or reported routing and forwarding behavior of other nodes. The detailed implementation of CONFIDANT in this paper assumed that the network layer is based on the Dynamic Source Routing (DSR) protocol. The researchers present a performance analysis of DSR fortified by CONFIDANT and compare it to regular defenseless DSR. It shows that a network with CONFIDANT and up to 60% of misbehaving nodes behaves almost as well as a benign network, in sharp contrast to a defenseless network. All simulations have been implemented and performed in GloMoSim.
P. Michiardi and R. Molva  proposed countermeasures against node misbehavior and selfishness are mandatory requirements in mobile ad hoc networks. Selfishness that causes lack of node activity cannot be solved by classical security means that aim at verifying the correctness and integrity of an operation. In this paper the researchers outline an original security mechanism (CORE) based on reputation that is used to enforce cooperation among the nodes of a MANET. The researchers then investigated on its robustness using an original approach: the researchers use game theory to model the interactions between the nodes of the ad hoc network and the researchers focus on the strategy that a node can adopt during the network operation. As a first result, the researchers obtained the guidelines that should be adopted when designing a cooperative security mechanism that enforces mobile nodes cooperation. Furthermore, the researchers were able to show that when no countermeasures are taken against misbehaving nodes, network operation can be heavily jeopardized. The researchers then showed that the CORE mechanism is compliant with guidelines provided by the game theoretic model and that, under certain conditions, it assures the cooperation of at least half of the nodes of a MANET.
J. Kong et.al  presented mobile ad hoc networks (MANETs) are vulnerable to routing attacks, especially attacks launched by non-cooperative (selfish or compromised) network members and appear to be protocol compliant. For instance, since packet loss is common in mobile wireless networks, the adversary can exploit this fact by hiding its malicious intents using compliant packet losses that appear to be caused by environmental reasons. In this paper the researchers study two routing attacks that use non-cooperative network members and disguised packet losses to deplete ad hoc network resources and to reduce ad hoc routing performance. These two routing attacks have not been fully addressed in previous research. The researchers proposed the design of "self-healing community" to counter these two attacks. Their design exploits the redundancy in deployment which is typical of most ad hoc networks; namely, it counters non-cooperative attacks using the probabilistic presence of nearby cooperative network members. To realize the new paradigm, the researchers devise localized simple schemes to (re-)configure self-healing communities in spite of random node mobility. The researchers developed a general analytic model to prove the effectiveness of their design. Then the researchers implement their secure ad hoc routing protocols in simulation to verify the cost and overhead incurred by maintaining the communities. Their study confirms that the community-based security is a cost-effective strategy to make off-the-shelf ad hoc routing protocols secure.
Y. Hu, A. Perrig, and D. B. Johnson  Described an ad hoc network is a group of wireless mobile computers (or nodes), in which individual nodes cooperate by forwarding packets for each other to allow nodes to communicate beyond direct wireless transmission range. Prior research in ad hoc networking has generally studied the routing problem in a non-adversarial setting, assuming a trusted environment. In this paper, the researcherââ‚¬â„¢s presented attacks against routing in ad hoc networks, and the researchers present the design and performance evaluation of a new secure on-demand ad hoc network routing protocol, called Ariadne. Ariadne prevents attackers or compromised nodes from tampering with uncompromised routes consisting of uncompromised nodes, and also prevents a large number of types of Denial-of-Service attacks. In addition, Ariadne is efficient, using only highly efficient symmetric cryptographic primitives.
A. D. Wood and J. A. Stankovic  proposed sensor networks hold the promise of facilitating large-scale, real-time data processing in complex environments, helping to protect and monitor military, environmental, safety-critical, or domestic infrastructures and resources, Denial-of-service attacks against such networks, however, may permit real world damage to public health and safety. Without proper security mechanisms, networks will be confined to limited, controlled environments, negating much of the promise they hold. The limited ability of individual sensor nodes to thwart failure or attack makes ensuring network availability more difficult. To identify denial-of-service vulnerabilities, the authors analyzed two effective sensor network protocols that did not initially consider security. These examples demonstrate that consideration of security at design time is the best way to ensure successful network deployment.
S. Xu and T. Saadawi  presented the IEEE 802.11 medium access control (MAC) protocol is a standard for wireless LANs, it is also widely used in almost all test beds and simulations for the research in wireless mobile multi-hop ad hoc networks. However, this protocol was not designed for multi-hop networks. Although it can support some ad hoc network architecture, it is not intended to support the wireless mobile ad hoc network, in which multi-hop connectivity is one of the most prominent features. In this paper, the researchers focused on the following question: can IEEE 802.11 MAC protocol function well in multihop networks? By presenting several serious problems encountered in transmission control protocol (TCP) connections in an IEEE 802.11 based multi-hop network, the researchers show that the current TCP protocol does not work well above the current 802.11 MAC layer. The relevant problems include the TCP instability problem found in this kind of network, the severe unfairness problem, and the incompatibility problem. The researchers illustrate that all these problems are rooted in the MAC layer. Furthermore, by revealing the in-depth cause of these problems, the researchers conclude that the current version of this wireless LAN protocol does not function well in multi-hop ad hoc networks. The researchers thus doubt whether the current Wave LAN based system is workable as a mobile multi-hop ad hoc test bed. All the results shown in this paper are based on NS2 simulations, and are compatible with the results from the OPNET simulations.
G. Noubir and G. Lin  investigated the resiliency to jamming of data protocols, such as IP, over WLAN. The researchers show that, on existing WLAN, an adversary can successfully jam data packets at a very low energy cost. Such attacks allow a set of adversary nodes disseminated over an area to prevent communication, partition an ad hoc network, or force packets to be routed over adversary chosen paths. The ratio of the jamming pulses duration to the transmission duration can be as low as 10-4. The researchers investigate and analyze the performance of combining a cryptographic interweaver with various coding schemes to improve the robustness of wireless LANs for IP packets transmission . A concatenated code that is simple to decode and can maintain a low Frame Error Rate (FER) under a jamming effort ratio of 15%. The researchers argue that LDPC codes will be very suitable to prevent this type of jamming. The researchers investigate the theoretical limits by analyzing the performance derived from upper bounds on binary error-control codes. The researchers also propose an efficient anti-jamming technique for IEEE802.11b based on Reed-Solomon Codes. 1
F. Xing and W. Wang  presented mobile ad hoc networks are vulnerable to malicious attacks and failures due to their unique features, such as node mobility and dynamic network topology. The design and evaluation of routing protocols and topology control require sound analysis on network connectivity and node behaviors. However, little work has been done on how node misbehaviors affect network connectivity. Modeling and analysis of node misbehavior involves many challenges such as multiple failures caused by selfishness, mobility, and potential Denial of Service attacks. Thus, the researchers propose a novel model to characterize node misbehaviors based on a semi-Markov process. In particular, the researchers analyze the impact of node misbehavior on network connectivity in a mobile ad hoc network stochastically. Numerical results based on analysis and simulations are provided to demonstrate the effectiveness of their approach and results.