A Firegroup Mechanism to Provide Intrusion Detection and ...

International Journal of Information Security and Privacy, 8(2), 1-18, April-June 2014 1

Copyright © 2014, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.

ABSTRACT

Distributed Denial of Service (DDOS) attacks are the major concern for security in the collaborative networks. Although non DDOS attacks are also make the network performances poor, the effect of DDOS attacks is severe. In DDOS attacks, flooding of the particular node as victim and jam it with massive traffic happens and the com-plete network performance is affected. In this paper, a novel Intrusion Detection and Prevention System is designed which detects the flooding DDOS attacks based on Firecol and prevents the attacks based on Dynamic Growing Self Organizing Tree (DGSOT) for collaborative networks. Simulation results in NS2 shows that DGSOT with Firecol (Firegroup) produces better intrusion detection and prevention system. Performance metrics based on the parameters delay, throughput, average path length, packet data ratio and energy conservation are better in Firegroup than the traditional Firecol system.

A Firegroup Mechanism to Provide Intrusion Detection

and Prevention System Against DDos Attack in Collaborative

Clustered NetworksM. Poongodi, Anna University, Chennai, India

S. Bose, Anna University, Chennai, India

Keywords: Collaborative Networks, DDOS, Firegroup, Flooding, IDPS, Network Security

DOI: 10.4018/IJISP.2014040101


2 International Journal of Information Security and Privacy, 8(2), 1-18, April-June 2014

INTRODUCTION

A Collaborative network consists of various autonomous, heterogeneous and distributed entities with collabora-tive approach to achieve common goals and the interactions are supported by the computer network architecture. Lot of emphasis is being given related to security in the collaborative networks and the recent research in this domain highlights the various phenomena of the attack detection and prevention mecha-nisms. DDOS attacks and the defense mechanisms related to the classification are studied (Douligeris C & Mitrokotsa, A, 2003). The structural approach to the problem and the important features of each and every attack in the network with the described pros and cons are presented. DOS attacks on the web ser-vices, the vulnerability and inadequate defense mechanism with robustness is explained in (Zhijun Wu & Zhifeng Chen, 2006). Scalable mechanism of Distrib-uted Denial of Service and the associated new network architecture which address the problem of attack is presented with legitimate data sending procedures and their reception criteria (Wang, Fei, et al., 2012). The design decisions and their potential for denial of service attacks in the internet is studied. The state of art methods for defending the attacks, compare the counter measures are also discussed (Awad, M et al., 2004). The routing stability of the internet and the observed route changes over link met-ric and the analysis based on Principal Component Analysis (PCA) are reviewed

as literature (Peng et al., 2007). The new direction in the routing stability measurement and the routing system per-formance are represented in the model. Network of compromised machines and their nodes controlled by attackers are dealt in Bot-nets which used peer to peer connectivity for remote control mechanisms. Also, the communication channel disruption and the mitigation possibilities are also explored (Yu Chen & Kai Hwang, 2006). A General Intrusion Detection Architecture Enhancing Trust Based Approaches is presented for the mobile adhoc networks. Examination of different intrusion detection systems and the adapted architecture for IDS are explained (Shui Yu & Wanlei Zhou, 2008). With respect to internet routing stability, a number of explanations for the anomalies and the evaluation of their potential impact on the Internet infrastructure is also analyzed (Holz, Thorsten, et al., 2008). The End-to-End Routing behavior in the Internet and their sequential results in the simulation is studied with the routing stability and the routing system parameters (Albers, Patrick, et al., 2002). Various researches related to botnets which describe the possible attacks performed by botnet communication technologies are also ex-plored (Labovitz, Craig, G et al., 1999). To explore the possible vulnerability in the wireless networks against the prob-able attack, the classification of counter measure selection approaches are car-ried out and comprehensive prevention mechanism to address DDOS flooding problem is estimated (Saman Taghavi



Zargar et al., 2013). In the recent DDOS attacks, most complicated techniques are launched by the attackers. To over-come such multiple attack procedures, integrative approaches need to be car-ried out. In the LAN environments, the compromised machines serve as spam zombies. In such situation, the packets transmitted across the network have to be scanned through sequential scanning process by employing various statistical methodologies. By detecting the spatial temporal behavior using the grouping flow control detection mechanisms, the IDS exploit the malicious behavior of the host machine.

The major problem in the popular IDS systems is the false alarms and raw alerts. In multi step attack conditions, the analysis of false alarms and raw alerts are controlled by alert correlation tools (Chun-Jen Chung et al., 2013). In order to detect flooding DDOS attack, the collaborative tool Firecol is used. The threats in such distributed attacks are measured based on the bandwidth allocation to the users and Firecol attack detection algorithms by means of their mitigation techniques and the virtual rings effectively exploit the intrusion at-tack and prevent the malicious spreading (Jérôme François et al., 2012).

The rest of this paper is organized as follows: Section 3 deals with the system design and the architectural components of Firegroup. Section 4 shows the imple-mentation procedures and the simulation analysis with results and screenshots. Section 5 shows the conclusion and the future enhancements followed by refer-ences in section 6.

LITERATURE REVIEW

In BECAN scheme, each node requires ‘k’ number of neighbors for co-operative neighbor router (CNR) based authentica-tion. BECAN filters injected false data through co-operative authentication of the event report by the k neighboring nodes of the source node. BECAN dis-tributes the authentication of en-routing to all mobile nodes along the routing path to avoid complexity. This scheme adopts bit compressed authentication technique to save the bandwidth. This method filters false data while routing, so that valuable bandwidth is saved. BECAN does not address gang injection attack, wherein many compromised nodes come together to authenticate a false injected data (Rongxing Lu et al., 2012).

In NFFS, each node distributes its neighbor information to some other nodes after deployment. When a report is generated for an observed event, it must carry the IDs and MACs from the detecting nodes. Each forwarding node checks the correctness of the MACs car-ried in the report and the legitimacy of relative positions of detecting nodes. As a result, false data reports can be detected by checking the relationship between the keys of nodes and their locations. Consequently, the security protection against the compromised nodes can be enhanced greatly (Kui Ren et al., 2008).

In GFFS, each node distributes its location information to some forwarding nodes after deployment. Each data report must carry the MACs and locations of t detecting nodes that sense the event simultaneously. All the forwarding nodes



verify the correctness of both MACs and locations. Besides, they also verify the legitimacy of the t locations. Because the keys of nodes are bound to their geo-graphical locations, false reports injected collaboratively by compromised nodes from different geographical areas can be detected and filtered out. Moreover, the ability of compromise tolerance can also be enhanced. In (Jianxin Wang et al., 2014) proposed a statistical en-routing filtering mechanism called SEF. SEF requires that each sensing report be validated by multiple keyed message authenticated (MACs), each generated by a node that detects the same event. When the report is forwarded, each node along its way verifies the correctness of the MACs at the earliest point of time. If the injected false data escapes the en-route filtering and is delivered to the sink, the sink will further verify the correctness of each MAC carried in each report and reject false data.

In SEF, to verify the MACs, each node gets a random subset of the keys of size k from the global key pool of size N and uses them to produce the MACs. To save the bandwidth, SEF adopts the bloom filter to reduce the MAC size. By simulation, SEF can prevent the inject-ing false data attack with 80-90 percent probability within 10 hops. However, since n should not be large enough as described above, the filtering probabil-ity at each en-routing node is relatively low. The possibility of en-routing nodes compromise in SEF is not considered, which is also crucial to the false data filtering. In this (Fan Ye et al., 2005) paper they represent an interleaved hop-

by-hop authentication (IHA) scheme for filtering of injected false data. In IHA, each node is associated with two other nodes along the path-the lower and the upper association nodes. An en-routing node will forward the received report, if it is successfully verified by its lower association node. To reduce the size of the report, the scheme compresses t1 individual MACs by XORing them to one. By analyses, only if less than t nodes are compromised, the sink can detect the injected false data. However, the security of the scheme is mainly contingent upon the creation of associa-tions in the association discovery phase. This is a location aware scheme that provides many security services such as data confidentiality, availability, and authenticity. In LEDS, the data confiden-tiality is achieved by using symmetric cryptography and linear secret sharing.

To check the authenticity of the data, a legitimate report carries many MACs that are verified by the nodes in the intermediate cells. For the data avail-ability, the overhearing nodes in every forwarding cell collaborate to inform the next cell in case a legitimate report is dropped by a malicious node. Although overhearing nodes theoretically provide data availability, there does not seem to exist a practical method to implement this technique. The most logical realization is a voting system that has a high com-munication overhead and its manage-ment introduces a high computational complexity (Sencun Zhu et al., 2004).



SYSTEM DESIGN

The detection of the flooding DDOS at-tacks is the foremost step. The Firecol has two sub systems. Viz. Firecol Metrics and Firecol Components. Firecol Metrics consists of the frequency, entropy and relative entropy parameters. The propor-tion of packets matching rule within the detection window is identified by the frequency parameter. The entropy is used to measure the distribution uniformity in rule frequencies. The final parameter relative entropy is used to measure the distribution dissimilarity among two distributions. The relative entropy will be zero if the distributions are equivalent and if the deviation value becomes more, the relative entropy will be higher.

There are four Firecol components which are Packet Processor, Metrics Manager, Selection Manager and Score Manager. Packet Processor will exam-ine the traffic and update elementary metrics, whereas Metrics Manager will compute entropy and relative entropy. The detection window ended event is processed by the Selection Manager. It checks whether the traffic during the elapsed detection window is within pro-file. Score Manager will assign a score to each of the selected rules depending on their frequencies and the entropy.

Based on the Firecol, detection mechanisms are designed and for preven-tion mechanism, dynamically growing self organizing tree structure is used. Genetic algorithm is incorporated in the structure for better intrusion prevention.

ARCHITECTURE OF FIREGROUP BASED IDPS

Firegroup is designed in a novel way that makes it hard for the intruder to attack the network and thereby provid-ing better security. Participating IDPS along the path to a subscribed customer collaborate (vertical communication) by computing and exchanging belief scores on potential attacks. The IDPS form virtual protection rings around the host they protect. The virtual rings use horizontal communication when the degree of a potential attack is high. In this way, the threat is measured based on the overall traffic bandwidth directed to the customer compared to the maximum bandwidth it supports and the prevention is achieved by the dynamically growing tree with self organizing structure. Figure 1 shows the overall proposed architecture of Firegroup which provides detection as well as prevention towards network against DDOS attack.

Modules of Firegroup Based IDPS

The implementation of the Intrusion De-tection and Prevention System has been logically separated into four modules.

• Selection Manager• Score Manager• Detection Manager• Genetic based DGSOT algorithm

Selection Manager

The detection window ended event is processed by the selection manager as shown in Figure 2, which checks whether



the traffic during the elapsed detection window. If there is a flooding DDOS attack, the traffic volume increases and so does the frequency of some rules.

Score Manager

The score manager assigns a score to each of the selected rules depending on their frequencies and the entropy shown in Figure 3. The entropy and the frequency are considered high if they are respectively greater than a threshold α and β.

The following Figure 4 shows the example of the decision table in the Dynamically Growing Self Organizing Tree with Firecol.

Detection Manager

DDoS attacks are mainly used for flood-ing a particular victim with massive traf-fic as highlighted. The popularity of these attacks is due to their high effectiveness against any kind of service since there is no need to identify and exploit any particular service-specific flaw in the victim. The combination of the detec-tion and the prevention schemes gives the strength to withstand and counter attack the intruder (Figure 5).

Genetic Based DGSOT-Algorithm

• The DGSOT is a tree structure self-organizing neural network.

• It is designed to discover the correct hierarchical structure in an underly-ing data set.

• The DGSOT grows in two directions: vertical and horizontal.

• In the direction of vertical growth, the DGSOT adds descendents.

• The DGSOT algorithm tries to op-timize the number of clusters for a node in each expansion phase, cluster validation is used heavily.

• Therefore, the validation algorithms used in DGSOT must have a light computational cost and must be eas-ily evaluated.

• A simple method is suggested for the DGSOT here, the measures of average distortion.

• However, cluster scattering measure can be used to minimize the intra-cluster distance and maximize inter-cluster distance.

We propose a new tree-structure self-organizing neural network, called dy-namically growing self-organizing tree (DGSOT) algorithm for hierarchical clustering. The DGSOT is a tree structure self-organizing neural network designed to discover the proper hierarchical struc-ture of the underlying data. The DGSOT grows vertically and horizontally. In each vertical growth, the DGSOT adds two children to the leaf whose heterogeneity is greater than a threshold and turns it to a node. In each horizontal growth, the DGSOT dynamically finds the proper number of children (sub clusters) of the lowest level nodes. Each vertical growth step is followed by a horizontal growth step. This process continues until the heterogeneity of all leaves is less than a threshold TR.

The Pseudo-Code Of DGSOT Al-gorithm Steps is presented in Table 1.



Figure 1. Firegroup architecture

Figure 2. Selection manager



Figure 3. Score manager

Figure 4. Example of decision table - Firegroup

Figure 5. Detection manager – Firegroup



IMPLEMENTATION

The overall IDPS system with Firegroup is presented in the pseudo code format for the implementation (Table 2).

Usecase Diagram

The following Usecase diagram Figure 6 shows the user interaction activities of the IDPS system implemented in the simulation environment

Sequence Diagram

The Figure 7 shows the query processing sequences right from source to destina-tion in the IDPS. The energy parameter is being analysed over the sequence.

Screenshots

The following Figures are the screen shots taken in the simulation environ-ment of Firegroup based Intrusion De-tection and Prevention System.

The below Figure shows the envi-ronment assigned for the IDPS with the stipulated number of nodes (Table 4).

Figure 8 shows the detection of at-tacks in the network

The below Figures notifies the simulation environment of the IDS system with the Firegroup in the Ns2- NAM environment. The performance metrics, viz. Packet Data ratio, average route path length, Throughput, delay and Energy Drain Rate are considered for simulation analysis and the results are compared for Firegroup(DGSOTFC) scheme with the existing IDS Technique Firecol algorithm (Figure 9).

The Packet Delivery Rate (PDR) is the ratio of the number of packets delivered to the destination to the total number of packets sent. Higher the number of packets transmitted, better is the Packet Data Ratio of the system. In the proposed approach using the FCDGSOT algorithm has higher packet data ratio when compared to the existing algorithms. Packet Data Ratio analysis is shown in Figure 10.

Average Latency is defined as the time delay realized during the data transmission from source to destination while evaluating the Intrusion Detection System. The graphs are drawn for Delay time versus the Network Size. The IDS with proposed mechanism has minimum average latency during the transmission process, same is shown in Figure 11.

Table 1. DGSOT algorithm

The DGSOT Algorithm:Step 1: To initialize the time parameter t to 1, set the horizontal growing flag of the root to true. Associate all System data with the IP Address Step 2: If you choose Vertical Growing step means, For any leaf whose heterogeneity is greater than the threshold TR. To create or choose source and Destination. Set the horizontal growing flag of true valueStep 3: Update neighborhood system IP and Increase time parameter, t=t+1Step 4: If you choose Horizontal Growing means, the horizontal growing stop rule is unsatisfied and the horizontal growing flag equal to true or Set the horizontal growing flag to false. Step 5: Update reference vectors of winner and its neighborhood To Increase the time parameter, t=t+1. The horizontal growing flag of all lowest level are less than the threshold TR.



Figure 12 shows the overall through-put efficiency of the proposed IDS system. For the given network size, the throughput efficiency is better for FC-DGSOT based algorithm comparatively s. Throughput is the defined as the overall performance efficiency of the system in terms of packet data ratio. It is measured as the ratio of the difference in data transmitted and data dropped to the total data transmitted. It’s measured in terms of percentage analysis.

Energy Consumption Rate is the rate of energy utilized by the nodes in the data transmission process and the parameter should have minimum value for the bet-ter life time of the system. Using the proposed algorithm, the residual energy of the nodes is high and the energy con-sumed is less So the system has higher network life time Energy consumption rate for the given network size is shown in Figure 13.

Table 2. Firegroup algorithm

1 /*Initialization*/ 2 Create a tree has only one root node. 3 Initialize the reference vector of the root node the centroid of the entire data 4 Associate all data with the root 5 Initialize the time parameter t to 1 6 Set the horizontal growing flag of the root to true 7 Do 8 /*Vertical Growing*/ 9Forany leaf whose heterogeneity is greater than the threshold TR 10 Changes the leaf to a node and create two descendent leaves. 11 Initialize the reference vector of the new leaves with the node’s reference vector 12 Set the horizontal growing flag of the new leaves to true 13/*Learning*/ 14 Do 15 For each input data 16 Find winner 17 Update reference vectors of winner and its neighborhood 18 Increase time parameter, t=t+1. 19 While the relative error of the entire tree is less than error threshold TE 20 /*Horizontal Growing*/ 21 Do 22 For any lowest level node 23 If the horizontal growing stop rule is unsatisfied (see Section 2.1.3) and 24 the horizontal growing flag equal to true 25 Add a child leaf to this node 26 Else 27 Delete a child leaf from this node 28 Set the horizontal growing flag to false 29 /*Learning*/ 30 Do 31 For each input data 32 Find winner 33 Update reference vectors of winner and its neighborhood 34 Increase the time parameter, t=t+1. 35 While the relative error of the entire tree is less than TE 36 While the horizontal growing flag of all lowest level node are false 37 While the heterogeneity of all leaf nodes are less than the threshold TR.



Figure 6. Usecase diagram – Firegroup

Figure 7. Sequence diagram - Firegroup



CONCLUSION AND FUTURE ENHANCEMENT

In this paper, we have presented a novel Firegroup IDPS system which used Firecol for detection and DGSOT for prevention mechanisms. Also the performance metrics Performance metrics based on the parameters delay, throughput, average path length, packet data ratio and energy conservation are compared with the Firecol. Simulation

results show that proposed system has better security against flooding DDOS attacks. Also, the analysis of DGSOTFC demonstrated its reduced delay, Packet data ratio, throughput, average route length and better energy efficiency. As a future work, FireGroup, the extension of Firecol based on group communications with Trust evaluation of each nodes is to proposed considering the parameters false positives and false negatives.

Figure 8. Attack detection

Table 4. Simulation Environment for Firegroup

Simulation Environment Simulation Value

Wireless standard IEEE 802.11

Base Routing protocol AODV

Algorithm FC-DGSOT (Firecol with Dynamic Growing Self Organizing Tree)

System Bandwidth 2 Mbps

Simulation Environment 1500 * 1500

Antenna Omni Directional

Channel Propagation Wireless / Two ray ground

Protocol Layer Cross Layer MAC



Figure 9. Packet data ratio– Firegroup (DGSOTFC) vs Firecol

Figure 10. Delay metric – Firegroup (DGSOTFC) vs Firecol



Figure 11. Throughput –Firegroup vs Firecol

Figure 12. Energy Consumption rate –Firegroup vs Firecol



Figure 13. Avg route length –Firegroup vs Firecol



REFERENCES

Aggarwal, A., & Gandhi, S. et al.. ” Trust Based Secure on Demand Rout-ing Protocol (TSDRP) for MANETs”, International Conference on Advanced Computing & Communication Technolo-gies. pp 432-438, 2014. doi:10.1109/ACCT.2014.95

Albers, P. et al.. (2002). Security in Ad Hoc Networks: a General Intrusion Detection Architecture Enhancing Trust Based Approaches. Wireless Information Systems.

Chen, Y., & Hwang, K. “Collaborative Change Detection of DDoS Attacks on Community and ISP Networks”, Collab-orative Technologies and Systems, 2006. CTS 2006. International Symposium Shui Yu, Wanlei Zhou, “Entropy-Based Collaborative Detection of DDOS At-tacks on Community Networks”, Perva-sive Computing and Communications, 2008.PerCom 2008. Sixth Annual IEEE International Conference

Chung, C.-J., Khatkar, P., Xing, T., Lee, J., & Huang, D. (2013). “NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems”, IEEE TRANSACTIONS ON DEPEND-ABLE AND SECURE COMPUTING, VOL. 10, NO. 4. JULY/AUGUST.

Dahshan, H., & Elsayed, F. et al.. ” A Trust Based Threshold Revocation Scheme for MANETs”, IEEE Vehicular Technology Conference. pp 1-5, 2013. doi:10.1109/VTCFall.2013.6692069

Dalai, R., Khari, M., & Singh, Y. (2012, April). Different Ways to Achieve Trust in MANET [IJANS]. International Jour-nal on AdHoc Networking Systems, 2(2), 53–64. doi:10.5121/ijans.2012.2206

Douligeris, C., & Mitrokotsa, A. “DDoS attacks and defense mechanisms: a classification”, Signal Processing and Information Technology, 2003. ISSPIT 2003. Proceedings of the 3rd IEEE International Symposium Zhijun Wu, Zhifeng Chen, “A Three-Layer Defense Mechanism Based on WEB Servers Against Distributed Denial of Service Attacks”, Communications and Net-working in China, 2006. ChinaCom ‘06. First International Conference

Edna Elizabeth, N., & Subasree, S. Radha.S., “Enhanced Security Key Management Scheme for MANETS “ on WSEAS Transactions on Communica-tions, vol 13, pp. 15-25, 2014

François, J., Aib, I., & Boutaba, R. (2012). “FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks”, IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 20, NO. 6. DECEMBER.

Holz, T. et al.. (2008). Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm. LEET, 8(1), 1–9.

Jin-Hee Cho, Æ. (2010). Ing-Ray Chen, “Modelling And Analysis Of Intrusion Detection Integrated With Batch Rekey-ing For Dynamic Group Communication Systems In Mobile Ad Hoc Networks. Wireless Networks, 16(4), 1157–1173. doi:10.1007/s11276-009-0194-x

http://dx.doi.org/10.1109/ACCT.2014.95

http://dx.doi.org/10.1109/ACCT.2014.95

http://dx.doi.org/10.1109/VTCFall.2013.6692069

http://dx.doi.org/10.5121/ijans.2012.2206

http://dx.doi.org/10.1007/s11276-009-0194-x



Labovitz, C. G. Robert Malan, and Farnam Jahanian. “Origins of Internet routing instability.” INFOCOM’99. Eighteenth Annual Joint Conference of the IEEE Computer and Communica-tions Societies. Proceedings. IEEE. Vol. 1. IEEE, 1999.

Ling, Yuan-Jing, et al. “Node secure localization algorithm of wireless sensor network based on reputation mecha-nism.” Journal of Computer Applications 1 (2012): 017.

Lu, R., Lin, X., Zhu, H., Liang, X., & Shen, X. (2012). Becan: A bandwidth-efficient cooperative authentication scheme for filtering injected false data in wireless networks. IEEE Transactions on Parallel and Distributed Systems, 23(1), 32–43. doi:10.1109/TPDS.2011.95

Madhurya, M., Ananda Krishna, B., & Subhashini, T. Implementation of En-hanced Security Algorithms in Mobile Ad hoc Networks” on International Journal for Computer Network and In-formation Security, vol 2,pp 30-37,2014.

Peng, Tao, Christopher Leckie, and Kotagiri Ramamohanarao. “Survey of network-based defense mecha-nisms countering the DoS and DDoS problems.”ACM Computing Surveys (CSUR) 39.1 (2007): 3.

Ren, K., Lou, W., & Zhang, Y. (2008). Leds: Providing location-aware end-to-end data security in wireless networks. IEEE Transactions on Mobile Com-puting, 7(5), 585–598. doi:10.1109/TMC.2007.70753

Sivagurunathan, S., & Prathapchandran, K. ” Trust and Cluster based Authen-tication schemes in Mobile Ad Hoc Networks – A Review”, International Conference on Power, Signals, Controls and Computation (EPSCICON), 2014. doi:10.1109/EPSCICON.2014.6887502

Wang, F., . . .. “VicSifter: a collaborative DDoS detection system with lightweight victim identification.” Trust, Security and Privacy in Computing and Com-munications (TrustCom), 2012 IEEE 11th International Conference on. IEEE, 2012. Awad, M., Khan, L., Bastani, F., I-Ling Yen, “An effective support vector machines (SVMs) performance using hierarchical clustering”, Tools with Ar-tificial Intelligence, 2004. ICTAI 2004. 16th IEEE International Conference doi:10.1109/TrustCom.2012.295

Wang, J., Liu, Z., Zhang, S., & Zhang, X. (2014). Defending collaborative false data injection attacks in wireless sensor networks. Information Sciences, 254, 39–53. doi:10.1016/j.ins.2013.08.019

Xiong, G., . . .. “A Survey of Network At-tacks Based on Protocol Vulnerabilities.” Web Technologies and Applications. Springer International Publishing, pp 246-257, 2014. doi:10.1007/978-3-319-11119-3_23

Yan, H., & Shi, Z. “Studying software implementations of Elliptic Curve Cryp-tography,” Proceedings of ITNG 2006, pp. 78-83, April 2006.

http://dx.doi.org/10.1109/TPDS.2011.95

http://dx.doi.org/10.1109/TMC.2007.70753

http://dx.doi.org/10.1109/TMC.2007.70753

http://dx.doi.org/10.1109/EPSCICON.2014.6887502

http://dx.doi.org/10.1109/TrustCom.2012.295

http://dx.doi.org/10.1016/j.ins.2013.08.019

http://dx.doi.org/10.1007/978-3-319-11119-3_23

http://dx.doi.org/10.1007/978-3-319-11119-3_23



Ye, F., Luo, H., Lu, S., & Zhang, L. (2005). Statistical enroute filtering of injected false data in ad hoc networks. IEEE Journal on Selected Areas in Communications , 23(4), 839–850. doi:10.1109/JSAC.2005.843561

Zargar, S. T., Joshi, J., & Tipper, D. (2013). “A Survey of Defense Mecha-nisms Against Distributed Denial of Service (DDoS) Flooding Attacks”, IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 15, NO. 4. FOURTH QUARTER.

Zhu, S., Setia, S., Jajodia, S., & Ning, P. “An interleaved hop-by-hop authentica-tion scheme for filtering of injected false data in sensor networks”, In 2004 IEEE Symposium on Security and Privacy, pp. 259–271. IEEE, 2004.

http://dx.doi.org/10.1109/JSAC.2005.843561

A Firegroup Mechanism to Provide Intrusion Detection and ...

Documents

Transcript of A Firegroup Mechanism to Provide Intrusion Detection and ...