The Detection And Defense Of Abnormal Behavior In MANET Based On Mobile Agent

MANET is vulnerable to the effects of all kinds of abnormal behaviors because of its own inherent features, such as open media, dynamic topology and distributed collaboration and so on. Whether the MANET can survive or not depends on its security. The research on detection and defense against abnormal behaviors is critical nowadays. Taking the "Tenth-five Year" National Defense Advanced Research Project (41306050103) and the "Eleventh-five Year" Advanced Research Project of National Defense Science and Industry Commission (C0820061362) as the background, this paper explores on the methods used to detect and defend the abnormal behaviors in MANET, especially on the deep research of the detection algorithm for abnormal behavior in MANET, the detection system for abnormal behavior, and the key management and authentication.Firstly, several main abnormal behaviors in the MANET environment are introduced, including black hole, worm hole, gray hole, misdirection and route jamming, with their causes and the probable hazards given. We have carried out the simulation modeling and simulation test on several abnormal behaviors by using the OPNET simulation tools, and the test results obtained are acceptable, which will form a solid foundation for the further research on the detection and defense of abnormal behavior in the MANET environment.Secondly, this paper has brought forward a route algorithm based on the mobile agent, which consists of two sub-algorithms, i.e. the matrix table constructed algorithm based on the mobile agent node connection, and the routing selection algorithm for the data message. According to the moving strategy that "first access the node least accessed", the mobile agent is moving in the network. And in the meanwhile, it will exchange data and information with other nodes, so that each node will obtain the information matrix table of the whole network. When the data has to be transferred, the "breadth-first search" algorithm will be used to obtain the optimal routing path and the available backup path rapidly according to the information in the matrix table. Based on the routing algorithm, the monitoring on the neighboring nodes is added, that is to say it can become a quite good detection algorithm for abnormal behaviors based on mobile agent. This algorithm has integrated the advantages of both the proactive and the reactive routing algorithms, which will offer a true understanding on the global information of the network, so as to solve problems in the aspect of the security that are difficult for AODV protocols. Because there are only a few agents are moving in the network, the overhead and network delay caused by maintaining the node information can be greatly reduced, providing very high efficiency and robustness.Thirdly, this paper has established the detection system for the abnormal behaviors based on the mobile agent, emphasizing on the analyses of Bayesian and Byzantium methods. The system consists of five subsystems, i.e. monitor, local judgment, integration judgment, communication and path management. In the local judgment subsystem, there is a reputation system. The local nodes will watch the neighboring nodes to analyze the nature of the abnormal behaviors, and carry out the statistics on the abnormal behaviors by using the Bayesian method. When the suspect behaviors have exceeded the preset threshold, it will send out the alarming signal to ask others to keep away from it. The to be sent data packet will then keep away from the abnormal nodes. The detection system not only relies on the watch from the local neighboring node, but also will use the alarm signal from other nodes. When carrying out the integration judgment by using the Byzantium method and after the judgment is confirmed, we should delete the node from its matrix in the cache to get rid of the abnormal nodes from the network. The experiments show that the detection system based on the mobile agent possesses rather high detection rate and throughput, with low false alarm rate and route overhead ratio.Finally, aimed at the defense for the abnormal nodes in the MANET environment, we brought forward a distributed key management and authentication method based on the identity and threshold for the mobile agent. This paper introduces the methods of the master key generation, the distributed private key generation, the new master key share creation, the identity authentication, and the secret key withdraw. The identity-based cryptography mechanism is applied for authentication and encryption, and we've completely avoided a centralized certification authority or trusted third party to distribute the public keys and the certificates. Therefore, only a few mobile agents are used to exchange the secret key information, with the success ratio of the authentication improved and the authentication time and network overhead reduced.