Passive Reconnaissance of Routing-Layer Defenses in OLSR-Based MANETs using ML
Pith reviewed 2026-06-28 21:37 UTC · model grok-4.3
The pith
Machine learning on routing dynamics can detect a defense mechanism in OLSR-based MANETs even when it uses only standard control packets.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
The evaluated fictive mitigation mechanism, which operates entirely within standard OLSR control traffic and introduces no new packet types, leaves a detectable statistical footprint in passively observable routing behavior. Using features from routing dynamics and control-plane activity available to a passive attacker, ensemble models achieve in-domain accuracy up to 0.91 (AUC 0.96). Cross-domain generalization is asymmetric, with static-trained models degrading under mobility to approximately 0.67 while mobile-trained models reach approximately 0.84 on static data; restricting to a compact invariant feature subset of four metrics yields near-symmetric transfer of approximately 0.86 in both
What carries the argument
Ensemble machine learning models trained on features extracted from observable routing dynamics and control-plane activity in ns-3 simulations of OLSR-based MANETs under attack and defense regimes.
Load-bearing premise
The fictive mitigation mechanism and its implementation inside standard OLSR control traffic in ns-3 simulations produce behavior representative of real deployed defenses under both static and mobile conditions.
What would settle it
Deploying an actual OLSR defense on physical hardware or a testbed MANET, collecting passive traces, and checking whether the same ML models achieve comparable accuracy on the real traces versus the simulated ones.
Figures
read the original abstract
Mobile ad hoc networks (MANETs) based on proactive routing protocols such as OLSR, remain vulnerable to routing-layer attacks. While prior work has focused primarily on attack detection, the problem of identifying deployed defenses has received comparatively little attention. This work examines whether a routing-layer defense leaves detectable signatures in network traffic. The evaluated fictive mitigation mechanism operates entirely within standard OLSR control traffic and introduces no new packet types, making passive detection inherently difficult. Using ns-3 simulations across baseline, attack-only, defense-only, and combined attack-defense regimes under both static and mobile conditions, we derive features from observable routing dynamics and control-plane activity available to a passive attacker. Despite the restricted observability available to the adversary, the results show that defense detection remains feasible in this setting. Ensemble models achieve in-domain accuracy up to $0.91$ (AUC $0.96$). Cross-domain generalization is asymmetric: models trained on static data degrade under mobility ($\approx 0.67$), whereas mobile-trained models transfer more robustly ($\approx 0.84$). Restricting the model to a compact invariant feature subset of four metrics yields near-symmetric cross-domain transfer ($\approx 0.86$ in both directions). Further analysis shows that the cross-domain gap reflects both reduced class separability and decision-threshold transfer, with the latter largely recoverable through limited target-domain calibration. These findings indicate that the evaluated defense mechanism leaves a detectable statistical footprint in passively observable routing behavior, providing adversaries with a potential reconnaissance capability in protected MANET deployments.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper examines the feasibility of passively detecting a fictive routing-layer defense mechanism in OLSR-based MANETs using machine learning on features derived from observable routing dynamics and control-plane activity. Through ns-3 simulations in baseline, attack-only, defense-only, and combined regimes under static and mobile conditions, ensemble models are shown to achieve in-domain accuracy up to 0.91 (AUC 0.96), with analysis of cross-domain generalization and invariant feature subsets.
Significance. If the results hold, the work demonstrates that even defenses confined to standard OLSR control traffic can produce detectable statistical signatures under passive observation, offering insights into the reconnaissance risks for protected MANETs. The empirical evaluation across mobility conditions and the examination of cross-domain transfer provide concrete data on ML performance in this restricted observability setting. The absence of circularity in the empirical ML evaluation on simulated traffic is a strength.
major comments (2)
- [Abstract] The reported accuracy of 0.91 and AUC of 0.96 from ensemble models are presented without accompanying details on feature definitions, model hyperparameters, or statistical significance testing, making the central empirical claims difficult to assess or reproduce.
- [Abstract and Evaluation] The central claim that the defense leaves a detectable footprint providing reconnaissance capability relies on the specific fictive mitigation mechanism. The paper does not compare this implementation to alternative real deployed defenses (such as those altering TC message content, HELLO intervals, or MPR selection), so it is unclear whether the learned features are general or artifacts of this fictive setup in ns-3. This is load-bearing for the implications regarding protected MANET deployments.
minor comments (1)
- [Abstract] The cross-domain accuracies are given with approximate symbols (≈ 0.67, ≈ 0.84, ≈ 0.86); providing exact values or confidence intervals would improve precision.
Simulated Author's Rebuttal
We thank the referee for the constructive feedback and positive assessment of the empirical evaluation and absence of circularity. We address each major comment below, proposing targeted revisions to enhance clarity and reproducibility while maintaining the paper's focus.
read point-by-point responses
-
Referee: [Abstract] The reported accuracy of 0.91 and AUC of 0.96 from ensemble models are presented without accompanying details on feature definitions, model hyperparameters, or statistical significance testing, making the central empirical claims difficult to assess or reproduce.
Authors: We agree that the abstract would benefit from additional context to support assessment. In the revision, we will expand the abstract to briefly note the four-metric invariant feature subset derived from routing dynamics and control-plane activity, indicate that hyperparameters were tuned via grid search with 10-fold cross-validation, and report that accuracy figures include standard deviations from repeated runs. Full definitions, model details (e.g., Random Forest and XGBoost ensembles), and significance testing appear in Sections 4.2 and 5.1; we will add an explicit cross-reference in the abstract. revision: yes
-
Referee: [Abstract and Evaluation] The central claim that the defense leaves a detectable footprint providing reconnaissance capability relies on the specific fictive mitigation mechanism. The paper does not compare this implementation to alternative real deployed defenses (such as those altering TC message content, HELLO intervals, or MPR selection), so it is unclear whether the learned features are general or artifacts of this fictive setup in ns-3. This is load-bearing for the implications regarding protected MANET deployments.
Authors: We acknowledge the limitation that the evaluated mechanism is fictive and confined to standard OLSR control traffic. The paper's intent is to demonstrate that even minimal, standards-compliant modifications can produce detectable signatures under passive observation. We will add a dedicated paragraph in the Discussion section (new Section 6) explicitly addressing generalizability, noting that features tied to routing dynamics (e.g., MPR changes and TC frequency) could plausibly arise from other control-plane alterations, and framing the results as indicative rather than exhaustive. Direct empirical comparison to deployed mechanisms is outside the current scope but identified as valuable future work. revision: partial
Circularity Check
No significant circularity; empirical ML evaluation on simulated data
full rationale
The paper conducts an empirical study: it defines a fictive OLSR defense, runs ns-3 simulations under static/mobile regimes to produce traffic traces, extracts features from passively observable routing dynamics and control-plane activity, trains ensemble classifiers, and reports in-domain/cross-domain accuracies (0.91/0.84 etc.). No equations, fitted parameters, or derivations are present that reduce any reported result to its own inputs by construction. No self-citation load-bearing steps or uniqueness theorems are invoked to force the central claim. The accuracy figures are genuine held-out performance metrics on the generated simulation data and therefore constitute independent empirical outcomes rather than tautological restatements.
Axiom & Free-Parameter Ledger
axioms (1)
- domain assumption ns-3 simulations of OLSR under static and mobile conditions accurately reflect observable routing dynamics in real MANETs
invented entities (1)
-
fictive mitigation mechanism
no independent evidence
Reference graph
Works this paper leans on
-
[1]
Rfc3626: Optimized link state routing protocol (olsr),
T. Clausen and P. Jacquet, “Rfc3626: Optimized link state routing protocol (olsr),” 2003
2003
-
[2]
Persuasive: A node isolation attack variant for olsr-based manets and its mitigation,
N. Schweitzer, L. Cohen, A. Dvir, and A. Stulman, “Persuasive: A node isolation attack variant for olsr-based manets and its mitigation,”Ad Hoc Networks, vol. 148, p. 103192, 2023
2023
-
[3]
Deep learning- driven defense strategies for mitigating ddos attacks in cloud computing environments,
D. M. A. A. Afraji, J. Lloret, and L. Pe ˜nalver, “Deep learning- driven defense strategies for mitigating ddos attacks in cloud computing environments,”Cyber Security and Applications, vol. 3, p. 100085, 2025
2025
-
[4]
Cybersecurity challenges and opportunities of machine learning-based artificial intelligence,
P. Czaja, B. Gdowski, M. Niemiec, W. Mees, N. Stoianov, K. V otis, V . Kharchenko, V . Katos, and M. Merialdo, “Cybersecurity challenges and opportunities of machine learning-based artificial intelligence,” Neural Computing and Applications, vol. 37, no. 33, pp. 27 931–27 956, 2025
2025
-
[5]
Adversarial machine learning for network intrusion detection systems: A comprehensive survey,
K. He, D. D. Kim, and M. R. Asghar, “Adversarial machine learning for network intrusion detection systems: A comprehensive survey,”IEEE Communications Surveys & Tutorials, vol. 25, no. 1, pp. 538–566, 2023
2023
-
[6]
Mitigating ddos attacks in software-defined networks: a systematic literature review of machine learning and deep learning approaches,
K. Tebbaa, O. Chakir, Y . Maleh, and M. Belaissaoui, “Mitigating ddos attacks in software-defined networks: a systematic literature review of machine learning and deep learning approaches,”Iran Journal of Computer Science, vol. 9, no. 1, p. 5, 2026
2026
-
[7]
Advanced intrusion detection in manets: A survey of machine learning and optimization techniques for mitigating black/gray hole attacks,
S. M. Hassan, M. M. Mohamad, and F. B. Muchtar, “Advanced intrusion detection in manets: A survey of machine learning and optimization techniques for mitigating black/gray hole attacks,”IEEE Access, 2024
2024
-
[8]
Multicast on-route cluster propagation to detect network intrusion detection sys- tems on manet using deep operator neural networks,
K. Saminathan, L. Perumal, F. H. Shajin, and R. K. Shakya, “Multicast on-route cluster propagation to detect network intrusion detection sys- tems on manet using deep operator neural networks,”Expert Systems with Applications, vol. 271, p. 125864, 2025
2025
-
[9]
Graph neural networks for intrusion detection: A survey,
T. Bilot, N. El Madhoun, K. Al Agha, and A. Zouaoui, “Graph neural networks for intrusion detection: A survey,”IEEE Access, vol. 11, pp. 49 114–49 139, 2023
2023
-
[10]
Efficient intrusion detection in wireless sensor networks using mh-cegru with cross-layer monitoring and cryptographic security,
J. T. Jeniffer, A. Chandrasekar, and S. Radhika, “Efficient intrusion detection in wireless sensor networks using mh-cegru with cross-layer monitoring and cryptographic security,”Knowledge-Based Systems, p. 114707, 2025
2025
-
[11]
An active-routing authentication scheme in manet,
J. Tu, D. Tian, and Y . Wang, “An active-routing authentication scheme in manet,”IEEE Access, vol. 9, pp. 34 276–34 286, 2021
2021
-
[12]
Iot-prids: Leveraging packet representations for intrusion detection in iot networks,
A. Zohourian, S. Dadkhah, H. Molyneaux, E. C. P. Neto, and A. A. Ghorbani, “Iot-prids: Leveraging packet representations for intrusion detection in iot networks,”Computers & Security, vol. 146, p. 104034, 2024
2024
-
[13]
Effective intrusion detection in heterogeneous internet-of-things networks via ensemble knowledge distillation-based federated learning,
J. Shen, W. Yang, Z. Chu, J. Fan, D. Niyato, and K.-Y . Lam, “Effective intrusion detection in heterogeneous internet-of-things networks via ensemble knowledge distillation-based federated learning,” inICC 2024- IEEE International Conference on Communications. IEEE, 2024, pp. 2034–2039
2024
-
[14]
A comprehensive survey of cybersecurity techniques based on quality of service (qos) on the internet of things (iot),
S. S. Sefati, B. Arasteh, S. Halunga, and O. Fratu, “A comprehensive survey of cybersecurity techniques based on quality of service (qos) on the internet of things (iot),”Cluster Computing, vol. 28, no. 12, p. 792, 2025
2025
-
[15]
A survey on identity and access management for future iot services,
Y . Wang, P. Castillejo, J.-F. Mart´ınez-Ortega, and V . H. D´ıaz, “A survey on identity and access management for future iot services,”Computer Networks, p. 111718, 2025. 16
2025
-
[16]
Adversarial attacks and defenses in machine learning-empowered communication systems and networks: A contemporary survey,
Y . Wang, T. Sun, S. Li, X. Yuan, W. Ni, E. Hossain, and H. V . Poor, “Adversarial attacks and defenses in machine learning-empowered communication systems and networks: A contemporary survey,”IEEE Communications Surveys & Tutorials, vol. 25, no. 4, pp. 2245–2298, 2023
2023
-
[17]
Tad: Transfer learning-based multi-adversarial detection of evasion attacks against network intrusion detection systems,
I. Debicha, R. Bauwens, T. Debatty, J.-M. Dricot, T. Kenaza, and W. Mees, “Tad: Transfer learning-based multi-adversarial detection of evasion attacks against network intrusion detection systems,”Future Generation Computer Systems, vol. 138, pp. 185–197, 2023
2023
-
[18]
Evasion techniques: Sneaking through your intrusion detection/prevention systems,
T.-H. Cheng, Y .-D. Lin, Y .-C. Lai, and P.-C. Lin, “Evasion techniques: Sneaking through your intrusion detection/prevention systems,”IEEE Communications Surveys & Tutorials, vol. 14, no. 4, pp. 1011–1020, 2011
2011
-
[19]
Combating adversarial network topology inference by proactive topology obfuscation,
T. Hou, T. Wang, Z. Lu, and Y . Liu, “Combating adversarial network topology inference by proactive topology obfuscation,”IEEE/ACM Transactions on Networking, vol. 29, no. 6, pp. 2779–2792, 2021
2021
-
[20]
Combination attacks and defenses on sdn topology discovery,
D. Kong, Y . Shen, X. Chen, Q. Cheng, H. Liu, D. Zhang, X. Liu, S. Chen, and C. Wu, “Combination attacks and defenses on sdn topology discovery,”IEEE/ACM Transactions on Networking, vol. 31, no. 2, pp. 904–919, 2022
2022
-
[21]
Machine learning-powered encrypted network traffic analysis: A com- prehensive survey,
M. Shen, K. Ye, X. Liu, L. Zhu, J. Kang, S. Yu, Q. Li, and K. Xu, “Machine learning-powered encrypted network traffic analysis: A com- prehensive survey,”IEEE Communications Surveys & Tutorials, vol. 25, no. 1, pp. 791–824, 2022
2022
-
[22]
Tantra: Timing-based adversarial network traffic reshaping attack,
Y . Sharon, D. Berend, Y . Liu, A. Shabtai, and Y . Elovici, “Tantra: Timing-based adversarial network traffic reshaping attack,”IEEE Trans- actions on Information Forensics and Security, vol. 17, pp. 3225–3237, 2022
2022
-
[23]
Game-theoretic and machine learning-based approaches for defensive deception: A survey,
M. Zhu, A. H. Anwar, Z. Wan, J.-H. Cho, C. Kamhoua, and M. P. Singh, “Game-theoretic and machine learning-based approaches for defensive deception: A survey,”arXiv preprint arXiv:2101.10121, 2021
-
[24]
Three decades of deception techniques in active cyber defense-retrospect and outlook,
L. Zhang and V . L. Thing, “Three decades of deception techniques in active cyber defense-retrospect and outlook,”Computers & Security, vol. 106, p. 102288, 2021
2021
-
[25]
A game-theoretic taxonomy and survey of defensive deception for cybersecurity and privacy,
J. Pawlick, E. Colbert, and Q. Zhu, “A game-theoretic taxonomy and survey of defensive deception for cybersecurity and privacy,”ACM Computing Surveys (CSUR), vol. 52, no. 4, pp. 1–28, 2019
2019
-
[26]
Equalnet: A secure and practical defense for long-term network topology obfuscation
J. Kim, E. Marin, M. Conti, and S. Shin, “Equalnet: A secure and practical defense for long-term network topology obfuscation.” inNDSS, 2022
2022
-
[27]
Tunnel enabled programmable switches obfuscate network topology to defend against link flooding reconnaissance in software defined networking,
X. Li, J. Lee, J. Son, and Y . Lee, “Tunnel enabled programmable switches obfuscate network topology to defend against link flooding reconnaissance in software defined networking,”Scientific Reports, vol. 15, no. 1, p. 35549, 2025
2025
-
[28]
A cryptographic approach to prevent network incursion for enhancement of qos in sustainable smart city using manet,
S. Singh, A. Pise, O. Alfarraj, A. Tolba, and B. Yoon, “A cryptographic approach to prevent network incursion for enhancement of qos in sustainable smart city using manet,”Sustainable Cities and Society, vol. 79, p. 103483, 2022
2022
-
[29]
Introducing a new routing method in the manet using the symbionts search algorithm,
S. Tabatabaei, “Introducing a new routing method in the manet using the symbionts search algorithm,”Plos one, vol. 18, no. 8, p. e0290091, 2023
2023
-
[30]
Extended data plane architecture for in-network security services in software-defined networks,
J. Kim, Y . Kim, V . Yegneswaran, P. Porras, S. Shin, and T. Park, “Extended data plane architecture for in-network security services in software-defined networks,”Computers & Security, vol. 124, p. 102976, 2023
2023
-
[31]
Achiev- ing manet protection without the use of superfluous fictitious nodes,
N. Schweitzer, L. Cohen, T. Hirst, A. Dvir, and A. Stulman, “Achiev- ing manet protection without the use of superfluous fictitious nodes,” Computer Communications, vol. 229, p. 107978, 2025
2025
-
[32]
Mitigating denial of service attacks in olsr protocol using fictitious nodes,
N. Schweitzer, A. Stulman, A. Shabtai, and R. D. Margalit, “Mitigating denial of service attacks in olsr protocol using fictitious nodes,”IEEE Transactions on Mobile Computing, vol. 15, no. 1, pp. 163–172, 2015
2015
-
[33]
The ns-3 simulator,
“The ns-3 simulator,” [Online]. Available: http://www.nsnam.org
-
[34]
Survey of recent routing metrics and protocols for mobile ad-hoc networks
V . K. Quy, N. T. Ban, V . H. Nam, D. M. Tuan, and N. D. Han, “Survey of recent routing metrics and protocols for mobile ad-hoc networks.”J. Commun., vol. 14, no. 2, pp. 110–120, 2019
2019
-
[35]
A survey on parameters affecting manet performance,
A. M. Eltahlawy, H. K. Aslan, E. G. Abdallah, M. S. Elsayed, A. D. Jurcut, and M. A. Azer, “A survey on parameters affecting manet performance,”Electronics, vol. 12, no. 9, p. 1956, 2023
1956
-
[36]
A survey on feature selection methods for mixed data,
S. Solorio-Fern ´andez, J. A. Carrasco-Ochoa, and J. F. Martinez-Trinidad, “A survey on feature selection methods for mixed data,”Artificial Intelligence Review, vol. 55, no. 4, pp. 2821–2846, 2022
2022
-
[37]
Tabular data: Deep learning is not all you need,
R. Shwartz-Ziv and A. Armon, “Tabular data: Deep learning is not all you need,”Information Fusion, vol. 81, pp. 84–90, 2022
2022
-
[38]
Why do tree-based models still outperform deep learning on typical tabular data?
L. Grinsztajn, E. Oyallon, and G. Varoquaux, “Why do tree-based models still outperform deep learning on typical tabular data?” in NeurIPS, 2022
2022
-
[39]
Tunability: Importance of hyperparameters of machine learning algorithms,
P. Probst, A.-L. Boulesteix, and B. Bischl, “Tunability: Importance of hyperparameters of machine learning algorithms,”Journal of Machine Learning Research, vol. 20, no. 53, pp. 1–32, 2019
2019
-
[40]
Transforming classifier scores into accurate multiclass probability estimates,
B. Zadrozny and C. Elkan, “Transforming classifier scores into accurate multiclass probability estimates,” inKDD, 2002, pp. 694–699
2002
-
[41]
Predicting good probabilities with supervised learning,
A. Niculescu-Mizil and R. Caruana, “Predicting good probabilities with supervised learning,” inICML, 2005, pp. 625–632
2005
-
[42]
Stacked generalization,
D. H. Wolpert, “Stacked generalization,”Neural Networks, vol. 5, no. 2, pp. 241–259, 1992. APPENDIX 17 TABLE XI HYPERPARAMETER SEARCH SPACES USED BY THE UNIFIED PROCEDURE OFSECTIONV-B. FOR EACH MODEL,THE TABLE LISTS THE CANDIDATE VALUES SEARCHED PER HYPERPARAMETER. TREE-BASED,BOOSTING,AND BAGGING MODELS WERE TUNED WITHRA N D O M I Z E DSE A R C HCV (nITER...
1992
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.