Inferring Routing-Layer Defense Mechanisms from Observable Behavior in OLSR-Based MANETs
arXiv SecurityArchived Jun 02, 2026✓ Full text saved
arXiv:2606.00184v1 Announce Type: new Abstract: Mobile ad hoc networks (MANETs) based on proactive routing protocols such as OLSR remain vulnerable to routing-layer attacks. While prior work has focused primarily on attack detection, the problem of identifying deployed defenses has received comparatively little attention. This work examines whether the presence of a routing-layer defense can be inferred from features derived exclusively from externally observable routing and control-plane behavi
Full text archived locally
✦ AI Summary· Claude Sonnet
Computer Science > Cryptography and Security
[Submitted on 29 May 2026]
Inferring Routing-Layer Defense Mechanisms from Observable Behavior in OLSR-Based MANETs
Nadav Schweitzer, Kiril Danilchenko, Ariel Stulman
Mobile ad hoc networks (MANETs) based on proactive routing protocols such as OLSR remain vulnerable to routing-layer attacks. While prior work has focused primarily on attack detection, the problem of identifying deployed defenses has received comparatively little attention. This work examines whether the presence of a routing-layer defense can be inferred from features derived exclusively from externally observable routing and control-plane behavior. The evaluated Fictive Mitigation mechanism operates entirely within standard OLSR control traffic and introduces no new packet types, making passive detection inherently difficult. Using ns-3 simulations across baseline, attack-only, defense-only, and combined attack-defense regimes under both static and mobile conditions, we derive features from observable routing dynamics and control-plane activity available to a passive observer. Despite the restricted observability available to the adversary, the results show that defense detection remains feasible in this setting. Ensemble models achieve in-domain accuracy up to 0.91 (AUC 0.96). Cross-domain generalization is asymmetric: models trained on static data degrade under mobility (\approx 0.67), whereas mobile-trained models transfer more robustly (\approx 0.84). Restricting the model to a compact invariant feature subset of four metrics yields near-symmetric cross-domain transfer (\approx 0.86 in both directions). These findings indicate that the evaluated defense mechanism leaves a detectable statistical footprint in passively observable routing behavior, providing adversaries with a potential reconnaissance capability in protected MANET deployments.
Subjects: Cryptography and Security (cs.CR)
ACM classes: C.2.2; I.2.6
Cite as: arXiv:2606.00184 [cs.CR]
(or arXiv:2606.00184v1 [cs.CR] for this version)
https://doi.org/10.48550/arXiv.2606.00184
Focus to learn more
Submission history
From: Ariel Stulman [view email]
[v1] Fri, 29 May 2026 15:08:41 UTC (411 KB)
Access Paper:
HTML (experimental)
view license
Current browse context:
cs.CR
< prev | next >
new | recent | 2026-06
Change to browse by:
cs
References & Citations
NASA ADS
Google Scholar
Semantic Scholar
Export BibTeX Citation
Bookmark
Bibliographic Tools
Bibliographic and Citation Tools
Bibliographic Explorer Toggle
Bibliographic Explorer (What is the Explorer?)
Connected Papers Toggle
Connected Papers (What is Connected Papers?)
Litmaps Toggle
Litmaps (What is Litmaps?)
scite.ai Toggle
scite Smart Citations (What are Smart Citations?)
Code, Data, Media
Demos
Related Papers
About arXivLabs
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)