pith. sign in

arxiv: 2606.00184 · v2 · pith:K2TSXQRFnew · submitted 2026-05-29 · 💻 cs.CR

Passive Reconnaissance of Routing-Layer Defenses in OLSR-Based MANETs using ML

Pith reviewed 2026-06-28 21:37 UTC · model grok-4.3

classification 💻 cs.CR
keywords passive reconnaissanceOLSRMANETdefense detectionmachine learningrouting attacksnetwork securitysimulation
0
0 comments X

The pith

Machine learning on routing dynamics can detect a defense mechanism in OLSR-based MANETs even when it uses only standard control packets.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper tests whether a passive adversary with limited visibility can still identify the presence of a routing-layer defense in proactive MANETs running OLSR. It simulates baseline, attack, defense, and combined scenarios in ns-3 under static and mobile conditions, extracting features only from observable routing behavior and control-plane activity. Ensemble classifiers reach 0.91 accuracy and 0.96 AUC when trained and tested in the same domain. Cross-domain results are asymmetric between static and mobile settings, but a small set of four invariant features brings transfer performance close to 0.86 in both directions, and the paper shows the gap can be narrowed further with limited target-domain calibration.

Core claim

The evaluated fictive mitigation mechanism, which operates entirely within standard OLSR control traffic and introduces no new packet types, leaves a detectable statistical footprint in passively observable routing behavior. Using features from routing dynamics and control-plane activity available to a passive attacker, ensemble models achieve in-domain accuracy up to 0.91 (AUC 0.96). Cross-domain generalization is asymmetric, with static-trained models degrading under mobility to approximately 0.67 while mobile-trained models reach approximately 0.84 on static data; restricting to a compact invariant feature subset of four metrics yields near-symmetric transfer of approximately 0.86 in both

What carries the argument

Ensemble machine learning models trained on features extracted from observable routing dynamics and control-plane activity in ns-3 simulations of OLSR-based MANETs under attack and defense regimes.

Load-bearing premise

The fictive mitigation mechanism and its implementation inside standard OLSR control traffic in ns-3 simulations produce behavior representative of real deployed defenses under both static and mobile conditions.

What would settle it

Deploying an actual OLSR defense on physical hardware or a testbed MANET, collecting passive traces, and checking whether the same ML models achieve comparable accuracy on the real traces versus the simulated ones.

Figures

Figures reproduced from arXiv: 2606.00184 by Ariel Stulman, Kiril Danilchenko, Nadav Schweitzer.

Figure 1
Figure 1. Figure 1: ROC curves for the top-performing ensemble models and the Logistic Regression baseline under static (a) and mobile (b) configurations. The ensemble models exhibit similar ranking performance in both regimes (AUC ≈ 0.94 under static conditions and ≈ 0.96 under mobility). Logistic Regression remains competitive under static topology but degrades substantially under mobility, where its ROC curve approaches th… view at source ↗
Figure 2
Figure 2. Figure 2: Cross-domain accuracy as a function of feature set size ( [PITH_FULL_IMAGE:figures/full_fig_p010_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Confusion matrices for UNIVERSAL-4 (K = 4) under all four configuration pairs: in-domain (STATIC → STATIC, MOBILE → MOBILE) and cross-domain (STATIC → MOBILE, MOBILE → STATIC). Cells display sample counts and percentages, normalized to a total of 40,000 evaluation samples per panel. Cross-domain performance remains nearly symmetric in both transfer directions. within the 33-feature space are primarily resp… view at source ↗
read the original abstract

Mobile ad hoc networks (MANETs) based on proactive routing protocols such as OLSR, remain vulnerable to routing-layer attacks. While prior work has focused primarily on attack detection, the problem of identifying deployed defenses has received comparatively little attention. This work examines whether a routing-layer defense leaves detectable signatures in network traffic. The evaluated fictive mitigation mechanism operates entirely within standard OLSR control traffic and introduces no new packet types, making passive detection inherently difficult. Using ns-3 simulations across baseline, attack-only, defense-only, and combined attack-defense regimes under both static and mobile conditions, we derive features from observable routing dynamics and control-plane activity available to a passive attacker. Despite the restricted observability available to the adversary, the results show that defense detection remains feasible in this setting. Ensemble models achieve in-domain accuracy up to $0.91$ (AUC $0.96$). Cross-domain generalization is asymmetric: models trained on static data degrade under mobility ($\approx 0.67$), whereas mobile-trained models transfer more robustly ($\approx 0.84$). Restricting the model to a compact invariant feature subset of four metrics yields near-symmetric cross-domain transfer ($\approx 0.86$ in both directions). Further analysis shows that the cross-domain gap reflects both reduced class separability and decision-threshold transfer, with the latter largely recoverable through limited target-domain calibration. These findings indicate that the evaluated defense mechanism leaves a detectable statistical footprint in passively observable routing behavior, providing adversaries with a potential reconnaissance capability in protected MANET deployments.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The paper examines the feasibility of passively detecting a fictive routing-layer defense mechanism in OLSR-based MANETs using machine learning on features derived from observable routing dynamics and control-plane activity. Through ns-3 simulations in baseline, attack-only, defense-only, and combined regimes under static and mobile conditions, ensemble models are shown to achieve in-domain accuracy up to 0.91 (AUC 0.96), with analysis of cross-domain generalization and invariant feature subsets.

Significance. If the results hold, the work demonstrates that even defenses confined to standard OLSR control traffic can produce detectable statistical signatures under passive observation, offering insights into the reconnaissance risks for protected MANETs. The empirical evaluation across mobility conditions and the examination of cross-domain transfer provide concrete data on ML performance in this restricted observability setting. The absence of circularity in the empirical ML evaluation on simulated traffic is a strength.

major comments (2)
  1. [Abstract] The reported accuracy of 0.91 and AUC of 0.96 from ensemble models are presented without accompanying details on feature definitions, model hyperparameters, or statistical significance testing, making the central empirical claims difficult to assess or reproduce.
  2. [Abstract and Evaluation] The central claim that the defense leaves a detectable footprint providing reconnaissance capability relies on the specific fictive mitigation mechanism. The paper does not compare this implementation to alternative real deployed defenses (such as those altering TC message content, HELLO intervals, or MPR selection), so it is unclear whether the learned features are general or artifacts of this fictive setup in ns-3. This is load-bearing for the implications regarding protected MANET deployments.
minor comments (1)
  1. [Abstract] The cross-domain accuracies are given with approximate symbols (≈ 0.67, ≈ 0.84, ≈ 0.86); providing exact values or confidence intervals would improve precision.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback and positive assessment of the empirical evaluation and absence of circularity. We address each major comment below, proposing targeted revisions to enhance clarity and reproducibility while maintaining the paper's focus.

read point-by-point responses
  1. Referee: [Abstract] The reported accuracy of 0.91 and AUC of 0.96 from ensemble models are presented without accompanying details on feature definitions, model hyperparameters, or statistical significance testing, making the central empirical claims difficult to assess or reproduce.

    Authors: We agree that the abstract would benefit from additional context to support assessment. In the revision, we will expand the abstract to briefly note the four-metric invariant feature subset derived from routing dynamics and control-plane activity, indicate that hyperparameters were tuned via grid search with 10-fold cross-validation, and report that accuracy figures include standard deviations from repeated runs. Full definitions, model details (e.g., Random Forest and XGBoost ensembles), and significance testing appear in Sections 4.2 and 5.1; we will add an explicit cross-reference in the abstract. revision: yes

  2. Referee: [Abstract and Evaluation] The central claim that the defense leaves a detectable footprint providing reconnaissance capability relies on the specific fictive mitigation mechanism. The paper does not compare this implementation to alternative real deployed defenses (such as those altering TC message content, HELLO intervals, or MPR selection), so it is unclear whether the learned features are general or artifacts of this fictive setup in ns-3. This is load-bearing for the implications regarding protected MANET deployments.

    Authors: We acknowledge the limitation that the evaluated mechanism is fictive and confined to standard OLSR control traffic. The paper's intent is to demonstrate that even minimal, standards-compliant modifications can produce detectable signatures under passive observation. We will add a dedicated paragraph in the Discussion section (new Section 6) explicitly addressing generalizability, noting that features tied to routing dynamics (e.g., MPR changes and TC frequency) could plausibly arise from other control-plane alterations, and framing the results as indicative rather than exhaustive. Direct empirical comparison to deployed mechanisms is outside the current scope but identified as valuable future work. revision: partial

Circularity Check

0 steps flagged

No significant circularity; empirical ML evaluation on simulated data

full rationale

The paper conducts an empirical study: it defines a fictive OLSR defense, runs ns-3 simulations under static/mobile regimes to produce traffic traces, extracts features from passively observable routing dynamics and control-plane activity, trains ensemble classifiers, and reports in-domain/cross-domain accuracies (0.91/0.84 etc.). No equations, fitted parameters, or derivations are present that reduce any reported result to its own inputs by construction. No self-citation load-bearing steps or uniqueness theorems are invoked to force the central claim. The accuracy figures are genuine held-out performance metrics on the generated simulation data and therefore constitute independent empirical outcomes rather than tautological restatements.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

Abstract-only review; no explicit free parameters, axioms, or invented entities are detailed beyond the fictive defense used for evaluation.

axioms (1)
  • domain assumption ns-3 simulations of OLSR under static and mobile conditions accurately reflect observable routing dynamics in real MANETs
    All reported results derive from these simulations across baseline, attack, defense, and combined regimes.
invented entities (1)
  • fictive mitigation mechanism no independent evidence
    purpose: To evaluate passive detectability of a defense that introduces no new packet types
    Described as operating entirely within standard OLSR control traffic; used to create the defense-only and attack-defense regimes.

pith-pipeline@v0.9.1-grok · 5814 in / 1288 out tokens · 25675 ms · 2026-06-28T21:37:21.900445+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

42 extracted references · 1 canonical work pages

  1. [1]

    Rfc3626: Optimized link state routing protocol (olsr),

    T. Clausen and P. Jacquet, “Rfc3626: Optimized link state routing protocol (olsr),” 2003

  2. [2]

    Persuasive: A node isolation attack variant for olsr-based manets and its mitigation,

    N. Schweitzer, L. Cohen, A. Dvir, and A. Stulman, “Persuasive: A node isolation attack variant for olsr-based manets and its mitigation,”Ad Hoc Networks, vol. 148, p. 103192, 2023

  3. [3]

    Deep learning- driven defense strategies for mitigating ddos attacks in cloud computing environments,

    D. M. A. A. Afraji, J. Lloret, and L. Pe ˜nalver, “Deep learning- driven defense strategies for mitigating ddos attacks in cloud computing environments,”Cyber Security and Applications, vol. 3, p. 100085, 2025

  4. [4]

    Cybersecurity challenges and opportunities of machine learning-based artificial intelligence,

    P. Czaja, B. Gdowski, M. Niemiec, W. Mees, N. Stoianov, K. V otis, V . Kharchenko, V . Katos, and M. Merialdo, “Cybersecurity challenges and opportunities of machine learning-based artificial intelligence,” Neural Computing and Applications, vol. 37, no. 33, pp. 27 931–27 956, 2025

  5. [5]

    Adversarial machine learning for network intrusion detection systems: A comprehensive survey,

    K. He, D. D. Kim, and M. R. Asghar, “Adversarial machine learning for network intrusion detection systems: A comprehensive survey,”IEEE Communications Surveys & Tutorials, vol. 25, no. 1, pp. 538–566, 2023

  6. [6]

    Mitigating ddos attacks in software-defined networks: a systematic literature review of machine learning and deep learning approaches,

    K. Tebbaa, O. Chakir, Y . Maleh, and M. Belaissaoui, “Mitigating ddos attacks in software-defined networks: a systematic literature review of machine learning and deep learning approaches,”Iran Journal of Computer Science, vol. 9, no. 1, p. 5, 2026

  7. [7]

    Advanced intrusion detection in manets: A survey of machine learning and optimization techniques for mitigating black/gray hole attacks,

    S. M. Hassan, M. M. Mohamad, and F. B. Muchtar, “Advanced intrusion detection in manets: A survey of machine learning and optimization techniques for mitigating black/gray hole attacks,”IEEE Access, 2024

  8. [8]

    Multicast on-route cluster propagation to detect network intrusion detection sys- tems on manet using deep operator neural networks,

    K. Saminathan, L. Perumal, F. H. Shajin, and R. K. Shakya, “Multicast on-route cluster propagation to detect network intrusion detection sys- tems on manet using deep operator neural networks,”Expert Systems with Applications, vol. 271, p. 125864, 2025

  9. [9]

    Graph neural networks for intrusion detection: A survey,

    T. Bilot, N. El Madhoun, K. Al Agha, and A. Zouaoui, “Graph neural networks for intrusion detection: A survey,”IEEE Access, vol. 11, pp. 49 114–49 139, 2023

  10. [10]

    Efficient intrusion detection in wireless sensor networks using mh-cegru with cross-layer monitoring and cryptographic security,

    J. T. Jeniffer, A. Chandrasekar, and S. Radhika, “Efficient intrusion detection in wireless sensor networks using mh-cegru with cross-layer monitoring and cryptographic security,”Knowledge-Based Systems, p. 114707, 2025

  11. [11]

    An active-routing authentication scheme in manet,

    J. Tu, D. Tian, and Y . Wang, “An active-routing authentication scheme in manet,”IEEE Access, vol. 9, pp. 34 276–34 286, 2021

  12. [12]

    Iot-prids: Leveraging packet representations for intrusion detection in iot networks,

    A. Zohourian, S. Dadkhah, H. Molyneaux, E. C. P. Neto, and A. A. Ghorbani, “Iot-prids: Leveraging packet representations for intrusion detection in iot networks,”Computers & Security, vol. 146, p. 104034, 2024

  13. [13]

    Effective intrusion detection in heterogeneous internet-of-things networks via ensemble knowledge distillation-based federated learning,

    J. Shen, W. Yang, Z. Chu, J. Fan, D. Niyato, and K.-Y . Lam, “Effective intrusion detection in heterogeneous internet-of-things networks via ensemble knowledge distillation-based federated learning,” inICC 2024- IEEE International Conference on Communications. IEEE, 2024, pp. 2034–2039

  14. [14]

    A comprehensive survey of cybersecurity techniques based on quality of service (qos) on the internet of things (iot),

    S. S. Sefati, B. Arasteh, S. Halunga, and O. Fratu, “A comprehensive survey of cybersecurity techniques based on quality of service (qos) on the internet of things (iot),”Cluster Computing, vol. 28, no. 12, p. 792, 2025

  15. [15]

    A survey on identity and access management for future iot services,

    Y . Wang, P. Castillejo, J.-F. Mart´ınez-Ortega, and V . H. D´ıaz, “A survey on identity and access management for future iot services,”Computer Networks, p. 111718, 2025. 16

  16. [16]

    Adversarial attacks and defenses in machine learning-empowered communication systems and networks: A contemporary survey,

    Y . Wang, T. Sun, S. Li, X. Yuan, W. Ni, E. Hossain, and H. V . Poor, “Adversarial attacks and defenses in machine learning-empowered communication systems and networks: A contemporary survey,”IEEE Communications Surveys & Tutorials, vol. 25, no. 4, pp. 2245–2298, 2023

  17. [17]

    Tad: Transfer learning-based multi-adversarial detection of evasion attacks against network intrusion detection systems,

    I. Debicha, R. Bauwens, T. Debatty, J.-M. Dricot, T. Kenaza, and W. Mees, “Tad: Transfer learning-based multi-adversarial detection of evasion attacks against network intrusion detection systems,”Future Generation Computer Systems, vol. 138, pp. 185–197, 2023

  18. [18]

    Evasion techniques: Sneaking through your intrusion detection/prevention systems,

    T.-H. Cheng, Y .-D. Lin, Y .-C. Lai, and P.-C. Lin, “Evasion techniques: Sneaking through your intrusion detection/prevention systems,”IEEE Communications Surveys & Tutorials, vol. 14, no. 4, pp. 1011–1020, 2011

  19. [19]

    Combating adversarial network topology inference by proactive topology obfuscation,

    T. Hou, T. Wang, Z. Lu, and Y . Liu, “Combating adversarial network topology inference by proactive topology obfuscation,”IEEE/ACM Transactions on Networking, vol. 29, no. 6, pp. 2779–2792, 2021

  20. [20]

    Combination attacks and defenses on sdn topology discovery,

    D. Kong, Y . Shen, X. Chen, Q. Cheng, H. Liu, D. Zhang, X. Liu, S. Chen, and C. Wu, “Combination attacks and defenses on sdn topology discovery,”IEEE/ACM Transactions on Networking, vol. 31, no. 2, pp. 904–919, 2022

  21. [21]

    Machine learning-powered encrypted network traffic analysis: A com- prehensive survey,

    M. Shen, K. Ye, X. Liu, L. Zhu, J. Kang, S. Yu, Q. Li, and K. Xu, “Machine learning-powered encrypted network traffic analysis: A com- prehensive survey,”IEEE Communications Surveys & Tutorials, vol. 25, no. 1, pp. 791–824, 2022

  22. [22]

    Tantra: Timing-based adversarial network traffic reshaping attack,

    Y . Sharon, D. Berend, Y . Liu, A. Shabtai, and Y . Elovici, “Tantra: Timing-based adversarial network traffic reshaping attack,”IEEE Trans- actions on Information Forensics and Security, vol. 17, pp. 3225–3237, 2022

  23. [23]

    Game-theoretic and machine learning-based approaches for defensive deception: A survey,

    M. Zhu, A. H. Anwar, Z. Wan, J.-H. Cho, C. Kamhoua, and M. P. Singh, “Game-theoretic and machine learning-based approaches for defensive deception: A survey,”arXiv preprint arXiv:2101.10121, 2021

  24. [24]

    Three decades of deception techniques in active cyber defense-retrospect and outlook,

    L. Zhang and V . L. Thing, “Three decades of deception techniques in active cyber defense-retrospect and outlook,”Computers & Security, vol. 106, p. 102288, 2021

  25. [25]

    A game-theoretic taxonomy and survey of defensive deception for cybersecurity and privacy,

    J. Pawlick, E. Colbert, and Q. Zhu, “A game-theoretic taxonomy and survey of defensive deception for cybersecurity and privacy,”ACM Computing Surveys (CSUR), vol. 52, no. 4, pp. 1–28, 2019

  26. [26]

    Equalnet: A secure and practical defense for long-term network topology obfuscation

    J. Kim, E. Marin, M. Conti, and S. Shin, “Equalnet: A secure and practical defense for long-term network topology obfuscation.” inNDSS, 2022

  27. [27]

    Tunnel enabled programmable switches obfuscate network topology to defend against link flooding reconnaissance in software defined networking,

    X. Li, J. Lee, J. Son, and Y . Lee, “Tunnel enabled programmable switches obfuscate network topology to defend against link flooding reconnaissance in software defined networking,”Scientific Reports, vol. 15, no. 1, p. 35549, 2025

  28. [28]

    A cryptographic approach to prevent network incursion for enhancement of qos in sustainable smart city using manet,

    S. Singh, A. Pise, O. Alfarraj, A. Tolba, and B. Yoon, “A cryptographic approach to prevent network incursion for enhancement of qos in sustainable smart city using manet,”Sustainable Cities and Society, vol. 79, p. 103483, 2022

  29. [29]

    Introducing a new routing method in the manet using the symbionts search algorithm,

    S. Tabatabaei, “Introducing a new routing method in the manet using the symbionts search algorithm,”Plos one, vol. 18, no. 8, p. e0290091, 2023

  30. [30]

    Extended data plane architecture for in-network security services in software-defined networks,

    J. Kim, Y . Kim, V . Yegneswaran, P. Porras, S. Shin, and T. Park, “Extended data plane architecture for in-network security services in software-defined networks,”Computers & Security, vol. 124, p. 102976, 2023

  31. [31]

    Achiev- ing manet protection without the use of superfluous fictitious nodes,

    N. Schweitzer, L. Cohen, T. Hirst, A. Dvir, and A. Stulman, “Achiev- ing manet protection without the use of superfluous fictitious nodes,” Computer Communications, vol. 229, p. 107978, 2025

  32. [32]

    Mitigating denial of service attacks in olsr protocol using fictitious nodes,

    N. Schweitzer, A. Stulman, A. Shabtai, and R. D. Margalit, “Mitigating denial of service attacks in olsr protocol using fictitious nodes,”IEEE Transactions on Mobile Computing, vol. 15, no. 1, pp. 163–172, 2015

  33. [33]

    The ns-3 simulator,

    “The ns-3 simulator,” [Online]. Available: http://www.nsnam.org

  34. [34]

    Survey of recent routing metrics and protocols for mobile ad-hoc networks

    V . K. Quy, N. T. Ban, V . H. Nam, D. M. Tuan, and N. D. Han, “Survey of recent routing metrics and protocols for mobile ad-hoc networks.”J. Commun., vol. 14, no. 2, pp. 110–120, 2019

  35. [35]

    A survey on parameters affecting manet performance,

    A. M. Eltahlawy, H. K. Aslan, E. G. Abdallah, M. S. Elsayed, A. D. Jurcut, and M. A. Azer, “A survey on parameters affecting manet performance,”Electronics, vol. 12, no. 9, p. 1956, 2023

  36. [36]

    A survey on feature selection methods for mixed data,

    S. Solorio-Fern ´andez, J. A. Carrasco-Ochoa, and J. F. Martinez-Trinidad, “A survey on feature selection methods for mixed data,”Artificial Intelligence Review, vol. 55, no. 4, pp. 2821–2846, 2022

  37. [37]

    Tabular data: Deep learning is not all you need,

    R. Shwartz-Ziv and A. Armon, “Tabular data: Deep learning is not all you need,”Information Fusion, vol. 81, pp. 84–90, 2022

  38. [38]

    Why do tree-based models still outperform deep learning on typical tabular data?

    L. Grinsztajn, E. Oyallon, and G. Varoquaux, “Why do tree-based models still outperform deep learning on typical tabular data?” in NeurIPS, 2022

  39. [39]

    Tunability: Importance of hyperparameters of machine learning algorithms,

    P. Probst, A.-L. Boulesteix, and B. Bischl, “Tunability: Importance of hyperparameters of machine learning algorithms,”Journal of Machine Learning Research, vol. 20, no. 53, pp. 1–32, 2019

  40. [40]

    Transforming classifier scores into accurate multiclass probability estimates,

    B. Zadrozny and C. Elkan, “Transforming classifier scores into accurate multiclass probability estimates,” inKDD, 2002, pp. 694–699

  41. [41]

    Predicting good probabilities with supervised learning,

    A. Niculescu-Mizil and R. Caruana, “Predicting good probabilities with supervised learning,” inICML, 2005, pp. 625–632

  42. [42]

    Stacked generalization,

    D. H. Wolpert, “Stacked generalization,”Neural Networks, vol. 5, no. 2, pp. 241–259, 1992. APPENDIX 17 TABLE XI HYPERPARAMETER SEARCH SPACES USED BY THE UNIFIED PROCEDURE OFSECTIONV-B. FOR EACH MODEL,THE TABLE LISTS THE CANDIDATE VALUES SEARCHED PER HYPERPARAMETER. TREE-BASED,BOOSTING,AND BAGGING MODELS WERE TUNED WITHRA N D O M I Z E DSE A R C HCV (nITER...