ABSTRACT
Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years because of the rapid proliferation of wireless devices. MANETs are highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring and management point, and lack of a clear line of defense. In this paper, we report our progress in developing intrusion detection (ID) capabilities for MANET. Building on our prior work on anomaly detection, we investigate how to improve the anomaly detection approach to provide more details on attack types and sources. For several well-known attacks, we can apply a simple rule to identify the attack type when an anomaly is reported. In some cases, these rules can also help identify the attackers. We address the run-time resource constraint problem using a cluster-based detection scheme where periodically a node is elected as the ID agent for a cluster. Compared with the scheme where each node is its own ID agent, this scheme is much more efficient while maintaining the same level of effectiveness. We have conducted extensive experiments using the ns-2 and MobiEmu environments to validate our research.
- J. P. Anderson. Computer security threat monitoring and surveillance. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania, April 1980.Google Scholar
- S. Basagni. Distributed clustering for ad hoc networks. In ISPAN-99, International Symposium on Parallel Architectures, Algorithms, and Networks, pages 310--315, Perth, Western Australia, June 1999. Google ScholarDigital Library
- S. Basagni, K. Herrin, D. Bruschi, and E. Rosti. Secure pebblenets. In Proceedings of the 2001 ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc 2001), Long Beach, CA, October 2001. Google ScholarDigital Library
- S. Buchegger and J. L. Boudec. Performance analysis of the CONFIDANT protocol: Cooperation of nodes --- fairness in dynamic ad-hoc networks. In Proceedings of IEEE/ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), Lausanne, CH, June 2002. IEEE. Google ScholarDigital Library
- L. Buttyan and J. P. Hubaux. Stimulating cooperation in self-organizing mobile ad hoc networks. ACM Journal for Mobile Networks (MONET), special issue on Mobile Ad Hoc Networks, 2002. Google ScholarDigital Library
- S. Cheung. An efficient message authentication scheme for link state routing. In Proceedings of the 13th Annual Computer Security Applications Conference, 1997. Google ScholarDigital Library
- S. Cheung and K. Levitt. Protecting routing infrastructures from denial of service using cooperative intrusion detection. In New Security Paradigms Workshop, 1997. Google ScholarDigital Library
- D. Denning. An intrusion detection model. IEEE Transactions on Software Engineering, 13(2), February 1987. Google ScholarDigital Library
- K. Fall and e Varadhan. The ns Manual (formerly ns Notes and Documentation), 2000. Online reference: http://www.isi.edu/nsnam/ns/ns-documentation.html.Google Scholar
- Y. Hu, A. Perrig, and D. B. Johnson. Ariadne: A secure on-demand routing protocol for ad hoc networks. In Proceedings of the Eighth Annual International Conference on Mobile Computing and Networking (MobiCom 2002), September 2002. Google ScholarDigital Library
- Y. Huang, W. Fan, W. Lee, and P. Yu. Cross-feature analysis for detecting ad-hoc routing anomalies. In Proceedings of the 23rd International Conference on Distributed Computing Systems, Providence, RI, May 2003. Google ScholarDigital Library
- K. Ilgun, R. A. Kemmerer, and P. A. Porras. State transition analysis: A rule-based intrusion detection approach. IEEE Transactions on Software Engineering, 21(3):181--199, March 1995. Google ScholarDigital Library
- D. B. Johnson and D. A. Maltz. Dynamic source routing in ad hoc wireless networks. In Tomasz Imielinski and Hank Korth, editors, Mobile Computing, pages 153--181. Kluwer Academic Publishers, 1996.Google ScholarCross Ref
- Y.-B. Ko and N. H. Vaidya. Location-aided routing (LAR) in mobile ad hoc networks. ACM/Baltzer Wireless Networks (WINET) journal, Vol 6--4 -Extended version of the Mobicom'98 paper., 2000. Google ScholarDigital Library
- P. Krishna, N. H. Vaidya, M. Chatterjee, and D. K. Pradhan. A cluster-based approach for routing in dynamic networks. ACM SIGCOMM Computer Communication Review, 27(2):49--64, 1997. Google ScholarDigital Library
- C. Krugel and T. Toth. Flexible, mobile agent based intrsuion detection for dynamic networks. In European Wireless, 2002.Google Scholar
- S. Kumar and E. H. Spafford. A software architecture to support misuse intrusion detection. In Proceedings of the 18th National Information Security Conference, pages 194--204, 1995.Google Scholar
- S. Marti, T. J. Giuli, K. Lai, and M. Baker. Mitigating routing misbehavior in mobile ad hoc networks. In Mobile Computing and Networking, pages 255--265, 2000. Google ScholarDigital Library
- V. Mittal and G. Vigna. Sensor-based intrusion detection for intra-domain distance-vector routing. In R. Sandhu, editor, Proceedings of the ACM Conference on Computer and Communication Security (CCS'02), Washington, DC, November 2002. ACM Press. Google ScholarDigital Library
- C. E. Perkins. Ad hoc networking: An introduction. In C. E. Perkins, editor, Ad Hoc Networking. Addison-Wesley, 2000. Google ScholarDigital Library
- C. E. Perkins and P. Bhagwat. Highly dynamic destination-sequenced distance-vector routing (DSDV) for mobile computers. In ACM SIGCOMM'94 Conference on Communications Architectures, Protocols and Applications, pages 234--244, 1994. Google ScholarDigital Library
- C. E. Perkins and E. M. Royer. The ad hoc on-demand distance-vector protocol. In C. E. Perkins, editor, Ad Hoc Networking. Addison-Wesley, 2000. Google ScholarDigital Library
- A. Perrig, R. Canetti, D. Tygar, and D. Song. The TESLA broadcast authentication protocol. Cryptobytes (RSA Laboratories, Summer/Fall 2002), 5(2):2--13, 2002.Google Scholar
- D. Qu, B. M. Vetter, F. Wang, R. Narayan, S. F. Wu, Y. F. Jou, F. Gong, and C. Sargor. Statistical anomaly detection for link-state routing protocols. In Proceedings of 1998 International Conference on Network Protocols, Austin, TX, October 1998. Google ScholarDigital Library
- J. R. Quinlan. C4.5: Programs for machine learning. Morgan Kaufmann, San Mateo, CA, 1993. Google ScholarDigital Library
- B. Schneier. Secrets & Lies: Digital Security in a Networked World. John Wiley & Sons, Inc., 2000. Google ScholarDigital Library
- B. R. Smith, S. Murthy, and J. J. Garcia-Luna-Aceves. Securing distance-vector routing protocols. In Proceedings of Internet Society Symposium on Network and Distributed System Security, pages 85--92, San Diego, California, February 1997. Google ScholarDigital Library
- S. Vasudevan, B. DeCleene, N. Immerman, J. Kurose, and D. Towsley. Leader election algorithms for wireless ad hoc networks. In The Third DARPA Information Survivability Conference and Exposition (DISCEX III), April 2003.Google ScholarCross Ref
- M. G. Zapata. Secure ad hoc on-demand distance vector (SAODV) routing. IETF Internet Draft, draft-guerrero-manet-saodv-00.txt, August 2001 (Work in Progress), August 2001.Google Scholar
- Y. Zhang and W. Li. An integrated environment for testing mobile ad-hoc networks. In Proceedings of the Third ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc '02), Lausanne, Switzerland, June 2002. Google ScholarDigital Library
- L. Zhou and Z. J. Haas. Securing ad hoc networks. IEEE Network, 13(6):24--30, Nov/Dec 1999. Google ScholarDigital Library
- A cooperative intrusion detection system for ad hoc networks
Recommendations
A distributed intrusion detection scheme for wireless ad hoc networks
SAC '12: Proceedings of the 27th Annual ACM Symposium on Applied ComputingWireless ad hoc network is an emerging technology that is gaining popularity as a cost-effective way of offering end-to-end services, such as Internet access, in an inexpensive, practical, and fast manner. However, wireless ad hoc networks are ...
A Specification-Based Intrusion Detection Model for Wireless Ad Hoc Networks
IBICA '12: Proceedings of the 2012 Third International Conference on Innovations in Bio-Inspired Computing and ApplicationsMobile ad hoc networks (MANET) have the properties of open medium and decentralized structure, so malicious nodes can easily attack MANET nodes. Furthermore, it is more difficult to establish a protection mechanism on a dynamic topology than a fixed ...
Distributed Court System for intrusion detection in mobile ad hoc networks
Securing routing layer functions in mobile ad hoc networks is an important issue, which includes many challenges like how to enhance detection accuracy when facing the highly dynamic characteristic of such networks, and how to distinguish malicious ...
Comments