Distributed and cooperative intrusion detection in wireless mesh networks. (Détection d'intrusion distribuée et coopérative dans les réseaux maillés sans fil)

Wireless Mesh Network (WMN) is an emerging technology that is gaining importance among traditional wireless communication systems. However, WMNs are particularly vulnerable to external and insider attacks due to their inherent attributes such as open communication medium and decentralized architecture. In this research, we propose a complete distributed and cooperative intrusion detection system for efficient and effective detection of WMN attacks in real-time. Our intrusion detection mechanism is based on reliable exchange of network events and active cooperation between the participating nodes. In our distributed approach, Intrusion Detection Systems (IDSs) are independently placed at each mesh node to passively monitor the node routing behavior and concurrently monitor the neighborhood behavior. Based on that, we first implement a Routing Protocol Analyzer (RPA) that accuracy generates Routing Events from the observed traffic, which are then processed by the own node and exchanged between neighboring nodes. Second, we propose a practical Distributed Intrusion Detection Engine (DIDE) component, which periodically calculates accurate Misbehaving Metrics by making use of the generated Routing Events and pre-defined Routing Constraints that are extracted from the protocol behavior. Third, we propose a Cooperative Consensus Mechanism (CCM), which is triggered among the neighboring nodes if any malicious behavior is detected. The CCM module analyzes the Misbehaving Metrics and shares Intrusion Detection Results among the neighbors to track down the source of intrusion. To validate our research, we implemented the distributed intrusion detection solution using a virtualized mesh network platform composed of virtual machines (VMs) interconnected. We also implemented several routing attacks to evaluate the performance of the intrusion detection mechanisms

[1]  Muhammad Shoaib Siddiqui,et al.  Security Issues in Wireless Mesh Networks , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[2]  Srdjan Capkun,et al.  Jamming-resistant Broadcast Communication without Shared Keys , 2009, USENIX Security Symposium.

[3]  Jie Wu,et al.  A Distributed Approach for Hidden Wormhole Detection with Neighborhood Information , 2010, 2010 IEEE Fifth International Conference on Networking, Architecture, and Storage.

[4]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[5]  Songwu Lu,et al.  SCAN: self-organized network-layer security in mobile ad hoc networks , 2006, IEEE Journal on Selected Areas in Communications.

[6]  Issa M. Khalil,et al.  LiteWorp: Detection and isolation of the wormhole attack in static multihop wireless networks , 2007, Comput. Networks.

[7]  Christos Douligeris,et al.  LIDF: Layered intrusion detection framework for ad-hoc networks , 2009, Ad Hoc Networks.

[8]  Elizabeth M. Belding-Royer,et al.  A secure routing protocol for ad hoc networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[9]  Ratan K. Guha,et al.  Effective intrusion detection using multiple sensors in wireless ad hoc networks , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[10]  Biswanath Mukherjee,et al.  Detecting disruptive routers: a distributed network monitoring approach , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[11]  Zonghua Zhang,et al.  RADAR: A reputation-driven anomaly detection system for wireless mesh networks , 2010, Wirel. Networks.

[12]  Wenke Lee,et al.  Attack Analysis and Detection for Ad Hoc Routing Protocols , 2004, RAID.

[13]  R. Sekar,et al.  Experiences with Specification-Based Intrusion Detection , 2001, Recent Advances in Intrusion Detection.

[14]  Manel Guerrero Zapata Secure ad hoc on-demand distance vector routing , 2002, MOCO.

[15]  David Gavin,et al.  Performance Monitoring Tools for Linux , 1998 .

[16]  David de Andrés,et al.  Towards benchmarking routing protocols in wireless mesh networks , 2011, Ad Hoc Networks.

[17]  Ana R. Cavalli,et al.  An EFSM-Based Intrusion Detection System for Ad Hoc Networks , 2005, ATVA.

[18]  Mihaela Cardei,et al.  Routing Security in Ad Hoc Wireless Networks , 2010 .

[19]  Wenke Lee,et al.  Intrusion Detection Techniques for Mobile Wireless Networks , 2003, Wirel. Networks.

[20]  Yih-Chun Hu,et al.  Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks , 2002, MobiCom '02.

[21]  T. Hartnett Consensus-Oriented Decision-Making: The CODM Model for Facilitating Groups to Widespread Agreement , 2011 .

[22]  Ekram Hossain,et al.  Wireless Mesh Networks: Architectures and Protocols , 2008 .

[23]  Axel Neumann,et al.  Better Approach To Mobile Ad-hoc Networking (B.A.T.M.A.N.) , 2008 .

[24]  Mieso K. Denko,et al.  A hierarchical architecture for detecting selfish behaviour in community wireless mesh networks , 2011, Comput. Commun..

[25]  Harold S. Javitz,et al.  The SRI IDES statistical anomaly detector , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[26]  Peng Ning,et al.  Defending DSSS-based broadcast communication against insider jammers via delayed seed-disclosure , 2010, ACSAC '10.

[27]  David L. Johnson,et al.  Simple pragmatic approach to mesh routing using BATMAN , 2008 .

[28]  Biswanath Mukherjee,et al.  A network security monitor , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[29]  Ian F. Akyildiz,et al.  Wireless mesh networks: a survey , 2005, Comput. Networks.

[30]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[31]  M. Abolhasan,et al.  Real-world performance of current proactive multi-hop mesh protocols , 2009, 2009 15th Asia-Pacific Conference on Communications.

[32]  Steven Furnell,et al.  Friend-assisted intrusion detection and response mechanisms for mobile ad hoc networks , 2008, Ad Hoc Networks.

[33]  Karl N. Levitt,et al.  A specification-based intrusion detection system for AODV , 2003, SASN '03.

[34]  Karl N. Levitt,et al.  A general cooperative intrusion detection architecture for MANETs , 2005, Third IEEE International Workshop on Information Assurance (IWIA'05).