A distributed cross-layer intrusion detection system forad hoc networks

Most existing intrusion detection systems (Idss) for ad hoc networks are proposed for single layer detection. Although they may apply to other layers of network protocol stack, individual layers of data is still being analyzed separately. In addition, most have not been able to emphasize localization of attack source. In this paper, we propose an anomaly-based ids that utilizes cross-layer features to detect attacks, and localizes attack sources within onehop perimeter. Specifically, we suggest a compact feature set that incorporate intelligence from bothMac layer and network layer to profile normal behaviors of mobile nodes; we adapt a data mining anomaly detection technique from wired networks to ad hoc networks; and we develop a novel collaborative detection scheme that enables theIds to correlate local and global alerts. We validate our work through ns-2 simulation experiments. Experimental results demonstrate the effectiveness of our method.RésuméLe caractère dynamique, réparti et auto organisé des réseaux ad hoc présente un grand défi à la détection des intrusions. En général, le système de détection d’intrusion dans un réseau s’implémente à la périphérie. Cette solution ne peut pas s’appliquer aux réseaux ad hoc par manque d’une infrastructure pré-existante pour la communication et de centres de contrôle. Par ailleurs, les techniques courantes pour détecter l’intrusion, qui ont été développées pour les réseaux filaires et étendus, ne peuvent que s’appliquer aux couches individuelles dans le protocole de réseau. Dans cet article, nous présentons un système de détection d’intrusion fondé sur un nœud qui arrive à détecter l’origine d’une attaque et à la localiser à un saut de la périphérie. Nous présentons plus particulièrement un ensemble de dispositifs compacts qui associent les informations des couches mac et réseau pour profiler le comportement des nœuds mobiles. Nous adaptons cette technique pour détecter les anomalies dans les réseaux filaires et ad hoc.Enfin, nous proposons un nouveau mécanisme de réponse à l’intrusion qui permet à un système de lier une alerte locale aux alertes globales collectées des environs. Nous validons notre travail par des expériences par simulation ns-2. Les résultats des expériences indiquent l’efficacité de notre méthode.

[1]  Elizabeth M. Belding-Royer,et al.  A secure routing protocol for ad hoc networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[2]  Yih-Chun Hu Packet Leashes : A Defense against Wormhole Attacks in Wireless Ad Hoc Networks , 2001 .

[3]  William W. Cohen Fast Effective Rule Induction , 1995, ICML.

[4]  Wenke Lee,et al.  A cooperative intrusion detection system for ad hoc networks , 2003, SASN '03.

[5]  R. Sekar,et al.  Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[6]  Johannes Gehrke,et al.  MAFIA: a maximal frequent itemset algorithm for transactional databases , 2001, Proceedings 17th International Conference on Data Engineering.

[7]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[8]  Christopher Krügel,et al.  Bayesian event classification for intrusion detection , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[9]  Karl N. Levitt,et al.  A specification-based intrusion detection system for AODV , 2003, SASN '03.

[10]  Aiko M. Hormann,et al.  Programs for Machine Learning. Part I , 1962, Inf. Control..

[11]  Frans Coenen,et al.  Threshold Tuning for Improved Classification Association Rule Mining , 2005, PAKDD.

[12]  Wenke Lee,et al.  Intrusion detection in wireless ad-hoc networks , 2000, MobiCom '00.

[13]  Ramakrishnan Srikant,et al.  Fast Algorithms for Mining Association Rules in Large Databases , 1994, VLDB.

[14]  Saswati Sarkar,et al.  Signature based intrusion detection for wireless ad-hoc networks: a comparative study of various routing protocols , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[15]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[16]  大西 仁,et al.  Pearl, J. (1988, second printing 1991). Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan-Kaufmann. , 1994 .

[17]  N. Asokan,et al.  Securing ad hoc routing protocols , 2002, WiSE '02.

[18]  David A. Maltz,et al.  A performance comparison of multi-hop wireless ad hoc network routing protocols , 1998, MobiCom '98.

[19]  Vipin Kumar,et al.  Text Categorization Using Weight Adjusted k-Nearest Neighbor Classification , 2001, PAKDD.

[20]  Ramakrishnan Srikant,et al.  Fast algorithms for mining association rules , 1998, VLDB 1998.

[21]  Yih-Chun Hu,et al.  Rushing attacks and defense in wireless ad hoc network routing protocols , 2003, WiSe '03.

[22]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[23]  Shyhtsun Felix Wu,et al.  Malicious packet dropping: how it might impact the TCP performance and how we can detect it , 2000, Proceedings 2000 International Conference on Network Protocols.

[24]  Michael I. Jordan Learning in Graphical Models , 1999, NATO ASI Series.

[25]  Jim Binkley,et al.  Authenticated Ad Hoc Routing at the Link Layer for Mobile Systems , 2001, Wirel. Networks.

[26]  Sandeep Kumar,et al.  Classification and detection of computer intrusions , 1996 .

[27]  Salvatore J. Stolfo,et al.  Adaptive Intrusion Detection: A Data Mining Approach , 2000, Artificial Intelligence Review.

[28]  Christopher Leckie,et al.  Unsupervised Anomaly Detection in Network Intrusion Detection Using Clusters , 2005, ACSC.

[29]  O. Kachirski,et al.  Intrusion detection using mobile agents in wireless ad hoc networks , 2002, Proceedings. IEEE Workshop on Knowledge Media Networking.

[30]  Yorick Wilks,et al.  Unsupervised Anomaly Detection , 2007, IJCAI.

[31]  Yu Liu,et al.  Network vulnerability assessment using Bayesian networks , 2005, SPIE Defense + Commercial Sensing.

[32]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[33]  Judea Pearl,et al.  Probabilistic reasoning in intelligent systems - networks of plausible inference , 1991, Morgan Kaufmann series in representation and reasoning.

[34]  Baruch Awerbuch,et al.  An on-demand secure routing protocol resilient to byzantine failures , 2002, WiSE '02.

[35]  Hong Hu,et al.  Using Association Rules to Make Rule-based Classifiers Robust , 2005, ADC.

[36]  John S. Baras,et al.  Detection and prevention of MAC layer misbehavior in ad hoc networks , 2004, SASN '04.

[37]  Dharma P. Agrawal,et al.  SVM-based intrusion detection system for wireless ad hoc networks , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[38]  Judea Pearl,et al.  Chapter 2 – BAYESIAN INFERENCE , 1988 .

[39]  Saurabh Bagchi,et al.  Collaborative intrusion detection system (CIDS): a framework for accurate and efficient IDS , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..