RADAR: A ReputAtion-Based Scheme for Detecting Anomalous Nodes in WiReless Mesh Networks

As one of the backup measures of intrusion prevention techniques, intrusion detection system (IDS) plays a paramount role in the second defense line of computer networks. Due to the special infrastructure and communication mode, intrusion detection in wireless mesh networks (WMNs) is especially challenging and requires particular design considerations. In this paper, we propose a novel anomaly detection scheme, called RADAR, to detect anomalous mesh nodes in WMNs. Firstly, we introduce a general concept of reputation to characterize and quantify the mesh node's behavior/status in terms of fine-grained performance metrics. This enables us to construct a robust baseline for leveraging and measuring the derivation between normal and anomalous behavior of each mesh node. Secondly, based on reputation management, we develop a cooperative anomaly detection scheme by fully exploring the spatio-temporal properties of mesh nodes' behavior. Our current scheme is specified and implemented with a reactive routing protocol, aiming at detecting malicious mesh nodes which intentionally violate normal routing mechanisms. The simulation results show that our scheme performs well in terms of detection accuracy, false positive rate, computational overhead, and scalability.

[1]  John McHugh,et al.  Defending Yourself: The Role of Intrusion Detection Systems , 2000, IEEE Software.

[2]  Allen Gersho,et al.  Vector quantization and signal compression , 1991, The Kluwer international series in engineering and computer science.

[3]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[4]  Wenke Lee,et al.  Intrusion Detection Techniques for Mobile Wireless Networks , 2003, Wirel. Networks.

[5]  John McHugh,et al.  Intrusion and intrusion detection , 2001, International Journal of Information Security.

[6]  Paramvir Bahl,et al.  Troubleshooting wireless mesh networks , 2006, CCRV.

[7]  Refik Molva,et al.  Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks , 2002, Communications and Multimedia Security.

[8]  Ian F. Akyildiz,et al.  Wireless mesh networks: a survey , 2005, Comput. Networks.

[9]  Hector Garcia-Molina,et al.  Taxonomy of trust: Categorizing P2P reputation systems , 2006, Comput. Networks.

[10]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[11]  David B. Johnson,et al.  The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks , 2003 .

[12]  Jean-Yves Le Boudec,et al.  Self-policing mobile ad hoc networks by reputation systems , 2005, IEEE Communications Magazine.

[13]  G. Chartrand,et al.  Graph similarity and distance in graphs , 1998 .

[14]  Qi He,et al.  SORI: a secure and objective reputation-based incentive scheme for ad-hoc networks , 2004, 2004 IEEE Wireless Communications and Networking Conference (IEEE Cat. No.04TH8733).

[15]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[16]  Wenke Lee,et al.  A cooperative intrusion detection system for ad hoc networks , 2003, SASN '03.

[17]  Jean-Yves Le Boudec,et al.  Performance analysis of the CONFIDANT protocol , 2002, MobiHoc '02.

[18]  Brian L. Mark,et al.  A quantitative trust establishment framework for reliable data packet delivery in MANETs , 2005, SASN '05.