A cooperative intrusion detection system for ad hoc networks

Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years because of the rapid proliferation of wireless devices. MANETs are highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring and management point, and lack of a clear line of defense. In this paper, we report our progress in developing intrusion detection (ID) capabilities for MANET. Building on our prior work on anomaly detection, we investigate how to improve the anomaly detection approach to provide more details on attack types and sources. For several well-known attacks, we can apply a simple rule to identify the attack type when an anomaly is reported. In some cases, these rules can also help identify the attackers. We address the run-time resource constraint problem using a cluster-based detection scheme where periodically a node is elected as the ID agent for a cluster. Compared with the scheme where each node is its own ID agent, this scheme is much more efficient while maintaining the same level of effectiveness. We have conducted extensive experiments using the ns-2 and MobiEmu environments to validate our research.

[1]  Giovanni Vigna,et al.  Sensor-based intrusion detection for intra-domain distance-vector routing , 2002, CCS '02.

[2]  David A. Maltz,et al.  DSR: the dynamic source routing protocol for multihop wireless ad hoc networks , 2001 .

[3]  Neil Immerman,et al.  Leader election algorithms for wireless ad hoc networks , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[4]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[5]  Charles E. Perkins,et al.  Ad hoc networking: an introduction , 2001 .

[6]  Eugene H. Spafford,et al.  An Application of Pattern Matching in Intrusion Detection , 1994 .

[7]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[8]  Aiko M. Hormann,et al.  Programs for Machine Learning. Part I , 1962, Inf. Control..

[9]  Jean-Yves Le Boudec,et al.  Performance analysis of the CONFIDANT protocol , 2002, MobiHoc '02.

[10]  Jean-Yves Le Boudec,et al.  Performance analysis of the CONFIDANT protocol , 2002, MobiHoc '02.

[11]  Dawn Song,et al.  The TESLA Broadcast Authentication Protocol , 2002 .

[12]  Shyhtsun Felix Wu,et al.  Statistical anomaly detection for link-state routing protocols , 1998, Proceedings Sixth International Conference on Network Protocols (Cat. No.98TB100256).

[13]  Christopher Krügel,et al.  Flexible, Mobile Agent Based Intrusion Detection for Dynamic Networks , 2001 .

[14]  Charles E. Perkins,et al.  Ad-hoc on-demand distance vector routing , 1999, Proceedings WMCSA'99. Second IEEE Workshop on Mobile Computing Systems and Applications.

[15]  Stefano Basagni,et al.  Distributed clustering for ad hoc networks , 1999, Proceedings Fourth International Symposium on Parallel Architectures, Algorithms, and Networks (I-SPAN'99).

[16]  Karl N. Levitt,et al.  Protecting routing infrastructures from denial of service using cooperative intrusion detection , 1998, NSPW '97.

[17]  Dhiraj K. Pradhan,et al.  A cluster-based approach for routing in dynamic networks , 1997, CCRV.

[18]  Charles E. Perkins,et al.  The Ad Hoc on-demand distance-vector protocol , 2001 .

[19]  Bruce Schneier,et al.  Secrets and Lies: Digital Security in a Networked World , 2000 .

[20]  David A. Maltz,et al.  Dynamic Source Routing in Ad Hoc Wireless Networks , 1994, Mobidata.

[21]  Stefano Basagni,et al.  Secure pebblenets , 2001, MobiHoc '01.

[22]  Nitin H. Vaidya,et al.  Location-aided routing (LAR) in mobile ad hoc networks , 1998, MobiCom '98.

[23]  Levente Buttyán,et al.  Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks , 2003, Mob. Networks Appl..

[24]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[25]  Sandeep Kumar,et al.  A Software Architecture to Support Misuse Intrusion Detection , 1995 .

[26]  S. Cheung,et al.  An efficient message authentication scheme for link state routing , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[27]  Yongguang Zhang,et al.  An integrated environment for testing mobile ad-hoc networks , 2002, MobiHoc '02.

[28]  Charles E. Perkins,et al.  Highly dynamic Destination-Sequenced Distance-Vector routing (DSDV) for mobile computers , 1994, SIGCOMM.

[29]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[30]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[31]  Philip S. Yu,et al.  Cross-feature analysis for detecting ad-hoc routing anomalies , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[32]  Kevin R. Fall,et al.  The NS Manual (Formerly NS Notes and Documentation , 2002 .

[33]  Yih-Chun Hu,et al.  Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks , 2005, Wirel. Networks.

[34]  J. J. Garcia-Luna-Aceves,et al.  Securing distance-vector routing protocols , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.