A Specification-Based Intrusion Detection Model for OLSR

The unique characteristics of mobile ad hoc networks, such as shared wireless channels, dynamic topologies and a reliance on cooperative behavior, makes routing protocols employed by these networks more vulnerable to attacks than routing protocols employed within traditional wired networks. We propose a specification-based intrusion-detection model for ad hoc routing protocols in which network nodes are monitored for operations that violate their intended behavior. In particular, we apply the model to detect attacks on the OLSR (Optimized Link State Routing) protocol. We analyze the protocol specification of OLSR, which describes the valid routing behavior of a network node, and develop constraints on the operation of a network node running OLSR. We design a detection mechanism based on finite state automata for checking whether a network node violates the constraints. The detection mechanism can be used by cooperative distributed intrusion detectors to detect attacks on OLSR. To validate the research, we investigate vulnerabilities of OLSR and prove that the developed constraints can detect various attacks that exploit these vulnerabilities. In addition, simulation experiments conducted in GlomoSim demonstrate significant success with the proposed intrusion detection model.

[1]  Dawn Song,et al.  The TESLA Broadcast Authentication Protocol , 2002 .

[2]  Elizabeth M. Belding-Royer,et al.  A secure routing protocol for ad hoc networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[3]  Panagiotis Papadimitratos,et al.  Secure link state routing for mobile ad hoc networks , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[4]  Karl N. Levitt,et al.  Execution monitoring of security-critical programs in distributed systems: a specification-based approach , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[5]  Wenke Lee,et al.  A cooperative intrusion detection system for ad hoc networks , 2003, SASN '03.

[6]  Jorge Nuevo A Comprehensible GloMoSim Tutorial , 2004 .

[7]  Jean-Yves Le Boudec,et al.  Performance analysis of the CONFIDANT protocol , 2002, MobiHoc '02.

[8]  Farooq Anjum,et al.  LiPaD: lightweight packet drop detection for ad hoc networks , 2004, IEEE 60th Vehicular Technology Conference, 2004. VTC2004-Fall. 2004.

[9]  Jean-Yves Le Boudec,et al.  Performance analysis of the CONFIDANT protocol , 2002, MobiHoc '02.

[10]  Harold S. Javitz,et al.  The SRI IDES statistical anomaly detector , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  Levente Buttyán,et al.  Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks , 2003, Mob. Networks Appl..

[12]  P. Jacquet,et al.  Securing the OLSR protocol , 2003 .

[13]  Gregory A. Hansen,et al.  The Optimized Link State Routing Protocol , 2003 .

[14]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[15]  R. Ramanujan,et al.  Intrusion-resistant ad hoc wireless networks , 2002, MILCOM 2002. Proceedings.

[16]  Anis Laouiti,et al.  Multipoint Relaying: An Efficient Technique for Flooding in Mobile Wireless Networks , 2000 .

[17]  George Kesidis,et al.  Detecting malicious packet dropping using statistically regular traffic patterns in multihop wireless networks that are not bandwidth limited , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[18]  Mahesh Viswanathan,et al.  Verisim: Formal analysis of network simulations , 2000, ISSTA '00.

[19]  Philippe Jacquet,et al.  Performance analysis of olsr multipoint relay flooding in two ad hoc wireless network models , 2001 .

[20]  Yih-Chun Hu,et al.  Wormhole Detection in Wireless Ad Hoc Networks , 2002 .

[21]  Giovanni Vigna,et al.  An intrusion detection tool for AODV-based ad hoc wireless networks , 2004, 20th Annual Computer Security Applications Conference.

[22]  Peng Ning,et al.  How to misuse AODV: a case study of insider attacks against mobile ad-hoc routing protocols , 2003, Ad Hoc Networks.

[23]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[24]  Oivind Kure,et al.  Secure Extension to the OLSR protocol , 2004 .

[25]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[26]  Saswati Sarkar,et al.  Efficacy of misuse detection in ad hoc networks , 2004, 2004 First Annual IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks, 2004. IEEE SECON 2004..

[27]  Karl N. Levitt,et al.  A specification-based intrusion detection system for AODV , 2003, SASN '03.

[28]  Karl N. Levitt,et al.  A general cooperative intrusion detection architecture for MANETs , 2005, Third IEEE International Workshop on Information Assurance (IWIA'05).

[29]  Sondre Wabakken Engell Securing the OLSR Protocol , 2004 .

[30]  A. Laouiti,et al.  Optimized link state routing protocol for ad hoc networks , 2001, Proceedings. IEEE International Multi Topic Conference, 2001. IEEE INMIC 2001. Technology for the 21st Century..