A specification-based intrusion detection engine for infrastructure-less networks

The proliferation of mobile computing devices has enabled the utilization of infrastructure-less networking as commercial solutions. However, the distributed and cooperative nature of routing in such networks makes them vulnerable to a variety of attacks. This paper proposes a host-based monitoring mechanism, called SIDE that safeguards the operation of the AODV routing protocol. SIDE encompasses two complementary functionalities: (i) a specification-based detection engine for the AODV routing protocol, and (ii) a remote attestation procedure that ensures the integrity of a running SIDE instance. The proposed mechanism operates on a trusted computing platform that provides hardware-based root of trust and cryptographic acceleration, used by the remote attestation procedure, as well as protection against runtime attacks. A key advantage of the proposed mechanism is its ability to effectively detect both known and unknown attacks, in real time. Performance analysis shows that attacks are resolved with high detection accuracy, even under conditions of high network volatility. Moreover, SIDE induces the least amount of control packet overhead in comparison with a number of other proposed IDS schemes.

[1]  Khaled Elleithy,et al.  Innovations and Advances in Computer, Information, Systems Sciences, and Engineering , 2013 .

[2]  David A. Maltz,et al.  DSR: the dynamic source routing protocol for multihop wireless ad hoc networks , 2001 .

[3]  William H. Robinson,et al.  A distributed intrusion detection system for resource-constrained devices in ad-hoc networks , 2010, Ad Hoc Networks.

[4]  I. Verbauwhede,et al.  Interfacing a high speed crypto accelerator to an embedded CPU , 2004, Conference Record of the Thirty-Eighth Asilomar Conference on Signals, Systems and Computers, 2004..

[5]  Wenke Lee,et al.  Attack Analysis and Detection for Ad Hoc Routing Protocols , 2004, RAID.

[6]  L. V. Doorn,et al.  SCUBA: Secure Code Update By Attestation in sensor networks , 2006, WiSe '06.

[7]  Dan Komosny,et al.  Energy Efficient Public Key Cryptography in Wireless Sensor Networks , 2013 .

[8]  Giovanni Vigna,et al.  An intrusion detection tool for AODV-based ad hoc wireless networks , 2004, 20th Annual Computer Security Applications Conference.

[9]  Jörg Ott,et al.  Adaptive routing in mobile opportunistic networks , 2010, MSWIM '10.

[10]  Peng Ning,et al.  How to misuse AODV: a case study of insider attacks against mobile ad-hoc routing protocols , 2003, Ad Hoc Networks.

[11]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[12]  A. Miyaji,et al.  Software Tamper Resistance Based on the Difficulty of Interprocedural Analysis , 2002 .

[13]  Paul Geladi,et al.  Principal Component Analysis , 1987, Comprehensive Chemometrics.

[14]  Nei Kato,et al.  A Dynamic Anomaly Detection Scheme for AODV-Based Mobile Ad Hoc Networks , 2009, IEEE Transactions on Vehicular Technology.

[15]  Mohy Mahmoud,et al.  Securing the AODV protocol using specification-based intrusion detection , 2006, Q2SWinet '06.

[16]  Jörg Ott,et al.  Integrating DTN and MANET routing , 2006, CHANTS '06.

[17]  Karl N. Levitt,et al.  A specification-based intrusion detection system for AODV , 2003, SASN '03.

[18]  A. M. Abdullah,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1997 .

[19]  Ahmad-Reza Sadeghi,et al.  Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks , 2009, STC '09.

[20]  Peng Ning,et al.  Remote attestation to dynamic system properties: Towards providing complete system integrity evidence , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[21]  Christos Xenakis,et al.  An Evaluation of Anomaly-Based Intrusion Detection Engines for Mobile Ad Hoc Networks , 2011, TrustBus.

[22]  G. Mohankumar Feature Analysis for Intrusion Detection in Mobile Ad-hoc Networks , 2010 .

[23]  Dharma P. Agrawal,et al.  Issues in integrating cellular networks WLANs, AND MANETs: a futuristic heterogeneous wireless network , 2005, IEEE Wireless Communications.

[24]  Mihaela Cardei,et al.  A Survey of Attacks and Countermeasures in Mobile Ad Hoc Networks , 2007 .

[25]  Winston Khoon Guan Seah,et al.  Security threats and solutions in MANETs: A case study using AODV and SAODV , 2012, J. Netw. Comput. Appl..

[26]  Yongdae Kim,et al.  Remote Software-Based Attestation for Wireless Sensors , 2005, ESAS.

[27]  Nello Cristianini,et al.  An Introduction to Support Vector Machines and Other Kernel-based Learning Methods , 2000 .

[28]  Clark Thomborson,et al.  Manufacturing cheap, resilient, and stealthy opaque constructs , 1998, POPL '98.

[29]  Michael P. Howarth,et al.  Adaptive intrusion detection & prevention of denial of service attacks in MANETs , 2009, IWCMC.

[30]  Heng Tao Shen,et al.  Principal Component Analysis , 2009, Encyclopedia of Biometrics.

[31]  Adrian Perrig,et al.  SAKE: Software attestation for key establishment in sensor networks , 2011, Ad Hoc Networks.

[32]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[33]  Chang-Wu Yu,et al.  A Distributed and Cooperative Black Hole Node Detection and Elimination Mechanism for Ad Hoc Networks , 2007, PAKDD Workshops.

[34]  Leah H. Jamieson,et al.  Establishing the Genuinity of Remote Computer Systems , 2003, USENIX Security Symposium.

[35]  Bu-Sung Lee,et al.  Cross-Layer Detection of Sinking Behavior in Wireless Ad Hoc Networks Using SVM and FDA , 2011, IEEE Transactions on Dependable and Secure Computing.

[36]  Jimmi Grönkvist,et al.  Evaluation of a Specification-Based Intrusion Detection System for AODV , 2007 .

[37]  Stefan Schlott,et al.  Securing ad hoc routing protocols , 2004, Proceedings. 30th Euromicro Conference, 2004..

[38]  Carles Gomez,et al.  Adapting AODV for IEEE 802.15.4 mesh sensor networks: theoretical discussion and performance evaluation in a real environment , 2006, 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks(WoWMoM'06).

[39]  Christos Xenakis,et al.  Securing the 802.11 MAC in MANETs: A specification-based intrusion detection engine , 2012, 2012 9th Annual Conference on Wireless On-Demand Network Systems and Services (WONS).

[40]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[41]  Christos Xenakis,et al.  A comparative evaluation of intrusion detection architectures for mobile ad hoc networks , 2011, Comput. Secur..

[42]  Jie Wu,et al.  A Survey on Intrusion Detection in Mobile Ad Hoc Networks , 2007 .

[43]  Øivind Ekelund Low Energy AES Hardware for Microcontroller , 2009 .

[44]  Jadwiga Indulska,et al.  Evaluation of multi-radio extensions to AODV for wireless mesh networks , 2006, MobiWac '06.

[45]  Charles E. Perkins,et al.  Highly dynamic Destination-Sequenced Distance-Vector routing (DSDV) for mobile computers , 1994, SIGCOMM.