This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: An Intrusion Detection Tool for AODV-based Ad hoc Wireless Networks Giovanni Vigna Sumit Gwalani Kavitha Srinivasan Elizabeth M. Belding-Royer Richard A. Kemmerer Department of Computer Science University of California, Santa Barbara vigna,sumitg,kavitha,ebelding,kemm @cs.ucsb.edu Abstract Mobile ad hoc network routing protocols are highly suscepti- ble to subversion. Previous research in securing these proto- cols has typically used techniques based on encryption and redundant transmission. These techniques prevent a range of attacks against routing protocols but are expensive to de- ploy on energy-constrained wireless devices. Experience in securing wired networks has demonstrated that, in addition to intrusion prevention techniques, it is useful to deploy in- trusion detection techniques as a second line of defense. In this paper, we discuss some of the threats to wireless ad hoc networks, and, specifically, some attacks against the AODV routing protocol. We also present a tool aimed at real-time detection of these attacks. The tool monitors network packets to detect local and distributed attacks within its radio range. Experiments show that the tool provides effective intrusion detection functionality while using only a limited amount of resources. 1. Introduction A mobile ad hoc network (MANET) is a collection of mobile nodes that are capable of communicating with each other, establishing and maintaining connections as needed. In ad hoc networks, there is no established infrastructure or centralized administration. The topology of an ad hoc net- work is defined by the geographical positions and the trans- mission ranges of the nodes. These networks do not have a clearly defined physical boundary, and, therefore, have no specific entry point. As a consequence, access control mech- anisms, similar to firewalls in wired networks, are not feasi- ble. In addition, the hop-by-hop routing used in ad hoc net- works requires cooperation from the nodes in the network. Therefore, it is not possible to assume that the routing in- frastructure can be trusted to any degree. Wireless ad hoc networks are vulnerable to various at- tacks. These include passive eavesdropping, active interfer- ing, impersonation, and denial-of-service. Intrusion preven- tion measures, such as strong authentication and redundant transmission, can be used to address some of these attacks. However, these techniques can address only a subset of the threats, and, moreover, are costly to implement. The dynamic nature of ad hoc networks suggests that pre- vention techniques should be complemented by detection techniques that monitor the security status of the network and identify anomalous and/or malicious behavior. These techniques are usually less expensive to implement and can be easily deployed in existing ad hoc networks without re- quiring modifications to the nodes' configuration or the rout- ing protocols being used....
View Full Document
- Spring '12
- Computer Science