International Journal of Security and Its Applications
Vol. 2, No.3, July, 2008
AN INTRUSION DETECTION SYSTEM IN MOBILE ADHOC
Research Scholar, Dept of Computer, Science & Engineering,
Acharya Nagarjuna University, India.
Dr. Tai Hoon Kim,
Professor , Dept. of Multimedia, Hannam University, Korea.
Networks are protected using many firewalls and encryption software’s.
But many of
them are not sufficient and effective. Therefore an intrusion detection system (IDS) is
required that monitors the network, detects misbehavior or anomalies and notifies other
nodes in the network to avoid or punish the misbehaving nodes. Numerous schemes have been
proposed for Intrusion Detection and Response Systems, for Ad hoc networks. The ultimate
goal of the security solutions for wireless networks is to provide security services, such as
authentication, confidentiality, integrity, anonymity, and availability, to mobile users.
paper, we examine the vulnerabilities of wireless networks and argue that we must include
intrusion detection in the security architecture for mobile computing environment. We
propose an mIDS (Mobile Intrusion Detection System) suitable for multi-hop ad-hoc wireless
networks, which detects nodes misbehavior, anomalies in packet forwarding, such as
intermediate nodes dropping or delaying packets. mIDS does rely on overhearing packet
transmissions of neighboring nodes. Simple rules are designed to identify the misbehavior
nodes. A special node called a monitor node carries out the process of identifying the
The nature of mobility for mobile networks needs additional mechanisms for
providing security. These vulnerabilities do not exist in a fixed wired network. Therefore, the
traditional way of protecting networks with firewalls and encryption software is no longer
sufficient. We need to develop new architecture and mechanisms to protect the wire-less
networks and mobile computing applications.
Hence, in this paper, we discuss how to
identify the intrusion after an anomaly is reported. Simple rules are applied to identify the
intruder information and detect the type of the attack. A node called the Monitor node carries
the identification process. This node overhears the channel and detects the misbehavior nodes.
There may be more than one monitor node in the whole network. Periodically the monitor
nodes are elected in the network.