This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: A Cooperative Intrusion Detection System for Ad Hoc Networks Yi-an Huang College of Computing Georgia Institute of Technology [email protected] Wenke Lee College of Computing Georgia Institute of Technology [email protected] ABSTRACT Mobile ad hoc networking (MANET) has become an excit- ing and important technology in recent years because of the rapid proliferation of wireless devices. MANETs are highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring and management point, and lack of a clear line of defense. In this paper, we report our progress in developing intrusion detection (ID) capabilities for MANET. Building on our prior work on anomaly detection, we in- vestigate how to improve the anomaly detection approach to provide more details on attack types and sources. For several well-known attacks, we can apply a simple rule to identify the attack type when an anomaly is reported. In some cases, these rules can also help identify the attackers. We address the run-time resource constraint problem using a cluster-based detection scheme where periodically a node is elected as the ID agent for a cluster. Compared with the scheme where each node is its own ID agent, this scheme is much more efficient while maintaining the same level of effectiveness. We have conducted extensive experiments us- ing the ns-2 and MobiEmu environments to validate our research. 1. INTRODUCTION In recent years, with the rapid proliferation of wireless de- vices, e.g., mobile laptop computers, PDAs, and wireless telephones, the potentials and importance of mobile ad hoc networking have become apparent. A mobile ad hoc net- work (MANET) is formed by a group of mobile wireless nodes often without the assistance of fixed network infras- tructure . The nodes must cooperate by forwarding packets so that nodes beyond radio ranges can communicate with each other. There are a number of important MANET applications, e.g., battlefield operations, emergency rescues, mobile conferencing, home and community networking, and sensor dust . MANETs are much more vulnerable to attacks than wired (traditional) networks due to the open medium, dynam- ically changing network topology, cooperative algorithms, lack of centralized monitoring and management point, and lack of a clear line of defense. There are recent research ef- forts, e.g., [29, 10], in securing the ad hoc routing protocols (e.g., [13, 21, 14, 22]). Most of these are prevention tech- niques. Experience in security research in the wired environ- ments has taught us that we need to deploy defense-in-depth or layered security mechanisms because security is a process (or a chain) that is as secure as its weakest link . In ad- dition to prevention, we also need detection and response , as well as security policies and vulnerability analysis. Although many intrusion detection (ID) techniques have been devel- oped in the wired networks, the vast differences in MANET...
View Full Document
- Spring '12
- Networking, attack, routing protocol, Intrusion detection system