This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Mobile Networks and Applications ? (2003) 1–16 1 Intrusion Detection Techniques for Mobile Wireless Networks * Yongguang Zhang HRL Laboratories LLC, Malibu, California E-mail: [email protected] Wenke Lee College of Computing, Georgia Institute of Technology E-mail: [email protected] Yi-An Huang College of Computing, Georgia Institute of Technology E-mail: [email protected] The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective. We need to search for new architecture and mechanisms to protect the wireless networks and mobile computing application. In this paper, we examine the vulnerabilities of wireless networks and argue that we must include intrusion detection in the security architecture for mobile computing environment. We have developed such an architecture and evaluated a key mechanism in this architecture, anomaly detection for mobile ad-hoc network, through simulation experiments. Keywords: intrusion detection, intrusion response, cooperative detection, anomaly detection, mobile ad-hoc networks. 1. Introduction The rapid proliferation of wireless networks and mo- bile computing applications has changed the landscape of network security. The nature of mobility creates new vulnerabilities that do not exist in a fixed wired net- work, and yet many of the proven security measures turn out to be ineffective. Therefore, the traditional way of protecting networks with firewalls and encryp- tion software is no longer sufficient. We need to develop new architecture and mechanisms to protect the wire- less networks and mobile computing applications. The implication of mobile computing on network se- curity research can be further demonstrated by the fol- low case. Recently (Summer 2001) an Internet worm called Code Red has spread rapidly to infect many of the Windows-based server machines. To prevent this type of worm attacks from spreading into intranets, many * This paper was accepted for publication in ACM MONET Jour- nal in 2002 and appear in this issue of ACM WINET due to editorial constraints. companies rely on firewalls to protect the internal net- works. However, there are multiple incidents that the Code Red worm has been caught from within the in- tranet, largely due to the use of mobile computers. As more and more business travelers are carrying laptops and more and more public venues (e.g. conferences) provide wireless Internet access, there are higher and higher chances that an inadequately protected laptop will be infected with worms. For example, in a recent IETF meeting, among the hundreds of attendees that carry laptops, a dozens have been detected to be in- fected with Code Red worm. When these laptops are later integrated back into their company networks, they can spread the worms from within and deem the fire- walls useless in defending this worm.walls useless in defending this worm....
View Full Document
This note was uploaded on 03/19/2012 for the course COMPUTER S 2143 taught by Professor Singh during the Spring '12 term at Punjab Engineering College.
- Spring '12