This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Combining Passive Autoconfiguration and Anomaly-based Intrusion Detection in Ad-hoc Networks Stephan Schuhmann Institut f¨ur Parallele und Verteilte Systeme (IPVS) Universit¨at Stuttgart Stuttgart, Germany Lars V¨olker Institut f¨ur Telematik Universit¨at Karlsruhe (TH) Karlsruhe, Germany Abstract Two essential services of Ad-hoc networks are IP address autoconfiguration and intrusion detection systems. Since both autoconfiguration and intrusion detection may base their decisions on routing protocol anomalies, their inter- dependencies can cause problems. In this paper, we present our approach to efficiently combine autoconfiguration and intrusion detection, and present our enhancements in attack detection for an autoconfiguration system. We have identi- fied anomalies indicating specific attacks, implemented suit- able anomaly detectors, and evaluated our system. The re- sults show that it is possible to detect both the attacks and IP address conflicts in an efficient way. 1. Introduction Ad-hoc networks can be used to easily deploy wireless networks when an infrastructure is missing. An important aspect of these networks is the automatic configuration of IP addresses. Passive autoconfiguration systems like PAC- MAN  observe the behavior of the ad-hoc routing pro- tocols in order to detect anomalies caused by misconfigured IP-Addresses and reconfigure the network, accordingly. A state of the art intrusion detection systems (IDS) also looks for anomalies in the routing protocols but aims to identify attacks. Unfortunately, the approaches taken by both sys- tems are very similar and in conflict with each other. Pack- ets might be classified by the IDS as an attack, while the autoconfiguration system only detects duplicated addresses. Furthermore, both systems would do similar classification work on the routing protocol messages and therefore be in- efficient. In this paper, we examine how both approaches can be combined in an efficient way. We chose PACMAN as an autoconfiguration system and extended it to also function as an intrusion detection system. Using Optimized Link State Routing (OLSR, ) as an example, we examined attacks against the routing protocol and identified the anomalies such attacks cause. We extended PACMAN with a common detection function which detects anomalies of the routing protocols and allows us to interpret anomalies for autocon- figuration and intrusion detection. The paper is structured as follows: After this introduc- tion, we present PACMAN, the OLSR routing protocol, and related work. Subsequently, attacks against OLSR and oc- curring anomalies are presented and classified in Section 3. In order to detect these anomalies, several algorithms have been developed and are presented in Section 4, while Sec- tion 5 shows evaluation results. The paper closes with Sec- tion 6 that summarizes the entire work and gives an outlook on possible future work....
View Full Document
This note was uploaded on 03/19/2012 for the course CS 1313 taught by Professor Aman during the Spring '12 term at Punjab Engineering College.
- Spring '12