{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

IEEEXplore (2) - Eighth International Workshop on...

Info icon This preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Combining Passive Autoconfiguration and Anomaly-based Intrusion Detection in Ad-hoc Networks Stephan Schuhmann Institut f¨ur Parallele und Verteilte Systeme (IPVS) Universit¨at Stuttgart Stuttgart, Germany Lars V¨olker Institut f¨ur Telematik Universit¨at Karlsruhe (TH) Karlsruhe, Germany Abstract Two essential services of Ad-hoc networks are IP address autoconfiguration and intrusion detection systems. Since both autoconfiguration and intrusion detection may base their decisions on routing protocol anomalies, their inter- dependencies can cause problems. In this paper, we present our approach to efficiently combine autoconfiguration and intrusion detection, and present our enhancements in attack detection for an autoconfiguration system. We have identi- fied anomalies indicating specific attacks, implemented suit- able anomaly detectors, and evaluated our system. The re- sults show that it is possible to detect both the attacks and IP address conflicts in an efficient way. 1. Introduction Ad-hoc networks can be used to easily deploy wireless networks when an infrastructure is missing. An important aspect of these networks is the automatic configuration of IP addresses. Passive autoconfiguration systems like PAC- MAN [13] observe the behavior of the ad-hoc routing pro- tocols in order to detect anomalies caused by misconfigured IP-Addresses and reconfigure the network, accordingly. A state of the art intrusion detection systems (IDS) also looks for anomalies in the routing protocols but aims to identify attacks. Unfortunately, the approaches taken by both sys- tems are very similar and in conflict with each other. Pack- ets might be classified by the IDS as an attack, while the autoconfiguration system only detects duplicated addresses. Furthermore, both systems would do similar classification work on the routing protocol messages and therefore be in- efficient. In this paper, we examine how both approaches can be combined in an efficient way. We chose PACMAN as an autoconfiguration system and extended it to also function as an intrusion detection system. Using Optimized Link State Routing (OLSR, [4]) as an example, we examined attacks against the routing protocol and identified the anomalies such attacks cause. We extended PACMAN with a common detection function which detects anomalies of the routing protocols and allows us to interpret anomalies for autocon- figuration and intrusion detection. The paper is structured as follows: After this introduc- tion, we present PACMAN, the OLSR routing protocol, and related work. Subsequently, attacks against OLSR and oc- curring anomalies are presented and classified in Section 3. In order to detect these anomalies, several algorithms have been developed and are presented in Section 4, while Sec- tion 5 shows evaluation results. The paper closes with Sec- tion 6 that summarizes the entire work and gives an outlook on possible future work.
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern