LIDF: Layered intrusion detection framework for ad-hoc networks

As ad-hoc networks have different characteristics from a wired network, the intrusion detection techniques used for wired networks are no longer sufficient and effective when adapted directly to a wireless ad-hoc network. In this article, first τhe security challenges in intrusion detection for ad-hoc networks are identified and the related work for anomaly detection is discussed. We then propose a layered intrusion detection framework, which consists of collection, detection and alert modules that are handled by local agents. The collection, detection and alert modules are uniquely enabled with the main operations of ad-hoc networking, which are found at the OSI link and network layers. The proposed modules are based on interpolating polynomials and linear threshold schemes. An experimental evaluation of these modules shows their efficiency for several attack scenarios, such as route logic compromise, traffic patterns distortion and denial of service attacks

Challenges of Misbehavior Detection in Industrial Wireless Networks

In recent years, wireless technologies are increasingly adopted in many application domains that were either unconnected before or exclusively used cable networks. This paradigm shift towards - often ad-hoc - wireless communication has led to significant benefits in terms of flexibility and mobility. Alongside with these benefits, however, arise new attack vectors, which cannot be mitigated by traditional security measures. Hence, mechanisms that are orthogonal to cryptographic security techniques are necessary in order to detect adversaries. In traditional networks, such mechanisms are subsumed under the term "intrusion detection system" and many proposals have been implemented for different application domains. More recently, the term "misbehavior detection" has been coined to encompass detection mechanisms especially for attacks in wireless networks. In this paper, we use industrial wireless networks as an exemplary application domain to discuss new directions and future challenges in detecting insider attacks. To that end, we review existing work on intrusion detection in mobile ad-hoc networks. We focus on physical-layer-based detection mechanisms as these are a particularly interesting research direction that had not been reasonable before widespread use of wireless technology.Peer Reviewe

LD: Identifying Misbehaving Nodes in MANET

A mobile ad-hoc network is a collection of mobile nodes connected together over a wireless medium without any fixed infrastructure. Unique characteristics of mobile ad-hoc networks such as open peer-to-peer network architecture, shared wireless medium and highly dynamic topology, pose various challenges to the security design. Mobile ad-hoc networks lack central administration or control, making them very vulnerable to attacks or disruption by faulty nodes in the absence of any security mechanisms. Also, the wireless channel in a mobile ad-hoc network is accessible to both legitimate network users and malicious attackers. So, the task of finding good solutions for these challenges plays a critical role in achieving the eventual success of mobile ad-hoc networks. However, the open medium and wide distribution of nodes make MANET vulnerable to malicious attackers. In this case, it is crucial to develop efficient intrusion-detection mechanisms to protect MANET from attacks. Secure routing protocols and mechanisms to detect routing misbehavior in the direct neighborhood exist; however, collusion of misbehaving nodes has not been adequately addressed yet. We present LeakDetector, a mechanism to detect colluding malicious nodes in wireless multihop networks A mobile ad-hoc network is a collection of mobile nodes connected together over a wireless medium without any fixed infrastructure. Unique characteristics of mobile ad-hoc networks such as open peer-to-peer network architecture, shared wireless medium and highly dynamic topology, pose various challenges to the security design. Mobile ad-hoc networks lack central administration or control, making them very vulnerable to attacks or disruption by faulty nodes in the absence of any security mechanisms. Also, the wireless channel in a mobile ad-hoc network is accessible to both legitimate network users and malicious attackers. So, the task of finding good solutions for these challenges plays a critical role in achieving the eventual success of mobile ad-hoc networks. However,the. LeakDetector enables the calculation of the packet-loss ratio for the individual nodes

Hierarchical Design Based Intrusion Detection System For Wireless Ad hoc Network

In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system needs to be introduced. Though intrusion prevention mechanism is one of the major and efficient methods against attacks, but there might be some attacks for which prevention method is not known. Besides preventing the system from some known attacks, intrusion detection system gather necessary information related to attack technique and help in the development of intrusion prevention system. In addition to reviewing the present attacks available in wireless sensor network this paper examines the current efforts to intrusion detection system against wireless sensor network. In this paper we propose a hierarchical architectural design based intrusion detection system that fits the current demands and restrictions of wireless ad hoc sensor network. In this proposed intrusion detection system architecture we followed clustering mechanism to build a four level hierarchical network which enhances network scalability to large geographical area and use both anomaly and misuse detection techniques for intrusion detection. We introduce policy based detection mechanism as well as intrusion response together with GSM cell concept for intrusion detection architecture.Comment: 16 pages, International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010. arXiv admin note: text overlap with arXiv:1111.1933 by other author

Random access MAC protocols and system monitoring methodology in wireless mesh networks.

As an extension of wireless Ad Hoc 1 and sensor 2 networks, wireless mesh networks (WMN) 3 have recently been developed as a key solution to provide high-quality multimedia services and applications, such as voice, data and video, over wireless personal area networks (WPAN) 4, wireless local area network (WXAN) 5 and wireless metropolitan area network (WMAN) 6. A WMN usually has a hierarchical network infrastructure with backbone and access networks operated in both Ad Hoc and centralized modes with self-organization and self-configuration capabilities. Along with flexibilities, WMN brings several problems and requirements at the same time. In this thesis, problems and challenges such as packet collisions, interference and security issues are initialized discussed with existing solutions reviewed. After that, three innovative random access MAC protocols are proposed for wireless mesh access networks with comprehensive analysis and discussion followed. Moreover, in order to detect misbehaviors of wireless terminals and abnormal performance of applications, the network traffic flow concept in wired IP network is extended to WMN with "Meshflow" defined. Based on this new concept, a comprehensive framework is designed for wireless mesh backbone network to monitor users, routers, applications and services so as to achieve abnormal or intrusion detection, malicious user identification and traceback

DPRAODV: A Dynamic Learning System Against Blackhole Attack In AODV Based MANET

Security is an essential requirement in mobile ad hoc networks to provide protected communication between mobile nodes. Due to unique characteristics of MANETS, it creates a number of consequential challenges to its security design. To overcome the challenges, there is a need to build a multifence security solution that achieves both broad protection and desirable network performance. MANETs are vulnerable to various attacks, blackhole, is one of the possible attacks. Black hole is a type of routing attack where a malicious node advertise itself as having the shortest path to all nodes in the environment by sending fake route reply. By doing this, the malicious node can deprive the traffic from the source node. It can be used as a denial-of-service attack where it can drop the packets later. In this paper, we proposed a DPRAODV (Detection, Prevention and Reactive AODV) to prevent security threats of blackhole by notifying other nodes in the network of the incident. The simulation results in ns2 (ver-2.33) demonstrate that our protocol not only prevents blackhole attack but consequently improves the overall performance of (normal) AODV in presence of black hole attack

Real valued negative selection for anomaly detection in wireless ad hoc networks

Wireless ad hoc network is one of the network technologies that have gained lots of attention from computer scientists for the future telecommunication applications. However it has inherits the major vulnerabilities from its ancestor (i.e., the fixed wired networks) but cannot inherit all the conventional intrusion detection capabilities due to its features and characteristics. Wireless ad hoc network has the potential to become the de facto standard for future wireless networking because of its open medium and dynamic features. Non-infrastructure network such as wireless ad hoc networks are expected to become an important part of 4G architecture in the future. In this paper, we study the use of an Artificial Immune System (AIS) as anomaly detector in a wireless ad hoc network. The main goal of our research is to build a system that can learn and detect new and unknown attacks. To achieve our goal, we studied how the real-valued negative selection algorithm can be applied in wireless ad hoc network network and finally we proposed the enhancements to real-valued negative selection algorithm for anomaly detection in wireless ad hoc network