Game Theory Approaches in Taxonomy of Intrusion Detection for MANETs

MANETs are self configuring networks that are formed by a set of wireless mobile nodes and have no fixed network infrastructure nor administrative support. Since transmission range of wireless network interfaces is limited, forwarding hosts may be needed. Each node in a wireless ad hoc network functions is as both a host and a router. Due to their communication type and resources constraint, MANETs are vulnerable to diverse types of attacks and intrusions so, security is a critical issue. Network security is usually provided in the three phases: intrusion prevention, intrusion detection and intrusion tolerance phase. However, the network security problem is far from completely solved. Researchers have been exploring the applicability of game theory approaches to address the network security issues. This paper reviews some existing game theory solutions which are designed to enhance network security in the intrusion detection phase. Keywords: Mobile Ad hoc Network (MANET), Intrusion detection system (IDS), Cluster head, host based, Game theory

A Novel Cooperative Intrusion Detection System for Mobile Ad Hoc Networks

Mobile ad hoc networks (MANETs) have experienced rapid growth in their use for various military, medical, and commercial scenarios. This is due to their dynamic nature that enables the deployment of such networks, in any target environment, without the need for a pre-existing infrastructure. On the other hand, the unique characteristics of MANETs, such as the lack of central networking points, limited wireless range, and constrained resources, have made the quest for securing such networks a challenging task. A large number of studies have focused on intrusion detection systems (IDSs) as a solid line of defense against various attacks targeting the vulnerable nature of MANETs. Since cooperation between nodes is mandatory to detect complex attacks in real time, various solutions have been proposed to provide cooperative IDSs (CIDSs) in efforts to improve detection efficiency. However, all of these solutions suffer from high rates of false alarms, and they violate the constrained-bandwidth nature of MANETs. To overcome these two problems, this research presented a novel CIDS utilizing the concept of social communities and the Dempster-Shafer theory (DST) of evidence. The concept of social communities was intended to establish reliable cooperative detection reporting while consuming minimal bandwidth. On the other hand, DST targeted decreasing false accusations through honoring partial/lack of evidence obtained solely from reliable sources. Experimental evaluation of the proposed CIDS resulted in consistently high detection rates, low false alarms rates, and low bandwidth consumption. The results of this research demonstrated the viability of applying the social communities concept combined with DST in achieving high detection accuracy and minimized bandwidth consumption throughout the detection process

Identification of Biometric-Based Continuous user Authentication and Intrusion Detection System for Cluster Based Manet

Mobile ad hoc is an infrastructure less dynamic network used in many applications; it has been targets of various attacks and makes security problems. This work aims to provide an enhanced level of security by using the prevention based and detection based approaches such as authentication and intrusion detection. The multi-model biometric technology is used for continuous authentication and intrusion detection in high security cluster based MANET. In this paper, an attempt has been made to combine continuous authentication and intrusion detection. In this proposed scheme, Dempster-Shafer theory is used for data fusion because more than one device needs to be chosen and their observation can be used to increase observation accuracy

Biometric Based Intrusion Detection System using Dempster-Shafer Theory for Mobile Ad hoc Network Security

In wireless mobile ad hoc network, mainly, two approaches are followed to protect the security such as prevention-based approaches and detection-based approaches. A Mobile Ad hoc Network (MANET) is a collection of autonomous wireless mobile nodes forming temporary network to interchange data (data packets) without using any fixed topology or centralized administration. In this dynamic network, each node changes its geographical position and acts as a router for forwarding packets to the other node. Current MANETs are basically vulnerable to different types of attacks. The multimodal biometric technology gives possible resolves for continuous user authentication and vulnerability in high security mobile ad hoc networks (MANETs). Dempster’s rule for combination gives a numerical method for combining multiple pieces of data from unreliable observers. This paper studies biometric authentication and intrusion detection system with data fusion using Dempster–Shafer theory in such MANETs. Multimodal biometric technologies are arrayed to work with intrusion detection to improve the limitations of unimodal biometric technique

Challenges of Misbehavior Detection in Industrial Wireless Networks

In recent years, wireless technologies are increasingly adopted in many application domains that were either unconnected before or exclusively used cable networks. This paradigm shift towards - often ad-hoc - wireless communication has led to significant benefits in terms of flexibility and mobility. Alongside with these benefits, however, arise new attack vectors, which cannot be mitigated by traditional security measures. Hence, mechanisms that are orthogonal to cryptographic security techniques are necessary in order to detect adversaries. In traditional networks, such mechanisms are subsumed under the term "intrusion detection system" and many proposals have been implemented for different application domains. More recently, the term "misbehavior detection" has been coined to encompass detection mechanisms especially for attacks in wireless networks. In this paper, we use industrial wireless networks as an exemplary application domain to discuss new directions and future challenges in detecting insider attacks. To that end, we review existing work on intrusion detection in mobile ad-hoc networks. We focus on physical-layer-based detection mechanisms as these are a particularly interesting research direction that had not been reasonable before widespread use of wireless technology.Peer Reviewe

Towards Trustworthy, Efficient and Scalable Distributed Wireless Systems

Advances in wireless technologies have enabled distributed mobile devices to connect with each other to form distributed wireless systems. Due to the absence of infrastructure, distributed wireless systems require node cooperation in multi-hop routing. However, the openness and decentralized nature of distributed wireless systems where each node labors under a resource constraint introduces three challenges: (1) cooperation incentives that effectively encourage nodes to offer services and thwart the intentions of selfish and malicious nodes, (2) cooperation incentives that are efficient to deploy, use and maintain, and (3) routing to efficiently deliver messages with less overhead and lower delay. While most previous cooperation incentive mechanisms rely on either a reputation system or a price system, neither provides sufficiently effective cooperation incentives nor efficient resource consumption. Also, previous routing algorithms are not sufficiently efficient in terms of routing overhead or delay. In this research, we propose mechanisms to improve the trustworthiness, scalability, and efficiency of the distributed wireless systems. Regarding trustworthiness, we study previous cooperation incentives based on game theory models. We then propose an integrated system that combines a reputation system and a price system to leverage the advantages of both methods to provide trustworthy services. Analytical and simulation results show higher performance for the integrated system compared to the other two systems in terms of the effectiveness of the cooperation incentives and detection of selfish nodes. Regarding scalability in a large-scale system, we propose a hierarchical Account-aided Reputation Management system (ARM) to efficiently and effectively provide cooperation incentives with small overhead. To globally collect all node reputation information to accurately calculate node reputation information and detect abnormal reputation information with low overhead, ARM builds a hierarchical locality-aware Distributed Hash Table (DHT) infrastructure for the efficient and integrated operation of both reputation systems and price systems. Based on the DHT infrastructure, ARM can reduce the reputation management overhead in reputation and price systems. We also design a distributed reputation manager auditing protocol to detect a malicious reputation manager. The experimental results show that ARM can detect the uncooperative nodes that gain fraudulent benefits while still being considered as trustworthy in previous reputation and price systems. Also, it can effectively identify misreported, falsified, and conspiratorial information, providing accurate node reputations that truly reflect node behaviors. Regarding an efficient distributed system, we propose a social network and duration utility-based distributed multi-copy routing protocol for delay tolerant networks based on the ARM system. The routing protocol fully exploits node movement patterns in the social network to increase delivery throughput and decrease delivery delay while generating low overhead. The simulation results show that the proposed routing protocol outperforms the epidemic routing and spray and wait routing in terms of higher message delivery throughput, lower message delivery delay, lower message delivery overhead, and higher packet delivery success rate. The three components proposed in this dissertation research improve the trustworthiness, scalability, and efficiency of distributed wireless systems to meet the requirements of diversified distributed wireless applications

Mechanism design-based leader election scheme for intrusion detection in MANET

We study the leader election in the presence of selfish nodes for intrusion detection systems (IDS) in a mobile ad hoc network (MANET). To balance the resource consumption among all nodes and prolong the lifetime of a MANET, nodes with the most remaining resources should be elected as the leaders. However, without incentives for serving others, a node may behave selfishly by lying about its remaining resource and avoiding being elected. We present a solution based on mechanism design theory. More specifically, we design a scheme for electing cluster leaders that have the following two advantages: First, the collection of elected leaders is the optimal in the sense that the overall resource consumption will be balanced among all nodes in the network overtime. Second, the scheme provides the leaders with incentives in the form of reputation so that nodes are encouraged to honestly participate in the election process. The design of such incentives is based on the Vickrey, Clarke, and Groves (VCG) model by which truth-telling is the dominant strategy for each node. Simulation results show that our scheme can effectively prolong the overall lifetime of IDS in MANET and balance the resource consumptions among all the nodes