Intrusion Detection System Resiliency to Byzantine Attacks: The Case Study of Wormholes in OLSR

In this paper we extend the work presented in [1], [2] by quantifying the effects of in-band wormhole attacks on Intrusion Detection Systems. More specifically, we propose a mathematical framework for obtaining performance bounds of Byzantine attackers and the Intrusion Detection System (IDS) in terms of detection delay. We formulate the problem of distributed collaborative defense against coordinated attacks in MANET as a dynamic game problem. In our formulation we have on the one hand a group of attackers that observe what is going on in the network and coordinate their attack in an adaptive manner. On the other side, we have a group of defending nodes (the IDS nodes) that collaboratively observe the network and coordinate their actions against the attackers. Using extensions of the game theoretic framework of [3] we provide a mathematical framework for efficient identification of the worst attacks and damages that the attackers can achieve, as well as the best response of the defenders. This approach leads to quantifying resiliency of the routing-attack IDS with respect to Byzantine attacks

Two-tier Intrusion Detection System for Mobile Ad Hoc Networks

Nowadays, a commonly used wireless network (i.e. Wi-Fi) operates with the aid of a fixed infrastructure (i.e. an access point) to facilitate communication between nodes when they roam from one location to another. The need for such a fixed supporting infrastructure limits the adaptability of the wireless network, especially in situations where the deployment of such an infrastructure is impractical. In addition, Wi-Fi limits nodes' communication as it only provides facility for mobile nodes to send and receive information, but not reroute the information across the network. Recent advancements in computer network introduced a new wireless network, known as a Mobile Ad Hoc Network (MANET), to overcome these limitations. MANET has a set of unique characteristics that make it different from other kind of wireless networks. Often referred as a peer to peer network, such a network does not have any fixed topology, thus nodes are free to roam anywhere, and could join or leave the network anytime they desire. Its ability to be setup without the need of any infrastructure is very useful, especially in geographically constrained environments such as in a military battlefield or a disaster relief operation. In addition, through its multi hop routing facility, each node could function as a router, thus communication between nodes could be made available without the need of a supporting fixed router or an access point. However, these handy facilities come with big challenges, especially in dealing with the security issues. This research aims to address MANET security issues by proposing a novel intrusion detection system that could be used to complement existing prevention mechanisms that have been proposed to secure such a network. A comprehensive analysis of attacks and the existing security measures proved that there is a need for an Intrusion Detection System (IDS) to protect MANETs against security threats. The analysis also suggested that the existing IDS proposed for MANET are not immune against a colluding blackmail attack due to the nature of such a network that comprises autonomous and anonymous nodes. The IDS architecture as proposed in this study utilises trust relationships between nodes to overcome this nodes' anonymity issue. Through a friendship mechanism, the problems of false accusations and false alarms caused by blackmail attackers in global detection and response mechanisms could be eliminated. The applicability of the friendship concept as well as other proposed mechanisms to solve MANET IDS related issues have been validated through a set of simulation experiments. Several MANET settings, which differ from each other based on the network's density level, the number of initial trusted friends owned by each node, and the duration of the simulation times, have been used to study the effects of such factors towards the overall performance of the proposed IDS framework. The results obtained from the experiments proved that the proposed concepts are capable to at least minimise i f not fully eliminate the problem currently faced in MANET IDS

Security Issues in Manet and Counter-Measures

Mobile Ad-hoc Networks (MANET) are self-configuring networks of mobile nodes connected by wireless links. These nodes are able to move randomly and organize themselves and thus, the network's wireless architecture change rapidly and unpredictably. MANETs are usually utilized in situations of emergency for temporary operations or when there are no resources to set up elaborate networks. Mobile Ad-hoc Networks operate in the absence of any fixed infrastructure, which makes them easy to deploy, at the same time however, due to the absence of any fixed infrastructure, it becomes difficult to make use of the existing routing techniques for network services, and this poses a number of challenges in ensuring the security of the communication network, something that is not easily done as many of the demands of network security conflict with the demands of mobile networks due to the nature of the mobile devices (e.g. low power consumption, low processing load). Most of the ad-hoc routing protocols that address security issues rely on implicit trust relationships to route packets among participating nodes. Apart from security objectives like authentication, availability, confidentiality, and integrity, the ad-hoc routing protocols should also address location confidentiality, cooperation fairness and absence of traffic diversion. In this paper we attempt to survey security issues faced by the mobile ad-hoc network environment and provide a classification of the various security mechanisms. We also analyzed the respective strengths and vulnerabilities of the existing routing protocols and proposed a broad and comprehensive frame-work that can provide a tangible solution