A collaborative framework for intrusion detection in mobile networks

Mauro Andreolini,Michele Colajanni,Mirco Marchetti

doi:10.1016/j.ins.2015.03.025

Mauro Andreolini, Michele Colajanni + Show 1 more

Open Access

PDF Available

https://doi.org/10.1016/j.ins.2015.03.025

Copy DOI

Export

Save

Cite

Journal: Information Sciences	Publication Date: Mar 25, 2015
Citations: 16	License type: cc-by

Affiliation: University of Modena and Reggio Emilia

Abstract
Highlights/Summary
Full-Text PDF
Similar Papers

Abstract

Listen

Mobile devices are becoming the most popular way of connection, but protocols supporting mobility represent a serious source of concerns because their initial design did not enforce strong security. This paper introduces a novel class of stealth network attacks, called mobility-based evasion, where an attacker splits a malicious payload in such a way that no part can be recognized by existing defensive mechanisms including the most modern network intrusion detection systems operating in stateful mode. We propose an original cooperative framework for intrusion detection that can prevent mobility-based evasion. The viability and performance of the proposed solution is shown through a prototype applied to Mobile IPv4, Mobile IPv6 and WiFi protocols.

Highlights

Society has become dependent on a wide array of mobile devices
In addition to eavesdropping on wireless transmissions [5, 15, 23], break-in [33, 35], GSM impersonation [16, 13], social engineering [4], we present a novel form of attacks called mobile evasion that can be applied to mobile protocols, such as Mobile IPv4, Mobile IPv6 and WiFi
We describe the mobile evasion attack by considering the most advanced stateful NIDS architectures, because stateless systems can be bypassed by several types of attacks and are deprecated

Summary

Introduction

Society has become dependent on a wide array of mobile devices. For example, most credit-card swipes at restaurants are performed with mobile devices. To lower infrastructural costs and to appease their employees, companies are seeking to enroll so-called “Bring Your Own Device” (BYOD) policies that allow workers to gain controlled access to the internal network resources through their mobile devices (mainly laptops and phones). Mobile evasion leverages the intrinsic vulnerability of mobile protocols supporting transparent mobility where roaming events do not interrupt established connections [14] This is a mandatory feature for all applications requiring a stable connection, but it exposes mobile nodes and related networks to so called “stealth” network attacks. The overall solution is integrated into a prototype which extends Snort, but it can be adapted to any other NIDS because the implementation is based on a lightweight agent and a set of plugins handling different protocols This modular design guarantees great flexibility in terms of deployment and expandability.

Related work

Mobility-based NIDS evasion

Solution through NIDS cooperation

WiFi environments

Mobile IPv4 environments

Mobile IPv6 environments

Performance evaluation

Findings

Conclusions