Abstract
Mobile ad hoc networks mostly operate over open, adverse, or even hostile environments and are, therefore, vulnerable to a large body of threats. Conventional ways of securing network relying on, for example, firewall and encryption, should henceforth be coupled with advanced intrusion detection. To meet this requirement, we first identify the attacks that threaten ad hoc networks, focusing on the Optimized Link State Routing Protocol. We then introduce IDAR, a signature-based Intrusion Detector dedicated to ad hoc routing protocols. Contrary to existing systems that monitor the packets going through the host, our system analyses the logs so as to identify patterns of misuse. This detector scopes with the resource-constraints of ad hoc devices by providing distributed detection; in particular, depending on the level of suspicion and gravity, in-depth cooperative diagnostic may be launched. Simulation-based evaluation shows limited resource consumption (e.g., memory and bandwidth) and high detection rate along with reduced false positives.
Highlights
Securing mobile [Ad hoc] networks (MANETs for short) is challenging because these networks often operate in adverse or even hostile environments [1, 2]
One fundamental is the notion of multipoint relay (MPR): each device selects a subset of the 1-hop neighbors, called MPRs, that is responsible for forwarding the control traffic in the entire network
An intruder I may corrupt the routing table by maliciously modifying a received control message before forwarding it. This modification consists in tampering either the contents of the message or the identification of its source. The former case is similar to the forge attack, described above, wherein the intruder tampers the MPR selector set in Topology Control (TC) message, the OLSR routes in Host and Network Association (HNA) message or the interface(s) identification in Multiple Interface Declaration (MID) message
Summary
Securing mobile [Ad hoc] networks (MANETs for short) is challenging because these networks often operate in adverse or even hostile environments [1, 2]. Main challenges stem from the need to keep to a minimum the number of diagnostics and the computational load related to the intrusion identification while minimizing the traffic generated when gleaning intrusion evidences This calls for developing a lightweight and distributed intrusion detection system that scopes with the cooperative nature of ad hoc networks and the device resource constraints. Towards this goal, IDAR is designed to be a distributed and cooperative detection system, which parses logs as close as possible from the device that generates them so as to diminish the number of long-distant communications. We conclude this paper with a summary of our results along with directions for future works (Section 6)
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Distributed Sensor Networks
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
