IISc Logo    Title

etd AT Indian Institute of Science >
Centres under the Director (formely kown as Division of Information Sciences) >
Supercomputer Education and Research Centre (serc) >

Please use this identifier to cite or link to this item: http://hdl.handle.net/2005/823

Title: Intrusion Identification For Mobile Ad Hoc Networks
Authors: Sahoo, Chandramani
Advisors: Balakrishnan, N
Keywords: Cellular Telephone
Mobile Communication Networks
Intrusion (Communication)
Routing Protocols
Routing (Computer Networks)
Network Security
Wireless Ad Hoc Networks
Mobile Ad Hoc Networks (MANETs)
Intrusion Detection
Ad Hoc On-Demand Distance Vector (AODV)
Intrusion Detection Systems (IDSs)
Intrusion Identification
Submitted Date: Mar-2008
Series/Report no.: G22618
Abstract: A Mobile Ad Hoc Network (MANETs) is a collection of wireless hosts that can be rapidly deployed as a multi hop packet radio network without the aid of any established infrastructure or centralized administration. Such networks can be used to enable next generation of battlefield applications envisioned by the military, including situation awareness systems for maneuvering war fighters, and remotely deployed unmanned microsensor networks. Ad Hoc networks can also provide solutions for civilian applications such as disaster recovery and message exchanges among safety and security personnel involved in rescue missions. Existing solutions for wired network Intrusion Detection Systems (IDSs) do not suit wireless Ad Hoc networks. To utilize either misuse detection or anomaly detection to monitor any possible compromises, the IDS must be able to distinguish normal from anomaly activities. To enable intrusion detection in wireless Ad Hoc networks, the research problems are: • How to efficiently collect normal and anomaly patterns of Ad Hoc networks? The lifetime of the hosts is short and Ad Hoc networks do not have traffic concentration points (router, switch). • How to detect anomalies? The loss could be caused by host movement instead of attacks. Unexpectedly long delay could be caused by unreliable channel instead of malicious discard. In this thesis, we have proposed a novel architecture that uses specification based intrusion detection techniques to detect active attacks against the routing protocols of mobile Ad Hoc networks. Our work analyzes some of the vulnerabilities and discuss the attacks against the AODV protocol. Our approach involves the use of an FSM (Finite State Machine) for specifying the AODV routing behavior and the distributed network monitors for detecting the sequence number attack. Our method can detect most of the bad nodes with low false positive rate and the packet delivery ratio can also be increased with high detection rate. For packet dropping attack, we present a distributed technique to detect this attack in wireless Ad Hoc networks. A bad node can forward packets but in fact it fails to do so. In our technique, every node in the network will check the neighboring nodes to detect if any of them fail to forward the packets. Our technique can detect most of the bad nodes with low false positive rate and the packet delivery ratio can also be increased. The proposed solution can be applied to identify multiple malicious nodes cooperating with each other in MANETs and discover secure routes from source to destination by avoiding malicious nodes acting in cooperation. Our technique will detect the sequence number and Packet Dropping attacks in real time within its radio range with no extra overhead. For resource consumption attack, the proposed scheme incurs no extra overhead, as it makes minimal modifications to the existing data structures and functions related to bad listing a node in the existing version of pure AODV. The proposed scheme is more efficient in terms of the resultant routes established, resource reservations, and computational complexity. If multiple malicious nodes collaborate, they in turn will be restricted and isolated by their neighbors, because they monitor and exercise control over forwarding RREQs by nodes. Hence, the scheme successfully prevents Distributed attacks. The proposed scheme shifts the responsibility of monitoring this parameter to the node's neighbor, ensuring compliance of this restriction. This technique solves all of the problems caused due to unnecessary RREQs from a compromised node. Instead of self-control, the control exercised by a node's neighbor results in preventing this attack. Experiments show that the tool provides effective intrusion detection functionality while using only a limited amount of resources. The loop freedom property has been reduced to an invariant on pairs of nodes. Each node decides & transmits its decision to a control center. Robustness to Threats, Robustness to nodes destruction: Loss of Performance (in terms of ratio) is least for Distributed Option and highest for Centralized Option and Robustness to observations deletion. All the proposed schemes were analyzed and tested under different topologies and conditions with varying number of nodes .The proposed algorithms for improving the robustness of the wireless Ad Hoc networks using AODV protocol against Packet Dropping Attack, Sequence Number attack and resource consumption attack have been simulated for an illustrative network of about 30 nodes. Our experiments have shown that the pattern extracted through simulation can be used to detect attacks effectively. The patterns could also be applied to detect similar attacks on other protocols.
URI: http://hdl.handle.net/2005/823
Appears in Collections:Supercomputer Education and Research Centre (serc)

Files in This Item:

File Description SizeFormat
G22618.pdf1.16 MBAdobe PDFView/Open

Items in etd@IISc are protected by copyright, with all rights reserved, unless otherwise indicated.

 

etd@IISc is a joint service of SERC & IISc Library ||
Feedback
|| Powered by DSpace || Compliant to OAI-PMH V 2.0 and ETD-MS V 1.01