Intrusion detection techniques in mobile ad hoc and wireless sensor networks

Mobile ad hoc networks and wireless sensor networks have promised a wide variety of applications. However, they are often deployed in potentially adverse or even hostile environments. Therefore, they cannot be readily deployed without first addressing security challenges. Intrusion detection systems provide a necessary layer of in-depth protection for wired networks. However, relatively little research has been performed about intrusion detection in the areas of mobile ad hoc networks and wireless sensor networks. In this article, first we briefly introduce mobile ad hoc networks and wireless sensor networks and their security concerns. Then, we focus on their intrusion detection capabilities. Specifically, we present the challenge of constructing intrusion detection systems for mobile ad hoc networks and wireless sensor networks, survey the existing intrusion detection techniques, and indicate important future research directions.     

基于智能决策的移动Ad Hoc网络IDS模型

近几年,入侵检测在网络安全领域显得极为重要,尤其是在移动AdHoc网络安全领域更是如此。介绍了入侵检测技术及其分类,指出了在移动AdHoc网络中设计应用入侵检测系统所面临的挑战。为应对这些挑战,提出了一种新颖的入侵检测系统模型,并阐述了它的结构和工作原理。     

无线通信网络中流量分析技术综述

对无线网络流量的分析和准确预测是无线网络管理与安全领域的重要研究内容之一,在网络规划、网络监控、流量趋势分析、网络优化以及入侵检测和异常检测等方面发挥着重要作用。介绍了目前典型的无线网络流量分析的模型与常用流量分析方法,综述了传统无线通信网络(如无线局域网和物联网)中的流量分析技术,指出了流量分析技术应用于无线自组网系统的可能性与面临的几点挑战,以及无线自组网系统与流量分析技术结合的发展方向。     

Control theoretic approach to intrusion detection using a distributed hidden Markov model

Cooperative ad hoc wireless networks are more vulnerable to malicious attacks than traditional wired networks. Many of these attacks are silent in nature and cannot be detected by conventional intrusion detection methods such as traffic monitoring, port scanning, or protocol violations. These sophisticated attacks operate under the threshold boundaries during an intrusion attempt and can only be identified by profiling the complete system activity in relation to normal behavior. In this article we discuss a control- theoretic hidden Markov modelstrategy for intrusion detection using distributed observation across multiple nodes. This model comprises a distributed HMM engine that executes in a randomly selected monitor node and functions as a part of the feedback control engine. This drives the defensive response based on hysteresis to reduce the frequency of false positives, thereby avoiding inappropriate ad hoc responses.     

Security in wireless sensor networks

With sensor networks on the verge of deployment, security issues pertaining to the sensor networks are in the limelight. Though the security in sensor networks share many characteristics with wireless ad hoc networks, the two fields are rapidly diverging due to the fundamental differences between the make‐up and goals of the two types of networks. Perhaps the greatest dividing difference is the energy and computational abilities. Sensor nodes are typically smaller, less powerful, and more prone to failure than nodes in an ad hoc network. These differences indicate that protocols that are valid in the context of ad‐hoc networks may not be directly applicable for sensor networks. In this paper, we survey the state of art in securing wireless sensor networks. We review several protocols that provide security in sensor networks, with an emphasis on authentication, key management and distribution, secure routing, and methods for intrusion detection. Copyright © 2006 John Wiley & Sons, Ltd.     

Detecting forged routing messages in ad hoc networks

The effective tremendous deployment of ad hoc networks is incontestably braked by their unreliability in terms of security and quality of services. In this paper, we focus on security problems and show that despite of efforts made in the ad hoc security field, many security issues still jeopardize correct MANETs routing operation. For such threats, we propose an IDS (Intrusion Detection System) solution for which cryptographic-based solutions are ineffective. Actually, authenticated nodes legitimately present in the network are able to send faked routing messages to compromise the routing and then communication between nodes. To cope with such security attacks, we propose an IDS dedicated to the OLSR protocol and well fitted to its characteristics and operation. In addition, our IDS is implemented on all network’s nodes which act cooperatively by continually analyzing routing messages semantics. When an intrusion is detected, alerts are flooded and intruders are banished from the network. We have finally implemented this IDS and performances evaluation shows the intrusion detection effectiveness.     

Ad Hoc网络的入侵检测技术研究

Ad Hoc网络是一种没有固定基础设施、网络拓扑不断变化的新型网络,固有的脆弱性使它容易受到攻击,给Ad Hoc的入侵检测带来更多挑战.文中介绍了入侵检测技术及其分类,并根据Ad Hoc网络自身的特性,总结了已有的适于Ad Hoc网络的新型的入侵检测技术及其特性.最后,提出一种基于簇的分布式入侵检测技术,对其关键技术和工作机制进行分析和阐述.     

基于簇的移动Ad hoc网多层分布式入侵检测

动Ad hoc网络的独特网络特性导致其安全性特别脆弱，所以为其提供高安全的入侵检测系统势在必行。通过考虑在移动Ad hoc网络中入侵检测系统的分布式和协同工作的需要，提出了一种基于簇的多层分布式入侵检测技术，并给出模型。此模型采用统计学方法的异常检测技术结合数据挖据技术和簇技术对入侵进行检测．有效提高了移动Ad hoc网络的安全性和对分布式攻击的协同检测能力，并降低了网络的通信负荷。     

无线自组织网中VoIP性能研究

目前,VoIP技术及其业务迅速发展,在无线自组织网络中有广泛的应用,有必要对于VoIP在无线自组网中的传输进行分析研究。利用NS-2作为仿真工具对G.711编码标准下多跳无线自组织网中VoIP的传输进行仿真,使用802.11MAC层协议和AODV路由层协议。实验结果表明,无线自组织网络环境下VoIP系统性能(包括丢包率、时延等)受到多跳影响。     

AN IMMUNITY-BASED SECURITY ARCHITECTURE FOR MOBILE AD HOC NETWORKS

This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in mobile ad hoc networks. In this approach, the immunity-based agents monitor the situation in the network. These agents can take appropriate actions according to the underlying security policies. Specifically, their activities are coordinated in a hierarchical fashion while sensing, communicating, decision and generating responses. Such an agent can learn and adapt to its environment dynamically and can detect both known and unknown intrusions. The proposed intrusion detection architecture is designed to be flexible, extendible, and adaptable that can perform real-time monitoring. This paper provides the conceptual view and a general framework of the proposed system. In the end, the architecture is illustrated by an example to show it can prevent the attack efficiently.     

无线白组织网中VoIP性能研究

目前,VoIP技术及其业务迅速发展,在无线自组织网络中有广泛的应用,有必要对于VoIP在无线自组网中的传输进行分析研究。利用NS-2作为仿真工具对G.711编码标准下多跳无线自组织网中VoIP的传输进行仿真,使用802．11MAC层协议和AODV路由层协议。实验结果表明,无线自组织网络环境下voIP系统性能（包括丢包率、时延等）受到多跳影响。     

Securing ad hoc networks

Ad hoc networks are a new wireless networking paradigm for mobile hosts. Unlike traditional mobile wireless networks, ad hoc networks do not rely on any fixed infrastructure. Instead, hosts rely on each other to keep the network connected. Military tactical and other security-sensitive operations are still the main applications of ad hoc networks, although there is a trend to adopt ad hoc networks for commercial uses due to their unique properties. One main challenge in the design of these networks is their vulnerability to security attacks. In this article, we study the threats on ad hoc network faces and the security goals to be achieved. We identify the new challenges and opportunities posed by this new networking environment and explore new approaches to secure its communication. In particular, we take advantage of the inherent redundancy in ad hoc networks-multiple routes between nodes-to defend routing against denial-of-service attacks. We also use replication and new cryptographic schemes, such as threshold cryptography, to build a highly secure and highly available key management service, which terms the core of our security framework     

无线传感器网络入侵检测系统

无线传感器网络与传统网络存在较大差异,传统入侵检测技术不能有效地应用于无线传感器网络。文中分析了无线传感器网络面临的安全威胁;总结了现有的无线传感器网络入侵检测方案;在综合现有无线传感器网络入侵检测方法的基础上,提出了一种分等级的入侵检测系统,该入侵检测体系结构通过减少错报能检测到大多数的安全威胁。     

Model-Based Evaluation of Distributed Intrusion Detection Protocols for Mobile Group Communication Systems

Under highly security vulnerable, resource-restricted, and dynamically changing mobile ad hoc environments, it is critical to be able to maximize the system lifetime while bounding the communication response time for mission-oriented mobile groups. In this paper, we analyze the tradeoff of security versus performance for distributed intrusion detection protocols employed in mobile group communication systems (GCSs). We investigate a distributed voting-based intrusion detection protocol for GCSs in multi-hop mobile ad hoc networks and examine the effect of intrusion detection on system survivability measured by the mean time to security failure (MTTSF) metric and efficiency measured by the communication cost metric. We identify optimal design settings under which the MTTSF metric can be best traded off for the communication cost metric or vice versa. We conduct extensive simulation to validate analytical results obtained. This work provides a general model-based evaluation framework for developing and analyzing intrusion detection protocols that can dynamically adapt to changing attacker strengths with the goal of system lifetime optimization and/or communication cost minimization.     

Friend-assisted intrusion detection and response mechanisms for mobile ad hoc networks

Nowadays, a commonly used wireless network (i.e., Wi-Fi) operates with the aid of a fixed infrastructure (i.e., an access point) to facilitate communication between nodes. The need for such a fixed supporting infrastructure limits the adaptability and usability of the wireless network, especially in situations where the deployment of such an infrastructure is impractical. Recent advancements in computer network introduced a new wireless network, known as a mobile ad hoc network (MANET), to overcome the limitations. Often referred as a peer to peer network, the network does not have any fixed topology, and through its multi hop routing facility, each node can function as a router, thus communication between nodes becomes available without the need of a supporting fixed router or an access point. However, these useful facilities come with big challenges, particularly with respect to providing security. A comprehensive analysis of attacks and existing security measures suggested that MANET are not immune to a colluding blackmail because such a network comprises autonomous and anonymous nodes. This paper addresses MANET security issues by proposing a novel intrusion detection system based upon a friendship concept, which could be used to complement existing prevention mechanisms that have been proposed to secure MANETs. Results obtained from the experiments proved that the proposed concepts are capable of minimising the problem currently faced in MANET intrusion detection system (IDS). Through a friendship mechanism, the problems of false accusations and false alarms caused by blackmail attackers in intrusion detection and response mechanisms can be eliminated.     

Detecting unauthorized and compromised nodes in mobile ad hoc networks

Security of mobile ad hoc networks (MANET) has become a more sophisticated problem than security in other networks, due to the open nature and the lack of infrastructure of such networks. In this paper, the security challenges in intrusion detection and authentication are identified and the different types of attacks are discussed. We propose a two-phase detection procedure of nodes that are not authorized for specific services and nodes that have been compromised during their operation in MANET. The detection framework is enabled with the main operations of ad hoc networking, which are found at the link and network layers. The proposed framework is based on zero knowledge techniques, which are presented through proofs.     

Using discriminant analysis to detect intrusions in external communication for self-driving vehicles

Security systems are a necessity for the deployment of smart vehicles in our society. Security in vehicular ad hoc networks is crucial to the reliable exchange of information and control data. In this paper, we propose an intelligent Intrusion Detection System (IDS) to protect the external communication of self-driving and semi self-driving vehicles. This technology has the ability to detect Denial of Service (DoS) and black hole attacks on vehicular ad hoc networks (VANETs). The advantage of the proposed IDS over existing security systems is that it detects attacks before they causes significant damage. The intrusion prediction technique is based on Linear Discriminant Analysis (LDA) and Quadratic Discriminant Analysis (QDA) which are used to predict attacks based on observed vehicle behavior. We perform simulations using Network Simulator 2 to demonstrate that the IDS achieves a low rate of false alarms and high accuracy in detection.     

无人机自组网技术研究

在无人机系统中,编组和协同作战能力对提高无人机作站效能和生存能力具有重要意义。无线自组网是一种特殊结构的无线通信网络,其通信依靠节点之间的相互协作,以无线多跳方式完成,因此网络不依赖于任何固定设施,具有自组织和自管理的特性,这种特殊的组网方式使得无线自组网非常适用于无人机系统。介绍了无线自组网的原理,分析了无线自组网应用于无人机系统主要面临的关键技术:路由技术和安全问题。介绍了无线自组网的发展情况和在无人机领域的研究情况。     

Biologically inspired artificial intrusion detection system for detecting wormhole attack in MANET

A mobile ad hoc network (MANET) does not have traffic concentration points such as gateway or access points which perform behaviour monitoring of individual nodes. Therefore, maintaining the network function for the normal nodes when other nodes do not forward and route properly is a big challenge. One of the significant attacks in ad hoc network is wormhole attack. In this wormhole attack, the adversary disrupts ad hoc routing protocols using higher bandwidth and lower-latency links. Wormhole attack is more hidden in character and tougher to detect. So, it is necessary to use mechanisms to avoid attacking nodes which can disclose communication among unauthorized nodes in ad hoc networks. Mechanisms to detect and punish such attacking nodes are the only solution to solve this problem. Those mechanisms are known as intrusion detection systems (IDS). In this paper, the suggested biological based artificial intrusion detection system (BAIDS) include hybrid negative selection algorithm (HNSA) detectors in the local and broad detection subsection to detect anomalies in ad hoc network. In addition to that, response will be issued to take action over the misbehaving nodes. These detectors employed in BAIDS are capable of discriminating well behaving nodes from attacking nodes with a good level of accuracy in a MANET environment. The performance of BAIDS in detecting wormhole attacks in the background of DSR, AODV and DSDV routing protocols is also evaluated using Qualnet v 5.2 network simulator. Detection rate, false alarm rate, packet delivery ratio, routing overhead are used as metrics to compare the performance of HNSA and the BAIDS technique.