Intrusion Detection in MANETs

Click to edit Master subtitle style Prepared by

Vrushali S. Khasare 11it60r02

4/29/12

Contents at a glance..
Introduction Vulnerabilities in MANETs Characteristics of a good Intrusion Detection System Classification of IDSs Approaches taken for intrusion detection Pathrater-Watchdog Approach Anomaly Detection Approach Mobile Agents for intrusion detection References
4/29/12

Introduction

Intrusion detection is

any set of actions that attempt to compromise the integrity, condentiality or availability of a resource

4/29/12

Vulnerabilities in MANETs
Open, easily accessed medium. Attacks ranging from

passive eavesdropping to active interfering.

Mobile nodes are autonomous units that are capable

of moving independently. Nodes without adequate physical protection are susceptible to getting captured and compromised. Mobile nodes and the infrastructure thus, must be prepared to operate in a mode that trusts no peer. decentralized. This lack of centralized authority means that the adversaries can exploit this vulnerability for new types of attacks designed to 4/29/12

Decision making in mobile computing environment is

Characteristics of a good Intrusion Detection System An intrusion detection system should

not introduce a new weakness for the system. Ideally it should ensure its own integrity. need little system resources to run and should not degrade the system performances by introducing overhead. run continuously and remain transparent to the system and the users. use standards to be cooperative and open. The specifications of such standards are based on proposals by the IETF Intrusion Detection Working Group 4/29/12

Classification of IDSs
Intrusion detection can be broadly classified into three broad categories Anomaly detection Misuse detection Specification-based detection

4/29/12

Approaches taken for intrusion detection

A distributed IDS (Zhang and Lee) AODV protocol based IDS (Bhargava et al.) Techniques for intrusion-resistant ad hoc routing

algorithm (TIARA)

Watchdog-Pathrater approach Anomaly Detection Use of mobile agents

Local

Intrusion Detection System (LIDS) Intrusion Detection Using Mobile Agents

4/29/12

Distributed

Watchdog-Pathrater Approach

Watchdog mechanism for MANETs

4/29/12

Anomaly Detection Approach

In anomaly detection approach
baseline profile of normal system activity is created any system activity that deviates from the baseline is

treated as a possible intrusion

problems with strict anomaly detection are that:

Anomalous activities that are not intrusive are flagged as intrusive. Intrusive activities that are not anomalous result in false negatives.

4/29/12

Mobile Agents for Intrusion Detection

Mobile agents
are special kinds of agent that have the ability to

move through large networks

while moving, they interact with nodes, collect

information and execute tasks assigned to them

Advantages

Reduction in network load as well as latency as they move analysis programs closer to the audit data Increase fault tolerance. Even if portions of an IDS get destroyed or separated due to network partitioning, the mobile agents can still continue to work. Mobile agents tend to be independent of platform
4/29/12

References
Bo Sun et al Intrusion Detection Techniques in

Mobile D Hoc and Wireless Sensor Networks IEEE Wireless Communications, 56-63, October 2007 Techniques for Mobile Wireless Networks Wireless Networks 9, 545556, 2003 hoc Networks IEEE Wireless Communications, 4860, February 2004

Yongguang Zhang et al Intrusion Detection

A. Patcha et al Intrusion Detection in Wireless Ad

4/29/12

Thank you
4/29/12