Attack Analysis and Detection for Ad Hoc Routing Protocols (original) (raw)
Related papers
Computer Communications, 2008
Intrusion detection is a critical component of the security framework in wireless ad hoc networks. However, the inherent properties of such networks such as the lack of infrastructure and the dynamic and decentralized nature make it extremely difficult to design effective Intrusion Detection Systems (IDS) for such environment. In this paper, we explore the major challenges posed by IDS design in ad hoc networks, and analyze the feasibility of implementing an intrusion detection system in an ad hoc network. Our analysis systematically focuses on all three major paradigms of IDS design, namely, logical rule-based techniques, probabilistic estimation based techniques as well as statistical classification techniques, and brings out the limitations of all three techniques. For illustrating the statistical limitations, a proactive ad hoc routing protocol, Optimized Link State Routing (OLSR) is used, and our analysis makes use of logical deduction as well as simulation of attacks on the OLSR protocol. The results dispel many popularly held assumptions in the literature.
Methods For Detecting Attacks In Mobile/Wireless Ad-Hoc Networks: A Survey
International Journal of Scientific & Technology Research, 2018
Use of Mobile/Wireless ad hoc networks (MANET) is growing mostly in situations there is need for temporary data exchange such as in emergency services, conference meetings, virtual classrooms due to their low cost and easy in setting up, since they are infrastructure-less. However none existence of centralized administration of standard support services, dynamic topology, and air interface makes them highly vulnerable to attacks. The autonomous nature of the network results in security solutions being implemented mainly at the nodes, which are resource constrained i.e. limited computing power and memory, low bandwidth, and low battery life, thereby limiting the tightness of these solutions. It is extremely important to have flexible and robust methods of detecting attacks and their sources looking at the diversity of MANET application areas, so that appropriate countermeasures can be put in place. Detection based schemes can be incorporated to complement prevention techniques implem...
Cross-layer attacks in wireless ad hoc networks
Denial of Service (DoS) attacks are dif-ficult to prevent and protect against. In this paper we focus on DoS attacks in wireless ad hoc networks that propagate from MAC to routing layer, causing breaking of critical routes. We present several traffic patterns that an intelligent attacker can generate to cause Denial of Service attack in one or several nodes in ad hoc networks. More specifically, we focus on the properties of IEEE 802.11 MAC protocol and attack propagation to the routing layer. We focus on attacks that use low-rate traffic patterns with the goal of dis-abling one or more specific nodes or partitioning the network. We propose a scheme for attack detection based on modelling of MAC protocols using Extended Finite State Machines (EFSM) and present general outline for an Intrusion Detection System that has the ability to generate attack patterns and check the validity of communication patterns in the network.
Evaluating the Effect of Attack on MANET Routing Protocols using Intrusion Detection System 1
In the last decade, Mobile Ad-Hoc Networks (MANETs) have become known as a major next generation wireless Networking technology. MANET is an autonomous system of wireless mobile hosts without fixed network infrastructure and centralized access point. Each mobile device must forward traffic discrete for its own use, and therefore be a router. One of the major advantages of wireless networks is its ability to allow data communication between different parties and still preserve their mobility. MANET is one of the most promising technologies that have applications ranging from health care to strategic military. Even though a wireless sensor network has a lot of innovative features it has a huge concern towards security. MANETs are more vulnerable to security attacks. The security of such networks is a big apprehension, especially for the applications where confidentiality has leading significance. An intrusion detection system (IDS) monitors network traffic and monitors for mistrustful activity and alerts the system or network administrator and taking action, such as blocking the user or source IP address from accessing the network. In this paper, we analyze the performance of DSDV (Proactive) and AODV (Reactive) both with and without malicious node in network with respect to IDS by varying number of nodes in the network. Packet Delivery Ratio (PDR) and Packet Drop Rate (PDRR) are measured as a performance parameter for estimating the performance of DSDV, AODV protocols in the Ad-hoc network using the NS2 simulator. Finally, we identify areas where advance research could focus.
Cross-layer attacks in wireless ad hoc networks 1
2004
Denial of Service (DoS) attacks are difficult to prevent and protect against. In this paper we focus on DoS attacks in wireless ad hoc networks that propagate from MAC to routing layer, causing breaking of critical routes. We present several traffic patterns that an intelligent attacker can generate to cause Denial of Service attack in one or several nodes in ad hoc networks. More specifically, we focus on the properties of IEEE 802.11 MAC protocol and attack propagation to the routing layer. We focus on attacks that use low-rate traffic patterns with the goal of disabling one or more specific nodes or partitioning the network. We propose a scheme for attack detection based on modelling of MAC protocols using Extended Finite State Machines (EFSM) and present general outline for an Intrusion Detection System that has the ability to generate attack patterns and check the validity of communication patterns in the network.
Anomaly-based Behavioral Detection in Mobile Ad-Hoc Networks
Procedia Computer Science, 2019
Mobile Ad-Hoc networks (MANETs) have gained much attention thanks to their efficiency. However, they appear to be more susceptible to various attacks due to the open access medium and the dynamically changing network topology. Intrusion Detection Systems (IDS) represent an important line of defense against malicious behavior. In fact, they monitor network activities to detect any malicious attempt performed by intruders. IDS datasets show limitations in their evaluation of mobile networks since these datasets cover only wired networks. We recommend a new IDS dataset that reflects the characteristics of MANET. The main contribution turns around the integration of an IDS capable of detecting the majority of security attacks occurring in MANETs. We propose a novel approach in collecting the necessary data in order to build the behavioral Database called NetBigData, which contains normal behavior and attacks scenarios. As a matter of fact, we picked up the most common attack in mobile networks, which is Denial of Service (DoS). In this paper, we use an Anomaly-based technique to monitor traffic patterns, we have simulated four attacks out of three categories which are Packet Dropping, Routing Disruption, and Resource consumption attacks. To improve the quality of the collected data, we used data preprocessing techniques to take advantage from the best performance of our dataset. To automatically generate rules from the obtained data, we chose a Support Vector Machine (SVM) classifier. The obtained results show that the proposed anomaly-based IDS is effective in detecting the DoS type attacks with a high detection rate.
"Since there is no infrastructure in mobile ad hoc networks, each node must rely on other nodes for cooperation in routing and forwarding packets to the destination. Intermediate nodes might agree to forward the packets but actually drop or modify them because they are misbehaving. The simulations in show that only a few misbehaving nodes can degrade the performance of the entire system. There are several proposed techniques and protocols to detect such misbehavior in order to avoid those nodes, and some schemes also propose punishment as well. It is very difficult to design once-for intrusion detection techniques. Instead, an incremental enhancement strategy may be more feasible. A secure protocol should at least include mechanisms against known attack types. In addition, it should provide a scheme to easily add new security features in the future. Due to the importance of MANET routing protocols, we focus on the detection of attacks targeted at MANET routing protocols This includes WatchDog and Pathrater approach. A watchdog identifies the misbehaving nodes by eavesdropping on the transmission of the next hop. A path rater then helps to find the routes that do not contain those nodes. "
A specification-based intrusion detection system for AODV
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks - SASN '03, 2003
The Ad hoc On-Demand Distance Vector (AODV) routing protocol, designed for mobile ad hoc networks, offers quick adaptation to dynamic link conditions, low processing and memory overhead, and low network utilization. However, without keeping in mind the security issues in the protocol design, AODV is vulnerable to various kinds of attacks. This paper analyzes some of the vulnerabilities, specifically discussing attacks against AODV that manipulate the routing messages. We propose a solution based on specification-based intrusion detection to detect attacks on AODV. Briefly, our approach involves the use of finite state machines for specifying correct AODV routing behavior and distributed network monitors for detecting run-time violation of the specifications. In addition, one additional field in the protocol message is proposed to enable the monitoring. We illustrate that our algorithm, which employs a tree data structure, can effectively detect most of the serious attacks in real time and with minimum overhead.
Technical Analysis of Intrusion Detection in Routing Protocol for Mobile Ad Hoc Network
2013
Mobile computing environment are vulnerable to malicious attacks ranging from passive eavesdropping to an active interfering. In wireless network attacks can come from all the directions and target at any node. Compensation can include leaking secret information, message corruption and node masquerade. In mobile ad hoc networks security is hard due to the dynamic nature of the relationships between the participating nodes as well as the vulnerabilities and limitations of the wireless transmissions medium. In order to avoid such circumstance, there is need to develop new architecture and mechanisms to protect the wireless networks and mobile computing applications. All nodes in MANET must function as routers that discover and maintain routes to other nodes in the network. Due to MANET’s characteristics, it is a complicated job for IDS to detect routing attacks. Intrusion detection system plays an imperative role in network environment for security. Routing attacks may be launched by ...
Quantitative Behavior Based Intrusion Detection System for MANETS
The use of wireless links makes a Mobile Ad hoc Network(MANET) susceptible to malicious attacks, ranging from passive eavesdropping to active interference. In wired networks an attacker has to pass through a set of firewalls and gateways to access the network. Whereas MANETS does not have firewalls or gateways so attacks can take place from all directions. Every node in a MANET is an autonomous unit in itself and free to move independently. So any node without adequate protection is very much prone to be captured or compromised. Intrusion prevention techniques like encryption and authentication can reduce the risk of intrusion but cannot completely eliminate them so a second level of defense is needed. We propose a new quantitative method of intrusion detection system to detect intrusion in MANETS with mobile nodes. The proposed method is a behavioral anomaly based system which is dynamic, scalable, configurable and robust. For simulating the proposed system we use AODV routing protocol. It is observed that the malicious node detection rate is very good and the false positive detection rate is low.