Article

A cooperative intrusion detection system for ad hoc networks

Authors:

Wenke LeeAuthors Info & Claims

SASN '03: Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks

Pages 135 - 147

https://doi.org/10.1145/986858.986877

Published: 31 October 2003 Publication History

Abstract

Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years because of the rapid proliferation of wireless devices. MANETs are highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring and management point, and lack of a clear line of defense. In this paper, we report our progress in developing intrusion detection (ID) capabilities for MANET. Building on our prior work on anomaly detection, we investigate how to improve the anomaly detection approach to provide more details on attack types and sources. For several well-known attacks, we can apply a simple rule to identify the attack type when an anomaly is reported. In some cases, these rules can also help identify the attackers. We address the run-time resource constraint problem using a cluster-based detection scheme where periodically a node is elected as the ID agent for a cluster. Compared with the scheme where each node is its own ID agent, this scheme is much more efficient while maintaining the same level of effectiveness. We have conducted extensive experiments using the ns-2 and MobiEmu environments to validate our research.

References

[1]

J. P. Anderson. Computer security threat monitoring and surveillance. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania, April 1980.

[2]

S. Basagni. Distributed clustering for ad hoc networks. In ISPAN-99, International Symposium on Parallel Architectures, Algorithms, and Networks, pages 310--315, Perth, Western Australia, June 1999.

Digital Library

[3]

S. Basagni, K. Herrin, D. Bruschi, and E. Rosti. Secure pebblenets. In Proceedings of the 2001 ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc 2001), Long Beach, CA, October 2001.

Digital Library

[4]

S. Buchegger and J. L. Boudec. Performance analysis of the CONFIDANT protocol: Cooperation of nodes --- fairness in dynamic ad-hoc networks. In Proceedings of IEEE/ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), Lausanne, CH, June 2002. IEEE.

Digital Library

[5]

L. Buttyan and J. P. Hubaux. Stimulating cooperation in self-organizing mobile ad hoc networks. ACM Journal for Mobile Networks (MONET), special issue on Mobile Ad Hoc Networks, 2002.

Digital Library

[6]

S. Cheung. An efficient message authentication scheme for link state routing. In Proceedings of the 13th Annual Computer Security Applications Conference, 1997.

Digital Library

[7]

S. Cheung and K. Levitt. Protecting routing infrastructures from denial of service using cooperative intrusion detection. In New Security Paradigms Workshop, 1997.

Digital Library

[8]

D. Denning. An intrusion detection model. IEEE Transactions on Software Engineering, 13(2), February 1987.

Digital Library

[9]

K. Fall and e Varadhan. The ns Manual (formerly ns Notes and Documentation), 2000. Online reference: http://www.isi.edu/nsnam/ns/ns-documentation.html.

[10]

Y. Hu, A. Perrig, and D. B. Johnson. Ariadne: A secure on-demand routing protocol for ad hoc networks. In Proceedings of the Eighth Annual International Conference on Mobile Computing and Networking (MobiCom 2002), September 2002.

Digital Library

[11]

Y. Huang, W. Fan, W. Lee, and P. Yu. Cross-feature analysis for detecting ad-hoc routing anomalies. In Proceedings of the 23rd International Conference on Distributed Computing Systems, Providence, RI, May 2003.

Digital Library

[12]

K. Ilgun, R. A. Kemmerer, and P. A. Porras. State transition analysis: A rule-based intrusion detection approach. IEEE Transactions on Software Engineering, 21(3):181--199, March 1995.

Digital Library

[13]

D. B. Johnson and D. A. Maltz. Dynamic source routing in ad hoc wireless networks. In Tomasz Imielinski and Hank Korth, editors, Mobile Computing, pages 153--181. Kluwer Academic Publishers, 1996.

[14]

Y.-B. Ko and N. H. Vaidya. Location-aided routing (LAR) in mobile ad hoc networks. ACM/Baltzer Wireless Networks (WINET) journal, Vol 6--4 -Extended version of the Mobicom'98 paper., 2000.

Digital Library

[15]

P. Krishna, N. H. Vaidya, M. Chatterjee, and D. K. Pradhan. A cluster-based approach for routing in dynamic networks. ACM SIGCOMM Computer Communication Review, 27(2):49--64, 1997.

Digital Library

[16]

C. Krugel and T. Toth. Flexible, mobile agent based intrsuion detection for dynamic networks. In European Wireless, 2002.

[17]

S. Kumar and E. H. Spafford. A software architecture to support misuse intrusion detection. In Proceedings of the 18th National Information Security Conference, pages 194--204, 1995.

[18]

S. Marti, T. J. Giuli, K. Lai, and M. Baker. Mitigating routing misbehavior in mobile ad hoc networks. In Mobile Computing and Networking, pages 255--265, 2000.

Digital Library

[19]

V. Mittal and G. Vigna. Sensor-based intrusion detection for intra-domain distance-vector routing. In R. Sandhu, editor, Proceedings of the ACM Conference on Computer and Communication Security (CCS'02), Washington, DC, November 2002. ACM Press.

Digital Library

[20]

C. E. Perkins. Ad hoc networking: An introduction. In C. E. Perkins, editor, Ad Hoc Networking. Addison-Wesley, 2000.

Digital Library

[21]

C. E. Perkins and P. Bhagwat. Highly dynamic destination-sequenced distance-vector routing (DSDV) for mobile computers. In ACM SIGCOMM'94 Conference on Communications Architectures, Protocols and Applications, pages 234--244, 1994.

Digital Library

[22]

C. E. Perkins and E. M. Royer. The ad hoc on-demand distance-vector protocol. In C. E. Perkins, editor, Ad Hoc Networking. Addison-Wesley, 2000.

Digital Library

[23]

A. Perrig, R. Canetti, D. Tygar, and D. Song. The TESLA broadcast authentication protocol. Cryptobytes (RSA Laboratories, Summer/Fall 2002), 5(2):2--13, 2002.

[24]

D. Qu, B. M. Vetter, F. Wang, R. Narayan, S. F. Wu, Y. F. Jou, F. Gong, and C. Sargor. Statistical anomaly detection for link-state routing protocols. In Proceedings of 1998 International Conference on Network Protocols, Austin, TX, October 1998.

Digital Library

[25]

J. R. Quinlan. C4.5: Programs for machine learning. Morgan Kaufmann, San Mateo, CA, 1993.

Digital Library

[26]

B. Schneier. Secrets & Lies: Digital Security in a Networked World. John Wiley & Sons, Inc., 2000.

Digital Library

[27]

B. R. Smith, S. Murthy, and J. J. Garcia-Luna-Aceves. Securing distance-vector routing protocols. In Proceedings of Internet Society Symposium on Network and Distributed System Security, pages 85--92, San Diego, California, February 1997.

Digital Library

[28]

S. Vasudevan, B. DeCleene, N. Immerman, J. Kurose, and D. Towsley. Leader election algorithms for wireless ad hoc networks. In The Third DARPA Information Survivability Conference and Exposition (DISCEX III), April 2003.

[29]

M. G. Zapata. Secure ad hoc on-demand distance vector (SAODV) routing. IETF Internet Draft, draft-guerrero-manet-saodv-00.txt, August 2001 (Work in Progress), August 2001.

[30]

Y. Zhang and W. Li. An integrated environment for testing mobile ad-hoc networks. In Proceedings of the Third ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc '02), Lausanne, Switzerland, June 2002.

Digital Library

[31]

L. Zhou and Z. J. Haas. Securing ad hoc networks. IEEE Network, 13(6):24--30, Nov/Dec 1999.

Digital Library

Cited By

Boutahala RFouchal HAyaida MMao S(2023)Light and Efficient Authentication Mechanism for Connected Vehicles Using Unsupervised DetectionICC 2023 - IEEE International Conference on Communications10.1109/ICC45041.2023.10279812(329-333)Online publication date: 28-May-2023
https://doi.org/10.1109/ICC45041.2023.10279812
Mvah FTchendji VTayou CAnwar ATosh DKamhoua C(2023)FlipPath Game to Counter Stealthy Attacks in SDN-Based Tactical NetworksDecision and Game Theory for Security10.1007/978-3-031-50670-3_15(294-308)Online publication date: 29-Dec-2023
https://doi.org/10.1007/978-3-031-50670-3_15
Aqui JHosein M(2022)Mobile Ad-hoc Networks Topic Modelling and Dataset Querying2022 IEEE 2nd International Conference on Mobile Networks and Wireless Communications (ICMNWC)10.1109/ICMNWC56175.2022.10031921(1-6)Online publication date: 2-Dec-2022
https://doi.org/10.1109/ICMNWC56175.2022.10031921
Show More Cited By

A cooperative intrusion detection system for ad hoc networks
1. Networks
  1. Network services
  2. Network types
2. Social and professional topics
  1. Computing / technology policy

Recommendations

A distributed intrusion detection scheme for wireless ad hoc networks
SAC '12: Proceedings of the 27th Annual ACM Symposium on Applied Computing

Wireless ad hoc network is an emerging technology that is gaining popularity as a cost-effective way of offering end-to-end services, such as Internet access, in an inexpensive, practical, and fast manner. However, wireless ad hoc networks are ...
A Specification-Based Intrusion Detection Model for Wireless Ad Hoc Networks
IBICA '12: Proceedings of the 2012 Third International Conference on Innovations in Bio-Inspired Computing and Applications

Mobile ad hoc networks (MANET) have the properties of open medium and decentralized structure, so malicious nodes can easily attack MANET nodes. Furthermore, it is more difficult to establish a protection mechanism on a dynamic topology than a fixed ...
Distributed Court System for intrusion detection in mobile ad hoc networks

Securing routing layer functions in mobile ad hoc networks is an important issue, which includes many challenges like how to enhance detection accuracy when facing the highly dynamic characteristic of such networks, and how to distinguish malicious ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SASN '03: Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks

October 2003

154 pages

ISBN:1581137834

DOI:10.1145/986858

Program Chairs:
Vipin Swarup
The MITRE Corporation
,
Sanjeev Setia
George Mason University

Copyright © 2003 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 October 2003

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

CCS03

Sponsor:

SIGSAC

CCS03: Tenth ACM Conference on Computer and Communications Security 2003

31 10 2003

Virginia, Fairfax

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

316
Total Citations
View Citations
2,741
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)1

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Boutahala RFouchal HAyaida MMao S(2023)Light and Efficient Authentication Mechanism for Connected Vehicles Using Unsupervised DetectionICC 2023 - IEEE International Conference on Communications10.1109/ICC45041.2023.10279812(329-333)Online publication date: 28-May-2023
https://doi.org/10.1109/ICC45041.2023.10279812
Mvah FTchendji VTayou CAnwar ATosh DKamhoua C(2023)FlipPath Game to Counter Stealthy Attacks in SDN-Based Tactical NetworksDecision and Game Theory for Security10.1007/978-3-031-50670-3_15(294-308)Online publication date: 29-Dec-2023
https://doi.org/10.1007/978-3-031-50670-3_15
Aqui JHosein M(2022)Mobile Ad-hoc Networks Topic Modelling and Dataset Querying2022 IEEE 2nd International Conference on Mobile Networks and Wireless Communications (ICMNWC)10.1109/ICMNWC56175.2022.10031921(1-6)Online publication date: 2-Dec-2022
https://doi.org/10.1109/ICMNWC56175.2022.10031921
Michael HJedidiah A(2022)Mobile Adhoc Networks - An Overview of Risk Identification, Intrusion Detection and Machine Learning Techniques used2022 IEEE 2nd International Conference on Mobile Networks and Wireless Communications (ICMNWC)10.1109/ICMNWC56175.2022.10031757(1-5)Online publication date: 2-Dec-2022
https://doi.org/10.1109/ICMNWC56175.2022.10031757
Jedidiah AMichael H(2022)Mobile Adhoc Networks - Establishing Initial Risk Profiles utilizing ML Techniques2022 IEEE 2nd International Conference on Mobile Networks and Wireless Communications (ICMNWC)10.1109/ICMNWC56175.2022.10031628(1-5)Online publication date: 2-Dec-2022
https://doi.org/10.1109/ICMNWC56175.2022.10031628
Vali YPrakash NShakkeera L(2022)An Efficient and Lightweight Intrusion Detection System for Mobile Ad Hoc NetworksRecent Trends in Design, Materials and Manufacturing10.1007/978-981-16-4083-4_25(317-329)Online publication date: 29-Apr-2022
https://doi.org/10.1007/978-981-16-4083-4_25
Patel AJinwala D(2021)A reputation‐based RPL protocol to detect selective forwarding attack in Internet of ThingsInternational Journal of Communication Systems10.1002/dac.500735:1Online publication date: 11-Oct-2021
https://doi.org/10.1002/dac.5007
Verma DKush AJain R(2020)Identifying Intruders in MANETInternational Journal of Information Technology Project Management10.4018/IJITPM.202010010411:4(42-55)Online publication date: 1-Oct-2020
https://dl.acm.org/doi/10.4018/IJITPM.2020100104
Basomingera RChoi Y(2020)Learning from Routing Information for Detecting Routing Misbehavior in Ad Hoc NetworksSensors10.3390/s2021627520:21(6275)Online publication date: 4-Nov-2020
https://doi.org/10.3390/s20216275
Butun IOsterberg PSong H(2020)Security of the Internet of Things: Vulnerabilities, Attacks, and CountermeasuresIEEE Communications Surveys & Tutorials10.1109/COMST.2019.295336422:1(616-644)Online publication date: Sep-2021
https://doi.org/10.1109/COMST.2019.2953364
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents