1 / 15

Intrusion Detection Techniques in Mobile Ad Hoc and Wireless Sensor Networks - IEEE October 2007

Intrusion Detection Techniques in Mobile Ad Hoc and Wireless Sensor Networks - IEEE October 2007. CMSC 681 - Advanced Computer Networks Oleg Aulov. MANET and WSN. No wires, Limited battery life, Limited memory and processing capability

mmauldin
Download Presentation

Intrusion Detection Techniques in Mobile Ad Hoc and Wireless Sensor Networks - IEEE October 2007

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intrusion Detection Techniques in Mobile Ad Hoc and Wireless Sensor Networks - IEEE October 2007 CMSC 681 - Advanced Computer Networks Oleg Aulov

  2. MANET and WSN • No wires, Limited battery life, Limited memory and processing capability • No base stations, Mobile nodes, Nodes relay data (act as routers) • Usually no centralized authority • Deployed in adverse or hostile environment • Prevention sec.-key distrib. Mgmt. schemes -doesn’t work once the node is compromised and the secrets leak. Insiders can cause greater damage.

  3. IDS-second line of defence • IDS - dynamically monitors the system to detect compromise of confidentiality, availability and integrity. • Two common types - • misuse based - stores database of known attacks • anomaly based - creates normal profile of system states or user behaviors (difficult to built, mobility challenges) • Specification based - manually developed specs, time-consuming

  4. ID in MANET - attacks • Routing logic compromise - blackhole, routing update storm, fabrication, • Traffic Distortion - dropping, coruption, flooding • Others - rushing, wormhole, spoofing

  5. MANET - Existing Research-Zhang et al • Agent attached to each node, performs ID & response individually • Unsupervised method to construct & select feature set (dist, velocity, # hops, etc) • Pattern classification problem - apply RIPPER(decision tree for rule induction) & SVM Light (support vector machine, when data cannot be classified by set of features) algorithms • Post Processing - to eliminate false alarms

  6. MANET - Existing Research Huang et al • Cross-Feature Analysis-learning based method to capture correlation patterns. • L featires - f1,f2,…,fL • fi - feature characterizing topology or route activities • Solve classification problem - • Create Set Ci:{f1,…,fi-1,fi+1,…,fL}, used to identify temporal correlation between one feature and all the other features. • Ci - very likely to predict in normal circumstances, very unlikely during attack

  7. MANET - Existing Research Huang and Lee • Collaboration with neighbors - broader ID range - more accurate, more information bout attacks • Cluster based detection scheme - FSM - Initial, Clique, Done, LostAd hoc On Demand Distance Vector (AODV) algorithm • EFSA - detect state and transition violations • Specification based approach, detects abnormal patterns and anomalous basic events.

  8. MANET - Existing Research Marti et al • Watchdog and Pathrater to identify and respond to routing misbehaviors. • Each node verifies that his data was forwarded correctly.DSR - dynamic source routing • Rate routes and use more reliable ones.

  9. MANET - Existing Research Tseng et al • Based on AODV - specification based ID • Detects run time violations • FSM - specify behaviors of AODV • Maintain RREP and RREQ messages

  10. MANET - Existing Research Sun et al • Use Markov Chains to characterize normal behaviors • Motivated by ZBIDS (zone based) - locally generated alerts inside the zone • Gateway Nodes - broadcast alerts within the zone • IDMEF (message exchange format) - presented to facilitate interoperability of IDS agents.

  11. ID in WSN

  12. Secure Localization • GPS not feasible • Utilization of beacon packets and beacon nodes • Du et al - utilize deployment knowledge to confirm beacon integrity • Liu et al - filter out malicious location references using • Mean square error • Compute inconsistency • Voting based location estimation

  13. Secure Aggregation • Wagner - robust statistics for resilient aggregation, truncation, trimming • Yang - Secure Hop by Hop Aggregation Protocol (SDAP) • Divide and conquer • Commit and attest • Grubbs’ test Buttyan - RANSAC paradigm for resilient aggregation. maximum likehood estimation

  14. Future Research Directions • Extended Kalman Filter Based Aggregation - light weight solution for estimation of neighbor monitoring features • Integration of Mobility and ID in MANET - consideration to use link change rate as an indication of mobility. • Collaboration of IDM and SMM (sys. Mon.) - to address a problem of detecting abnormal event vs. false alarm. - ask the surrounding nodes to confirm

  15. Questions ???

More Related