1 / 11

Alert Aggregation in Mobile Ad-Hoc Networks

Alert Aggregation in Mobile Ad-Hoc Networks. By Bo Sun, Kui Wu, Udo W. Pooch. Background. Manet- Mobile Adhoc NETwork Routing in MANETs is difficult mobility causes frequent network topology changes

rooney-sparks
Download Presentation

Alert Aggregation in Mobile Ad-Hoc Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Alert Aggregation in Mobile Ad-Hoc Networks By Bo Sun, Kui Wu, Udo W. Pooch

  2. Background • Manet- Mobile Adhoc NETwork • Routing in MANETs is difficult • mobility causes frequent network topology changes • When network nodes move, established paths may break and the routing protocol must dynamically search for other feasible routes • Protection of routes from malicious agents is tough!

  3. Proposed technique • Protection of routing protocols in MANET’s using • Non-overlapping Zone-Based Intrusion Detection System for MANETs. • Alert Aggregation algorithm with provides low false alarms

  4. Threat Model 7 • Attacker: 1 • Victims: 2,3,4,7,8 • Attacker Objective: 3 3 Falsified RREP {2,4,9,7,1,5,3} 5 4 1 8 2 6

  5. Assumptions • Network can be divided into non-overlapping zones • Local IDS agent is tamper resistant • Attacker uses fake address; but does not change it dynamically

  6. ZBIDS Framework • Gateway nodes 4, 7, 8 • Intra-zone nodes report to gateway nodes

  7. IDS Agent

  8. Determination of P • Determination of P depends on • Attack intensity, Attack time, Node placement • If P is low • Gateway nodes can detect attacks=> high false positive • Else • Gateway nodes can miss attacks => Low false positive

  9. Determine_p • P = ht * ptest + ha * Pattack Where ht and ha are false positive ratio and detection ratio

  10. Alert Aggregation • Alert Aggregation algorithm • Detection sensitivity decreases with the increase in the number of attackers • How about colluted attack’s ?

  11. Performance Metrics • False Positive Ratio: percentage of decisions in which normal alert aggregations are flagged as anomalous • Detection ratio: number of gateway nodes raising correct alarms divided by total number of gateway nodes which should raise alarms in the anomalous data

More Related