1 / 12

Detecting Critical Nodes for MANET IDS

Detecting Critical Nodes for MANET IDS. A Karygiannis, E Antonakakis, and A Apostolopoulos Presented by: Sarah Casey. 1. MANET Intrusion Detection Challenges. No Central Authority or Administration Can only directly monitor neighbouring nodes (within radio range)

tomas
Download Presentation

Detecting Critical Nodes for MANET IDS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Detecting Critical Nodes for MANET IDS • A Karygiannis, E Antonakakis, and A Apostolopoulos • Presented by: Sarah Casey 1

  2. MANET Intrusion Detection Challenges • No Central Authority or Administration • Can only directly monitor neighbouring nodes (within radio range) • Mobility allows malicious nodes to enter and leave the network at will 2

  3. Additional Challenges • Dynamic topology • No trust relationships between nodes • Little incentive for collaboration 3

  4. Re-Routing • Often possible • Densely populated or highly mobile • Easier than trying to monitor nodes and paths 4

  5. Critical Nodes • “Any node whose failure or malicious behaviour disconnects or significantly degrades the performance of the network” 5

  6. Critical Node Detection • Step 1: Disable all links but one • Step 2: Attempt to ping node under test • Step 3: Restore original routing • Iterate for all possible links except the link to the node under test. If another path exists, the node is not critical.

  7. mLab • Emulator, not a simulator • Management software for real nodes • Allows dynamic topology changes without physical node movement • http://csrc.nist.gov/manet/#mLab

  8. Emulation Environment • 12 nodes total • 10 ARM, 2 x86 • topology changes every 5-10 min • “Detailed test conditions, ..., and test results can be found on our project web site” - no URL provided

  9. Critical Test vs Watchdog Monitoring • CPU Usage: • Watchdog - 60-70% • mCritical - < 1%

  10. Critical Test vs Watchdog Monitoring • Initial Memory: • Watchdog - 450KB • mCritical - 125KB • mCritical keeps tables of outgoing and incoming packet headers • Track links and routes

  11. Critical Test vs Watchdog Monitoring • Additional Packet Loss: • Watchdog - 0% • mCritical - 2-4% • Additional packet loss occurs when manipulating routing table during test

  12. Conclusions • Light weight alternative to full IDS monitoring on all nodes • No cooperation from, or security association with, other nodes required • If re-routing is possible, do it; If not, time to employ (limited) monitoring 12

More Related