Real-time Intrusion Detection for Ad hoc Networks

Abstract

In the recent years, wireless technology has enjoyed a tremendous rise in popularity and usage opening new fields of applications in the domain of networking. One such field concerns mobile ad hoc networks (MANETs) where the participating nodes do not rely on any existing network infrastructure. By definition the nature of ad hoc networks is dynamically changing and they have a fully decentralised topology. Hence security is hard to achieve due to the dynamic nature of the relationships between the participating nodes as well as the vulnerabilities and limitations of the wireless transmissions medium. The RIDAN system is a novel architecture that uses knowledge-based intrusion detection techniques to detect active attacks that an adversary can perform against the routing fabric of mobile ad hoc networks. Moreover, the system is designed to take countermeasures to minimise the effectiveness of an attack and keep the performance of the network within acceptable limits. The novelty of the system lies in the usage of timed finite state machines that enable the real-time detection of active attacks. The RIDAN system does not introduce any changes to the underlying routing protocol and operates as an intermediate component between the network traffic and the routing protocol. The system was developed and tested to operate in AODV-enabled networks using the network simulator (ns-2). The simulator parameters that were used in the scenarios developed to evaluate the RIDAN system consider both the accuracy and the efficiency of the simulation. The system was evaluated using as main the metric the delivery ratio. Thus when the system is under the sequence number attack the delivery ratio drops to 38.3% while the RIDAN-enabled AODV increases its performance by 16.6%. When the network is under the resource consumption attack the delivery ratio of AODV drops to 42.6% and the RIDAN system improves it by 31.6%. The final implemented attack is the dropping routing packets attack and when it is performed the delivery ration decreases to 23% while the RIDAN-enabled AODV manages to keep the network performance 13.8 % higher.