Intrusion Detection In Wireless Ad Hoc
recent years, the use of mobile ad hoc networks (MANETs) has been widespread in
many applications. The migration to
wireless network from wired network has been a global trend in the past few
decades. The mobility brought by wireless network made it possible in many
applications .Among all wireless networks, MANETs is one of the most important
and unique applications. Like other networks, it does not require a static
network infrastructure. As it has been mentioned; that it doesn’t require
proper infrastructure that results in threats to security. The open medium and
wide distribution of nodes make MANET vulnerable to malicious attackers. Therefore,
it is important to develop efficient intrusion detection mechanisms to protect
MANET from attacks.
Keywords- MANET; Intrusion Detection System;
Digital Signature; Malicious nodes; Misbehaviour report;
wireless ad-hoc network consists of a collection of mobile nodes that
communicate with each other via wireless links without a fixed communication
infrastructure. Nodes within each other’s radio range communicate directly
through wireless links, while those that are far apart rely on intermediate
nodes to forward their messages. Each node has a dual function; it works as a
router as well as a host. Unlike other networks MANETs does not depend on a
fixed infrastructure. Instead, hosts rely on each other to keep the network
connected. One of the main applications of Manets is the military tactical and
other security-sensitive operations. They are also being used for commercial
purposes due their unique features. One main challenge in design of these
networks is their liability to security attacks. The main goal is to investigate the development of some
protocols and algorithm that enables to securely collaborate over mobile ad hoc
networks as well as the wired backbone.
Intrusion detection can be defined as a
process of monitoring activities in a system, which can be a computer or
network system. The mechanism by which this is achieved is called an intrusion
detection system (IDS). An IDS collects activity information and then analyzes
it to determine whether there are any activities that violate the security
rules. Once an IDS determines that an unusual activity or an activity that is
known to be an attack occurs, it then generates an alarm to alert the security
administrator. In addition, IDS can also initiate a proper response to the
malicious activity1. Although there are several intrusion detection
techniques developed for wired networks today, they are not suitable for
wireless networks due to the differences in their characteristics. Therefore,
those techniques must be modified or new techniques must be developed to make intrusion
detection work effectively in MANETs.
Types of Attacks In Manets
behaviour and performance of MANET can be affected by different types of
attacks. Attacks can be classified on the basis of its domain, protocols and
means of attack. The attacks can be classified into two types namely, outsider
and insider attacks, according to the domain of the attacks. Insider attacks
are carried out by the compromised nodes, which are actually part of the network.
Outsider attacks are carried out by the nodes which do not belong to the
network. Insider attacks are more severe than outsider attacks because insiders
known secret information in the network and have privileged access rights.
attacks can also classify into two major categories: active and passive attacks
according to the attack means. Passive attacks obtain the data exchanged in the
network without disrupting the operation, while an active attack involves
interrupting the information, modification, thereby disrupting the normal
functionality of MANET.
EAACK-A Secure Intrusion Detection System for MANET
MANET does not need a
fixed network infrastructure; every single node works as both a transmitter and
a receiver. Nodes communicate directly with each other when they are both
within the same communication range 2. Otherwise, they rely on their
neighbours to relay messages. The self-configuring ability of nodes in MANET
made it popular among critical mission applications like military use or
emergency recovery. The open medium and wide distribution of nodes make MANET
open to malicious attackers. For this reason, it is important to develop
efficient intrusion-detection mechanisms to protect MANET from attacks. This
paper proposes a new system called ( EAACK-Enhanced Adaptive Acknowledgement)
is specially designed for MANETs to detect the attackers. it is an
acknowledgement based scheme. EAACK is an acknowledgment-based IDS. This scheme
uses digital signature. It requires all acknowledgment packets to be digitally
signed. This new system requires acknowledgement for the every packet sent to
the receiver with the signature.
First after sending
packets to the receiver it waits for the acknowledgement. Within the predefined
time interval the source received the acknowledgement from receiver then the
packet transmission is successful. Otherwise the source node will switch to the
secure acknowledgement mode.
In secure acknowledgement mode every
consecutive three nodes work together to detect the misbehaving nodes in the
route. Every third node in the group needs to give acknowledgement to the first
node. If any node fails to send acknowledgement is marked as malicious node.
Then the source node switches to misbehaviour report authentication (MRA) mode.
In MRA mode, source node first searches its local knowledge base for the
alternative path to the destination 3. Upon receiving MRA packet, destination
node will searches for any received MRA is stored; if it stored then ignore the
new packet and the node which sends that packet marked as malicious. Otherwise
the nodes marked as malicious in the packet are removed from the route in
future transmission. This system uses the digital signatures to authenticate
the acknowledgement packets. Digital signatures prevent the acknowledgement
packets to be forged. The sender of the acknowledgement packet must sign the packet
and after the reception of the packet receiver will verify the authenticity of
the packet. This new system reduces the packet dropping attack; it is the major
4.2 Routing Misbehavior in Mobile Ad hoc Networks
Most of the routing
protocols in mobile ad hoc networks have limitations in transmission. So the
nodes in MANET assume that other nodes always cooperate with each other to
relay packets. This gives opportunities to attackers to achieve the significant
impact on the network with one or two compromised nodes. To solve this problem
intrusion detection system should added enhanced security level4. This paper
proposed an intrusion detection system called watchdog. It aims to improve the
network throughput with the presence of malicious nodes. Watchdog consists of
two parts namely, watchdog and pathrater. It is responsible to detect the
malicious nodes misbehaviors in the network. Watchdog system has a failure
counter; it is increased while the next node fails to forward the packet.
Watchdog serves as IDS for
MANETs. It is responsible for detecting malicious node misbehaviours in the
network by overhearing the next node’s transmission.
Figure 1 detection of
It is capable of detecting
misbehaving nodes rather than links. It detects malicious misbehaviours by
promiscuously listening to its next hop’s transmission.
Figure 2 failure
If a Watchdog node overhears that
its next node fails to forward the packet within a certain period of time, it
increases its failure counter. Whenever a node’s failure counter exceeds a
predefined threshold, the Watchdog
node reports it as misbehaving.
is used here as response system. It uses the feedback given by the watchdog
part about the malicious misbehaviours of the node. It cooperates with routing
protocol to avoid the reported malicious nodes in future transmission. Many
implementation shows that watchdog scheme is efficient. It is capable of
detecting misbehaving nodes rather than links4.
paper includes literature survey for detecting the malicious nodes misbehaviors
in mobile ad hoc network (MANET). This paper shows the overview of various
intrusion detection systems to detect the malicious nodes and analyze the
attacks in the network and provide security against those attacks in order to provide
efficient packet transmission without modification, dropping and partial
dropping of packets using an efficient intrusion detection system.