Ad hoc networks operate mostly over open environments and are hence vulnerable to a large number of threats. This calls for providing advanced intrusion detection. To meet this requirement, we introduce IDAR, a signature-and log-based distributed intrusion detector dedicated to ad hoc routing protocols. Contrary to existing systems that observe packets, IDAR analyses the logs generated by the OLSR protocol and identifies patterns of misuse. This detector copes with the resource-constraints of devices by providing distributed detection. In particular, depending on the level of suspicion/gravity involved, in-depth cooperative investigation is launched. Simulation shows limited bandwidth usage, high detection and low false positives.
Mobile ad hoc networks mostly operate over open, adverse, or even hostile environments and are, therefore, vulnerable to a large body of threats. Conventional ways of securing network relying on, for example, firewall and encryption, should henceforth be coupled with advanced intrusion detection. To meet this requirement, we first identify the attacks that threaten ad hoc networks, focusing on the Optimized Link State Routing Protocol. We then introduce IDAR, a signature-based Intrusion Detector dedicated to ad hoc routing protocols. Contrary to existing systems that monitor the packets going through the host, our system analyses the logs so as to identify patterns of misuse. This detector scopes with the resource-constraints of ad hoc devices by providing distributed detection; in particular, depending on the level of suspicion and gravity, in-depth cooperative diagnostic may be launched. Simulation-based evaluation shows limited resource consumption (e.g., memory and bandwidth) and high detection rate along with reduced false positives.
Ad hoc networks operate over open environments and are hence vulnerable to a large body of threats. To tackle this issue, we propose a distributed, signature-based anomaly detector that evaluates the trustworthiness of others so as to secure such a distributed detection. Contrary to existing detectors that passively observe packets, our detector analyses logs so as to identify patterns of misuse and proactively collaborate with others to gather additional evidences. As a result, no change is requested in the implementation of the node. The main challenge stems from difficulty involved in stating the occurrence of an attack based on second-hands evidences that may come from colluding attacker(s). To tackle this issue, we propose an entropy-based trust system that evaluates the trustworthiness of the nodes that provide the evidences. We further introduce a novel indicator which measures the level of confidence in the detection. Preliminary evaluations of the trust system along with the confidence measure have been conducted.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.