ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A cooperative intrusion detection system for ad hoc networks
Full text PdfPdf (198 KB)
Source Workshop on Security of ad hoc and Sensor Networks archive
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks table of contents
Fairfax, Virginia
SESSION: Intrusion detection table of contents
Pages: 135 - 147  
Year of Publication: 2003
ISBN:1-58113-783-4
Authors
Yi-an Huang  Georgia Institute of Technology
Wenke Lee  Georgia Institute of Technology
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 29,   Downloads (12 Months): 280,   Citation Count: 24
Additional Information:

abstract   references   cited by   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/986858.986877
What is a DOI?

ABSTRACT

Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years because of the rapid proliferation of wireless devices. MANETs are highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring and management point, and lack of a clear line of defense. In this paper, we report our progress in developing intrusion detection (ID) capabilities for MANET. Building on our prior work on anomaly detection, we investigate how to improve the anomaly detection approach to provide more details on attack types and sources. For several well-known attacks, we can apply a simple rule to identify the attack type when an anomaly is reported. In some cases, these rules can also help identify the attackers. We address the run-time resource constraint problem using a cluster-based detection scheme where periodically a node is elected as the ID agent for a cluster. Compared with the scheme where each node is its own ID agent, this scheme is much more efficient while maintaining the same level of effectiveness. We have conducted extensive experiments using the ns-2 and MobiEmu environments to validate our research.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
J. P. Anderson. Computer security threat monitoring and surveillance. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania, April 1980.
 
2
Stefano Basagni, Distributed Clustering for Ad Hoc Networks, Proceedings of the 1999 International Symposium on Parallel Architectures, Algorithms and Networks (ISPAN '99), p.310, June 23-25, 1999
3
Stefano Basagni , Kris Herrin , Danilo Bruschi , Emilia Rosti, Secure pebblenets, Proceedings of the 2nd ACM international symposium on Mobile ad hoc networking & computing, October 04-05, 2001, Long Beach, CA, USA  [doi>10.1145/501436.501438]
4
Sonja Buchegger , Jean-Yves Le Boudec, Performance analysis of the CONFIDANT protocol, Proceedings of the 3rd ACM international symposium on Mobile ad hoc networking & computing, June 09-11, 2002, Lausanne, Switzerland  [doi>10.1145/513800.513828]
 
5
Levente Buttyán , Jean-Pierre Hubaux, Stimulating cooperation in self-organizing mobile ad hoc networks, Mobile Networks and Applications, v.8 n.5, p.579-592, October 2003  [doi>10.1023/A:1025146013151]
 
6
S. Cheung, An efficient message authentication scheme for link state routing, Proceedings of the 13th Annual Computer Security Applications Conference, p.90, December 08-12, 1997
7
Steven Cheung , Karl N. Levitt, Protecting routing infrastructures from denial of service using cooperative intrusion detection, Proceedings of the 1997 workshop on New security paradigms, p.94-106, September 23-26, 1997, Langdale, Cumbria, United Kingdom  [doi>10.1145/283699.283744]
 
8
Dorothy E. Denning, An intrusion-detection model, IEEE Transactions on Software Engineering, v.13 n.2, p.222-232, Feb. 1987  [doi>10.1109/TSE.1987.232894]
 
9
K. Fall and e Varadhan. The ns Manual (formerly ns Notes and Documentation), 2000. Online reference: http://www.isi.edu/nsnam/ns/ns-documentation.html.
10
Yih-Chun Hu , Adrian Perrig , David B. Johnson, Ariadne:: a secure on-demand routing protocol for ad hoc networks, Proceedings of the 8th annual international conference on Mobile computing and networking, September 23-28, 2002, Atlanta, Georgia, USA  [doi>10.1145/570645.570648]
 
11
Yi-an Huang , Wei Fan , Wenke Lee , Philip S. Yu, Cross-Feature Analysis for Detecting Ad-Hoc Routing Anomalies, Proceedings of the 23rd International Conference on Distributed Computing Systems, p.478, May 19-22, 2003
 
12
Koral Ilgun , R. A. Kemmerer , Phillip A. Porras, State Transition Analysis: A Rule-Based Intrusion Detection Approach, IEEE Transactions on Software Engineering, v.21 n.3, p.181-199, March 1995  [doi>10.1109/32.372146]
 
13
D. B. Johnson and D. A. Maltz. Dynamic source routing in ad hoc wireless networks. In Tomasz Imielinski and Hank Korth, editors, Mobile Computing, pages 153--181. Kluwer Academic Publishers, 1996.
 
14
Young-Bae Ko , Nitin H. Vaidya, Location-aided routing (LAR) in mobile ad hoc networks, Wireless Networks, v.6 n.4, p.307-321, July 2000  [doi>10.1023/A:1019106118419]
15
P. Krishna , N. H. Vaidya , M. Chatterjee , D. K. Pradhan, A cluster-based approach for routing in dynamic networks, ACM SIGCOMM Computer Communication Review, v.27 n.2, p.49-64, Apr. 1997  [doi>10.1145/263876.263885]
 
16
C. Krugel and T. Toth. Flexible, mobile agent based intrsuion detection for dynamic networks. In European Wireless, 2002.
 
17
S. Kumar and E. H. Spafford. A software architecture to support misuse intrusion detection. In Proceedings of the 18th National Information Security Conference, pages 194--204, 1995.
18
Sergio Marti , T. J. Giuli , Kevin Lai , Mary Baker, Mitigating routing misbehavior in mobile ad hoc networks, Proceedings of the 6th annual international conference on Mobile computing and networking, p.255-265, August 06-11, 2000, Boston, Massachusetts, United States  [doi>10.1145/345910.345955]
19
Vishal Mittal , Giovanni Vigna, Sensor-based intrusion detection for intra-domain distance-vector routing, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA  [doi>10.1145/586110.586129]
 
20
Charles E. Perkins, Ad hoc networking: an introduction, Ad hoc networking, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2001
21
Charles E. Perkins , Pravin Bhagwat, Highly dynamic Destination-Sequenced Distance-Vector routing (DSDV) for mobile computers, Proceedings of the conference on Communications architectures, protocols and applications, p.234-244, August 31-September 02, 1994, London, United Kingdom
 
22
Charles E. Perkins , Elizabeth M. Royer, The Ad Hoc on-demand distance-vector protocol, Ad hoc networking, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2001
 
23
A. Perrig, R. Canetti, D. Tygar, and D. Song. The TESLA broadcast authentication protocol. Cryptobytes (RSA Laboratories, Summer/Fall 2002), 5(2):2--13, 2002.
 
24
C. Sargor, Statistical Anomaly Detection for Link-State Routing Protocols, Proceedings of the Sixth International Conference on Network Protocols, p.62, October 13-16, 1998
 
25
J. Ross Quinlan, C4.5: programs for machine learning, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1993
 
26
Bruce Schneier, Secrets & Lies: Digital Security in a Networked World, John Wiley & Sons, Inc., New York, NY, 2000
 
27
Bradley R. Smith , Shree Murthy , J. J. Garcia-Luna-Aceves, Securing Distance-Vector Routing Protocols, Proceedings of the 1997 Symposium on Network and Distributed System Security, p.85, February 10-11, 1997
 
28
S. Vasudevan, B. DeCleene, N. Immerman, J. Kurose, and D. Towsley. Leader election algorithms for wireless ad hoc networks. In The Third DARPA Information Survivability Conference and Exposition (DISCEX III), April 2003.
 
29
M. G. Zapata. Secure ad hoc on-demand distance vector (SAODV) routing. IETF Internet Draft, draft-guerrero-manet-saodv-00.txt, August 2001 (Work in Progress), August 2001.
30
Yongguang Zhang , Wei Li, An integrated environment for testing mobile ad-hoc networks, Proceedings of the 3rd ACM international symposium on Mobile ad hoc networking & computing, June 09-11, 2002, Lausanne, Switzerland  [doi>10.1145/513800.513813]
 
31
L. Zhou and Z. J. Haas. Securing ad hoc networks. IEEE Network, 13(6):24--30, Nov/Dec 1999.

CITED BY  24
Bo Sun , Fei Yu , Kui Wu , Victor C. M. Leung, Mobility-based anomaly detection in cellular mobile networks, Proceedings of the 2004 ACM workshop on Wireless security, October 01-01, 2004, Philadelphia, PA, USA
Yi-an Huang , Wenke Lee, Hotspot-based traceback for mobile ad hoc networks, Proceedings of the 4th ACM workshop on Wireless security, September 02-02, 2005, Cologne, Germany
Ana Paula R. da Silva , Marcelo H. T. Martins , Bruno P. S. Rocha , Antonio A. F. Loureiro , Linnyer B. Ruiz , Hao Chi Wong, Decentralized intrusion detection in wireless sensor networks, Proceedings of the 1st ACM international workshop on Quality of service & security in wireless and mobile networks, October 13-13, 2005, Montreal, Quebec, Canada
Yu Liu , Yang Li , Hong Man , Wei Jiang, A hybrid data mining anomaly detection technique in ad hoc networks, International Journal of Wireless and Mobile Computing, v.2 n.1, p.37-46, May 2007
Dezun Dong , Yunhao Liu , Xiangke Liao, Self-monitoring for sensor networks, Proceedings of the 9th ACM international symposium on Mobile ad hoc networking and computing, May 26-30, 2008, Hong Kong, Hong Kong, China
João B. D. Cabrera , Carlos Gutiérrez , Raman K. Mehra, Ensemble methods for anomaly detection and distributed intrusion detection in Mobile Ad-Hoc Networks, Information Fusion, v.9 n.1, p.96-119, January, 2008
B. Malarkodi , B. Venkataramani , X. T. Pradeep, Modified AODV protocol for prevention of denial of service attacks in wireless ad hoc networks, Proceedings of the 5th WSEAS International Conference on Applied Informatics and Communications, p.77-84, September 15-17, 2005, Malta
Yu Liu , Cristina Comaniciu , Hong Man, A Bayesian game approach for intrusion detection in wireless ad hoc networks, Proceeding from the 2006 workshop on Game theory for communications and networks, October 14-14, 2006, Pisa, Italy
Douglas Herbert , Vinaitheerthan Sundaram , Yung-Hsiang Lu , Saurabh Bagchi , Zhiyuan Li, Adaptive correctness monitoring for wireless sensor networks using hierarchical distributed run-time invariant checking, ACM Transactions on Autonomous and Adaptive Systems (TAAS), v.2 n.3, p.8-es, September 2007
Nikunj C. Oza , Kagan Tumer, Classifier ensembles: Select real-world applications, Information Fusion, v.9 n.1, p.4-20, January, 2008
Qijun Gu , Peng Liu , Chao-Hsien Chu, Analysis of area-congestion-based DDoS attacks in ad hoc networks, Ad Hoc Networks, v.5 n.5, p.613-625, July, 2007
Issa Khalil , Saurabh Bagchi , Ness B. Shroff, MobiWorp: Mitigation of the wormhole attack in mobile multihop wireless networks, Ad Hoc Networks, v.6 n.3, p.344-362, May, 2008
Matthew Eric Otey , Amol Ghoting , Srinivasan Parthasarathy, Fast Distributed Outlier Detection in Mixed-Attribute Data Sets, Data Mining and Knowledge Discovery, v.12 n.2-3, p.203-228, May 2006
Edith C. H. Ngai , Jiangchuan Liu , Michael R. Lyu, An efficient intruder detection algorithm against sinkhole attacks in wireless sensor networks, Computer Communications, v.30 n.11-12, p.2353-2364, September, 2007
Geneviève Arboit , Claude Crépeau , Carlton R. Davis , Muthucumaru Maheswaran, A localized certificate revocation scheme for mobile ad hoc networks, Ad Hoc Networks, v.6 n.1, p.17-31, January, 2008
Hadi Otrok , Noman Mohammed , Lingyu Wang , Mourad Debbabi , Prabir Bhattacharya, A game-theoretic intrusion detection model for mobile ad hoc networks, Computer Communications, v.31 n.4, p.708-721, March, 2008
Ningrinla Marchang , Raja Datta, Collaborative techniques for intrusion detection in mobile ad-hoc networks, Ad Hoc Networks, v.6 n.4, p.508-523, June, 2008
Qijun Gu , Chao-Hsien Chu , Peng Liu , Sencun Zhu, Slander-resistant forwarding isolation in ad hoc networks, International Journal of Mobile Network Design and Innovation, v.1 n.3/4, p.162-174, January 2006
Qijun Gu , Peng Liu , Chao-Hsien Chu , Sencun Zhu, Defence against packet injection in ad hoc networks, International Journal of Security and Networks, v.2 n.1/2, p.154-169, March 2007
Yu Liu , Cristina Comaniciu , Hong Man, Modelling misbehaviour in ad hoc networks: a game theoretic approach for intrusion detection, International Journal of Security and Networks, v.1 n.3/4, p.243-254, December 2006
Issa Khalil , Saurabh Bagchi, MISPAR: mitigating stealthy packet dropping in locally-monitored multi-hop wireless ad hoc networks, Proceedings of the 4th international conference on Security and privacy in communication netowrks, September 22-25, 2008, Istanbul, Turkey
Chandrasekar Ramachandran , Sudip Misra , Mohammad S. Obaidat, FORK: A novel two-pronged strategy for an agent-based intrusion detection scheme in ad-hoc networks, Computer Communications, v.31 n.16, p.3855-3869, October, 2008
Bo Zhou , Qi Shi , Madjid Merabti, Balancing intrusion detection resources in ubiquitous computing networks, Computer Communications, v.31 n.15, p.3643-3653, September, 2008
Sevil Şen , John Andrew Clark, A grammatical evolution approach to intrusion detection on mobile ad hoc networks, Proceedings of the second ACM conference on Wireless network security, March 16-19, 2009, Zurich, Switzerland
Collaborative Colleagues:
Yi-an Huang: colleagues
Wenke Lee: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player