Distributed Intrusion Detection System for Ad hoc MobileNetworks
Muhammad Nawaz Khan
Muhammad Ilyas Khatak
School of Electrical Engineering & Computer Science, Department of Computing, Department of Computing & Technology,National University of Science & Technology (NUST) Shaheed Zulfikar Ali Bhutto Institute Iqra University IslamabadIslamabad, Pakistan. Of Science & Technology Islamabad, Pakistan Islamabad, Pakistan
In mobile ad hoc network resourcerestrictions on bandwidth, processing capabilities, battery life and memory of mobile devices leadtradeoff between security and resources consumption.Due to some unique properties of MANETs, proactivesecurity mechanism like authentication,confidentiality, access control and non-repudiationare hard to put into practice. While some additionalsecurity requirements are also needed, like co-operation fairness, location confidentiality, datafreshness and absence of traffic diversion. Traditionalsecurity mechanism i.e. authentication andencryption, provide a security beach to MANETs. Butsome reactive security mechanism is required whoanalyze the routing packets and also check the overallnetwork behavior of MANETs. Here we propose alocal-distributed intrusion detection system for ad hocmobile networks. In the proposed distributed-ID, eachmobile node works as a smart agent. Data collect by node locally and it analyze that data for maliciousactivity. If any abnormal activity discover, it informsthe surrounding nodes as well as the base station. It works like a Client-Server model, each node works incollaboration with server, updating its database eachtime by server using Markov process. The proposedlocal distributed- IDS shows a balance between falsepositive and false negative rate. Re-active security mechanism is very useful in finding abnormalactivities although proactive security mechanismpresent there. Distributed local-IDS useful for deeplevel inspection and is suited with the varying natureof the MANETs.
MANETs, Intrusion Detection System (IDS),security mechanism, proactive, reactive, Markov process, falsenegative and false positive.
MANETs is an autonomous system of mobile nodes, built onad hoc demands and work as wireless network, nodes movefrom place to place in peer to peer fashion. MANET has nopre-define structure, no centralized administration, henceany node may leave or enter the network. The self organizing nature of the ad hoc network comprises the nodesinto arbitrary and temporary ad hoc topology, this leads toinherent weakness of security . Security for aninfrastructure-less and ad hoc nature of the network is a greatchallenged. On the other hand the resources constraints(limited power, limited communication range, processingcapabilities, and limited memory) of the mobile devices inthe MANET leads trade off s between security requirementsand resources consumptions .
Most of the time security in ad hoc network ensures by usingencryption and authentication. But the changing topologyand decentralized management of MANETs, mobile nodesare compromised in many ways. Actually these protocols donot examine the received packets and do not analyze theoverall network behavior but works in a traditional proactivemanner. Therefore another reactive mechanism is requiredwhich not only check the packets locally but also deeplyinspect that what is the internal state of the receiving data. Italso monitors the overall network performance that what isgoing on? If any misbehave action detects, it not onlyinforms the surrounding nodes but also take some necessaryaction against those intruders. The ad hoc closed-keynetworks is comparatively more secure than the open ad hocnetworks because closed-key networks have pre-definesecurity policy for authentication and encryption but open adhoc networks are free for any node to come in and becomesthe part of the ad hoc network with arbitrary topology.
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 10, No. 1, January 201268http://sites.google.com/site/ijcsis/ISSN 1947-5500