Abstract
The unique characteristics of mobile ad hoc networks, such as shared wireless channels, dynamic topologies and a reliance on cooperative behavior, makes routing protocols employed by these networks more vulnerable to attacks than routing protocols employed within traditional wired networks. We propose a specification-based intrusion-detection model for ad hoc routing protocols in which network nodes are monitored for operations that violate their intended behavior. In particular, we apply the model to detect attacks on the OLSR (Optimized Link State Routing) protocol. We analyze the protocol specification of OLSR, which describes the valid routing behavior of a network node, and develop constraints on the operation of a network node running OLSR. We design a detection mechanism based on finite state automata for checking whether a network node violates the constraints. The detection mechanism can be used by cooperative distributed intrusion detectors to detect attacks on OLSR. To validate the research, we investigate vulnerabilities of OLSR and prove that the developed constraints can detect various attacks that exploit these vulnerabilities. In addition, simulation experiments conducted in GlomoSim demonstrate significant success with the proposed intrusion detection model.
This research has been prepared through the following grants – UCSB/AFOSR/MURI grant (#F49620-00-1-0331), NSF/ITR grant (#0313411) and collaborative participation in the Communications and Networks Consortium sponsored by the U.S. Army Research Laboratory under the CTA program (subcontracted through Telcordia under grant #10085064). The U.S. Government is authorized to reproduce and distribute reprints for government purposes, notwithstanding any copyright notation thereof.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Buchegger, S., Boudec, J.: Performance Analysis of the CONFIDANT Protocol: Cooperation of Nodes - Fairness In Distributed Ad hoc NeTworks. In: Proceedings of IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing (MobiHOC), Lausanne, CH (June 2002)
Buttyán, L., Hubaux, J.-P.: Stimulating Cooperation in Self-Organizing Mobile Ad Hoc Networks. Technical Report No. DSC/2001/046, Swiss Federal Institute of Technology, Lausanne (August 2001)
Huang, Y.-a., Lee, W.: A Cooperative Intrusion Detection System for Ad Hoc Networks. In: Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2003) (October 2003)
Hu, Y., Perrig, A., Johnson, D.B.: Wormhole detection in wireless ad hoc networks. Technical report, Rice University Department of Computer Science (June 2002)
Marti, S., Giuli, T.J., Lai, K., Baker, M.: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks. In: Proceedings of the 6th Intl. Conference on Mobile Computing and Networking, Boston, MA, August 2000, pp. 255–265 (2000)
Ning, P., Sun, K.: How to Misuse AODV: A Case Study of Insider Attacks against Mobile Ad hoc Routing Protocols. In: Proceedings of the 4th Annual IEEE Information Assurance Workshop, West Point, June 2003, pp. 60–67 (2003)
Perrig, R.C., Tygar, D., Song, D.: The TESLA broadcast authentication protocol. Cryptobytes (RSA Laboratories) 5(2), 2–13 (Summer/Fall 2002)
Papadimitratos, P., Haas, Z.J.: Secure Link State Routing for Mobile Ad Hoc Networks. In: Proceedings of the IEEE Workshop on Security and Assurance in Ad Hoc Networks, Orlando, Florida (2003)
Rao, R., Kesidis, G.: Detection of malicious packet dropping using statistically regular traffic patterns in multihop wireless networks that are not bandwidth limited. Brazilian Journal of Telecommunications (2003)
Ramanujan, R., Kudige, S., Nguyen, T., Takkella, S., Adelstein, F.: Intrusion-Resistant Ad Hoc Wireless Networks. In: Proceedings of MILCOM 2002 (October 2002)
Sanzgiri, K., Dahill, B., Levine, B.N., Belding-Royer, E., Shields, C.: A Secure Routing Protocol for Adhoc Networks. In: Proceedings of the 10 Conference on Network Protocols (ICNP) (November 2002)
Tseng, C.-Y., Balasubramanyam, P., Ko, C., Limprasittiporn, R., Rowe, J., Levitt, K.: A Specification-Based Intrusion Detection System For AODV. In: Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2003) (October 2003)
Zapata, M.G.: Secure ad hoc on demand (SAODV) routing. IETF Internet Draft, draft-guerrero-manet-saodv-00.txt (August 2001)
Zhang, Y., Lee, W.: Intrusion Detection in Wireless Ad Hoc Networks. In: Proceedings of The Sixth International Conference on Mobile Computing and Networking (MobiCom 2000), Boston, MA (August 2000)
Clausen, T., Jacquet, P.: Optimized Link State Routing Protocol. IETF RFC 3626
Clausen, T., Jacquet, P., Laouiti, A., Muhlethaler, P., Qayyum, A., Viennot, L.: Optimized Link State Protocol. IEEE INMIC Pakistan 2001 (2001)
Gwalani, S., Srinivasan, K., Vigna, G., Belding-Royer, E.M., Kemmerer, R.: An Intrusion Detection Tool for AODV-based Ad hoc Wireless Networks. To appear in Proceedings of the Annual Computer Security Applications Conference, Tucson, AZ (December 2004)
Anjum, F., Talpade, R.R.: LiPad: Lightweight Packet Drop Detection for Ad Hoc Networks. In: Proceedings of the 2004 IEEE 60th Vehicular Technology Conference, Los Angeles (September 2004)
Clausen, T., Jacquet, P., Laouiti, A., Muhlethaler, P.: Optimized Link State Routing Protocol. In: IEEE INMIC Pakistan 2001 (2001)
Ko, C., Ruschitzka, M., Levitt, K.: Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy (May 1997)
Adjih, C., Clausen, T., Jacquet, P., Laouiti, A., Mühlethaler, P., Raffo, D.: Securing the OLSR Protocol. Med-Hoc-Net 2003, Mahdia, Tunisia, June 25-27 (2003)
Laouiti, A.Q., Viennot, L.: Multipoint Relaying: An Efficient Technique for Flooding in Mobile Wireless Networks. In: 35th Annual Hawaii International Conference on System Sciences, HICSS 2002 (2002)
Jacquet, P., Laouiti, A., Minet, P., Viennot, L.: Performance Analysis of OLSR Multipoint Relay Flooding in Two Ad Hoc Wireless Network Models. Research Report-4260, INRIA, September 2001, RSRCP journal special issue on Mobility and Internet (2001)
Ilgun, K., Kemmerer, R., Porras, P.: State Transition Analysis: A Rule-based Intrusion Detection Approach. IEEE Transactions of Software Engineering 2(13), 181–199 (1995)
Lindqvist, U., Porras, P.: Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST). In: Proceedings of the 1999 Symposium on Security and Privacy (May 1999)
Javitz, H.S., Valdes, A.: The SRI IDES Statistical Anomaly Detector. In: Proceedings of the IEEE Symposium on Research in Security and Privacy (1991)
Hafslund, A., Tønnesen, A., Rotvik, R.B., Andersson, J., Kure, Ø.: Secure Extension to the OLSR Protocol. In: OLSR Interop and Workshop, San Diego (August 2004)
Bhargavan, K., et al.: VERISIM: Formal Analysis of Network Simulations. IEEE Transactions of Software Engineering 28(2), 129–145 (2002)
Subhadhrabandhu, D., et al.: Efficacy of Misuse Detection in Adhoc Networks. In: Proceedings of the 2004 First Annual IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks (SECON 2004), pp. 97–107 (2004)
Sterne, D., et al.: A General Cooperative Intrusion Detection Architecture for MANETs. In: Proceedings of the 3rd IEEE International Information Assurance Workshop (2005)
Nuevo, J.: A Comprehensible GloMoSim Tutorial (March 2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tseng, C.H., Song, T., Balasubramanyam, P., Ko, C., Levitt, K. (2006). A Specification-Based Intrusion Detection Model for OLSR. In: Valdes, A., Zamboni, D. (eds) Recent Advances in Intrusion Detection. RAID 2005. Lecture Notes in Computer Science, vol 3858. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11663812_17
Download citation
DOI: https://doi.org/10.1007/11663812_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-31778-4
Online ISBN: 978-3-540-31779-1
eBook Packages: Computer ScienceComputer Science (R0)