Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Recent Advances in Intrusion Detection

RAID 2006: Recent Advances in Intrusion Detection pp 249–271Cite as

DEMEM: Distributed Evidence-Driven Message Exchange Intrusion Detection Model for MANET

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4219))

Abstract

A Mobile Ad Hoc Network (MANET) is a distributed communication platform for mobile wireless nodes. Because of the lack of a centralized monitoring point, intrusion detection systems (IDS) for MANET are usually developed using a distributed architecture where detectors are deployed at each node to cooperatively detect attacks. However, most of these distributed IDS simply assume that each detector exchanges complete information with their peers instead of establishing an efficient message exchanging protocol among detectors. We propose a Distributed Evidence-driven Message Exchanging intrusion detection Model (DEMEM) for MANET that allows the distributed detector to cooperatively detect routing attacks with minimal communication overhead. The framework allows detectors to exchange evidences only when necessary. Under a few practical assumptions, we implement DEMEM to detect routing attacks the Optimal Link State Routing (OLSR) protocol. The example scenarios and performance metrics in the experiment demonstrate that DEMEM can detect routing attacks with low message overhead and delay, no false negatives, and very low false positives under various mobility conditions with message lost. Our ongoing works include implementing DEMEM in AODV, DSR and TBRPF, and a reputation-based cooperative intrusion response model.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Sanzgiri, K., Dahill, B., Levine, B.N., Shields, C., Belding-Royer, E.: A Secure Routing Protocol for Ad Hoc Networks. In: Proceedings of IEEE ICNP (2002)

    Google Scholar 

  2. Zapata, M., Asokan, N.: Securing Ad hoc Routing Protocols (2002)

    Google Scholar 

  3. Yi, S., Naldurg, P., Kravets, R.: Security-aware routing protocol for wireless ad hoc networks. In: Proceedings of ACM MobiHoc (October 2001)

    Google Scholar 

  4. Ilgun, K., Kemmerer, R., Porras, P.: State Transition Analysis: A Rule-based Intrusion Detection Approach. IEEE Transactions of Software Engineering 2(13), 181–199 (1995)

    Article  Google Scholar 

  5. Lindqvist, U., Porras, P.: Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST). In: Proceedings of the 1999 Symposium on Security and Privacy (May 1999)

    Google Scholar 

  6. Huang, Y.-a., Lee, W.: A Cooperative Intrusion Detection System for Ad Hoc Networks. In: Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2003) (October 2003)

    Google Scholar 

  7. Sterne, D., et al.: A General Cooperative Intrusion Detection Architecture for MANETs. In: Proceedings of the 3rd IEEE International Information Assurance Workshop (2005)

    Google Scholar 

  8. Anjum, F., Talpade, R.R.: LiPad: Lightweight Packet Drop Detection for Ad Hoc Networks. In: Proceedings of the 2004 IEEE 60th Vehicular Technology Conference, Los Angeles (September 2004)

    Google Scholar 

  9. Rebahi, Y., Mujica, V., Simons, C., Sisalem, D.: SAFE: Securing pAcket Forwarding in ad hoc nEtworks. In: 5th Workshop on Applications and Services in Wireless Networks, Paris, France (June/July, 2005)

    Google Scholar 

  10. Zhang, Y., Lee, W.: Intrusion Detection in Wireless Ad Hoc Networks. In: Proceedings of The Sixth International Conference on Mobile Computing and Networking (MobiCom 2000), Boston, MA (August 2000)

    Google Scholar 

  11. Tseng, C.-Y., Balasubramanyam, P., Ko, C., Limprasittiporn, R., Rowe, J., Levitt, K.: A Specification-Based Intrusion Detection System For AODV. In: Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2003) (October 2003)

    Google Scholar 

  12. Papadimitratos, P., Haas, Z.J.: Secure Link State Routing for Mobile Ad Hoc Networks. In: Proceedings of the IEEE Workshop on Security and Assurance in Ad Hoc Networks, Orlando, Florida (2003)

    Google Scholar 

  13. Adjih, C., Clausen, T., Jacquet, P., Laouiti, A., Mühlethaler, P., Raffo, D.: Securing the OLSR Protocol. In: Med-Hoc-Net 2003, Mahdia, Tunisia (June 25-27, 2003)

    Google Scholar 

  14. Tseng, C.H., Song, T., Balasubramanyam, P., Ko, C., Levitt, K.N.: A Specification-Based Intrusion Detection Model for OLSR. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 330–350. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  15. Prasant, M., Srikanth, K.: Ad Hoc Networks: Technologies and Protocols

    Google Scholar 

  16. Clausen, T., Jacquet, P.: Optimized Link State Routing Protocol. Formal Concept Analysis 3626

    Google Scholar 

  17. Johnson, D., Maltz, D.: Dynamic Source Routing in Ad Hoc Wireless Networks. Mobile Computing (1996)

    Google Scholar 

  18. Perkins, C.E., Belding-Royer, E.M., Das, S.: Ad Hoc On Demand Distance Vector (AODV) Routing. In: IETF RFC 3561

    Google Scholar 

  19. Sanzgiri, K., Dahill, B., LaFlamme, D., Levine, B.N., Shields, C., Belding-Royer, E.: A Secure Routing Protocol for Ad Hoc Networks. Journal of Selected Areas of Communications (JSAC) Special Issue on Ad hoc Networks (March 2005)

    Google Scholar 

  20. Nuevo, J.: A Comprehensible GloMoSim Tutorial (March 2004)

    Google Scholar 

  21. Huang, Y.-a., Lee, W.: Attack Analysis and Detection for Ad Hoc Routing Protocols. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 125–145. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  22. Perrig, R., Canetti, D., Tygar, Song, D.: The TESLA broadcast authentication protocol. Cryptobytes (RSA Laboratories, Summer/Fall 2002) 5(2), 2–13 (2002)

    Google Scholar 

  23. Wang, S.-H., Tseng, C., Ko, C., Levitt, K.: A General Automatic Response Model for MANET. In: Proceeding of First IEEE International Workshop on Next Generation Wireless Networks 2005 (IEEE WoNGeN 2005) (2005)

    Google Scholar 

  24. Ogier, R., Templin, F., Lewis, M.: Topology Broadcast based on Reverse-Path Forwarding. In: IETF RFC. 3684

    Google Scholar 

  25. Hu, Y.C., Perrig, A., Johnson, D.B.: Packet Leashes: A Defense against Wormhole Attacks in Wireless Ad Hoc Networks. In: Proceedings of INFOCOM 2003 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Security Laboratory, University of California, Davis

    Chinyang Henry Tseng, Shiau-Huey Wang & Karl Levitt

  2. Sparta Inc., Sunnyvale, CA, 94085, USA

    Calvin Ko

Authors
  1. Chinyang Henry Tseng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shiau-Huey Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Calvin Ko
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Karl Levitt
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IBM Research Laboratory, Säumerstr. 4, 8803, Rüschlikon, Switzerland

    Diego Zamboni

  2. Secure Systems Lab, Technical University of Vienna, 1040, Vienna, Austria

    Christopher Kruegel

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tseng, C.H., Wang, SH., Ko, C., Levitt, K. (2006). DEMEM: Distributed Evidence-Driven Message Exchange Intrusion Detection Model for MANET. In: Zamboni, D., Kruegel, C. (eds) Recent Advances in Intrusion Detection. RAID 2006. Lecture Notes in Computer Science, vol 4219. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11856214_13

Download citation

  • DOI: https://doi.org/10.1007/11856214_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-39723-6

  • Online ISBN: 978-3-540-39725-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation