Skip to main content
SpringerLink
Log in

A distributed cross-layer intrusion detection system forad hoc networks

Système Réparti Inter-Couches Pour Détecter L’Intrusion Dans les Réseaux AD HOC

  • Published:
Annales Des Télécommunications Aims and scope Submit manuscript

Abstract

Most existing intrusion detection systems (Idss) for ad hoc networks are proposed for single layer detection. Although they may apply to other layers of network protocol stack, individual layers of data is still being analyzed separately. In addition, most have not been able to emphasize localization of attack source. In this paper, we propose an anomaly-based ids that utilizes cross-layer features to detect attacks, and localizes attack sources within onehop perimeter. Specifically, we suggest a compact feature set that incorporate intelligence from bothMac layer and network layer to profile normal behaviors of mobile nodes; we adapt a data mining anomaly detection technique from wired networks to ad hoc networks; and we develop a novel collaborative detection scheme that enables theIds to correlate local and global alerts. We validate our work through ns-2 simulation experiments. Experimental results demonstrate the effectiveness of our method.

Résumé

Le caractère dynamique, réparti et auto organisé des réseaux ad hoc présente un grand défi à la détection des intrusions. En général, le système de détection d’intrusion dans un réseau s’implémente à la périphérie. Cette solution ne peut pas s’appliquer aux réseaux ad hoc par manque d’une infrastructure pré-existante pour la communication et de centres de contrôle. Par ailleurs, les techniques courantes pour détecter l’intrusion, qui ont été développées pour les réseaux filaires et étendus, ne peuvent que s’appliquer aux couches individuelles dans le protocole de réseau. Dans cet article, nous présentons un système de détection d’intrusion fondé sur un nœud qui arrive à détecter l’origine d’une attaque et à la localiser à un saut de la périphérie. Nous présentons plus particulièrement un ensemble de dispositifs compacts qui associent les informations des couches mac et réseau pour profiler le comportement des nœuds mobiles. Nous adaptons cette technique pour détecter les anomalies dans les réseaux filaires et ad hoc.

Enfin, nous proposons un nouveau mécanisme de réponse à l’intrusion qui permet à un système de lier une alerte locale aux alertes globales collectées des environs. Nous validons notre travail par des expériences par simulation ns-2. Les résultats des expériences indiquent l’efficacité de notre méthode.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Cardenas (A.A.),Radosavac (S.),Baras (J.S.), Detection and Prevention of mac Layer Misbehavior in Ad Hoc Networks, Proceedings of the 2ndAcm Workshop on Security of Ad Hoc and Sensor Networks, pp. 17–22, Oct. 2004.

  2. Dahill (B.),Levine (B.N.),Royer (E.),Shields (C), A Secure Routing Protocol for Ad Hoc Networks,Technical Report 0137, Department of Computer Science, University of Massachusetts, Aug. 2001.

  3. Zapata (M.G.),Asokan (N.), Securing Ad-Hoc Routing Protocols, Proceedings of the 2002Acm Workshop on Wireless Security, pp. 1–10, Sept. 2002.

  4. Hu (Y.-C),Perrig (A.),Johnson (D.B.), Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols,Acm Workshop on Wireless Security 2003, pp. 30–40, Sept. 2003.

  5. Brinkley (J.), Trost (W.), Authenticated Ad Hoc Routing at the Link Layer for Mobile Systems,Wireless Networks 7, no2, pp. 139–145, Kluwer Academic Publishers, 2001.

    Article  Google Scholar 

  6. Marti (S.),Giuli (T.),Lai (K.),Baker (M.), Mitigating Routing Misbehavior in Mobile Ad Hoc Networks,Proceedings of the 6th International Conference on Mobile Computing and Networking (MobiCom’00), pp. 255–265, Aug. 2000.

  7. Anjum (F.), Subhadrabandhu (D.), Sarkar (S.), Signature based Intrusion Detection for Wireless AdHoc Networks: A Comparative study of various routing protocols,Proceedings of Vehicular Technology Conference, Wireless Security Symposium, 3, pp. 2152–2156, Oct. 2003.

    Google Scholar 

  8. Sekar (R.),Gupta (A.),Frullo (J.),Shanbhag (T.),Tiwari (A.),Yang (H.),Zhou (S.), Specification-based Anomaly Detection: A New Approach for Detecting Network Intrusions, Proceedings of the 9thAcm Conference on Computer and Communications Security, pp. 265–274, Nov. 2002.

  9. Crashiis: “http://www.ll.mit.edU/IST/ideval/docs/1999/attackDB.html#crashiis”.

  10. Lee (W.), Stolfo (S. J.), Adaptive Intrusion Detection: A Data Mining Approach, ACM Transactions on Information and System Security (Tissec), 3, no 4, pp. 227–261, Nov. 2000.

    Article  Google Scholar 

  11. Zhang (Y.),Lee (W.), Intrusion Detection in Wireless Adhoc Networks,Proceedings of the 6th Annual International Conference on Mobile Computing and Networking (MobiCom’00), pp. 275–283, Aug. 2000.

  12. Cohen (W.W.), Fast Effective Rule Induction,Proceedings of the Twelfth International Conference on Machine Learning, pp. 115–123, Tahoe City, CA, Jul. 1995.

  13. Huang (Y),Lee (W.), A Cooperative Intrusion Detection System for Ad Hoc Networks, Proceedings of the 1stAcm workshop on Security of ad hoc and sensor networks, pp. 135–147, Oct. 2003.

  14. Quinlan (J.R.), C4.5: Programs for Machine Learning,Morgan Kaufmann, San Mateo, CA, 1993.

  15. Han (E.),Karypis (G.),Kumar (V.), Text Categorization Using Weight Adjusted k-Nearest Neighbor Classification,Proceedings of the 5th PacificAsia Conference on Knowledge Discovery and Data Mining, pp. 53–65, Apr. 2001.

  16. Deng (H.),Zeng (Q.),Agrawal (D. P.), svM-based Intrusion Detection System for Wireless Ad Hoc Networks, Proceedings of theIeee Vehicular Technology Conference (Vtc’03), 3, pp. 2147–2151, Oct. 2003.

  17. Kachirski (O.),Guha (R.), Intrusion Detection Using Mobile Agents in Wireless Ad Hoc Networks, Proceedings of theIeee Workshop on Knowledge Media Networking, pp. 153–158, Jul. 2002.

  18. Tseng (C),Balasubramanyam (P.),Ko (C),Limprasittiporn (R.),Rowe (J.), Levitt (K.), A Specificationbased Intrusion Detection System forAodv, Proceedings of the 1stAcm Workshop on Security of ad hoc and Sensor Networks, pp. 125–134, Oct. 2003.

  19. Negi (R.),Perrig (A.), Jamming Analysis of mac Protocols,Technical MemoCarnegie Mellon, Feb. 2003.

  20. Zhang (X.),Wu (S.F.),Fu (Z.),Wu (T.L.), Malicious Packet Dropping: How It Might Impact the TCP Performance and How We Can Detect It,Proceedings of the 2000 International Conference on Network Protocols, pp. 263–272, Nov. 2000.

  21. Hu (Y.-C), Perrig (A.), Johnson (D.B.), Packet Leashes: A Defense Against Wormhole Attacks in Wireless Ad Hoc Networks, Proceedings ofIeee infocom 2003, 3, pp. 1976–1986, Apr. 2003.

    Google Scholar 

  22. Awerbuch (B.),Holmer (D.),Nitarotaru (C),Rubens (H.), An On-Demand Secure Routing Protocol Resilient to Byzantine Failures, Proceedings of theAcm Workshop on Wireless Security 2002, pp. 21–30, Sept. 2002.

  23. Burdich (D.),Calimlim (M.),Gehrke (J.),Mafia: A Maximal Frequent Itemset Algorithm for Transactional Databases, Proceedings of the 17th International Conference on Data Engineering (Icde), pp. 443–452, Apr. 2001.

  24. Agrawal (R.),Srikant R., Fast Algorithms for Mining Association Rules,Proceeding of the 20th Int’l Conference on Very Large Databases, pp. 487–499, Sept. 1994.

  25. Pearl (J.), Probalistic Reasoning in Intelligent Systems: Networks of Plausible Inference,Morgan Kaufmann, 1988.

  26. Jordan (M.I.), Learning in Graphical Models (Adaptive Computation and Machine Learning), Part I, III,The mit Press, 1st ed., 1998.

  27. Liu (Y.), Man (H.), “Network Vulnerability Assessment using Bayesian Networks,Spie Defense and Security Symposium,5812, pp. 61–71, Orlando, FL, Mar. 2005.

    Google Scholar 

  28. Wu (YS.),Foo (B.),Mei (Y),Bagchi (S.), Collaborative Intrusion Detection System (Cids): A Framework for Accurate and EfficientIds,Ieee the 19th Annual Computer Security Applications Conference, Las Vegas, NV, Dec. 2003.

  29. Kruegel (C),Mutz (D.),Robertson (W.),Valeur (F.), Bayesian Event Classification for Intrusion Detection,Ieee the 19th Annual Computer Security Applications Conference, Las Vegas, NV, Dec. 2003.

  30. Bronstein (A.),Das (J.),Duro (M.),Friedrich (R.),Cohen (I.), Self-Aware Services: Using Bayesian Networks for Detecting Anomalies in Internetbased Services,Hp Labs Technical ReportsHpl 2001-23R1, 2001.

  31. Coenen (F.),Leng (P.),Zhang (L.), Threshold Tuning for Improved Classification Association Rule Mining,The 9th Pacific-Aisa Conference on Knowledge Discovery and Data Mining, May 2005.

  32. Hu (H.),Li (J.), Using Association Rules to Make Rule-based Classifiers Robust, Proceedings of the 16th Australasian Database Conference (Acis), Jan.Feb. 2005.

  33. Brutch (P.),Ko (C), Challenges in Intrusion Detection for Wireless Adhoc Networks, Proceedings of theIeee 2003 Symposium on Applications and the Internet Workshops, pp. 368–373, Jan. 2003.

  34. Kumar (S.), Classification and detection of computer intrusions,Ph.D thesis, Purdue University, Aug. 1995.

  35. Lazarevic (A.),Ertoz (L.),Ozgur (A.),Srivastava (J.),Kumar (V), A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection”,Proc. Siam Conf. Data Mining, 2003.

  36. Lakhina (A.),Crovella (M.),Diot (C), Diagnosing NetworkWide Traffic Anomalies,Acm Ssigcomm’04, Portland, Oregon, Aug.–Sept. 2004.

  37. Leung (K.),Leckie (C), Unsupervised Anomaly Detection in Network Intrusion detection Using Clusters,the 28th Australasian Computer Science Conference, Australia, Jan. 2005.

  38. Broch (J.),Maltz (D.),Johnson (D.),Hu (Y.-C),Jetcheva (J.), A Performance Comparison of MultiHop Wireless Ad Hoc Network Routing Protocols, Proceedings of the 4th AnnualAcm/jeee International Conference on Mobile Computing and Networking (MobiCom’98), pp. 85–97, Oct. 1998.

Download references

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, Stevens Institute of Technology Hoboken, 07030, New Jersey, USA

    Yu Liu, Yang Li & Hong Man

Authors
  1. Yu Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yang Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hong Man
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Liu, Y., Li, Y. & Man, H. A distributed cross-layer intrusion detection system forad hoc networks. Ann. Télécommun. 61, 357–378 (2006). https://doi.org/10.1007/BF03219912

Download citation

  • Received:

  • Accepted:

  • Issue Date:

  • DOI: https://doi.org/10.1007/BF03219912

Key words

Mots clés

Search

Navigation