Skip to main content
SpringerLink
Log in

A Distributed and Collaborative Intrusion Detection Architecture for Wireless Mesh Networks

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

Wireless Mesh Network (WMN) is an emerging heterogeneous network architecture that is growing in importance among traditional wireless communication systems as a cost-effective way of providing Internet services. However, WMNs are particularly vulnerable to malicious nodes given their inherent attributes such as decentralized infrastructure and high dependence of node cooperation. We then propose a distributed and Collaborative Intrusion Detection System (CIDS) architecture for detecting insider attacks at real-time, which comprises: i) a Routing Protocol Analyzer (RPA) to analyze the collected routing traffic and generate respective Routing Events; ii) a Distributed Intrusion Detection Engine (DIDE) that treats the Routing Events by applying Routing Constraints and calculate related Misbehaving Metrics; iii) a Cooperative Consensus Mechanism (CCM) to check the Misbehaving Metrics using a proposed threshold scheme and to track down the source of intrusion. The entire CIDS solution is implemented in a virtualized mesh network platform. The experimental results show the proposed CIDS architecture efficiently detects message fabrication attacks with good precision and low resource consumption.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Marsch P, Raaf B, Szufarska A, Mogensen P, Hao G, Farber M et al (2012) Future mobile communication networks: challenges in the design and operation. Vehicul Technol Mag, IEEE 7(1):16–23. doi:10.1109/MVT.2011.2179343

    Article  Google Scholar 

  2. Akyildiz IF, Wang X, Wang W (2005) Wireless mesh networks: a survey. Comput Netw ISDN Syst 47(4):445–487. doi:10.1016/j.comnet.2004.12.001

    Article  MATH  Google Scholar 

  3. Sanzgiri K, Dahill B, Levine BN, Shields C, Belding-Royer EM (2002) A secure routing protocol for ad hoc networks. In Network Protocols, 2002. Proceedings. 10th IEEE International Conference on, 12-15 Nov. 2002 (pp. 78–87). doi:10.1109/ICNP.2002.1181388

  4. Hu Y-C, Perrig A, Johnson DB (2005) Ariadne: a secure on-demand routing protocol for ad hoc networks. Wirel Netw 11(1–2):21–38. doi:10.1007/s11276-004-4744-y

    Article  Google Scholar 

  5. Zapata MG (2002) Secure ad hoc on-demand distance vector routing. SIGMOBILE Mob Comput Commun Rev 6(3):106–107. doi:10.1145/581291.581312

    Article  Google Scholar 

  6. Zhao S, Kent R, Aggarwal A (2013) A key management and secure routing integrated framework for mobile Ad-hoc networks. Ad Hoc Netw 11(3):1046–1061. doi:10.1016/j.adhoc.2012.11.005

    Article  Google Scholar 

  7. Li Q, Zhao M, Walker J, Hu Y-C, Perrig A, Trappe W (2009) SEAR: a secure efficient ad hoc on demand routing protocol for wireless networks. Sec Commun Netw 2(4):325–340. doi:10.1002/sec.60

    Article  Google Scholar 

  8. Safa H, Artail H, Tabet D (2010) A cluster-based trust-aware routing protocol for mobile ad hoc networks. Wirel Netw 16(4):969–984. doi:10.1007/s11276-009-0182-1

    Article  Google Scholar 

  9. Marín-Blázquez JG, Pérez GM (2008) Intrusion detection using a linguistic hedged fuzzy-XCS classifier system. Soft Comput 13(3):273–290. doi:10.1007/s00500-008-0322-z

    Article  Google Scholar 

  10. Schmidt A-D, Peters F, Lamour F, Scheel C, Çamtepe SA, Albayrak S (2009) Monitoring smartphones for anomaly detection. Mob Netw Appl 14(1):92–106. doi:10.1007/s11036-008-0113-x

    Article  Google Scholar 

  11. Damopoulos D, Menesidou SA, Kambourakis G, Papadaki M, Clarke N, Gritzalis S (2012) Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers. Sec Commun Netw 5(1):3–14. doi:10.1002/sec.341

    Article  Google Scholar 

  12. Huang Y-A, Lee W (2004) Attack analysis and detection for Ad Hoc routing protocols. In: Jonsson E, Valdes A, Almgren M (eds) Recent advances in intrusion detection, vol 3224, Lecture notes in computer science. Springer Berlin, Heidelberg, pp 125–145

    Chapter  Google Scholar 

  13. Orset J-M, Alcalde B, Cavalli A (2005) An EFSM-based intrusion detection system for ad hoc networks. In: Peled D, Tsay Y-K (eds) Automated technology for verification and analysis, vol 3707, Lecture notes in computer science. Springer Berlin, Heidelberg, pp 400–413

    Chapter  Google Scholar 

  14. Tseng C-Y, Balasubramanyam P, Ko C, Limprasittiporn R, Rowe J, Levitt K (2003) A specification-based intrusion detection system for AODV. Paper presented at the Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks, Fairfax, Virginia

  15. Paxson V (1999) Bro: a system for detecting network intruders in real-time. Comput Netw 31(23–24):2435–2463. doi:10.1016/s1389-1286(99)00112-7

    Article  Google Scholar 

  16. Morais A, Cavalli A (2012) A distributed intrusion detection scheme for wireless ad hoc networks. Paper presented at the Proceedings of the 27th Annual ACM Symposium on Applied Computing, Trento, Italy

  17. Zhang Y, Lee W, Huang Y-A (2003) Intrusion detection techniques for mobile wireless networks. Wirel Netw 9(5):545–556. doi:10.1023/a:1024600519144

    Article  Google Scholar 

  18. Zhang W, Wang Z, Das SK, Hassan M (2007) Security issues in wireless mesh networks. In: Hossain E, Leung K (eds) Wireless mesh networks. Springer, US, pp 309–330

    Chapter  Google Scholar 

  19. Neumann A, Aichele C, Lindner M, Wunderlich S (2008) Better Approach To Mobile Ad-hoc Networking (B.A.T.M.A.N.) IETF Internet-Draft (expired October 2008). http://tools.ietf.org/html/draft-wunderlich-openmesh-manet-routing-00. Accessed December 2012

  20. B.A.T.M.A.N. Advanced. http://www.open-mesh.org. Accessed December 2012

  21. Abolhasan M, Hagelstein B, Wang JCP (2009) Real-world performance of current proactive multi-hop mesh protocols. In Communications, 2009. APCC 2009. 15th Asia-Pacific Conference on, 8–10 Oct. 2009 (pp. 44–47). doi:10.1109/APCC.2009.5375690

  22. Friginal J, de Andrés D, Ruiz J-C, Gil P (2011) Towards benchmarking routing protocols in wireless mesh networks. Ad Hoc Netw 9(8):1374–1388. doi:10.1016/j.adhoc.2011.03.010

    Article  Google Scholar 

  23. Morais A, Cavalli A (2012) An event-based packet dropping detection scheme for wireless mesh networks. In: Xiang Y, Lopez J, Kuo CCJ, Zhou W (eds) Cyberspace safety and security, vol 7672, Lecture notes in computer science. Springer Berlin, Heidelberg, pp 309–323

    Chapter  Google Scholar 

  24. Hartnett T (2011) Consensus-oriented decision-making: the CODM model for facilitating groups to widespread agreement: New Society

  25. Paxson V. The bro network security monitor. http://bro-ids.org. Accessed December 2012.

  26. Morais A, Cavalli A (2011) Detection of attacks in wireless mesh networks. In dependable computing (LADC), 2011 5th Latin-American Symposium on, 25–29 April 2011 (pp. 45–54). doi:10.1109/LADC.2011.13

  27. Morais A, Cavalli A (2011) Route manipulation attack in wireless mesh networks. In Advanced Information Networking and Applications (AINA), 2011 I.E. International Conference on, 22–25 March 2011 (pp. 501–508). doi:10.1109/AINA.2011.11

  28. Bellard F. QEMU - open source machine emulator and virtualizer. http://wiki.qemu.org. Accessed December 2012

  29. Virtual Distributed ethernet switch. http://wiki.virtualsquare.org/wiki/index.php/VDE. Accessed December 2012

  30. Jemec M. PackETH - Ethernet packet generator. http://packeth.sourceforge.net/sourceforge. Accessed December 2012

  31. Sysstat - Performance monitoring tools for Linux. http://sebastien.godard.pagesperso-orange.fr/. Accessed December 2012

  32. Marti S, Giuli TJ, Lai K, Baker M (2000) Mitigating routing misbehavior in mobile ad hoc networks. Paper presented at the Proceedings of the 6th annual international conference on Mobile computing and networking, Boston, Massachusetts, United States

  33. Hao Y, Shu J, Xiaoqiao M, Songwu L (2006) SCAN: self-organized network-layer security in mobile ad hoc networks. Select Areas Commun, IEEE J 24(2):261–273. doi:10.1109/JSAC.2005.861384

    Article  Google Scholar 

  34. Komninos N, Douligeris C (2009) LIDF: layered intrusion detection framework for ad-hoc networks. Ad Hoc Netw 7(1):171–182. doi:10.1016/j.adhoc.2008.01.001

    Article  Google Scholar 

  35. Saxena N, Denko M, Banerji D (2011) A hierarchical architecture for detecting selfish behaviour in community wireless mesh networks. Comput Commun 34(4):548–555. doi:10.1016/j.comcom.2010.04.040

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Software-Networks Department, Télécom SudParis, 9 rue Charles Fourier, 91011, Evry Cedex, France

    Anderson Morais & Ana Cavalli

Authors
  1. Anderson Morais
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ana Cavalli
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anderson Morais.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Morais, A., Cavalli, A. A Distributed and Collaborative Intrusion Detection Architecture for Wireless Mesh Networks. Mobile Netw Appl 19, 101–120 (2014). https://doi.org/10.1007/s11036-013-0457-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-013-0457-8

Keywords

Search

Navigation