ISSN: 1694-2108 | Vol. 6, No. 1. OCTOBER 2013 1
Intrusion Detection Techniques for Mobile
Ad Hoc and Wireless Sensor Networks
Rakesh Sharma
Department of Computer science & Engineering, HCTM Technical Campus Kaithal,Haryana,India
V. A. Athavale
Department of Computer science & Engineering, Gulzar Group of institutions Khanna,Punjab,India
Pinki Sharma
Department of Computer science & Engineering, HCTM Technical Campus Kaithal,Haryana,India
ABSTRACT
Mobile circumstantial networks and wireless detector networks have secure a large form of applications. However, they are usually deployed in probably adverse or perhaps hostile environments. Therefore, they cannot be without delay deployed while not first addressing security challenges. Intrusion detection systems supply a necessary layer of in-depth protection for wired networks. However, relatively little or no analysis has been performed concerning intrusion detection at intervals the areas of mobile ad-hoc networks and wireless sensing element networks. Throughout this text, first we tend to shortly introduce mobile ad-hoc networks and wireless sensor networks and their security issues. Then, we tend to concentrate on their intrusion detection capabilities. Specifically, we tend to gift the challenge of constructing intrusion detection systems for mobile ad-hoc networks and wireless detector networks, survey the prevailing intrusion detection techniques, and indicate important future analysis directions
Keywords
Mobile ad-hoc networks, wireless sensor networks, attacks, AODV, IDS, secure aggregation.
1. INTRODUCTION
ISSN: 1694-2108 | Vol. 6, No. 1. OCTOBER 2013 2 vary of applications in each military and civilian environments. As an example, a painter might be deployed quickly for military communications within the field. A painter additionally might be deployed quickly in situations like a gathering space, a town transportation wireless network, for hearth fighting, and so on. To create such a cooperative and self-configurable network, each mobile host ought to be a forthcoming node and keen to dispatch messages for others. Within the original style of a painter, international trait in nodes at intervals the full network may be a basic security assumption. Recent progress in wireless communications and Micro-Electro Mechanical Systems (MEMS) technology has created it possible to make miniature wireless detector nodes that integrate sensing, processing, and communication capabilities. These miniature wireless detector nodes is very tiny, as little as a cubic centimeter. Compared with typical computers, the inexpensive, powered, detector nodes have a restricted energy offer, tight process and communications capability, and memory is inadequate. The planning and implementation of relevant services for WSNs should keep these limitations in mind. Supported the cooperative efforts of an outsized variety of detector nodes, WSNs became smart candidates to supply economically viable solutions for a large vary of applications, like environmental observance, scientific information assortment, health observance, and military operations [1].An example WSN is illustrated in Fig. 1, the WSN is deployed to sight targets.
Figure 1.Example of a wireless sensor network.
ISSN: 1694-2108 | Vol. 6, No. 1. OCTOBER 2013 3 usually are deployed in adverse or perhaps hostile environments. Therefore, they can't be without delay deployed while not 1st addressing security challenges. Because of the options of associate degree release medium, the low degree of physical defense of movable nodes, a vibrant topology, a restricted power offer, and therefore the absence of a central management purpose [2], MANETs are a lot of prone to malicious attacks than ancient wired networks ar. In WSNs, the shortage of physical security combined with unattended operations creates detector nodes liable to an elevated threat of being capture and compromised, creating WSNs prone to a range of attacks. So far, study to search out protection solutions for MANETs and WSNs has originated from the interference function of read. As an example, in each network, there exist several key distribution and management schemes that may be designed supported link-layer security design, interfering of denial of service attacks, and vulnerable direction-finding protocols. There’s additionally analysis targeted to specific services and applications. As an example, one amongst the foremost vital functions of deploying WSNs is to gather relevant information. During an information assortment method, aggregation was needed to save lots of energy, so prolonging the lifespan of a WSN. However, aggregation primitives are prone to node compromise attacks. This results in incorrectly mass results by a compromised collector. Hence, effective techniques are needed to verify the integrity of mass results. Prevention-based approaches will considerably scale back potential attacks. However, they can't whole eliminate intrusions. When a node is compromised, all the secrets related to the node are receptive attacks. This renders prevention- primarily based techniques less useful for guarding against malicious insiders. In observe, insiders will cause abundant larger injury. Therefore, Intrusion Detection Systems (IDSs), serving because the next line of defense, are essential in providing a highly-secured system. By modeling behaviors of correct activities, IDS will effectively establish potential intruders and so offer in-depth protection. During this article, we tend to first offer a short introduction to IDS. Then, we tend to gift challenges in constructing IDSs for mobile circumstantial networks and wireless detector networks and analysis their existing intrusion detection techniques. Finally, we tend to imply vital future analysis directions.
2. INTRUSION DETECTION TECHNIQUES
ISSN: 1694-2108 | Vol. 6, No. 1. OCTOBER 2013 5 Figure 2. Watchdog mechanism for MANETs.
2.1 Intrusion Detection in MANET attack models
It is terribly difficult to gift a once-for-all detection approach. The analysis of existing attack models will facilitate the extraction of effective options, that seems to be one amongst the foremost vital steps in building associate degree IDS. The subsequent are representative kinds of attacks within the context of a painter IDS:
• Routing Logic Compromise: In routing protocols, typical attack situations embody region, routing update storm, fabrication, and modification of varied fields in routing management packets (for example, route request message, route reply message, route error message, etc.) throughout completely different phases of routing procedures. Of these attacks will cause serious pathology during a painter.
• Traffic Distortion: This includes attacks like packet dropping, packet corruption, information flooding, and so on. Motivated by their completely different objectives, attackers might take completely different actions to control packets. As an example, attackers might arbitrarily, sporadically, or by selection drop received packets to egotistically save power or advisedly stop different nodes from receiving information.
Source
S
A B
C D
Destination
A can overhear B’s transmission to decide
ISSN: 1694-2108 | Vol. 6, No. 1. OCTOBER 2013 6 In addition to those, attacks like speeding, wormhole, and spoofing even have been mentioned within the context of a painter. What is more, it is not tough to fabricate intrusions supported the mix of attacks mentioned antecedently. 2.1.1 Existing analysis
ISSN: 1694-2108 | Vol. 6, No. 1. OCTOBER 2013 9 through sporadically activity its native link modification rate, a planned performance metric that may replicate quality levels. The planned theme is a smaller amount hooked in to underlying quality models and might more improve performance.
Figure 3. The zone-based instruction detection system for MANETs.
2.2 Intrusion detection in a WSN
Similar to security analysis during a painter, several prevention-based approaches during a WSN are planned. These approaches address challenges as well as key institution, trust started, privacy, authentication, secure routing, and high level security services. However, the large-scale localized preparation of a WSN and therefore the lack of physical security create prevention-based schemes inadequate when detector nodes are compromised. Therefore, associate degree IDS also can supply adequate security protection for a WSN. During this section, we tend to gift a survey of existing IDS analysis within the context of a WSN. Compared with a painter, a WSN provides a comparatively newer communication paradigm. Therefore, there are fewer works that address
9 IDS IDS IDS IDS IDS IDS 3 3 3 C 3
IDS IDS
IDS IDS IDS IDS IDS IDS IDS IDS IDS IDS
IDS IDS
IDS IDS IDS IDS IDS IDS IDS IDS IDS IDS IDS Zone
Alert concentration point
Alert
concentration point
6
3
5 4
2 1 8 7
1 4 5 6 9 8 10 2
ISSN: 1694-2108 | Vol. 6, No. 1. OCTOBER 2013 10 the development of a WSN IDS. What is more; completely different applications and services motivated by WSNs demonstrate different characteristics. Therefore, it's necessary to integrate ID approaches with corresponding applications as a result of attacks targeted at completely different applications and services demonstrate different manifestations. Within the following, we tend to use two vital services of a WSN, secure aggregation and secure localization, maybe current WSN IDS analysis efforts.
2.2.1 Challenges
The distinctive characteristics of detector nodes cause challenges to the development of a WSN IDS. A WSN contains a restricted power offer, so requiring energy-efficient protocols and applications to make best use of the lifespan of detector networks. Detector nodes have tight system resources in terms of memory and process capabilities, creating intensive calculations impractical. Detector nodes are liable to failure. This leads to frequent configuration changes. Also, a WSN sometimes is densely deployed, inflicting serious radio channel competition and measurability issues. The planning of an efficient WSN IDS should bear in mind all of those challenge.
2.2.2 Secure Localization in WSNS
ISSN: 1694-2108 | Vol. 6, No. 1. OCTOBER 2013 11 locations are according to the preparation information. As an example, if a bunch of detector nodes are born out of associate degree aero plane consecutive because the plane flies forward, traditional distributions is wont to model the preparation distribution of this cluster of detector nodes. Every non-beacon node will compare its calculable locations with the preparation information. If the amount of inconsistency is on top of a predefined threshold, detector nodes will make a decision that established position references are malicious. Liu et al. [12] additionally propose a set of approaches to strain malicious location references. The primary approach is predicated on minimum mean sq. error. Supported the examination that malicious position references and category ones are sometimes inconsistent, non-beacon nodes will cipher associate degree inconsistency level of received location references. The inconsistency level is delineating by a mean square error of estimation. If the mean sq. error is larger than a threshold, non-beacon nodes may suppose that the received set of location references is malicious. The second approach is that the voting-based location estimation methodology. Specifically, the deployed space is split into a grid of cells. The non-beacon node will then have each received location reference vote on the cells during which this node might reside and so decide however possible this node is in every cell. When the choice method, the middle of the cells with the very best votes could also be used because the calculable location.
2.2.3 Secure Aggregation in WSNS
ISSN: 1694-2108 | Vol. 6, No. 1. OCTOBER 2013 12 Hop-by-Hop information Aggregation Protocol (SDAP) for WSNs. the planning of SDAP is predicated on divide-and-conquer and commit-and-attest principles. Specifically, a probabilistic grouping methodology is employed to dynamically divide nodes into multiple logical teams of comparable sizes. In every logical cluster, a hop-by-hop aggregation is performed and one combination is generated from every cluster. This hop-by-hop aggregation is increased to confirm that every cluster cannot deny its committed combination. When receiving all the cluster aggregates, the bottom station will apply associate degree approach supported the Grubbs’ take a look at to spot suspicious teams. This approach will facilitate strike outliers from received aggregates. Finally, every cluster beneath study should participate within the attestation method and prove the correctness of its cluster aggregates. When the attestation method, the bottom station will calculate the ultimate combination over all the cluster aggregates that are either traditional or have passed the attestation method.
Motivated by analysis in laptop vision and automatic devising, Buttyán et al. [15] propose a random sample agreement (RANSAC) paradigm for resilient aggregation during a WSN. RANSAC is associate degree outlier elimination technique that may handle a high share of outlier menstruation information. Specifically, RANSAC uses as few non-attacked information as attainable to see associate degree initial model. Presumptuous that the non-attacked information follows traditional distributions, the RANSAC algorithmic program uses most likelihood estimation (MLE) to estimate the parameters of the initial model. When the initial model is determined, RANSAC tries to enlarge the initial information set with consistent data. Outlier measurements will then be filtered out, notwithstanding an outsized amount of detector nodes is compromised.
Figure 4. An example aggregation tree in WSNs
Legend
Wireless sensor
node Data transmission
Vi Sensor
measurement A
B
C D
E F
J
H
I K
L
G
M N
V1 Base
Station
V 2 V 3
f
ISSN: 1694-2108 | Vol. 6, No. 1. OCTOBER 2013 13
2.2.4 Future analysis directions
In this section, we tend to discuss future analysis directions to construct IDSs for each MANETs and WSNs. In the system thought, IDS analysis for each MANETs and WSNs needs a distributed design and therefore the collaboration of a bunch of nodes to create correct choices. ID techniques additionally ought to be integrated with existing painter and WSN applications. This needs associate degree understanding of deployed applications and connected attacks to deploy appropriate ID mechanisms. Attack models should be fastidiously established to facilitate the preparation of ID ways. Also, solutions should contemplate resource constraints in terms of computation, energy, communication, and memory. This is often particularly vital within the context of a WSN.
2.2.5 Extended Kalman Filter-Based Secure Aggregation for a WSN
ISSN: 1694-2108 | Vol. 6, No. 1. OCTOBER 2013 15 Figure 5. Collaboration between IDM and SMM to differentiate malicious events from
emergency events.
Once node A collects the knowledge from these nodes, if it finds that the bulk of detector nodes assume that event E might happen, node A then makes a choice that E is triggered by some emergency events. On the opposite hand, if node A finds that the bulk of detector nodes assume that event E shouldn't happen, then node A thinks that E is triggered by either a malicious node or a faulty nevertheless smart node. To create a final judgment, node A will still get up those nodes around event E and request their opinions regarding event E. If node A finds that the bulk of detector nodes assume that event E shouldn't happen, node A then suspects that node B is malicious.
3. INTEGRATION OF MOBILITY AND INTRUSION DETECTION IN MANET
One of the most difficulties in building MANET IDSs is to contemplate however quality impacts the planning of detection engines. This can be
Compromised node Fire
False report
Alert transmission False report
Compromised node
Co-detectors
ISSN: 1694-2108 | Vol. 6, No. 1. OCTOBER 2013 16 particularly necessary within the context of MANETs as a result of most dynamics in MANETs area unit caused by quality. MANET IDSs, while not properly considering quality, area unit susceptible to a high false positive magnitude relation. This renders MANET IDSs less effective. Link modification rate is wont to capture the impact of quality on IDS engines. Supported the link modification rate, a properly trained traditional profile is elite at totally different quality levels adaptively. victimization totally different quality models, like random waypoint model, random drunk model, and obstacle quality model, associate degree adaptative theme is incontestable to be less captivated with underlying quality models and might additional cut back the false positive magnitude relation [16]. However, the performance of the projected adaptative theme at high quality levels still isn't pretty much as good for sure. It is also terribly difficult to construct mobility-independent MANET IDSs as a result of this needs the extraction of mobility-independent options. What is more, a way to consistently check the performance of MANET IDSs continues to be associate degree on-going work.
4. CONCLUSION
Intrusion detection systems will determine malicious activities and facilitate to supply adequate protection. Therefore, associate degree IDS has become an imperative part to supply defense-in-depth security mechanisms for each MANETs and WSNs. during this article, we tend to provided associate degree introduction to mobile unintended networks and wireless detector networks and given challenges in constructing IDSs for MANETs and WSNs. we tend to then surveyed existing intrusion detection techniques within the context of MANETs and WSNs. Finally, victimization secure in-network aggregation for WSNs and therefore the integration of quality and intrusion detection for MANETs as examples, we tend to mentioned necessary future analysis directions.
REFERENCES
[1] F. Akyildiz et al., “Wireless Sensor Networks: A Survey,” Elsevier Comp. Networks, vol. 38, no. 2, 2002, pp. 393–422.
[2] Y. Zhang, W. Lee, and Y. Huang, “Intrusion Detection Techniques for Mobile Wireless Networks,” ACM Wireless Networks, vol. 9, no. 5, Sept. 2003, pp. 545–56. [3] H. Debar, M. Dacier, and A. Wespi, “A Revised Taxonomy for Intrusion Detection
Systems,” Annales des Telecommun., vol. 55, 2000, pp. 361–78.
[4] Y. Huang et al., “Cross-Feature Analysis for Detecting Ad-hoc Routing Anomalies,”
Proc. IEEE ICDCS ’03, Providence, RI, May 2003, pp. 478–87.
[5] Y. Huang, and W. Lee, “A Cooperative Intrusion Detection System for Ad Hoc Networks,” ACM SASN ’03, Fairfax, VA, 2003, pp. 135–47.
ISSN: 1694-2108 | Vol. 6, No. 1. OCTOBER 2013 17
[7] S. Marti et al., “Mitigating Routing Misbehavior in Mobile Ad Hoc Networks,” ACM
Mobicom 2000, Boston, MA, Aug. 2000, pp. 255–65.
[8] C.-Y. Tseng et al., “A Specification-based Intrusion Detection System for AODV,”
ACM SASN ’03, Fairfax, VA, 2003, pp. 125–34.
[9] B. Sun, K. Wu, and U. Pooch, “Alert Aggregation in Mobile Ad-Hoc Networks,” ACM WiSe ’03 in conjunction with ACM Mobicom ’03, San Diego, CA, 2003, pp. 69–78
[10]B. Sun et al., “Integration of Mobility and Intrusion Detection for Wireless Ad Hoc Networks,” Wiley Int’l. J.Commun. Sys., vol. 20, no. 6, June 2007, pp. 695–721. [11]W. Du, L. Fang, and P. Ning, “LAD: Localization Anomaly Detection for Wireless
Sensor Networks,” J.Parallel and Distrib. Comp., vol. 66, no. 7, July 2006, pp. 874– 86.
[12]D. Liu, P. Ning, and W. Du, “Attack-Resistant Location Estimation in Sensor Networks,” ACM/IEEE IPSN ’05, Los Angeles, CA, Apr. 2005, pp. 99–106.
[13]D. Wagner, “Resilient Aggregation in Sensor Networks,” ACM SASN ’04, Washington DC, 2004, pp. 78–87.
[14]Y. Yang et al., “SDAP: A Secure Hop-by- Hop Data Aggregation Protocol for Sensor Networks,” ACM Mobihoc ’06, Florence, Italy, 2006, pp. 356–67.
[15]L. Buttyán, P. Schaffer, and I. Vajda, “RANBAR: RANSAC Based Resilient Aggregation in Sensor Networks,” ACM SASN ’06, Alexandria, VA, 2006, pp. 83–90. [16]B. Sun et al., “Integration of Secure In-Network Aggregation and System Monitoring
for Wireless Sensor Networks,” IEEE ICC ’07, Glasgow, U.K., June 2007.
