Abstract
In this paper we propose a distributed and modular architecture for an intrusion detection system (IDS) dedicated to a mobile ad hoc network (MANET) environment. The main feature of our proposition relies on the use, on each node of the MANET, of a local IDS (LIDS) cooperating with other LIDSes through the use of mobile agents. The modular design is needed as a response to the extensibility requirements related to the complex contexts of MANET. The proposed solution has been validated by a proof-of-concept prototype, which is described in the paper. Two different types of attacks are presented and have been implemented, at the network level and at the application level. The detection of such attacks are formally described by specification of data collection, attack signatures associated with such data and alerts generation, emphasizing the relation of each of these detection steps with the modules in the designed architecture. The use of the management information base (MIB) as a primary data source for the detection process is discussed and modules for MIB data extraction and processing are specified and implemented in the prototype. Experiments exhibit fairly good results, the attacks being collaboratively detected in real-time.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
S. Corson and J. Marker-Mobile ad hoc networking (MANET): Routing protocol performance issues and evaluation consideration. RFC 2501 (informational), IETF, 1999.
Y. Chun, L. Qin, L. Yong and Shi MeiLin-Routing protocols overview and design issues for self-organized network. Proceedings of IEEE International Conference on Communication Technology—(ICCT 2000), pp. 1298–1303, 2000.
L. Zhou and Z. J. Haas-Securing ad hoc networks. IEEE Network, Vol. 13, Nov.-Dec. 1999, pp. 24–30, 1999.
H. Luo, P. Zerfos, J. Kong, S. Lu, and L. Zhang-Self-securing Ad Hoc Wireless Networks, Proceedings of the Seventh International Symposium on Computers and Communications (ISCC’02), 2002.
Reference anonymized for the review process.
T. Droste-Weighted communication in a security compound,. Proceedings of the 5th International Conference on Telecommunications in Modern Satellite, Cable and Broadcasting Service, 2001 (TELSIKS 2001), pp. 463–466, vol.2, Yugoslavia, Sept. 2001.
Y. Zhang and W. Lee-Intrusion detection in wireless ad hoc networks. Proceedings of 6 th Annual International Conference on Mobile Computing and Networking, MOBICOM 2000, ACM, ACM Press New York, pp. 275–283, 2000.
Reference anonymized for the review process.
Wood and Erlinger, “Intrusion detection message exchange requirements”. IETF Internet draft. June 2002.
D. Curry, H. Debar, and Merrill Lynch-Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML). IETF Internet draft. June 2002.
B. Feinstein, G. Matthews, and J. White-The Intrusion Detection Exchange Protocol (IDXP). IETF Internet Draft. October 2002.
J. Balasubraniyan, J. Fernandez, D. Isacoff, E. Spafford, D. Zamboni-AAFID-Autonomous Agents For Intrusion Detection, Technical report 98/05, COAST Laboratory Purdue University, June 1998.
Steven R. Snapp, James Brentano, Gihan V. Dias, Terrance L. Goan, L. Todd Heberlein, Che-Lin Ho, Karl N. Levitt, Biswanath Mukkherjee, Stephen E. Smaha, Tim Grance, Daniel M. Teal, and Doug Mansur-DIDS-Distributed Intrusion Detection System, Computer Security Laboratory, Department of Computer Science, University of California, Davis, June 1992.
C. Ko, M. Ruschitzka, and K. Levitt. Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach. Proceedings of the 1997 IEEE Symposium on Security and Privacy, 1997.
S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, D. Zerkle-GrIDS-A Graph Based Intrusion Detection System for Large Networks, Computer Security Laboratory, Department of Computer Science,University of California, Davis, 1996.
Gregory B White, Eric A. Fish and Udo Pooch-CSM-Cooperating Security Managers: a peer based intrusion detection system, IEEE Networks, pages 20–23, January/February 1996.
Y. F Fou, F. Gong, C. Sargor, X. Wu, S. F. Wu, H. C. Chang, F. Wang — JINAO — Design and Implementation of a Scalable Intrusion Detection System for the OSPF Routing Protocol, Advanced Networking Research, MCNC Computer Science Dept, NC State University, February, 1999.
Phillip A. Porras, Peter G. Neumann-EMERAL-Event Monitoring Enabling Responses to Anomalous Live Disturbances, Conceptual Overview, December, 1996.
Midori Asaka, Atsushi Taguchi, Shigeki Goto — IDA — The Implementation of IDA: An In-trusion Detection Agent System, IPA Waseda University, 1999.
Christopher Krügel, Thomas Toth-Flexible, Mobile Agent Based Intrusion Detection for Dynamic Networks, Distributed Systems Group, Technical University Vienna, 2002.
K. Ilgun, R. A. Kemmerer, and P. A. Porras-State Transition Analysis: A Rule-Based In-trusion Detection Approach. IEEE Transactions on Software Engineering. pp 181–199.March 1995.
J. Cabrera, L. Lewis, R. Prasanth, X. Qin, W. Lee, and R. Mehra-Proactive detection of distributed denial of service attacks using MIB traffic variables — a feasibility study, in Proceedings of the 7th IFIP/IEEE International Symposium on Integrated Network Management, Seattle, WA, USA, may 2001.
S. Satinford-Chen, and L. Heberlein-Holding Intruders Accountable on the Internet. Proceedings of the 1995 IEEE Symposium on Security and Privacy, 1995.
S. Martino — A mobile agent approach to intrusion detection, technical report, Joint Research Centre Institute for Systems, Informatics and Safety, Italy, June 1999.
W. Lee; S. J. Stolfo; and K. W. Mok-A data mining framework for building intrusion detection models. Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999.
Reference anonymized for the review process.
H. Debar, M. Dacier and A. Wespi-A Revised Taxonomy for Intrusion-Detection Systems, IBM Research Report, Zurich, 1999.
K. McCloghrie; and A. Bierman-Entity MIB (Version 2), IETF Request for Comment 2737, December 1999.
T. Clausen, P. Jacquet, A. Laouiti, P. Minet, P. Muhlethaler, A. Qayyum, L. Viennot-Optimized Link State Routing Protocol-IETF draft, MANET working group, version 7, July 2002.
http://edge.mcs.drexel.edu/GICL/people/sevy/snmp/snmp-package.html.
J. Kiniry and D. Zimmerman-Special Feature: A Hands-On Look at Java Mobile Agents, IEEE Internet Computing, Vol. 1,No. 4, July/August 1997.
D. Comer; and D. L. — Internetworking with TCP/IP, Vol. 3: Client-Server Programming and Applications, Linux/Posix Sockets Version LINUX/POSI, Prentice-Hall, 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Puttini, R.S. et al. (2003). A Modular Architecture for Distributed IDS in MANET. In: Kumar, V., Gavrilova, M.L., Tan, C.J.K., L’Ecuyer, P. (eds) Computational Science and Its Applications — ICCSA 2003. ICCSA 2003. Lecture Notes in Computer Science, vol 2669. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44842-X_11
Download citation
DOI: https://doi.org/10.1007/3-540-44842-X_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40156-8
Online ISBN: 978-3-540-44842-6
eBook Packages: Springer Book Archive