Upload
dil-ip
View
5
Download
0
Embed Size (px)
DESCRIPTION
A secure intrusion detection system for manets
Citation preview
**Dept. of ECE
Dept. of ECE
EAACKA Secure Intrusion-DetectionSystem for MANETs**Dept. of ECE
Dept. of ECE
Contents Introduction What is MANET???? Need For IDS???? IDSWatch dogTWOACKAACKEAACKPerformance EvaluationSimulation configurationAdvantagesFuture enhancementConclusionReference
**Dept. of ECE
Dept. of ECE
IntroductionMANET -Mobile Ad hoc NETworksIDS -Intrusion Detection SystemsEAACK-Enhanced Adaptive ACKnowledgement
**Dept. of ECE
Dept. of ECE
Mobile Ad hoc NETworksWireless networkAd hoc = for this PURPOSEUsed to exchange informationNODES = transmitter + receiverNodes may be mobileEach node is willing to forward data to other nodesCommuncation can be direct or indirectNodes communicates directly within their rangesOtherwise rely on neighbours (indirectly)
**Dept. of ECE
Dept. of ECE
Continuation.....
Properties of MANETsNo fixed infrastructureSelf configuring abilityDynamic topologyDecentralized network
**Dept. of ECE
Dept. of ECE
Continuation.Routes between nodes may contain multiple hopsNodes act as routers to forward packets for each otherNode mobility may cause the routes change
ABC DABC D**Dept. of ECE
Dept. of ECE
Continuation.Application of MANETSMilitary applicationCombat regiment in the field Perhaps 4000-8000 objects in constant unpredictable motion.Intercommunication of forces Proximity, plan of battle
Sensor networksAutomotive networksIndustrial application
**Dept. of ECE
Dept. of ECE
MANET vulnerable to malicious attackersOpen mediumWide distribution of nodesRouting protocols assumes nodes are always cooperativeNodes are not physically protected**Dept. of ECE
Dept. of ECE
IDSIntrusion Detection SystemDetect and report the malicious activity in ad hoc networksResearchers have proposed a number of collaborative IDS systemWatch dogTWOACKAACK**Dept. of ECE
Dept. of ECE
Watch dog**Dept. of ECE
Dept. of ECE
Ambiguous collision**Dept. of ECE
Dept. of ECE
Receiver collision**Dept. of ECE
Dept. of ECE
Limited transmission power**Dept. of ECE
Dept. of ECE
False misbehaviour report**Dept. of ECE
Dept. of ECE
TWOACK**Dept. of ECE
Dept. of ECE
Continuation....Acknowledgment-based network layer schemeNeither an enhancement or watch dog based schemeAcknowledge every data packet transmitted over every three consecutive nodesOn receiving a packet , each node is required to send back an acknowledgment packet to the node that is two hops away from it.Solves receiver collision and limited transmission power problemNetwork overhead is present**Dept. of ECE
Dept. of ECE
AACKAdaptive ACKnowledgementAcknowledgment-based network layer schemeReduce network overheadCombination of TACK (similar to TWOACK) and ACKACK-End to end acknowledgment scheme
**Dept. of ECE
Dept. of ECE
ACKS will switch to TACK scheme if it doesnt get any ACK packet within predefined time**Dept. of ECE
Dept. of ECE
Both TWOACK and AACK fails in False misbehaviour reportForged acknowledgement packet**Dept. of ECE
Dept. of ECE
Enhanced Adaptive ACKnowledgementEfficient and secure intrusion detection system for MANETsHigher malicious behaviour detection rates with minimal effect on network performanceEAACK mechanism can be divided to three schemesACK(end to end acknowledgement scheme)S-ACK(Secure ACK)MRA(Misbehaviour Report Authentication)**Dept. of ECE
Dept. of ECE
ACKEnd-to-end acknowledgment schemeBrings extremely low network overheadTo preserve the life cycle of batteryLow network overheadLom memory consumption
**Dept. of ECE
Dept. of ECE
ACK scheme**Dept. of ECE
Dept. of ECE
2.S-ACKSecure ACKExtension of TWOACK with digital signatureSwitch from ACK if S does not receive any acknowledgement packet Detect misbehaving nodes by sending S-ACK packetEvery three consecutive nodes work in a group to detect misbehaving nodes
**Dept. of ECE
Dept. of ECE
S-ACK schemeWho is malicious?? F1,F2 OR F3???**Dept. of ECE
Dept. of ECE
Route is F1 F2 F3F1 sends S-ACK data packet to F3 via the route F2 F3Before sending F1 store # value of data packet and sending timeF2 receives packet from F1 and forward to F3F3 receives the data packet and send S-ACK acknowledgement Contain # value and digital signature of F3
**Dept. of ECE
Dept. of ECE
This S-ACKnowledgement is send back to the reverse routeF1 receives it and verify digital signature by computing with F3 public key.If there is no malicious nodes ,then the received hash value ==original hash value**Dept. of ECE
Dept. of ECE
F1 IS MALICIOUSFalse misbehaviour attack In EAACK,it initiates MRA scheme.**Dept. of ECE
Dept. of ECE
F2 IS MALICIOUSDigital signature of F3 is neededPrevent forged acknowledgement**Dept. of ECE
Dept. of ECE
F3 IS MALICIOUSIf F3 refuses to send back acknowledgementpackets, it will be marked as malicious**Dept. of ECE
Dept. of ECE
3.MRA Misbehaviour Report AuthenticationDesigned to resolve the false misbehaviour report attackSuch attack can break the entire networkBasic idea - Authenticate whether the destination node has received the reported missing packetAlternate route is neededMRA packet is send via this alternate routeMRA packet contains the ID of the packet that has been reported droppedDestination node search if there is a match
**Dept. of ECE
Dept. of ECE
Continuation...If there is match,the report is fake and node ,whoever sends it, is marked as maliciousIf there is no match,the report is trusted.**Dept. of ECE
Dept. of ECE
EAACK SCHEME**Dept. of ECE
Dept. of ECE
Performance EvaluationPacket delivery ratio (PDR): Ratio of the number of packets received by the destination node to the number of packets sent by the source node.Routing overhead (RO): RO defines the ratio of the amount of routing-related transmissions.**Dept. of ECE
Dept. of ECE
Simulation configurationScenario 1: Malicious nodes drop all the packets that pass through it.Scenario 2: Set all malicious nodes to send out false misbehavior report to the source node whenever it is possibleScenario 3: Provide the malicious nodes the ability to forge acknowledgment packets.
**Dept. of ECE
Dept. of ECE
**Dept. of ECE
Dept. of ECE
ADVANTAGESSolves limited transmission power and receiver collision problem.Capable of detecting misbehaviour attackEnsure authentication and packet integrityDigital signatures prevents the attack of forge acknowledgement packets
**Dept. of ECE
Dept. of ECE
FUTURE ENHANCEMENTPossibilities of adopting hybrid cryptography techniques to further reduce the network overhead caused by digital signature.Examine the possibilities of adopting a key exchange mechanism to eliminate the requirement of predistributed keys.Testing the performance of EAACK in real network environment.
**Dept. of ECE
Dept. of ECE
Conclusion EAACK makes MANETs more secure The major threats like false mis behaviour report and forge acknowledgement can be detected by using this scheme.**Dept. of ECE
Dept. of ECE
REFERENCE
EAACKA Secure Intrusion-Detection System for MANETs by Elhadi M. Shakshuki, Senior Member, IEEE, Nan Kang, and Tarek R. Sheltami, Member, IEEEDetecting Misbehaving Nodes in Mobile Ad hoc Networks by Nan Kang
**Dept. of ECE
Dept. of ECE
**Dept. of ECE
Dept. of ECE
**Dept. of ECE
Dept. of ECE