INTRUSION
DETECTION IN
MANET
-Pooja Kundu
MANET
Mobile ad hoc network
Is used to exchange information.
Each node is willing to forward data to other nodes.
Does not rely on fixed infrastructure.
No central authority.
Why MANET? Advantages: low-cost, flexibility
Ease & Speed of deployment
Decreased dependence on infrastructure
Applications: Military environments
soldiers, tanks, planes
Civilian environments
vehicle networks
conferences / stadiums
outside activities
Emergency operations
search-and-rescue / policing and fire fighting
Problems In MANET
Routing
Security and Reliability
Quality of Service
Internetworking
Power Consumption
Security
A major issue in Mobile ad-hoc network is “SECURITY”.
Two approaches in protecting mobile ad-hoc networks
Reactive approach: Seeks to detect security threats and react accordingly.
Proactive approach: Attempts to prevent an attacker from launching attacks through various cryptographic techniques
Classification of Security
Attacks
IDS-MANET
IDS: Intrusion detection System which is used to detect and report the malicious activity in ad hoc networks.
Ex: Detecting critical nodes using IDS
Intrusion Detection System (IDS) can collect and analyze audit data for the entire network.
Critical node is a node whose failure or malicious behavior disconnects or significantly degrades the performance of the network.
Contd..
Packets may be dropped due to network congestion or because a malicious node is not faithfully executing a routing algorithm.
Researchers have proposed a number of collaborative IDS systems.
Some of the schemes are neighbor-monitoring, trust-building, and cluster-based voting schemes which are used to detect and report the malicious activity in ad hoc networks.
Existing Approaches
Watchdog
TWOACK
Adaptive Acknowledgment (AACK)
1.Watchdog
Listen to next hop’s transmission.
If the node fails, it increases its failure
counter.
The node is reported as misbehaving if
failure counter increases a threshold.
2.TWOACK
CONTD…
Solves the receiver collision and limited
transmission power problems posed by
Watchdog.
But added a significant amount of
unwanted network overhead.
Due to the limited battery power nature of
MANETs, such redundant transmission
process can easily degrade the life span of
the entire network
3.AACK
Contd…
greatly reduces the network overhead
Fail to detect malicious nodes with the
presence of false misbehaviour report and
forged acknowledgment packets.
EAACK
Contd…
Designed to tackle three of the six
weaknesses of Watchdog scheme-
false misbehaviour,
limited transmission power,
and receiver collision.
digital signature scheme is adopted during
the packet transmission process.
Problem-1
Problem-2
Problem-3
EAACK- Scheme Description
Introduction of digital signature.
3 Major parts- ACK,S-ACK, MRA.
Contd… ACK is basically an end-to-end
acknowledgment scheme.
S-ACK scheme is an improved version of
the TWOACK scheme - three consecutive
nodes work in a group.
The MRA scheme detects misbehaving
nodes with the presence of false
misbehavior report.
EAACK requires all acknowledgment
packets to be digitally signed
System Control Flow
THANK U