Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Detection Techniques in Mobile Ad Hoc and Wireless Sensor Networks - IEEE October 2007 CMSC 681 - Advanced Computer Networks Oleg Aulov CMSC.

Published byIsabella Lindsey Modified over 9 years ago

Similar presentations

Presentation on theme: "Intrusion Detection Techniques in Mobile Ad Hoc and Wireless Sensor Networks - IEEE October 2007 CMSC 681 - Advanced Computer Networks Oleg Aulov CMSC."— Presentation transcript:

1 Intrusion Detection Techniques in Mobile Ad Hoc and Wireless Sensor Networks - IEEE October 2007 CMSC 681 - Advanced Computer Networks Oleg Aulov CMSC 681 - Advanced Computer Networks Oleg Aulov

2 MANET and WSN  No wires, Limited battery life, Limited memory and processing capability  No base stations, Mobile nodes, Nodes relay data (act as routers)  Usually no centralized authority  Deployed in adverse or hostile environment  Prevention sec.-key distrib. Mgmt. schemes - doesn’t work once the node is compromised and the secrets leak. Insiders can cause greater damage.  No wires, Limited battery life, Limited memory and processing capability  No base stations, Mobile nodes, Nodes relay data (act as routers)  Usually no centralized authority  Deployed in adverse or hostile environment  Prevention sec.-key distrib. Mgmt. schemes - doesn’t work once the node is compromised and the secrets leak. Insiders can cause greater damage.

3 IDS-second line of defence  IDS - dynamically monitors the system to detect compromise of confidentiality, availability and integrity.  Two common types -  misuse based - stores database of known attacks  anomaly based - creates normal profile of system states or user behaviors (difficult to built, mobility challenges)  Specification based - manually developed specs, time-consuming  IDS - dynamically monitors the system to detect compromise of confidentiality, availability and integrity.  Two common types -  misuse based - stores database of known attacks  anomaly based - creates normal profile of system states or user behaviors (difficult to built, mobility challenges)  Specification based - manually developed specs, time-consuming

4 ID in MANET - attacks  Routing logic compromise - blackhole, routing update storm, fabrication,  Traffic Distortion - dropping, coruption, flooding  Others - rushing, wormhole, spoofing  Routing logic compromise - blackhole, routing update storm, fabrication,  Traffic Distortion - dropping, coruption, flooding  Others - rushing, wormhole, spoofing

5 MANET - Existing Research- Zhang et al  Agent attached to each node, performs ID & response individually  Unsupervised method to construct & select feature set (dist, velocity, # hops, etc)  Pattern classification problem - apply RIPPER(decision tree for rule induction) & SVM Light (support vector machine, when data cannot be classified by set of features) algorithms  Post Processing - to eliminate false alarms  Agent attached to each node, performs ID & response individually  Unsupervised method to construct & select feature set (dist, velocity, # hops, etc)  Pattern classification problem - apply RIPPER(decision tree for rule induction) & SVM Light (support vector machine, when data cannot be classified by set of features) algorithms  Post Processing - to eliminate false alarms

6 MANET - Existing Research Huang et al  Cross-Feature Analysis-learning based method to capture correlation patterns.  L featires - f1,f2,…,fL  fi - feature characterizing topology or route activities  Solve classification problem -  Create Set Ci:{f1,…,fi-1,fi+1,…,fL}, used to identify temporal correlation between one feature and all the other features.  Ci - very likely to predict in normal circumstances, very unlikely during attack  Cross-Feature Analysis-learning based method to capture correlation patterns.  L featires - f1,f2,…,fL  fi - feature characterizing topology or route activities  Solve classification problem -  Create Set Ci:{f1,…,fi-1,fi+1,…,fL}, used to identify temporal correlation between one feature and all the other features.  Ci - very likely to predict in normal circumstances, very unlikely during attack

7 MANET - Existing Research Huang and Lee  Collaboration with neighbors - broader ID range - more accurate, more information bout attacks  Cluster based detection scheme - FSM - Initial, Clique, Done, Lost Ad hoc On Demand Distance Vector (AODV) algorithm  EFSA - detect state and transition violations  Specification based approach, detects abnormal patterns and anomalous basic events.  Collaboration with neighbors - broader ID range - more accurate, more information bout attacks  Cluster based detection scheme - FSM - Initial, Clique, Done, Lost Ad hoc On Demand Distance Vector (AODV) algorithm  EFSA - detect state and transition violations  Specification based approach, detects abnormal patterns and anomalous basic events.

8 MANET - Existing Research Marti et al  Watchdog and Pathrater to identify and respond to routing misbehaviors.  Each node verifies that his data was forwarded correctly. DSR - dynamic source routing  Rate routes and use more reliable ones.  Watchdog and Pathrater to identify and respond to routing misbehaviors.  Each node verifies that his data was forwarded correctly. DSR - dynamic source routing  Rate routes and use more reliable ones.

9 MANET - Existing Research Tseng et al  Based on AODV - specification based ID  Detects run time violations  FSM - specify behaviors of AODV  Maintain RREP and RREQ messages  Based on AODV - specification based ID  Detects run time violations  FSM - specify behaviors of AODV  Maintain RREP and RREQ messages

10 MANET - Existing Research Sun et al  Use Markov Chains to characterize normal behaviors  Motivated by ZBIDS (zone based) - locally generated alerts inside the zone  Gateway Nodes - broadcast alerts within the zone  IDMEF (message exchange format) - presented to facilitate interoperability of IDS agents.  Use Markov Chains to characterize normal behaviors  Motivated by ZBIDS (zone based) - locally generated alerts inside the zone  Gateway Nodes - broadcast alerts within the zone  IDMEF (message exchange format) - presented to facilitate interoperability of IDS agents.

11 ID in WSN

12 Secure Localization  GPS not feasible  Utilization of beacon packets and beacon nodes  Du et al - utilize deployment knowledge to confirm beacon integrity  Liu et al - filter out malicious location references using  Mean square error  Compute inconsistency  Voting based location estimation  GPS not feasible  Utilization of beacon packets and beacon nodes  Du et al - utilize deployment knowledge to confirm beacon integrity  Liu et al - filter out malicious location references using  Mean square error  Compute inconsistency  Voting based location estimation

13 Secure Aggregation  Wagner - robust statistics for resilient aggregation, truncation, trimming  Yang - Secure Hop by Hop Aggregation Protocol (SDAP)  Divide and conquer  Commit and attest  Grubbs’ test Buttyan - RANSAC paradigm for resilient aggregation. maximum likehood estimation  Wagner - robust statistics for resilient aggregation, truncation, trimming  Yang - Secure Hop by Hop Aggregation Protocol (SDAP)  Divide and conquer  Commit and attest  Grubbs’ test Buttyan - RANSAC paradigm for resilient aggregation. maximum likehood estimation

14 Future Research Directions  Extended Kalman Filter Based Aggregation - light weight solution for estimation of neighbor monitoring features  Integration of Mobility and ID in MANET - consideration to use link change rate as an indication of mobility.  Collaboration of IDM and SMM (sys. Mon.) - to address a problem of detecting abnormal event vs. false alarm. - ask the surrounding nodes to confirm  Extended Kalman Filter Based Aggregation - light weight solution for estimation of neighbor monitoring features  Integration of Mobility and ID in MANET - consideration to use link change rate as an indication of mobility.  Collaboration of IDM and SMM (sys. Mon.) - to address a problem of detecting abnormal event vs. false alarm. - ask the surrounding nodes to confirm

15 Questions ???

Download ppt "Intrusion Detection Techniques in Mobile Ad Hoc and Wireless Sensor Networks - IEEE October 2007 CMSC 681 - Advanced Computer Networks Oleg Aulov CMSC."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Security in Mobile Ad Hoc Networks

Security in Mobile Ad Hoc Networks
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Specification-based Intrusion Detection Michael May CIS-700 Fall 2004.

Specification-based Intrusion Detection Michael May CIS-700 Fall 2004.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
Jorge Hortelano, Juan Carlos Ruiz, Pietro Manzoni

Jorge Hortelano, Juan Carlos Ruiz, Pietro Manzoni
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Intrusion Detection Techniques for Mobile Wireless Networks Authors: Yongguang Zhang, HRL Laboratories LLC, Malibu, California. Wenke Lee, College of Computing,

Intrusion Detection Techniques for Mobile Wireless Networks Authors: Yongguang Zhang, HRL Laboratories LLC, Malibu, California. Wenke Lee, College of Computing,
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.

CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.
Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.

Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.
Intrusion Detection in Wireless Sensor Networks Group Meeting Spring 2005 Presented by Edith Ngai.

Intrusion Detection in Wireless Sensor Networks Group Meeting Spring 2005 Presented by Edith Ngai.
1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

Similar presentations

Ads by Google