An efficient framework for intrusion detection system for mobile adhoc networks

Abstract

Most existent protocols, applications and services for mobile Adhoc networks newline(MANETs) assume a cooperative and friendly network environment and do not newlineaccommodate security. In MANETs, intrusion prevention (IPS) and intrusion detection (IDS) techniques need to complement each other to guarantee a highly secure environment. The IPS and IDS play different roles in different states of the network. Intrusion prevention measures, such as encryption and authentication, are more useful in preventing outside attacks. Once the node is compromised, intrusion prevention measures will have little effect in protecting the network. Therefore, an intrusion detection system is serving as the second line of defense in Adhoc network. This thesis used the incremental approach to designing the detection engine for Adhoc network environments. In this thesis a two-layer architecture has been proposed which fits the unique requirement of MANETs. First layer is a local intrusion detection module, which identifies the friends quickly and second layer is a global detection module in which intrusion behavior is checked rigorously before declaring the node as a trusted node or newlinean intruder node. Finally, it adds a voting mechanism to generate the trust level for each node. This proposed model is fast responsive, light weighted and better than the conventional model available in Adhoc network environment. We consider the layered approach for communication and attacks are identified for the network layer which is the soft target of attackers. In this thesis well known security attacks are applied to the mobile Adhoc environment. Statistics are then collected, important features are extracted from raw data set, and rule sets are induced for well known attacks like Denial of Service attack, Black Hole attack and Wormhole attack. Most of the attacks known in Adhoc environment are included in these three kinds of attacks.