INTRUSION

DETECTION IN

MANET

-Pooja Kundu

MANET

Mobile ad hoc network

Is used to exchange information.

Each node is willing to forward data to other nodes.

Does not rely on fixed infrastructure.

No central authority.

Why MANET? Advantages: low-cost, flexibility

Ease & Speed of deployment

Decreased dependence on infrastructure

Applications: Military environments

soldiers, tanks, planes

Civilian environments

vehicle networks

conferences / stadiums

outside activities

Emergency operations

search-and-rescue / policing and fire fighting

Problems In MANET

Routing

Security and Reliability

Quality of Service

Internetworking

Power Consumption

Security

A major issue in Mobile ad-hoc network is “SECURITY”.

Two approaches in protecting mobile ad-hoc networks

Reactive approach: Seeks to detect security threats and react accordingly.

Proactive approach: Attempts to prevent an attacker from launching attacks through various cryptographic techniques

Classification of Security

Attacks

IDS-MANET

IDS: Intrusion detection System which is used to detect and report the malicious activity in ad hoc networks.

Ex: Detecting critical nodes using IDS

Intrusion Detection System (IDS) can collect and analyze audit data for the entire network.

Critical node is a node whose failure or malicious behavior disconnects or significantly degrades the performance of the network.

Contd..

Packets may be dropped due to network congestion or because a malicious node is not faithfully executing a routing algorithm.

Researchers have proposed a number of collaborative IDS systems.

Some of the schemes are neighbor-monitoring, trust-building, and cluster-based voting schemes which are used to detect and report the malicious activity in ad hoc networks.

Existing Approaches

Watchdog

TWOACK

Adaptive Acknowledgment (AACK)

1.Watchdog

Listen to next hop’s transmission.

If the node fails, it increases its failure

counter.

The node is reported as misbehaving if

failure counter increases a threshold.

2.TWOACK

CONTD…

Solves the receiver collision and limited

transmission power problems posed by

Watchdog.

But added a significant amount of

unwanted network overhead.

Due to the limited battery power nature of

MANETs, such redundant transmission

process can easily degrade the life span of

the entire network

3.AACK

Contd…

greatly reduces the network overhead

Fail to detect malicious nodes with the

presence of false misbehaviour report and

forged acknowledgment packets.

EAACK

Contd…

Designed to tackle three of the six

weaknesses of Watchdog scheme-

false misbehaviour,

limited transmission power,

and receiver collision.

digital signature scheme is adopted during

the packet transmission process.

Problem-1

Problem-2

Problem-3

EAACK- Scheme Description

Introduction of digital signature.

3 Major parts- ACK,S-ACK, MRA.

Contd… ACK is basically an end-to-end

acknowledgment scheme.

S-ACK scheme is an improved version of

the TWOACK scheme - three consecutive

nodes work in a group.

The MRA scheme detects misbehaving

nodes with the presence of false

misbehavior report.

EAACK requires all acknowledgment

packets to be digitally signed

System Control Flow

THANK U