intrusion detection techniques: a state-of-art · intrusion detection has to deal with different...
TRANSCRIPT
International Journal of Trend in Research and Development, Volume 3(2), ISSN: 2394-333
www.ijtrd.com
IJTRD | Mar - Apr 2016
Available [email protected] 486
Intrusion Detection Techniques: A State-of-Art 1Pragati Shrivastava and
2Dr. Anamika Ahirwar
1,2Department of Computer Science &Engineering, Maharana Pratap College of Technology, Gwalior, India
Abstract— In currents years MANETs have become a very
famous topic of research. By facilitating communications as
the fixed infrastructure is absent in MANETs are an interesting
technique for several applications like tactical operations,
rescue operations, conferences, environmental monitoring, and
same as. Hence the adaptability suggested new risks of
security. Intrusion detection for MANETs is a difficult and
complex work especially because of the dynamic behavior of
MANETs, their extremely forced terminals, and the shortage of
central controlling points. To implement the intrusion detection
technology this paper suggested an already known method
called as acknowledgement based approach that is used to
detect intrusion in mobile ad hoc network (MANET) and
intrusion detection technique are used such as matching
algorithm. It reaches a technology of creating a network
protection by explaining network nature structure which point
to dreadful use of the network and also search for the existence
of those patterns where as such a method can be completed of
detecting various kinds of already known intrusive actions, it
may allow undocumented or new kinds of attacks to go
invisible. As a result of this directs to a system that control and
understand normal network nature and then find out deviations
from the normal network nature.
Keywords— Intrusion Detection, Intrusion Detection System
(IDS), Agent, MANET.
I. INTRODUCTION(INTRUSION DETECTION IN MANET)
Now the wireless networking is the medium of selection for
various applications. Additionally, modern techniques of
manufacturing providegrowingcomplicated functionality to
exist in devices which are very small found ever, and so
progressively mobile. Mobile ad hoc networks are combined
wireless interaction with a high level of terminal mobility.
Restricted range of wireless communication and high terminal
mobility implies that the terminals shouldcollaborate with each
other to offerrequired networking, with the fundamental
network dynamically modifying to assurerequirements are
metcontinually.
The dynamic behavior of the protocols whichallow MANET
operation that implies they are quickly suited to thedeployment
in volatileor extremesituations. Security is mainly achieved by
prevention, i.e. to make attacks as difficult as possible. Hoitver,
once an attack has been successful, it has to be recognized and
the appropriate actions have to be triggered. This is the part of
the detection. Its goal is to minimize the damage of the attack.
Intrusion detection has to deal with different difficulties. The
detection of an intrusion has to be done in a fast and effective
manner. Hoitver, it must not produce many false alarms.IDSs
are originally designed for wired networks and work only under
certain conditions, i. e. having an infrastructure with central
authority, no cooperative algorithms, only slowly changing
topology etc. These conditions are not or only partially fulfilled
by MANETs.Intrusion means any set of actions which attempt
to compromise the confidentiality, integrity, or availability of
the resource. Intrusion Prevention is the main defense
due to the primary step is to make the systems safe from
attacks by using passwords, biometrics etc.Even if intrusion
prevention methods are used, the system may be subjected to
some vulnerability. So it needs a second wall of defense known
as Intrusion Detection Systems (IDSs), to detect and produce
responses if necessary. There have been several methods
suggested for intrusion detection.
Intrusion detection techniques are categorized into three major
techniques: misuse-based, anomaly-based, and specification-
based. An anomaly-based method portrait the indications of
normal nature of the system like CPU usage for programs,
usage frequency of commands, and the like. It finds out
intrusions as the anomalies, that is alterations from the normal
nature. In this literature, several methods have been
implemented for the anomaly detection, for example,
intelligence techniques and artificial statistical approaches like
neural networks and data mining.
II. LITERATURE REVIEW
The categorization among the various suggested IDS of
MANET can be made by the use of the attributes discussed in
the sections that is attacks, architecture and IDS detection
techniques. Most the MANET IDSs must have the shared
architectures and their versions. The architecture of IDS may
base on the network framework. But the verysignificant thing is
the causes the framework to be established in shared manner.
As the behavior of MANET is open, attacks the sources can be
created from any terminals in the MANET itself or terminals of
adjacent networks. Unluckily, this network does not have the
central administration. It is complicated for applying firewall or
the IDS on the crucial points. Additionally, each terminal can
perform as client, router or server. Delivery packets required to
combine work among the terminals candidate network. For
reasons of these, the IDS of MANET must have the feature
which follows these behaviors, collaborative and distributed.
Robert Mitchell et al.[1], Marjan Kuchaki Rafsanjani et al.[2]
and Mohamed Elboukhari et al.[3] follow above theory.In the
meantime, Sagar C. Gavande et al.[4] and D. Sterne et al.[5] use
the version of the collaborative and distributed. Benefit by the
use of distributed framework is the security accident may be
found out earlier.Though, this framework requires various
resources that are complicated to be applied in small wireless
device such as PDA. These types of attacks found as because
the MANET has susceptible in the use of wireless connection,
auto-configuration methods, and its protocol for routing. The
previous MANET IDSs have several methods to find out and to
give response related to these attacks. Robert Mitchell et al.[1]
and Marjan Kuchaki Rafsanjani et al.[2] have suggested the
IDSs that it created for intrusion detection activities on the
protocol of routing in MANET.
Sagar C. Gavande et al.[4] have been suggested for wireless
sensor networks a Reputation-based Intrusion Detection System
by the use of the cooperative method in between the distributed
terminals and architecture. To detect an intrusionan idea of
hybrid method was used that Anomaly based IDS and Signature
based IDS. During the detection of behavior of the terminal,
reputation and trust mechanism was used. As Anomaly-based
and Signature-based methods are used together, it is protect one
given system.
The very first algorithm of IDS for MANETs was suggested by
Robert Mitchell et al.[1] isco-operative and distributed IDS. In
this framework, eachterminal has an IDS agent thatlocally
International Journal of Trend in Research and Development, Volume 3(2), ISSN: 2394-333
www.ijtrd.com
IJTRD | Mar - Apr 2016
Available [email protected] 487
detects the intrusions and combined with neighboring or
adjacent terminals (via high-confidence interaction channels)
fordetection of global as when required are available proof is in-
conclusive and a widersearch is required. Whenever an
intrusion is find out an IDS agent can be either invoke a local
response (for examplechanging the local user) or a global
response (thatcombines actions among adjacent terminals). As
expert rules can befind only toattacks that are known and the
rules cannot easily be modifiedall over a wireless ad hoc
network, statistical anomaly-based detection is selected over the
misuse-based detection.
Typically MANETs have extends a technology of an 802.11;
hence, providesbasicradio range of 250 m. The aim for ad hoc
network IDSs is distributed architecture. Stronglytemporary
populations differentiate an ad hoc network from the other
wireless applications. Portability, organization andshortage of
infrastructure arefeatures of ad hoc networkthat arerelevant to
IDS. Removed detected terminals in ad hoc networks can be
complex ordifficult, so functioning in their presence is a
particularissuefor the IDSs in ad hoc networks [1].
In the cooperative intrusion detection frameworkuse of the
clustering for MANETs was first proposedby O. Kachirski et
al.[10]. The work of clustering in their framework, although, is
traditionally different as compare in the frameworkit
issuggested here. Marjan Kuchaki Rafsanjani et al.[2] usesof
clustering is only to choose a single layer of barely positioned
terminals whichcompletelyor partially cover all connections in
the network. These terminals are then consumed as
promiscuous controls and are dynamically assigned by
forwarding themcode of intrusion detection in form of mobile
agents. The inspiration for inadequate placement is to decrease
the number of terminals used inprocessing of intrusion
detection duringtrying to observe the most, if not all the,
network traffic.
More currently, it has also suggested the useof clustering under
cooperative intrusion detection framework [10]. Such as the
methods explained by Marjan Kuchaki Rafsanjani et al.[2] uses
clustering to choose a singlelayer of independently positioned
promiscuous controls. O. Kachirski et al.[10] usedcontrolsto
detect the routing misbehavior through statistical anomaly
detection.
Further system may be break into three modules, each one of
which shows a mobile agent with some features, like decision-
making, monitoring and initiating a response[9].Husain
Shahnawaz et al.[12] have been developed a cooperative and
distributed intrusion detection system (IDS) in which each IDS
agents are situated on each and every terminal. Every IDS agent
executes anonymously, detects intrusion from the local traces
and starts the response.
III. TECHNIQUES USED
This part includes the comparison of the different IDS that are
commonly in use. The various kinds of intrusion detection
systems taken in this paper consists of Distributed intrusion
detection (FSM based distributed)[6], Distributed IDS by the
use of mobile agents, Agent based efficient anomaly intrusion
detection system[7,8], A cooperative intrusion detection system
for ad hoc networks[9], Intrusion detection of packet dropping
attacks in mobile ad hoc networks, etc.
In the technique of agent based cooperative and distributive
model, the below sections are explained [9].
Home agent: It is available in every system and it collects the
information regarding its system from the application layer to
the routing layer.
Current node: Home Agent is available in the system and it
controls its system periodically. If the attacker transmits any
packet to collect information or spread via this system, it
invokes the construction of classifier to detect the attacks. If an
attack has been done, from the global networks it will get clean
the corresponding system.
Data pre-process: The data related to audit is gathered in a file
and get smoothed such that in anomaly detection it can be again
used. Data pre-process is a method to process the knowledge
with the data i.e. test train.
Agent Based Cooperative and Distributive Model DIDS
by the use of multiple sensors by Guha and Kachirski in 2002
have provided a distributed algorithm[10]. These types of
mobile agents have little capabilities like decision making,
monitoring, or initiating a response. It breaks down the practical
work into various categories and allocating every task to
various agents, the workload is shared that is fit for the features
of ad hoc networks.
DIDS Using Multiple Sensors monitoring agent: Works of
this type of agent is monitoring network and Host. A
monitoring agent along with a network sensor executes only on
few selected terminals to monitor at packet-level to gather
packets passing through the network under its radio ranges.
Action agent: Each terminal also has this type of action agent.
Whenever there is strong proof for supporting the anomaly
detected, this type of action agent can starts a response, like
blocking a user from the network or terminating the process.
Decision agent: This type of agent gets executed only on those
terminals on which the network monitoring agents are already
running. If the agent like local detection agent is not able to
prepare a decision on by own due to because of insufficient
proof, it informs to the decision agent.It will take the algorithms
that are used in each of these IDS, advantages and
disadvantages are explained below:
CONCLUSION
MANETs are a recent technology that is heavily used in various
applications. These types of networks are more susceptible to
attacks as compared to the wired networks. As they have
various features, traditional security methods are not applicable
directly to them. Many researchers are currently aim on
introducing new detection, prevention, and response methods
for MANETs. It has also targeted on the novelty/contribution
each provides and has recognized the particular MANET
problem each does not point to. Suggested systems normally
focus on some MANET issues. MANETs have many of the
issues of wired networks. As a result of intrusion detection for
MANETs maintains a challenging and complex topic for
researchers of security. It is recommend the area to the reader
for investigation! Here it can remove the misbehaving node to
avoid the future damage in the network. In future the proposed
system will try to implement a concept as priority based
detection so that important or prioritized
node can be protected first. Due to this vulnerability, intrusion
prevention methods such as authentication and encryption are
not able to eliminate the attacks. Only reduces the attacks.
Anomaly detection is more beneficial among the various
detection methods used. In this paper it has presented the
characteristics of MANET, attacks in MANET and comparison
of existing IDSs.
International Journal of Trend in Research and Development, Volume 3(2), ISSN: 2394-333
www.ijtrd.com
IJTRD | Mar - Apr 2016
Available [email protected] 488
Table 1: Comparison of the different IDS (Intrusion Detection System)
Different IDS Algorithm Advantage Disadvantage
Distributed IDS using mobile
agents
This uses Mobile agent
based algorithm that are
independently and cooperatively applied.
Main advantages are better network
performance. -
Agent Based Efficient
Anomaly Intrusion Detection
System
Algorithm used in this is
Agentbased cooperative and
distributive.
Advantages is better performance as
compared to other algorithms, also False
alarm rate are low.
No description is found
regarding the security of the mobile
agents.
Local IDS
In this Mobile agent based
distributed anomaly detection
algorithm is used for Independent decision making.
This uses SNMP data allocated in
MIB for data processing, send
SNMP requests to remote system to recover the unreliability of UDP by the use
of mobile agent, Also cost of local
information group is very less by executing SNMP agent on every terminal.
-
A cooperative Intrusion Detection System for Ad Hoc
Networks
This uses the cluster based distributed detection scheme in
algorithm.
Being a cluster based, enhance the effectiveness of IDS in points of network
overhead and memory usage.
Required to protect an adjusting
terminal to be selected as cluster
head. False alarm rate are not mentioned.
Intrusion Detection of Packet
Dropping Attacks in Mobile
Ad Hoc Network
Algorithm used here is Neural network based distributed detection.
Recognize the source of packet dropping
attack. Also able to recognize any new
attack.
Various classes of the trained data
must have to be explained manually. Periodically updating the
trained data.
References
[1] Robert Mitchell, Ing-Ray Chen, “A survey of intrusion
detection in wireless network applications”, Computer
Communications 42 (2014) 1–23, ISSN: 0140-3664,
2014.
[2] Marjan Kuchaki Rafsanjani, Laya Aliahmadipour,
Mohammad M. Javidi, “An Optimal Method for
Detecting Internal and External Intrusion in MANET”,
Volume 120 of the series Communications in Computer
and Information Science PP. 71-82, ISSN-1865-0929,
2010.
[3] Mohamed Elboukhari, Mostafa Azizi and
AbdelmalekAzizi, “Intrusion Detection Systems in
Mobile Ad Hoc Networks: State Of The Art”,
International Journal on Computational Science &
Applications (IJCSA) ISSN:2200-0011, Vol.5, No.2,April
2015.
[4] Sagar C. Gavande, Dr. V. K. Pachghare, Rahul Adhao,
“Wireless Intrusion Detection System using Reputation”,
International Journal of Advanced Research in Computer
Science and Software Engineering, ISSN: 2277 128X,
Volume 5, Issue 4, 2015.
[5] D. Sterne, P. Balasubramanyam, et al. “A General
Cooperative Intrusion Detection Architecture for
MANETs”. In Proceedings of the 3rd IEEE International
Workshop on Information Assurance (IWIA'05), PP. 57-
70, ISBN: 0-7695-2317-X, 2005.
[6] Farhan Abdel-Fattah, Zulkhairi Md. Dahalin,
ShaidahJusoh, “Distributed and Cooperative Hierarchical
Intrusion Detection on MANETs”, International Journal
of Computer Applications, ISSN: 1542-7382, Volume 12,
December 2010.
[7] Ms. Preetee K. Karmore, Ms. Sonali T. Bodkhe, “A
Survey on Intrusion in Ad Hoc Networks and its
Detection Measures”, International Journal on Computer
Science and Engineering (IJCSE), ISSN: 0975-3397,Vol.
3 No. 5 May 2011.
[8] AbolfazlEsfandi, “Efficient Anomaly Intrusion Detection
System in Ad hoc Networks by Mobile Agents”,
ISBN:978-1-4244-5537-9, IEEE 2010.
[9] Yuvraj Singh and Sanjay Kumar Jena, “Intrusion
Detection System for Detecting Malicious Nodes in
Mobile Ad hoc Networks”, ISSN 1865-0929,
International Conference on Parallel, Distributed
Computing technologies and Applications (PDCTA-
2011).
[10] O. Kachirski and R. Guha,”Effective Intrusion Detection
Using Multiple Sensors in Wireless Ad Hoc Networks”
Proceedings of the 36th
Annual Hawaii International
Conference on System Sciences (HICSS’03),ISBN: 0-
7695-1874-5, P. 57.1, January 2003.
[11] Monitawaghengbam and ningrilamarchang, “Intrusion
detection in MANET using fuzzy logic”, ISBN:978-1-
4577-0749-0, IEEE 2012.
[12] Husain Shahnawaz et al., “Design of Detection Engine for
Wormhole Attack in Adhoc Network Environment”,
International Journal of Engineering and Technology
(IJET), ISSN: 0975-4024, Vol. 4 No 6 Dec 2012-Jan2013.