International Journal of Trend in Research and Development, Volume 3(2), ISSN: 2394-333

www.ijtrd.com

IJTRD | Mar - Apr 2016

Available Online@www.ijtrd.com 486

Intrusion Detection Techniques: A State-of-Art 1Pragati Shrivastava and

2Dr. Anamika Ahirwar

1,2Department of Computer Science &Engineering, Maharana Pratap College of Technology, Gwalior, India

Abstract— In currents years MANETs have become a very

famous topic of research. By facilitating communications as

the fixed infrastructure is absent in MANETs are an interesting

technique for several applications like tactical operations,

rescue operations, conferences, environmental monitoring, and

same as. Hence the adaptability suggested new risks of

security. Intrusion detection for MANETs is a difficult and

complex work especially because of the dynamic behavior of

MANETs, their extremely forced terminals, and the shortage of

central controlling points. To implement the intrusion detection

technology this paper suggested an already known method

called as acknowledgement based approach that is used to

detect intrusion in mobile ad hoc network (MANET) and

intrusion detection technique are used such as matching

algorithm. It reaches a technology of creating a network

protection by explaining network nature structure which point

to dreadful use of the network and also search for the existence

of those patterns where as such a method can be completed of

detecting various kinds of already known intrusive actions, it

may allow undocumented or new kinds of attacks to go

invisible. As a result of this directs to a system that control and

understand normal network nature and then find out deviations

from the normal network nature.

Keywords— Intrusion Detection, Intrusion Detection System

(IDS), Agent, MANET.

I. INTRODUCTION(INTRUSION DETECTION IN MANET)

Now the wireless networking is the medium of selection for

various applications. Additionally, modern techniques of

manufacturing providegrowingcomplicated functionality to

exist in devices which are very small found ever, and so

progressively mobile. Mobile ad hoc networks are combined

wireless interaction with a high level of terminal mobility.

Restricted range of wireless communication and high terminal

mobility implies that the terminals shouldcollaborate with each

other to offerrequired networking, with the fundamental

network dynamically modifying to assurerequirements are

metcontinually.

The dynamic behavior of the protocols whichallow MANET

operation that implies they are quickly suited to thedeployment

in volatileor extremesituations. Security is mainly achieved by

prevention, i.e. to make attacks as difficult as possible. Hoitver,

once an attack has been successful, it has to be recognized and

the appropriate actions have to be triggered. This is the part of

the detection. Its goal is to minimize the damage of the attack.

Intrusion detection has to deal with different difficulties. The

detection of an intrusion has to be done in a fast and effective

manner. Hoitver, it must not produce many false alarms.IDSs

are originally designed for wired networks and work only under

certain conditions, i. e. having an infrastructure with central

authority, no cooperative algorithms, only slowly changing

topology etc. These conditions are not or only partially fulfilled

by MANETs.Intrusion means any set of actions which attempt

to compromise the confidentiality, integrity, or availability of

the resource. Intrusion Prevention is the main defense

due to the primary step is to make the systems safe from

attacks by using passwords, biometrics etc.Even if intrusion

prevention methods are used, the system may be subjected to

some vulnerability. So it needs a second wall of defense known

as Intrusion Detection Systems (IDSs), to detect and produce

responses if necessary. There have been several methods

suggested for intrusion detection.

Intrusion detection techniques are categorized into three major

techniques: misuse-based, anomaly-based, and specification-

based. An anomaly-based method portrait the indications of

normal nature of the system like CPU usage for programs,

usage frequency of commands, and the like. It finds out

intrusions as the anomalies, that is alterations from the normal

nature. In this literature, several methods have been

implemented for the anomaly detection, for example,

intelligence techniques and artificial statistical approaches like

neural networks and data mining.

II. LITERATURE REVIEW

The categorization among the various suggested IDS of

MANET can be made by the use of the attributes discussed in

the sections that is attacks, architecture and IDS detection

techniques. Most the MANET IDSs must have the shared

architectures and their versions. The architecture of IDS may

base on the network framework. But the verysignificant thing is

the causes the framework to be established in shared manner.

As the behavior of MANET is open, attacks the sources can be

created from any terminals in the MANET itself or terminals of

adjacent networks. Unluckily, this network does not have the

central administration. It is complicated for applying firewall or

the IDS on the crucial points. Additionally, each terminal can

perform as client, router or server. Delivery packets required to

combine work among the terminals candidate network. For

reasons of these, the IDS of MANET must have the feature

which follows these behaviors, collaborative and distributed.

Robert Mitchell et al.[1], Marjan Kuchaki Rafsanjani et al.[2]

and Mohamed Elboukhari et al.[3] follow above theory.In the

meantime, Sagar C. Gavande et al.[4] and D. Sterne et al.[5] use

the version of the collaborative and distributed. Benefit by the

use of distributed framework is the security accident may be

found out earlier.Though, this framework requires various

resources that are complicated to be applied in small wireless

device such as PDA. These types of attacks found as because

the MANET has susceptible in the use of wireless connection,

auto-configuration methods, and its protocol for routing. The

previous MANET IDSs have several methods to find out and to

give response related to these attacks. Robert Mitchell et al.[1]

and Marjan Kuchaki Rafsanjani et al.[2] have suggested the

IDSs that it created for intrusion detection activities on the

protocol of routing in MANET.

Sagar C. Gavande et al.[4] have been suggested for wireless

sensor networks a Reputation-based Intrusion Detection System

by the use of the cooperative method in between the distributed

terminals and architecture. To detect an intrusionan idea of

hybrid method was used that Anomaly based IDS and Signature

based IDS. During the detection of behavior of the terminal,

reputation and trust mechanism was used. As Anomaly-based

and Signature-based methods are used together, it is protect one

given system.

The very first algorithm of IDS for MANETs was suggested by

Robert Mitchell et al.[1] isco-operative and distributed IDS. In

this framework, eachterminal has an IDS agent thatlocally

International Journal of Trend in Research and Development, Volume 3(2), ISSN: 2394-333

www.ijtrd.com

IJTRD | Mar - Apr 2016

Available Online@www.ijtrd.com 487

detects the intrusions and combined with neighboring or

adjacent terminals (via high-confidence interaction channels)

fordetection of global as when required are available proof is in-

conclusive and a widersearch is required. Whenever an

intrusion is find out an IDS agent can be either invoke a local

response (for examplechanging the local user) or a global

response (thatcombines actions among adjacent terminals). As

expert rules can befind only toattacks that are known and the

rules cannot easily be modifiedall over a wireless ad hoc

network, statistical anomaly-based detection is selected over the

misuse-based detection.

Typically MANETs have extends a technology of an 802.11;

hence, providesbasicradio range of 250 m. The aim for ad hoc

network IDSs is distributed architecture. Stronglytemporary

populations differentiate an ad hoc network from the other

wireless applications. Portability, organization andshortage of

infrastructure arefeatures of ad hoc networkthat arerelevant to

IDS. Removed detected terminals in ad hoc networks can be

complex ordifficult, so functioning in their presence is a

particularissuefor the IDSs in ad hoc networks [1].

In the cooperative intrusion detection frameworkuse of the

clustering for MANETs was first proposedby O. Kachirski et

al.[10]. The work of clustering in their framework, although, is

traditionally different as compare in the frameworkit

issuggested here. Marjan Kuchaki Rafsanjani et al.[2] usesof

clustering is only to choose a single layer of barely positioned

terminals whichcompletelyor partially cover all connections in

the network. These terminals are then consumed as

promiscuous controls and are dynamically assigned by

forwarding themcode of intrusion detection in form of mobile

agents. The inspiration for inadequate placement is to decrease

the number of terminals used inprocessing of intrusion

detection duringtrying to observe the most, if not all the,

network traffic.

More currently, it has also suggested the useof clustering under

cooperative intrusion detection framework [10]. Such as the

methods explained by Marjan Kuchaki Rafsanjani et al.[2] uses

clustering to choose a singlelayer of independently positioned

promiscuous controls. O. Kachirski et al.[10] usedcontrolsto

detect the routing misbehavior through statistical anomaly

detection.

Further system may be break into three modules, each one of

which shows a mobile agent with some features, like decision-

making, monitoring and initiating a response[9].Husain

Shahnawaz et al.[12] have been developed a cooperative and

distributed intrusion detection system (IDS) in which each IDS

agents are situated on each and every terminal. Every IDS agent

executes anonymously, detects intrusion from the local traces

and starts the response.

III. TECHNIQUES USED

This part includes the comparison of the different IDS that are

commonly in use. The various kinds of intrusion detection

systems taken in this paper consists of Distributed intrusion

detection (FSM based distributed)[6], Distributed IDS by the

use of mobile agents, Agent based efficient anomaly intrusion

detection system[7,8], A cooperative intrusion detection system

for ad hoc networks[9], Intrusion detection of packet dropping

attacks in mobile ad hoc networks, etc.

In the technique of agent based cooperative and distributive

model, the below sections are explained [9].

Home agent: It is available in every system and it collects the

information regarding its system from the application layer to

the routing layer.

Current node: Home Agent is available in the system and it

controls its system periodically. If the attacker transmits any

packet to collect information or spread via this system, it

invokes the construction of classifier to detect the attacks. If an

attack has been done, from the global networks it will get clean

the corresponding system.

Data pre-process: The data related to audit is gathered in a file

and get smoothed such that in anomaly detection it can be again

used. Data pre-process is a method to process the knowledge

with the data i.e. test train.

Agent Based Cooperative and Distributive Model DIDS

by the use of multiple sensors by Guha and Kachirski in 2002

have provided a distributed algorithm[10]. These types of

mobile agents have little capabilities like decision making,

monitoring, or initiating a response. It breaks down the practical

work into various categories and allocating every task to

various agents, the workload is shared that is fit for the features

of ad hoc networks.

DIDS Using Multiple Sensors monitoring agent: Works of

this type of agent is monitoring network and Host. A

monitoring agent along with a network sensor executes only on

few selected terminals to monitor at packet-level to gather

packets passing through the network under its radio ranges.

Action agent: Each terminal also has this type of action agent.

Whenever there is strong proof for supporting the anomaly

detected, this type of action agent can starts a response, like

blocking a user from the network or terminating the process.

Decision agent: This type of agent gets executed only on those

terminals on which the network monitoring agents are already

running. If the agent like local detection agent is not able to

prepare a decision on by own due to because of insufficient

proof, it informs to the decision agent.It will take the algorithms

that are used in each of these IDS, advantages and

disadvantages are explained below:

CONCLUSION

MANETs are a recent technology that is heavily used in various

applications. These types of networks are more susceptible to

attacks as compared to the wired networks. As they have

various features, traditional security methods are not applicable

directly to them. Many researchers are currently aim on

introducing new detection, prevention, and response methods

for MANETs. It has also targeted on the novelty/contribution

each provides and has recognized the particular MANET

problem each does not point to. Suggested systems normally

focus on some MANET issues. MANETs have many of the

issues of wired networks. As a result of intrusion detection for

MANETs maintains a challenging and complex topic for

researchers of security. It is recommend the area to the reader

for investigation! Here it can remove the misbehaving node to

avoid the future damage in the network. In future the proposed

system will try to implement a concept as priority based

detection so that important or prioritized

node can be protected first. Due to this vulnerability, intrusion

prevention methods such as authentication and encryption are

not able to eliminate the attacks. Only reduces the attacks.

Anomaly detection is more beneficial among the various

detection methods used. In this paper it has presented the

characteristics of MANET, attacks in MANET and comparison

of existing IDSs.

International Journal of Trend in Research and Development, Volume 3(2), ISSN: 2394-333

www.ijtrd.com

IJTRD | Mar - Apr 2016

Available Online@www.ijtrd.com 488

Table 1: Comparison of the different IDS (Intrusion Detection System)

Different IDS Algorithm Advantage Disadvantage

Distributed IDS using mobile

agents

This uses Mobile agent

based algorithm that are

independently and cooperatively applied.

Main advantages are better network

performance. -

Agent Based Efficient

Anomaly Intrusion Detection

System

Algorithm used in this is

Agentbased cooperative and

distributive.

Advantages is better performance as

compared to other algorithms, also False

alarm rate are low.

No description is found

regarding the security of the mobile

agents.

Local IDS

In this Mobile agent based

distributed anomaly detection

algorithm is used for Independent decision making.

This uses SNMP data allocated in

MIB for data processing, send

SNMP requests to remote system to recover the unreliability of UDP by the use

of mobile agent, Also cost of local

information group is very less by executing SNMP agent on every terminal.

-

A cooperative Intrusion Detection System for Ad Hoc

Networks

This uses the cluster based distributed detection scheme in

algorithm.

Being a cluster based, enhance the effectiveness of IDS in points of network

overhead and memory usage.

Required to protect an adjusting

terminal to be selected as cluster

head. False alarm rate are not mentioned.

Intrusion Detection of Packet

Dropping Attacks in Mobile

Ad Hoc Network

Algorithm used here is Neural network based distributed detection.

Recognize the source of packet dropping

attack. Also able to recognize any new

attack.

Various classes of the trained data

must have to be explained manually. Periodically updating the

trained data.

References

[1] Robert Mitchell, Ing-Ray Chen, “A survey of intrusion

detection in wireless network applications”, Computer

Communications 42 (2014) 1–23, ISSN: 0140-3664,

2014.

[2] Marjan Kuchaki Rafsanjani, Laya Aliahmadipour,

Mohammad M. Javidi, “An Optimal Method for

Detecting Internal and External Intrusion in MANET”,

Volume 120 of the series Communications in Computer

and Information Science PP. 71-82, ISSN-1865-0929,

2010.

[3] Mohamed Elboukhari, Mostafa Azizi and

AbdelmalekAzizi, “Intrusion Detection Systems in

Mobile Ad Hoc Networks: State Of The Art”,

International Journal on Computational Science &

Applications (IJCSA) ISSN:2200-0011, Vol.5, No.2,April

2015.

[4] Sagar C. Gavande, Dr. V. K. Pachghare, Rahul Adhao,

“Wireless Intrusion Detection System using Reputation”,

International Journal of Advanced Research in Computer

Science and Software Engineering, ISSN: 2277 128X,

Volume 5, Issue 4, 2015.

[5] D. Sterne, P. Balasubramanyam, et al. “A General

Cooperative Intrusion Detection Architecture for

MANETs”. In Proceedings of the 3rd IEEE International

Workshop on Information Assurance (IWIA'05), PP. 57-

70, ISBN: 0-7695-2317-X, 2005.

[6] Farhan Abdel-Fattah, Zulkhairi Md. Dahalin,

ShaidahJusoh, “Distributed and Cooperative Hierarchical

Intrusion Detection on MANETs”, International Journal

of Computer Applications, ISSN: 1542-7382, Volume 12,

December 2010.

[7] Ms. Preetee K. Karmore, Ms. Sonali T. Bodkhe, “A

Survey on Intrusion in Ad Hoc Networks and its

Detection Measures”, International Journal on Computer

Science and Engineering (IJCSE), ISSN: 0975-3397,Vol.

3 No. 5 May 2011.

[8] AbolfazlEsfandi, “Efficient Anomaly Intrusion Detection

System in Ad hoc Networks by Mobile Agents”,

ISBN:978-1-4244-5537-9, IEEE 2010.

[9] Yuvraj Singh and Sanjay Kumar Jena, “Intrusion

Detection System for Detecting Malicious Nodes in

Mobile Ad hoc Networks”, ISSN 1865-0929,

International Conference on Parallel, Distributed

Computing technologies and Applications (PDCTA-

2011).

[10] O. Kachirski and R. Guha,”Effective Intrusion Detection

Using Multiple Sensors in Wireless Ad Hoc Networks”

Proceedings of the 36th

Annual Hawaii International

Conference on System Sciences (HICSS’03),ISBN: 0-

7695-1874-5, P. 57.1, January 2003.

[11] Monitawaghengbam and ningrilamarchang, “Intrusion

detection in MANET using fuzzy logic”, ISBN:978-1-

4577-0749-0, IEEE 2012.

[12] Husain Shahnawaz et al., “Design of Detection Engine for

Wormhole Attack in Adhoc Network Environment”,

International Journal of Engineering and Technology

(IJET), ISSN: 0975-4024, Vol. 4 No 6 Dec 2012-Jan2013.