The notion of an ad hoc network is a new paradigm that allows mobile hosts (nodes) to communicate without relying on a predefined infrastructure to keep the network connected. Most nodes are assumed to be mobile and communication is assumed to be wireless. The mobility of nodes in an ad-hoc network means that both the population and the topology of the network are highly dynamic. It is very difficult to design a once-for-all intrusion detection system. A secure protocol should atleast include mechanisms against known attack types. In addition, it should provide a scheme to easily add new security features in the future. The paper includes the detailed description of Proposed Intrusion Detection System based on Local Reputation Scheme. The proposed System also includes concept of Redemption and Fading these are mechanism that allow nodes previously considered malicious to become a part of the network again. The simulation of the proposed system is to be done using NS-2 simulator.
Deep Dive into A Novel Method for Intrusion Detection System to Enhance Security in Ad hoc Network.
The notion of an ad hoc network is a new paradigm that allows mobile hosts (nodes) to communicate without relying on a predefined infrastructure to keep the network connected. Most nodes are assumed to be mobile and communication is assumed to be wireless. The mobility of nodes in an ad-hoc network means that both the population and the topology of the network are highly dynamic. It is very difficult to design a once-for-all intrusion detection system. A secure protocol should atleast include mechanisms against known attack types. In addition, it should provide a scheme to easily add new security features in the future. The paper includes the detailed description of Proposed Intrusion Detection System based on Local Reputation Scheme. The proposed System also includes concept of Redemption and Fading these are mechanism that allow nodes previously considered malicious to become a part of the network again. The simulation of the proposed system is to be done using NS-2 simulator.
A mobile ad hoc network (MANET) is a selfconfiguring network that is formed automatically by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. Each node is equipped with a wireless transmitter and receiver, which allow it to communicate with other nodes in its radio communication range. In order for a node to forward a packet to a node that is out of its radio range, the cooperation of other nodes in the network is needed; this is known as multi-hop communication. Therefore, each node must act as both a host and a router at the same time. The network topology frequently changes due to the mobility of mobile nodes as they move within, move into, or move out of the network. There are both passive and active attacks in MANETs. For passive attacks, packets containing secret information might be eavesdropped, which violates confidentiality. Active attacks, including injecting packets to invalid des-tinations into the network, deleting packets, modifying the contents of packets, and impersonating other nodes violate availability, integrity, authentication, and non-repudiation. Proactive approaches such as cryptography and authentication were first brought into consideration, and many techniques have been proposed and implemented. However, these applications are not sufficient. If we have the ability to detect the attack once it comes into the network, we can stop it from doing any damage to the system or any data. Here is where the intrusion detection system comes in.
Intrusion detection can be defined as a process of monitoring activities in a system, which can be a computer or network system. The mechanism by which this is achieved is called an intrusion detection system (IDS). An IDS collects activity information and then analyzes it to determine whether there are any activities that violate the security rules. Once an IDS determines that an unusual activity or an activity that is known to be an attack occurs, it then generates an alarm to alert the security administrator. In addition, IDS can also initiate a proper response to the malicious activity.
Many historical events have shown that in—————– Himani Bathla is with Gurgaon Institute of Technology & management, Gurgaon. Kanika Lakhani is with Institute of Technology & Management, Gurgaon.
trusion prevention techniques alone, such as encryption and authentication, which are usually a first line of defense, are not sufficient. As the system become more complex, there are also more weaknesses, which lead to more security problems. Intrusion detection can be used as a second wall of defense to protect the network from such problems. If the intrusion is detected, a response can be initiated to prevent or minimize damage to the system. Some assumptions are made in order for intrusion detection systems to work .The first assumption are that user and program activities are observable. The second assumption, which is more important, is that normal and intrusive activities must have distinct behaviors, as intrusion detection must capture and analyze system activity to determine if the system is under attack.
Intrusion detection [1] can be classified based on audit data as either host based or network-based. A network-based IDS captures and analyzes packets from network traffic while a host-based IDS uses operating system or application logs in its analysis. Based on detection techniques, IDS can also be classified into three categories as follows.
The normal profiles (or normal behaviors) of users are kept in the system. The system compares the captured data with these profiles, and then treats any activity that deviates from the baseline as a possible intrusion by informing system administrators or initializing a proper response.
The system keeps patterns (or signatures) of known attacks and uses them to compare with the captured data. Any matched pattern is treated as an intrusion. Like a virus detection system, it cannot detect new kinds of attacks.
The system defines a set of constraints that describe the correct operation of a program or protocol. Then, it monitors the execution of the program with respect to the defined constraints.
Many intrusion detection systems have been proposed in traditional wired networks, where all traffic must go through switches, routers, or gateways. Hence, IDS can be added to and implemented in these devices easily. On the other hand, MANETs do not have such devices. Moreover, the medium is wide open, so both legitimate and malicious users can access it. Furthermore, there is no clear separation between normal and unusual activities in a mobile environment. Since nodes can move arbitrarily, false routing information could be from a compromised node or a node that has outdated information. Thus, the current IDS techniques on wired networks cannot be applied directly to MANETs. Many intrusion detection systems have been proposed to suit the characteristics of MAN
…(Full text truncated)…
This content is AI-processed based on ArXiv data.
