16-07-2013, 04:52 PM
Intrusion Detection Techniques for Mobile Wireless Networks
Intrusion Detection .pdf (Size: 177.68 KB / Downloads: 26)
ABSTRACT
The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network
security. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and
effective. We need to search for new architecture and mechanisms to protect the wireless networks and mobile computing
application.
In this paper, we examine the vulnerabilities of wireless networks and argue that we must include intrusion detection
in the security architecture for mobile computing environment. We have developed such an architecture and evaluated
a key mechanism in this architecture, anomaly detection for mobile ad-hoc network, through simulation experiments.
Keywords: intrusion detection, intrusion response, cooperative detection, anomaly detection, mobile ad-hoc networks.
Introduction
The rapid proliferation of wireless networks and mo-
bile computing applications has changed the landscape
of network security. The nature of mobility creates new
vulnerabilities that do not exist in a fixed wired net-
work, and yet many of the proven security measures
turn out to be ineffective. Therefore, the traditional
way of protecting networks with firewalls and encryp-
tion software is no longer sufficient. We need to develop
new architecture and mechanisms to protect the wire-
less networks and mobile computing applications.
The Need for Intrusion Detection
Intrusion prevention measures, such as encryption
and authentication, can be used in ad-hoc networks
to reduce intrusions, but cannot eliminate them. For
example, encryption and authentication cannot defend
against compromised mobile nodes, which often carry
the private keys. Integrity validation using redundant
information (from different nodes), such as those being
used in secure routing [25,27], also relies on the trust-
worthiness of other nodes, which could likewise be a
weak link for sophisticated attacks.
The history of security research has taught us a valu-
able lesson – no matter how many intrusion prevention
measures are inserted in a network, there are always
some weak links that one could exploit to break in (just
like the example at the beginning of this paper). Intru-
sion detection presents a second wall of defense and it
is a necessity in any high-survivability network.
An Architecture for Intrusion Detection
Intrusion detection and response systems should be
both distributed and cooperative to suite the needs of
mobile ad-hoc networks. In our proposed architecture
(Figure 1), every node in the mobile ad-hoc network
participates in intrusion detection and response. Each
node is responsible for detecting signs of intrusion lo-
cally and independently, but neighboring nodes can col-
laboratively investigate in a broader range.
Anomaly Detection in Mobile Ad-Hoc
Networks
In this section, we discuss how to build anomaly de-
tection models for mobile wireless networks. Detection
based on activities in different network layers may differ
in the format and the amount of available audit data
as well as the modeling algorithms. However, we be-
lieve that the principle behind the approaches will be
the same. To illustrate our approach, we focus our dis-
cussions on ad-hoc routing protocols.
Related Work
There have been a lot of studies on security preven-
tion measures for infrastructure-based wireless networks
(such as [2,23]), but there is little work on the aspect of
intrusion detection. We have argued in this paper that
intrusion detection is extremely important for mobile
computing environment.
On the prevention side, general approaches such as
key generation and management have been used in a
distributed manner to insure the authenticity and in-
tegrity of routing information. Zhou and Haas [27]
introduced a routing protocol independent distributed
key management service. This approach uses redun-
dancies in the network topology to provide reliable key
management. The key idea is to use key sharing with
a maximum threshold ratio of compromised nodes to
total nodes. Binkley [1] reported experiments on au-
thentication of MAC and IP layers. Jacobs and Cor-
son [10] proposed an authentication architecture where
the emphasis is to build a hierarchy of trust in order to
authenticate IMEP messages.
Conclusion
We have argued that any secure network will have
vulnerability that an adversary could exploit. This is es-
pecially true for mobile wireless networks. Intrusion de-
tection can compliment intrusion prevention techniques
(such as encryption, authentication, secure MAC, se-
cure routing, etc.) to secure the mobile computing envi-
ronment. However, new techniques must be developed
to make intrusion detection work better for wireless net-
works.