11-02-2013, 03:36 PM
A Mechanism Design-Based Multi-Leader Election Scheme for Intrusion Detection in MANET
[attachment=50530]
Abstract
In this paper, we study the election of multiple
leaders for intrusion detection in the presence of selfish nodes
in mobile ad hoc networks (MANETs). To balance the resource
consumption and prolong the lifetime of all nodes, each cluster
should elect a node with the most remaining resources as its
leader. However, without incentives for serving others, a node
may behave selfishly by lying about its remaining resource and
avoiding being elected.We present a solution based on mechanism
design theory. More specifically, we design a scheme for electing
cluster leaders that have the following two advantages: First,
the collection of elected leaders is the optimal in the sense that
the overall resource consumption will be balanced among all
nodes in the network overtime. Second, the scheme provides the
leaders with incentives in the form of reputation so that nodes
are encouraged to honestly participate in the election process.
The design of such incentives is based on the Vickrey, Clarke,
and Groves (VCG) model by which truth-telling is the dominant
strategy for each node. Simulation results show that our scheme
can effectively prolong the overall lifetime of IDS in MANET
and balance the resource consumptions among all the nodes.
INTRODUCTION
The cooperation among nodes is a crucial requirement for
intrusion detection in Mobile Ad hoc Networks (MANETs)
due to the autonomous nature of such networks [5], [11].
In particular, a common approach for reducing the overall
resource consumption of intrusion detection in MANET is
for nodes to collaborate in electing a leader to serve as
the intrusion detection system (IDS) for a cluster of onehop
nodes. The election process can be either random [6] or
based on the connectivity [8]. Both approaches aim to reduce
the overall resource consumption of IDSs in the network.
However, we notice that nodes may have different remaining
resources at any given time and this should be taken into
account by an election scheme. With the random model, each
node is equally likely to be elected regardless of its remaining
resources. The connectivity index-based approach elects a
node with high degree of connectivity even though the node
may have little resources left. With both election schemes,
some nodes will die faster than others, leading to a loss in
connectivity and potentially the partition of network. Although
it is clearly desirable to balance the resource consumption of
IDSs among nodes, this objective is difficult to achieve due to
the presence of selfish nodes. Unless sufficient incentives are
provided, a node will naturally behave selfishly by not serving
others while receiving others’ services.
RELATED WORK
This section reviews related work on intrusion detection in
MANET and the application of mechanism design to networks.
Intrusion Detection Systems in MANET
The difference between wired infrastructure networks and
mobile ad hoc networks raises the needs for new IDS models
that can handle new security challenges, such as attacks
against routing protocols [11]. A cooperative intrusion detection
model is proposed to allow all nodes in identifying
possible attacks and escalating an identified anomaly to a
global detection process [14]. An extended model is proposed
in [6] to identify sources of attacks; the issue of run-time
resource constraints is also addressed through a random leaderelection
scheme. Unlike our work, the random election scheme
does not consider the remaining resources of nodes or the
presence of selfish nodes. In [8], a modular IDS system based
on mobile agents is proposed and the authors point out the
impact of limited computational and battery power on the
network monitoring tasks. Again, the solution ignores both the
difference in remaining resources and the selfishness issue.
CORE [10] is a cooperative enforcement mechanism based
on monitoring and reputation systems. Using reputation as the
cooperation metric, Each node keeps track of other nodes’ degree
of cooperation and punishes misbehaving nodes through
gradually stopping its communication services. In contrast to
such as passive approach, our solution proactively encourage
nodes to behave honestly through computing reputations in a
different way, that is based on mechanism design.
CONCLUSION
The unbalanced resource consumption of IDSs in MANET
and the presence of selfish nodes have motivated us to propose
an integrated solution for prolonging the lifetime of MANETs
and their IDS services and for preventing the emergence of
selfish nodes. The solution motivated nodes to truthfully elect
the most cost-efficient nodes that handle the detection duty on
behalf of the whole network. Incentives were given in the form
of reputations to motivate nodes in revealing truthfully their
costs of analysis. Reputations were computed using the well
known VCG mechanism by which truth-telling is the dominant
strategy. Our distributed mechanism was able to elect the most
cost-efficient nodes. Simulation results showed that our model
is able to prolong the lifetime of the network and balance the
overall resource consumptions among all nodes.
[attachment=50530]
Abstract
In this paper, we study the election of multiple
leaders for intrusion detection in the presence of selfish nodes
in mobile ad hoc networks (MANETs). To balance the resource
consumption and prolong the lifetime of all nodes, each cluster
should elect a node with the most remaining resources as its
leader. However, without incentives for serving others, a node
may behave selfishly by lying about its remaining resource and
avoiding being elected.We present a solution based on mechanism
design theory. More specifically, we design a scheme for electing
cluster leaders that have the following two advantages: First,
the collection of elected leaders is the optimal in the sense that
the overall resource consumption will be balanced among all
nodes in the network overtime. Second, the scheme provides the
leaders with incentives in the form of reputation so that nodes
are encouraged to honestly participate in the election process.
The design of such incentives is based on the Vickrey, Clarke,
and Groves (VCG) model by which truth-telling is the dominant
strategy for each node. Simulation results show that our scheme
can effectively prolong the overall lifetime of IDS in MANET
and balance the resource consumptions among all the nodes.
INTRODUCTION
The cooperation among nodes is a crucial requirement for
intrusion detection in Mobile Ad hoc Networks (MANETs)
due to the autonomous nature of such networks [5], [11].
In particular, a common approach for reducing the overall
resource consumption of intrusion detection in MANET is
for nodes to collaborate in electing a leader to serve as
the intrusion detection system (IDS) for a cluster of onehop
nodes. The election process can be either random [6] or
based on the connectivity [8]. Both approaches aim to reduce
the overall resource consumption of IDSs in the network.
However, we notice that nodes may have different remaining
resources at any given time and this should be taken into
account by an election scheme. With the random model, each
node is equally likely to be elected regardless of its remaining
resources. The connectivity index-based approach elects a
node with high degree of connectivity even though the node
may have little resources left. With both election schemes,
some nodes will die faster than others, leading to a loss in
connectivity and potentially the partition of network. Although
it is clearly desirable to balance the resource consumption of
IDSs among nodes, this objective is difficult to achieve due to
the presence of selfish nodes. Unless sufficient incentives are
provided, a node will naturally behave selfishly by not serving
others while receiving others’ services.
RELATED WORK
This section reviews related work on intrusion detection in
MANET and the application of mechanism design to networks.
Intrusion Detection Systems in MANET
The difference between wired infrastructure networks and
mobile ad hoc networks raises the needs for new IDS models
that can handle new security challenges, such as attacks
against routing protocols [11]. A cooperative intrusion detection
model is proposed to allow all nodes in identifying
possible attacks and escalating an identified anomaly to a
global detection process [14]. An extended model is proposed
in [6] to identify sources of attacks; the issue of run-time
resource constraints is also addressed through a random leaderelection
scheme. Unlike our work, the random election scheme
does not consider the remaining resources of nodes or the
presence of selfish nodes. In [8], a modular IDS system based
on mobile agents is proposed and the authors point out the
impact of limited computational and battery power on the
network monitoring tasks. Again, the solution ignores both the
difference in remaining resources and the selfishness issue.
CORE [10] is a cooperative enforcement mechanism based
on monitoring and reputation systems. Using reputation as the
cooperation metric, Each node keeps track of other nodes’ degree
of cooperation and punishes misbehaving nodes through
gradually stopping its communication services. In contrast to
such as passive approach, our solution proactively encourage
nodes to behave honestly through computing reputations in a
different way, that is based on mechanism design.
CONCLUSION
The unbalanced resource consumption of IDSs in MANET
and the presence of selfish nodes have motivated us to propose
an integrated solution for prolonging the lifetime of MANETs
and their IDS services and for preventing the emergence of
selfish nodes. The solution motivated nodes to truthfully elect
the most cost-efficient nodes that handle the detection duty on
behalf of the whole network. Incentives were given in the form
of reputations to motivate nodes in revealing truthfully their
costs of analysis. Reputations were computed using the well
known VCG mechanism by which truth-telling is the dominant
strategy. Our distributed mechanism was able to elect the most
cost-efficient nodes. Simulation results showed that our model
is able to prolong the lifetime of the network and balance the
overall resource consumptions among all nodes.