Distributed Intrusion Detection and Prevention System for Ad Hoc Networks

Abstract

These days, Ad Hoc Networks are in demand in some crucial applications due to their open architecture and the mobility feature. Here, nodes cooperate with each other for communication. This very characteristic poses an immense problem in Ad Hoc Networks from the Security Point of view. Also due to the lack of Central Administra- tion, Ad Hoc Networks fall prey to the Insider Attacks. Conventional cryptographic authentication methods are not enough to detect insider routing attacks. Implemen- tation of good Intrusion Detection Systems are ideal for insider attacks. Objective of the work is to develop timed nite state machine based distributed intrusion detection and prevention approach for AODV enabled ad hoc network to detect active routing attacks and to minimize the e ect of attack on ad hoc network. As ad hoc networks are fully distributed in nature without centralized administration, they needs distributed IDS which can detect insider attacks e ectively as the detector nodes have monitoring information from other nodes. Reason for adapting TFSM based detection system is that TFSMs enable the system to detect malicious activity in real-time rather than using statistical analysis of previously captured traffic, which helps in detecting intrusion as early as possible on the timeline of an attack.TFSM also helps in minimizing the impact of an attack and maintains the performance of the network within acceptable limits. Attacks are implemented as a testbed and we analyzed their e ect on performance of ad hoc network. TFSM based Distributed Intrusion Detection System and prevention system is implemented using NS-2 simulator. The results are then analyzed based on the suggested evaluation metrics in order to verify their suitability for use in ad hoc networks.