Intrusion Detection and Response Systems for Mobile Ad Hoc Networks

Show full item record

Please use this identifier to cite or link to this item: http://hdl.handle.net/1853/14053

Title: Intrusion Detection and Response Systems for Mobile Ad Hoc Networks
Author: Huang, Yi-an
Abstract: A mobile ad hoc network (MANET) consists of a group of autonomous mobile nodes with no infrastructure support. In this research, we develop a distributed intrusion detection and response system for MANET, and we believe it presents a second line of defense that cannot be replaced by prevention schemes. We based our detection framework on the study of attack taxonomy. We then propose a set of detection methods suitable of detecting different attack categories. Our approaches are based on protocol specification analysis with categorical and statistical measures. Node-based approaches may be too restrictive in scenarios where attack patterns cannot be observed by any isolated node. Therefore, we have developed cooperative detection approaches for a more effective detection model. One approach is to form IDS clusters by grouping nearby nodes, and information can be exchanged within clusters. The cluster-based scheme is more efficient in terms of power consumption and resource utilization, it is also proved resilient against common security compromises without changing the decentralized assumption. We further address two response techniques, traceback and filtering. Existing traceback systems are not suitable for MANET because they rely on incompatible assumptions such as trustworthy routers and static route topology. Our solution, instead, adapts to dynamic topology with no infrastructure requirement. Our solution is also resilient in the face of arbitrary number of collaborative adversaries. We also develop smart filtering schemes to maximize the dropping rate of attack packets while minimizing the dropping rate of normal packets with real-time guarantee. To validate our research, we present case study using both ns-2 simulation and MobiEmu emulation platform with three ad hoc routing protocols: AODV, DSR and OLSR. We implemented various representative attacks based on the attack taxonomy. Our experiments show very promising results using node-based and cluster-based approaches.
Type: Dissertation
URI: http://hdl.handle.net/1853/14053
Date: 2006-11-20
Publisher: Georgia Institute of Technology
Subject: Data mining
Intrusion detection
Routing security
Mobile ad hoc networks
Network security
Department: Computing
Advisor: Committee Chair: Lee, Wenke; Committee Member: Ahamad, Mustaque; Committee Member: Giffin, Jonathon; Committee Member: Ji, Chuanyi; Committee Member: Ramachandran, Umakishore
Degree: Ph.D.

All materials in SMARTech are protected under U.S. Copyright Law and all rights are reserved, unless otherwise specifically indicated on or in the materials.

Files in this item

Files Size Format View
huang_yian_200612_phd.pdf 948.3Kb PDF View/ Open

This item appears in the following Collection(s)

Show full item record