Cutting the Gordian Knot: Intrusion Detection Systems in Ad Hoc Networks
John Felix Charles Joseph (Nanyang Technological University, Singapore), Amitabha Das (Nanyang Technological University, Singapore), Boon-Chong Seet (Auckland Univerisity of Technology, New Zealand) and Bu-Sung Lee (Nanyang Technological University, Singapore)
Copyright: © 2008
Intrusion detection in ad hoc networks is a challenge because of the inherent characteristics of these networks, such as, the absence of centralized nodes, the lack of infrastructure, and so forth. Furthermore, in addition to application-based attacks, ad hoc networks are prone to attacks targeting routing protocols. Issues in intrusion detection in ad hoc networks are addressed by numerous research proposals in literature. In this chapter, we first enumerate the properties of ad hoc networks which hinder intrusion detection systems. After that, significant intrusion detection system (IDS) architectures and methodologies proposed in the literature are elucidated. Strengths and weaknesses of these works are studied and are explained. Finally, the future directions which will lead to the successful deployment of intrusion detection in ad hoc networks are discussed.
Key Terms in this Chapter
Intrusion Detection: Intrusion detection is the process of identifying and distinguishing malicious behavior from the normal network traffic.
Anomaly detection: Anomaly detection is a type of intrusion detection in which historical normal behavior of the network is used. Any deviation of a behavior from the normal will raise an alarm.
Intrusion/Attack: Intrusion is a behavior of an external or internal node(s) with malign intent, which aims to affect other benign nodes in the network.
Audit Trails: Audit trails describe a network or node behavior. It contains values for a set of parameters, which is recorded in periodic intervals of time. The parameter set is called as the feature set and usually differs between different network environments, protocols, and systems.
Mobile Agents: Mobile agents are specialized software which move between nodes to accomplish their assigned tasks, such as data collection and so forth.
Misbehavior Detection: Misbehavior detection is a complement to anomaly detection. In this type of intrusion detection, known intrusion behavior patterns are used. Any resemblance of a behavior with these patterns will result in an alarm.
Ad Hoc Networks: Ad hoc networks are loosely organized and configured network. There are no centralized nodes, such as routers, gateways, and so forth. All network functions are done by every node and thereby every node supports the network’s functioning.