Agent-Based Intrusion Detection in Wireless Networks

Agent-Based Intrusion Detection in Wireless Networks

Leila Mechtri (Badji Mokhtar University, Algeria), Fatiha Tolba Djemili (Badji Mokhtar University, Algeria) and Salim Ghanemi (Badji Mokhtar University, Algeria)
DOI: 10.4018/978-1-7998-2418-3.ch005

Abstract

The need for effective, optimal, and adaptive intrusion detection systems that fit wireless networks' requirements caused agent-based intrusion detection systems to prevail though the complexity and challenges entailed by their deployment. This chapter presents the recent achievements in terms of the proposed frameworks, architectures, and implementations for the application of agent technology to intrusion detection in wireless networks. The chapter highlights their main features, strengths, and limitations. It also discusses the main issues that most existing works do not address like IDS security and proposes solutions to cope with some of the presented problems.
Chapter Preview
Top

Background

This section introduces some concepts and terminology related to the field of agent-based intrusion detection.

Key Terms in this Chapter

MANET: A network consisting of a collection of mobile nodes that communicate with each other via wireless links without the help of any pre-existing infrastructure.

AODV: The ad-hoc on-demand distance vector is a reactive routing protocol that enables multi-hop, self-starting and dynamic routing in MANET.

Grayhole: A variation of the blackhole attack in which the malicious node adopts a selective packet dropping.

Blackhole: An active DoS (denial of service) attack in which a malicious node exploits the routing protocols such as AODV to advertise itself as having a valid and good path to the destination node with the goal of dropping the absorbed packets.

Intrusion Detection System: A software or hardware system that automate the process of monitoring the events occurring in a computer system or network, analysing them for signs of security problems. It can monitor and collect data from a target system (host or network), process and correlate the gathered information, and can initiate responses when evidence of an intrusion is detected.

DSR: The dynamic source routing is similar to AODV but has the additional feature of source routing.

Security Threats: Are tools, techniques, or methods that can cause unwanted incidents, and potentially result in damaging the network.

False Negatives: Cases where no alerts are raised when real intrusion attempts are present.

True Positives: IDS alerts that are raised for real intrusion attempts.

True Negatives: Cases where no alerts are raised, and no intrusion attempts are present.

Intrusion: Any set of actions that attempt to compromise the integrity, confidentiality, or the availability of a resource.

False Positives: IDS alerts that are raised on non-intrusive behaviours.

Complete Chapter List

Search this Book:
Reset