Cutting the Gordian Knot: Intrusion Detection Systems in Ad Hoc Networks

IntroductIon Wireless ad hoc networks have attracted extensive attention among researchers in recent years. As the research activities matured, it has been widely realized that security in such networks is a major issue, and an extremely challenging one. The challenge arises mainly from the inherent AbstrAct Intrusion detection in ad hoc networks is a challenge because of the inherent characteristics of these networks, such as, the absence of centralized nodes, the lack of infrastructure, and so forth. Furthermore, in addition to application-based attacks, ad hoc networks are prone to attacks targeting routing protocols. Issues in intrusion detection in ad hoc networks are addressed by numerous research proposals in literature. In this chapter, we first enumerate the properties of ad hoc networks which hinder intrusion detection systems. After that, significant intrusion detection system (IDS) architectures and methodolo-gies proposed in the literature are elucidated. Strengths and weaknesses of these works are studied and are explained. Finally, the future directions which will lead to the successful deployment of intrusion detection in ad hoc networks are discussed. characteristics of ad hoc networks. Chief among the characteristics, which affect the design of an effective security framework for such networks, are the highly distributed, decentralized, and dynamic natures of ad hoc networks. These properties , coupled with the lack of infrastructure in ad hoc networks, introduce some unprecedented issues, which are absent and never been explored in conventional networks. A typical security system consists of two major components. The first is the intrusion prevention mechanism that aims to control access to the system and relies mainly on cryptographic techniques. The second one is the intrusion detection system that tries to detect if the prevention mechanism has been compromised by intruders, and if so, come up with an appropriate response to combat such intrusions. The intrusion detection system (IDS) thus forms the second line of defense (Nadkarni & Mishra, 2003). Cryptographic techniques rely on secure key management and key distribution which require supporting infrastructure. The lack of infrastructure makes it extremely difficult to implement cryptographic access control mechanisms in ad hoc networks. This makes intrusion detection all the more important for such networks. However, it turns out that the inherent characteristics of ad hoc networks render conventional IDS unsuitable for such networks. This has spawned the research in ad hoc IDS design (Brutch & Ko, 2003). This chapter illustrates the difficulties in providing an efficient intrusion detection …