Analysis of Fuzzy Logic Based Intrusion Detection Systems in Mobile Ad Hoc Networks

Due to the advancement in wireless technologies, many of new paradigms have opened for communications. Among these technologies, mobile ad hoc networks play a prominent role for providing communication in many areas because of its independent nature of predefined infrastructure. But in terms of security, these networks are more vulnerable than the conventional networks because firewall and gateway based security mechanisms cannot be applied on it. That’s why intrusion detection systems are used as keystone in these networks. Many number of intrusion detection systems have been discovered to handle the uncertain activity in mobile ad hoc networks. This paper emphasized on proposed fuzzy based intrusion detection systems in mobile ad hoc networks and presented their effectiveness to identify the intrusions. This paper also examines the drawbacks of fuzzy based intrusion detection systems and discussed the future directions in the field of intrusion detection for mobile ad hoc networks. Index Terms – Detection Methods, Fuzzy Logic, Intrusion detection system (IDS), Intrusion Detection System Architectures, Mobile Ad Hoc Networks (MANETs), Security issues. 1.0 INTRODUCTION Mobile ad hoc networks (MANETs) do not have any preexisting infrastructure or administrative point as like conventional networks. In MANETs, mobile nodes can communicate freely to each other without the need of predefined infrastructure. This effectiveness and flexibility makes these types of networks attractive for many applications such as military operations, rescue operations, neighborhood area networks, education applications and virtual conferences. Mobile nodes play the role of host as well as routers and also support the multihop communication between the nodes. By the help of routing protocols, mobile nodes can send the data packets to each other in mobile ad hoc networks. Some characteristics of MANETs such as communication via wireless links, resource constraints (bandwidth and battery power), cooperativeness between the nodes and dynamic topology make it more vulnerable to attacks [1] [2]. Due to Dept. of Computer Science & Engineering, Manipal University, Jaipur (India)-302026 Dept. of Electronic & communication, Manipal University, Jaipur (India)-302026 E-Mail: [email protected], [email protected] and [email protected], Manet’s characteristics, Prevention based techniques such as authentication and encryption are not good solution for ad hoc networks to eliminate security threats because prevention based techniques cannot protect against mobile nodes which contain the private keys. So that Intrusion detection system is an essential part of security for MANETs. It is very effective for detecting the intrusions and usually used to complement for other security mechanism. That’s why Intrusion detection system (IDS) is known as the second wall of defense for any survivable network security [3]. There are some groups which works together to enhance the functioning of mobile ad hoc networks (MANETs). IETF constituted the mobile ad hoc networks working group in 1997 [4].The rest of this paper is organized as follows: Section 2 presents the detailed introduction of Intrusion detection system. Section 3 describes the need of fuzzy based IDS on MANETs and Section 4 discusses and analyzes the proposed fuzzy based IDSs in MANETs from the literature. Section 5 discusses the drawbacks of proposed fuzzy based IDS and finally conclusion and direction for future research is outlined in section 6. 2.0 INTRUSION DETECTION SYSTEM When any set of actions attempt to compromise with the security attributes such as confidentiality, repudiation, availability and integrity of resources then these actions are said to be the intrusions and detection of such intrusions is known as intrusion detection system (IDS) [5]. The basic functionality of IDS depends only on three main modules such as data collection, detection and response modules. The data collection module is responsible for collecting data from various data sources such as system audit data, network traffic data, etc. Detection module is responsible for analysis of collected data. While detecting intrusions if detection module detects any suspicious activity in the network then it initiates response by the response module. There are three main detection techniques presented in the literature such as misuse based, anomaly based and specification based techniques. The first technique, misusebased detection systems such as IDIOT [6] and STAT [7] detect the intrusions on the behalf of predefined attack signature. The disadvantage of this technique is that it cannot detect new attacks but has low false positive rate so that it is generally used by the commercial purpose based IDSs. Second intrusion detection technique is anomaly-based detection technique e.g. IDES [8]. It detects the intrusion on bases of normal behaviour of the system. Defining the normal behavior of the system is a very challenging task because behavior of system can be changed time to time. This technique can detect the new or unknown attacks but with high false positive rates. The third technique is specification based intrusion detection BIJIT BVICAM’s International Journal of Information Technology Copy Right © BIJIT – 2014; January – June, 2014; Vol. 6 No. 1; ISSN 0973 – 5658 691 [9]. In this detection method, first specified the set of constraints on a particular protocol or program and then detect the intrusions at run time violation of these specifications. The main problem with this technique is that it takes more time for defining the specification that’s why it is a time consuming technique [10]. On the bases of the audit data, Intrusion detection system can be host based and network based. Host based IDS collect the audit data from operating system at a particular host and network based intrusion detection system collects audit data from host as well as trace the network traffic for any type of suspicious activity. Normally there are three basic types of IDS architecture in literature: Stand-alone intrusion detection systems In this type of intrusion detection system architecture, an IDS run independently on each node in the network; Distributed and Cooperative intrusion detection systems In this architecture all nodes have IDS agents so that each node can take part in intrusion detection locally and depend on cooperativeness between the nodes it can be made decision globally. This architecture dependent IDS are able to make two types of decision i.e. collaborative and independent. In collaborative decision, all nodes take part actively to make decision but in case of independent decision some particular nodes are responsible for making decision. Hierarchical Intrusion Detection Systems This type of IDS architecture is an extended form of distributed and cooperative IDS architecture in which whole network is divided into clusters. Each cluster has clusterhead which has more responsibility than the other node members in the cluster [10] [11]. There are many number of IDSs have been proposed in MANETs. We will discuss fuzzy logic based proposed IDSs for MANETs in further sections. 3.0 NEED OF FUZZY BASED INTRUSION DETECTION