Distributed Intrusion Detection Models for Mobile Ad Hoc Networks Distributed Intrusion Detection Models for Mobile Ad Hoc Networks

A mobile ad hoc Network (MANET) is a mobile mesh network in which mobile wireless nodes are both hosts and routers so they can communicate without base stations. Because of this cooperative routing capability, MANETs have envisioned for military and emergency communication, but become more vulnerable to routing attacks than wired networks. If a malicious node propagates forged routing information in a MANET, the node can easily paralyze the network or hijack valuable routes. Due to MANET’s particular routing characteristics, defending routing attacks is challenging and critical in MANET. Traditional cryptographic authentication schemes are not sufficient due to insider routing attacks. Intrusion detection systems are ideal for insider attacks, but most of them are designed for wired networks and thus they can neither directly deploy in MANETs nor effectively detect new routing attacks in MANET. So we apply specification based intrusion detection approach that defines normal behavior of the protected networks to detect new routing attacks in MANETs. Therefore, we proposed a complete distributed intrusion detection system that consists of four models for MANETs with formal reasoning and simulation experiments for evaluation. We first proposed two specification based intrusion detection models for AODV (Ad hoc On-demand Distance Vector) and OLSR (Optimized Link State Routing), which are the two representative routing protocols in MANET. Second, we proposed a Distributed Evidence-driven Message Exchanging intrusion detection Model (DEMEM), which provides a practical distributed intrusion detection and message exchange framework. And we implemented DEMEM with three ID messages to provide reliable message exchange platform for intrusion detection in OLSR. Third, we proposed Distributed Routing Evidence Tracing and Authentication intrusion prevention model (DRETA). DRETA consists of a low computation overhead authentication and a scalable integrity protection of forwarded routing messages in MANETs. Finally, DRETA integrates our other three models into one complete intrusion detec-