International Journal of Computer Science Engineering

and Information Technology Research (IJCSEITR)

ISSN 2249-6831
Vol. 3, Issue 2, Jun 2013, 389-394
© TJPRC Pvt. Ltd.

INTRUSION DETECTION SYSTEM AND ITS TYPES IN MANET

HIMANSHU & PARVEEN BANO

1
Scholar, Computer Science and Engineering Department, PDM College of Engineering, Bahadurgarh, Haryana, India
2
Guide, Computer Science and Engineering Department, PDM College of Engineering, Bahadurgarh, Haryana, India
ABSTRACT

Mobile Ad hoc Networks (MANET) are utilized to set up wireless communication in improvised environments
without a predefined infrastructure or centralized administration. An IDS is used to detect attempted intrusion into a
computer or network. It processes audit data, performs analysis and takes certain set of actions against the intruder. In this
paper, MANET, IDS and its architecture, attacks and previous work are explained.

KEYWORDS: Standalone IDS, Hierarchical IDS, Selfishness Attack

INTRODUCTION

A MANET is a self-configuring dynamic network of mobile devices connected by wireless links with the set for a
specific purpose. A MANET is formed by a group of mobile wireless nodes often without the assistance of fixed network
infrastructure. It is formed dynamically by autonomous systems of mobile nodes that are connected wirelessly without
support of any existing network infrastructure or centralized administration. Instead of using a central base station for
nodes to communicate with one another, MANETs do not rely on any pre-defined infrastructure. MANET operates in peer-
to-peer mode. Nodes within the communication range communicate via wireless radio links, and for those outside the
communication range, use other nodes to relay their packets. Mobile nodes may move away from their current locations
and re-join the network from different locations in the network, thus dynamically changing their network topology and
node density. In many applications MANET could be deployed such as military tactical operations, automated battlefields,
sensor networks, disaster recovery, emergency search-and rescue missions and mobile teleconferencing.

MANETs have some special characteristic features such as unreliable wireless links used for communication
between hosts, constantly changing network topologies and memberships, limited bandwidth, battery, lifetime, and
computation power of nodes etc. While these characteristics are essential for the flexibility of MANETs .

One of the primary concerns related to ad hoc networks is to provide a secure communication among mobile
nodes in a hostile environment. The nature of mobile ad hoc networks poses a range of challenges to the security design.
The main problem for MANET security resides: the ad hoc networks can be reached very easily by users, but also by
malicious attackers. If a malicious attacker reaches the network, the attacker can easily exploit or possibly even disable the
mobile ad hoc network. A MANET can be examined on the basis of availability, confidentiality, authentication, integrity
and non-repudiation.

Considering continuous discovery of new vulnerabilities, the intrusion-detection system (IDS) must be effective
and efficient in identifying attacks, and then neutralizing them. The traditional IDSs developed for wired networks are
difficult to use for MANETs because of their architectural differences. Without centralized audit points like routers,
switches, and gateways, MANETs can only collect audit data locally and thus require a distributed and cooperative IDS.
Other differences between wired networks and MANETs include traffic patterns, node mobility, and node
constraints.These differences all render the traditional IDSs hard to be directly applied to MANETs. Nodes in MANETs
390 Himanshu & Parveen Bano

can move freely through the network, and thus their dynamically changing network topology makes MANETs very
different from the traditional wired networks. Also, nodes in MANETs usually have slower communication links, limited
bandwidth, limited battery power, and limited memory. Therefore, these constraints make the design of IDS in MANETs
much more challenging than in wired networks.

INTRODUCTION OF IDS

IDS can be defined as the tools, methods, and resources to help identify, assess, and report unauthorized or
unapproved network activity. An IDS is used to detect attempted intrusion into a computer or network. It processes audit
data, performs analysis and takes certain set of actions against the intruder, such as blocking them and or informing the
system administrator. Ad hoc networks lacks in centralized audit points, therefore, it is necessary to use the IDS in a
distributed manner. This also helps in reducing computation and memory overhead on each node. Intrusion detection is
typically one part of an overall Depending on the detection techniques used; IDS can be classified into three main
categories as follows:

Signature or Misuse Based IDS

The signature-based IDS use pre-known attack scenarios (or signatures) and compare them within coming packets
traffic. There are several approaches in the signature detection, which they differ in representation and matching algorithm
employed to detect the intrusion patterns.

Anomaly Based IDS

Attempts to detect activities that differ from the normal expected system behavior. This detection has several
techniques, i.e.: statistics , neural networks, and other techniques such as immunology, data mining and Chi-square test
utilization.

Specification Based IDS

Is a hybrid both of the signature and the anomaly based IDS. The specification-based IDS monitors’ current
behavior of systems according to specifications that describe desired functionality for security-critical entities. A mismatch
between current behavior and the specifications will be reported as an attack protection system that is installed around a
system or device. It is not a stand-alone protection measure. Now come to the architecture of IDS. There are four main
architectures on the network as follows:

 Standalone IDS,

 Distributed and Collaborative IDS,

 Hierarchical IDS, and

 Mobile Agent for Intrusion Detection Systems.

 In the Standalone Architecture, the IDS run on each node to determine intrusions independently. There is no
cooperation and no data exchanged among the IDSes on the network. This architecture is also more suitable for
flat network infrastructure than for multilayered network infrastructure.

 The Distributed and Collaborative Architecture has a rule that every node in the MANET must participate in
intrusion detection and response behaving an IDS agent running on them. The IDS agent is responsible for
detecting and collecting local events and data to identify possible intrusions, as well as initiating a response
Intrusion Detection System and its Types in MANET 391

independently.

 The Hierarchical Architecture is an extended version of the distributed and collaborative IDS architecture. This
architecture proposes using multi-layered network infrastructures where the network is divided into clusters. The
architecture has cluster heads, in some sense, act as control points which are similar to switches, routers, or gate
ways in wired networks.

 The Mobile Agent for IDS Architecture uses mobile agents to perform specific task on a nodes behalf the
owner of the agents. This architecture allows the distribution of the intrusion detection tasks.

IDS may be classified as either host-based or network based, depending on the data collection method.

 Host-based IDS operate on the operating system’s audit trails, system and application logs, or assessment data
generated by loadable-kernel modules that intercept system calls.

 Network-based IDS operate on packets captured from network traffic.

In addition, IDS can be classified based on the detection procedure that is Signature-based detection and
Anomaly-based detection. Signature-based detection technique may display low false positive rates, but does not
perform well at detecting previously unknown attacks.

Anomaly-based detection technique may detect previously unknown attacks, but may exhibit high rates of false
positives.

An effective IDS is a key component in securing MANETs. Two different methodologies of intrusion detection
are commonly usedanomaly intrusion detection and misuse intrusion detection. Anomaly detection systems are usually
slow and inefficient and are prone to miss insider attacks. Misuse-detection systems cannot detect new types of attack.
Hybrid system using both techniques is often deployed in order to minimize these shortcomings.

The MANET is susceptible to passive and active attacks. The Passive attacks typically involve only
eavesdropping of data, whereas the active attacks involve actions performed by adversaries such as replication,
modification and deletion of exchanged data. In particular, attacks in MANET can cause congestion, propagate incorrect
routing information, prevent services from working properly or shutdown them completely.

The active attacks are considered to be malicious, while nodes that just drop the packets they receive with the aim
of saving battery life are considered to be selfish. In addition, a compromised node may use the routing protocol to the
node whose packets it wants to intercept as in the so called black hole attack. Spoofing is a special case of integrity attacks
whereby a compromised node impersonates a legitimate one due to the lack of authentication in the current ad hoc routing
protocols. The main result of the spoofing attack is the misrepresentation of the network topology that may cause network
loops or partitioning. Lack of integrity and authentication in routing protocols creates fabrication attacks that result in
erroneous and bogus routing messages. Selfishness is another type of attack on MANET in which a node is not serving as a
relay to other nodes. Denial of service (DoS) is another type of attack, where the attacker injects a large amount of junk
packets into the network. These packets overspend a significant portion of network resources, and introduce wireless
channel contention and network contention in the MANET.

RELATED WORK

This author presented a cooperative, distributed intrusion detection architecture that addresses these challenges
while facilitating accurate detection of MANET-specific and conventional attacks. The architecture is organized as a
392 Himanshu & Parveen Bano

dynamic hierarchy in which detection data is acquired at the leaves and is incrementally aggregated, reduced, and analyzed
as it flows upward toward the root. Security management directives flow downward from nodes at the top. The utility of
the architecture is illustrated via multiple attack scenarios presented a brief description of Intrusion Detection System (IDS)
to make a secured MANET. So they are proposed for ad-hoc mobile networks and also provide techniques of IDS
according to distributed architecture of IDS. It has also presented a comparison of techniques such as Watchdog,
Confidant, CORE, Route guard, Ocean and Cooperative ideas and reveals their features. By considering all the aspects,
MANET is better and secures.

They presented the design of these IDS and the overall network structure, as well as the methods for
authenticating and dispatching MAs. In this they also evaluated the trade-offs between different designs parameters of
MANETs.Wireless ad hoc networks have been in focus within the wireless research community. Essentially, these are
networks that do not have an essential fixed infrastructure. Mobile hosts “join” on the fly and create a network on their
own. With the network topology changing dynamically and the lack of a centralized network management functionality,
these networks tend to be vulnerable to a number of attacks.

In this they discussed an enhancement of the Watchdog/Path rater form of Intrusion Detection in Mobile wireless
Adhoc networks (MANET). Depending on the Trustworthiness of the node’s sending the tag information, and information
already relayed by other nodes, the tagged node may then dropped from routing paths by the Path rater, and new routes
formulated. The author proposed a risk-aware response mechanism to systematically cope with the identified routing
attacks.

Risk-aware approach is based on an extended Dempster-Shafer mathematical theory of evidence introducing a

notion of importance factors. In addition, experiments demonstrate the effectiveness of the approach with the consideration
of several performance metrics.

CONCLUSIONS

An IDS is used to make a secured MANET. Routing attacks in MANET have received a great attention due to the
dynamic nature of MANET. There exist several intrusion response techniques to mitigate attacks; existing solutions
typically attempt to isolate malicious nodes based on binary. In future, we propose a risk-aware response mechanism to
systematically cope with the identified routing attacks. Our risk-aware approach will define various risk levels.
Mathematical notion will be given to each level.

REFERENCES

1. A. Hijazi and N. Nasser. “Using Mobile Agents for Intrusion Detection in Wireless Ad Hoc Networks”. In
Wireless and Optical Communications Networks (WOCN), 2005.

2. P. Porras and A. Valdes, “Live Traffic Analysis of TCP/IP Gateways”.ISOC Symposium on Network and
Distributed System Security, San Diego, CA, 1998.

3. H. Debar, M. Becker and D. Siboni. “A Neural Network Component for an Intrusion Detection System”.
Proceedings of IEEE Symposium on Research in Security and Privacy, Oakland, CA, pp. 240-250, 1992.

4. N. Ye, X. Li, et.al. “Probabilistic Techniques for Intrusion Detection Based on Computer Audit Data”. IEEE
Transactions on Systems, Man, and Cybernetics, pp. 266-274, 2001.
Intrusion Detection System and its Types in MANET 393

5. W. Lee, S.J. Stolfo, K.W. Mok. “A Data Mining Framework for Building Intrusion Detection Models”. IEEE
Symposium on Security and Privacy (Oakland, California), 1999.

6. G. Florez, S.M. Bridges, and R.B. Vaughn, “An Improved Algorithm for Fuzzy Data Mining for Intrusion
Detection”. The North American Fuzzy Information Processing Society Conference, New Orleans, LA, 2002

7. L. Blazevic et al. “Self-organization in mobile ad-hoc networks: the approach of terminodes”, IEEE
Communications Magazine, pp.166–173, 2001.

8. J. Kong et al. “Adaptive security for multi-layer ad-hoc networks”. Special Issue of Wireless Communications
and Mobile Computing, John Wiley Inter Science Press (2002).

9. C. Ko, J. Rowe, P. Brutch, K. Levitt, “System Health and Intrusion Monitoring Using a hierarchy of Constraints”.
In Proceedings of 4th International Symposium, RAID, 2001.

10. T. Anantvalee and J. Wu. “A Survey on Intrusion Detection in Mobile Ad Hoc Networks”, Book Series Wireless
Network Security, Springer, pp. 170 – 196, ISBN: 978-0-387-28040-0 (2007).

11. J. S. Balasubramaniyan et al., “An Architecture for Intrusion Detection using Autonomous Agents,” Proceedings
of the Fourteenth Annual Computer Security Applications Conference, 1998

12. M. Asaka et al., “A Method of Tracing Intruders by Use of Mobile Agents,” in proceedings of the Internet
Society, 1999

13. S. Kumar and E. Spafford, “An Application of Pattern Matchin in Intrusion Detection,” Technical Report 94-013,
Dept. of Computer Science, Purdue University, 1994.

14. Paul Brutch, Calvin Ko “Challenges in Intrusion Detection for Wireless Ad-hoc Networks” Network Associates
Laboratories {Paul_Brutch, Calvin_Ko}@nai.com2010.

15. D. Sterne, P. Balasubramanyam, D. Carman, B. Wilson, R. Talpade “A General Cooperative Intrusion Detection
Architecture for MANETs”, 2004.

16. Vinay P.Virada, proposed Intrusion Detection System (IDS) for Secure MANETs: A Study, International Journal
of Computational Engineering Research (ijceronline.com) Vol. 2 Issue. 6 , 2007.

17. Katharine Chang and Kang G. Shin “Application-Layer Intrusion Detection in MANETs”, 2009.

18. Deepti Verma, Gitanjali Sinha, “A Novel Review IDS on MANETs”, 2010.

19. Charlie Obimbo, Liliana Maria Arboleda Cobo,“An Intrusion Detection System for MANET” Vol.2 No.3 PP.1-
5,2012.

20. Ziming Zhao, Hongxin Hu, Gail-Joon Ahn, “Risk-Aware Mitigation for MANET Routing Attacks” IEEE
transactions on dependable and secure computing, vol. 9, NO. 2, 2012.

21. The Network Simulator Wiki. [Online] http://nsnam.isi.edu/nsnam/index.php/.

22. Katharine Chang and Kang G. Shin “Application-Layer Intrusion Detection in MANETs”.

23. Rohit Sharma, Dr. Jatinder Singh “A Role of Co-Operative Intrusion Detection System to Mobile Adhoc
Network” International Journal of Emerging Technology and Advanced Engineering (ISSN 2250-2459, Volume
2, Issue 10, October 2012).
394 Himanshu & Parveen Bano

24. Kamini Maheshwar; Divakar Singh “Black Hole Effect Analysis and Prevention through IDS in MANET
Environment” European Journal of Applied Engineering and Scientific Research, 2012, 1 (4):84-90
(http://scholarsresearchlibrary.com/archive.html).