The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.08 - August (2011 vol.10)
pp: 1162-1174
Rajendra V. Boppana , The University of Texas at San Antonio, San Antonio
Xu Su , Microsoft Corporation, Redmond
ABSTRACT
Several intrusion detection techniques (IDTs) proposed for mobile ad hoc networks rely on each node passively monitoring the data forwarding by its next hop. This paper presents quantitative evaluations of false positives and their impact on monitoring-based intrusion detection for ad hoc networks. Experimental results show that, even for a simple three-node configuration, an actual ad hoc network suffers from high false positives; these results are validated by Markov and probabilistic models. However, this false positive problem cannot be observed by simulating the same network using popular ad hoc network simulators, such as ns-2, OPNET or Glomosim. To remedy this, a probabilistic noise generator model is implemented in the Glomosim simulator. With this revised noise model, the simulated network exhibits the aggregate false positive behavior similar to that of the experimental testbed. Simulations of larger (50-node) ad hoc networks indicate that monitoring-based intrusion detection has very high false positives. These false positives can reduce the network performance or increase the overhead. In a simple monitoring-based system where no secondary and more accurate methods are used, the false positives impact the network performance in two ways: reduced throughput in normal networks without attackers and inability to mitigate the effect of attacks in networks with attackers.
INDEX TERMS
Mobile ad hoc networks, intrusion detection, passive monitoring, false positives, analytical models, noise modeling, performance analysis.
CITATION
Rajendra V. Boppana, Xu Su, "On the Effectiveness of Monitoring for Intrusion Detection in Mobile Ad Hoc Networks", IEEE Transactions on Mobile Computing, vol.10, no. 8, pp. 1162-1174, August 2011, doi:10.1109/TMC.2010.210
REFERENCES
[1] B. Awerbuch, D. Holmer, C. Nita-Rotaru, and H. Rubens, "An On-Demand Secure Routing Protocol Resilient to Byzantine Failures," Proc. ACM WiSe, pp. 21-30, Sept. 2002.
[2] S. Bansal and M. Baker, "Observation-Based Cooperation Enforcement in Ad Hoc Networks," Research Report cs. NI/0307012, Standford Univ., 2003.
[3] R.V. Boppana and X. Su, "An Analysis of Monitoring Based Intrusion Detection for Ad Hoc Networks," Proc. IEEE Globecom: Computer and Comm. Network Security Symp., Dec. 2008.
[4] R.V. Boppana and S. Desilva, "Evaluation of a Stastical Technique to Mitigate Malicious Control Packets in Ad Hoc Networks," Proc. Int'l Symp. World of Wireless Mobile and Multimedia Networks (WoWMoM)/Workshop Advanced Experimental Activities on Wireless Networks and Systems, pp. 559-563, 2006.
[5] S. Buchegger and J.Y. Le Boudec, "A Robust Reputation System for Mobile Ad-Hoc Networks," Proc. Workshop Economics of Peer-to-Peer Systems (P2PE '04), 2004.
[6] S. Buchegger, C. Tissieres, and J.Y. Le Boudec, "A Test-Bed for Misbehavior Detection in Mobile Ad-Hoc Networks -- How Much Can Watchdogs Really Do?" Proc. IEEE Workshop Mobile Computing Systems and Applications (WMCSA '04), 2004.
[7] S. Buchegger and J.-Y. Le Boudec, "Performance Analysis of the Confidant Protocol: Cooperation of Nodes Fairness in Dynamic Ad-Hoc Networks," Proc. IEEE/ACM MobiHoc, 2002.
[8] R. Burchfield, E. Nourbakhsh, J. Dix, K. Sahu, S. Venkatesan, and R. Prakash, "RF in the Jungle: Effect of Environment Assumptions on Wireless Experiment Repeatability," Proc. IEEE Int'l Conf. Comm. (ICC '09), pp. 1-6, 2009.
[9] I. Chlamtac, M. Conti, and J.J.-N. Liu, "Mobile Ad Hoc Networking: Imperatives and Challenges," Ad Hoc Networks, vol. 1, no. 1, pp. 13-64, 2003.
[10] Cisco Systems Inc., Linksys WRT54G v2.2 Wireless-G Broadband Router, http:/www.linksys.com, 2004.
[11] L. Eschenauer, V.D. Gligor, and J. Baras, "On Trust Establishment in Mobile Ad-Hoc Networks," Proc. Security Protocols, pp. 47-66, 2003.
[12] J. Hu, "Cooperation in Mobile Ad Hoc Networks," Technical Report TR-050111, Dept. of Computer Science, Florida State Univ., 2005.
[13] R. Jain, The Art of Computer Systems Performance Analysis: Techniques for Experimental Design, Measurement, Simulation, and Modeling. John Wiley & Sons, 1991.
[14] M.R. Leadbetter, G. Lindgreen, and H. Rootze, Extremes and Related Properties of Random Sequences and Processes. Springer-Verlag, 1983.
[15] H. Lee, A. Cerpa, and P. Levis, "Improving Wireless Simulation through Noise Modeling," Proc. ACM Int'l Conf. Information Processing in Sensor Networks (IPSN '07), pp. 21-30, Apr. 2007.
[16] K. Liu, J. Deng, P.K. Varshney, and K. Balakrishnan, "An Acknowledgement Based Approach for Detection of Routing Misbehavior in Manets," IEEE Trans. Mobile Computing, vol. 6, no. 5, pp. 488-502, May 2007.
[17] K. Liu, J. Deng, P.K. Varshney, and K. Balakrishnan, "An Acknowledgment-Based Approach for the Detection of Routing Misbehavior in MANETs," IEEE Trans. Mobile Computing, vol. 6, no. 5, pp. 488-502, May 2007.
[18] Z. Liu, A. Joy, and R. Thompson, "A Dynamic Trust Model for Mobile Ad Hoc Networks," Proc. 10th IEEE Int'l Workshop Future Trends of Distributed Computing Systems (FTDCS '04), pp. 80-85, 2004.
[19] H. Luo, P. Zerfos, J. Kong, S. Lu, and L. Zhang, "Self-Securing Ad Hoc Wireless Networks," Proc. Seventh IEEE Symp. Computers and Comm. (ISCC '02), 2002.
[20] S. Marti, T.J. Giuli, K. Lai, and M. Baker, "Mitigating Routing Misbehavior in Mobile Ad Hoc Networks," Proc. ACM MobiCom, pp. 255-265, Aug. 2000.
[21] R. Molva and P. Michiardi, "Core: A Collaborative Reputation Mechanism to Enforce Node Cooperation in Mobile Ad Hoc Networks," Proc. IFIP Comm. and Multimedia Security Conf., 2002.
[22] Seattle Wireless Project, http:/www.seattlewireless.net, 2010.
[23] X. Su and R.V. Boppana, "On the Impact of Noise on Mobile Ad Hoc Networks," Proc. ACM Int'l Wireless Comm. and Mobile Computing Conf. (IWCMC '07), pp. 208-213, 2007.
[24] X. Su and R.V. Boppana, "Crosscheck Mechanism to Identify Malicious Nodes in Ad Hoc Networks," Security and Comm. Networks, vol. 2, no. 1, pp. 45-54, 2009.
[25] B. Sun, L. Osborne, Y. Xiao, and S. Guizani, "Intrusion Detection Techniques in Mobile Ad Hoc and Wireless Sensor Networks," IEEE Wireless Comm. Magazine, vol. 14, no. 5, pp. 56-63, Oct. 2007.
[26] The MathWorks Inc., MATLAB, version 7.1.0.183 (R14), http://www.mathworks.com/productsmatlab, 2010.
[27] K.S. Trivedi, Probability and Statistics with Reliability, Queuing, and Computer Science Applications, second ed. John Wiley & Sons, 2001.
[28] H. Yang, H. Luo, F. Ye, S. Lu, and L. Zhang, "Security in Mobile Ad Hoc Networks: Challenges and Solutions," IEEE Wireless Comm., vol. 11, no. 1, pp. 38-47, Feb. 2004.
[29] W. Yu, Y. Sun, and K.J.R. Liu, "HADOF: Defense against Routing Disruption in Mobile Ad Hoc Networks," Proc. IEEE INFOCOM, 2005.
[30] W. Yu, Y. Sun, and K.J.R. Liu, "Stimulating Cooperation and Defending against Attacks in Self-Organized Mobile Ad Hoc Networks," Proc. Second Ann. IEEE CS Conf. Sensor and Ad Hoc Comm. and Networks (SECON '05), 2005.
[31] X. Zeng, R. Bagrodia, and M. Gerla, "GloMoSim: A Library for Parallel Simulation of Large-Scale Wireless Networks," Proc. Workshop Parallel and Distributed Simulation, pp. 154-161, 1998.
[32] P. Zimmerman, PGP User's Guide. MIT, 1994.
29 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool