Med-Hoc-Net 2007

Session 5: Ad Hoc Network Security:  Models and Systems

Evaluation of a Specification-Based Intrusion Detection System for AODV  

• Jimmi Grönkvist (Swedish Defence Research Agency, Sweden)
• Anders Hansson (Swedish Defence Research Agency, Sweden)
• Mattias Sköld (Swedish Defence Research Agency, Sweden) 

Abstract: A mobile ad hoc network consists of wireless nodes that build a robust radio network without any pre-existing infrastructure or centralized servers. However, these networks have inherent vulnerabilities that make them susceptible to malicious attacks. In order to secure ad hoc networks advanced techniques must be used, one efficient solution is to use specification-based intrusion detection, especially when combined with traditional cryptographic methods. In this paper, we study attacks on realistic networks to see what effect they have on communications. We show that some of the well known attacks on AODV do have a significant effect, preventing more or less all nodes from communicating. However, as we also show, our specification-based Intrusion Detection System removes almost all of the effects of the attacks by discarding detected incorrect packets. This can be done with very little cost in terms of overhead and false alarms.  

Pages: 121-128

A Closed Queueing Network Model for Malware Spreading over Non-Propagative Ad Hoc Networks 

• Vasileios Karyotis (National Tech. Univ. of Athens, Greece)
• Mary Grammatikou (National Tech. Univ. of Athens, Greece)
• Symeon Papavassiliou (National Tech. Univ. of Athens, Greece) 

Abstract: In this paper, we propose a closed queueing network model, based on a probabilistic node infection framework, that captures in an aggregated manner the behavior of an ad hoc network attacked by a group of malicious nodes. The proposed framework and model are shown to be more appropriate in dealing with the inherent stochastic nature of malware spreading and ad hoc networks. We focus on the case of non-propagative networks and use the Norton equivalent of the proposed model to solve it analytically in its steady state. Based on these results, we study the behavior of the system with two indicative metrics, the average number of infected nodes and the average throughput of the queue of noninfected nodes, that allow us to identify the critical system parameters affecting the operation of the network and the impact of an attack. These metrics can be used together in order to characterize the network’s robustness or vulnerability.

Pages: 129-136

Towards an Effective Intrusion Response Engine Combined with Intrusion Detection in Ad Hoc Networks  

• Aikaterini Mitrokotsa (University of Piraeus, Greece)
• Nikos Komninos (Athens Information Technology, Greece)
• Christos Douligeris (University of Piraeus, Greece) 

Abstract: In this paper, we present an effective intrusion response engine combined with intrusion detection in ad hoc networks. The intrusion response engine is composed of a secure communication module, a local and a global response module. Its function is based on an innovative tree-based key agreement protocol while the intrusion detection engine is based on a class of neural networks called eSOM. The proposed intrusion response model and the tree-based protocol, it is based on, are analyzed concerning key secrecy while the intrusion detection engine is evaluated for MANET under different traffic conditions and mobility patterns. The results show a high detection rate for packet dropping attacks.

Pages: 137-144

An Iterative Opinion Aggregation Algorithm for Reputation System Voting Schemes in MANETs and Peer-2-Peer Networks 

•  Filippos D. Koravos (University of Thessaly, Greece)
• Leandros Tassiulas (University of Thessaly, Greece) 

Abstract: Distributed systems and open networks gain more attention everyday, offering possibilities so far unattainable with classic networking technologies. Their main strength, openness and absence of centralized management and control, is also their main drawback, rendering them vulnerable to malicious intent. To this end, Reputation Systems have been used, providing the means to rate the network’s nodes according to their behaviour and hopefully isolate nodes demonstrating misbehavior. In Reputation Systems an important issue is how to process, or aggregate, the various opinions provided by the network nodes about the others. So far, most such technologies use majority voting schemes, which are simplistic by nature and cannot easily produce clear results when opinion diversity is large. The goal of this paper is to provide a simple, yet efficient algorithm to enhance the Voting Schemes employed by Reputation Systems. The scheme can be used on top of existing Reputation Systems with few modifications.

Pages: 145-152