Intrusion Detection System in MANET Implementation and Performance Evaluation of Advanced Watchdog

1
Intrusion Detection System in MANETImplementatio
n and Performance Evaluation of Advanced Watchdog
Thesis Proposal

• Presented By
• Anas Al-Roubaiey
• COE Department

2
Outlines

• Introduction and Motivation
• Watchdog Technique
• Research Problem Statement
• Proposed Solutions
• TWOACK (2005)
• SAHN-IDS(2005)
• ExWatchdog (2007)
• Research Objectives
• Research Methodology

3
MANET Overview (1/2)
B
A

• In Latin, ad hoc means for this, further
  meaning for this purpose only
• A Self-Configuring network of mobile nodes
  connected by a wireless links
• Mobile Ad hoc Network
• Mobile Nodes
• Infrastructure-Less
• Multi-hop routing
• Unpredictable topology

C
E
D
Ellis 2004
4
MANET Overview (2/2)
Access Point
Infrastructure-based
Rama 2002
5
Applications(1/2)

• Cellular-Ad hoc coverage extension Grub,04
• Short period conferences
• Disaster situations coordinate relief efforts.
• Military Missions where the base stations are
  vulnerable for attacks
• Sensor Networks

Grub,04
6
Applications(2/2) Sensor Networks

• Surveillance and security
• Environmental monitoring

SINK
Internet/ Satellite
Control Analyze and make decisions
7
Misbehaving nodes

• Causes of Misbehaving nodes
• Overloaded node (buffer size, available network
  BW)
• Broken node ( software fault)
• Selfish node ( unwilling to spend its battery
  life)
• Malicious node ( DoS attack by dropping packets)
• How to distinguish the intended misbehaving is
  one of the main challenges of IDSs.

8
Greedy Attack

• The malicious node may acknowledge reception of
  data to the sender, but it drops messages on a
  random or arbitrary basis.
• The dynamic source routing (DSR) protocol is
  susceptible to greedy attacks

9
Watchdog Technique (Marti, 2000)
S
A
B
C
D

• How it works
• When a node forwards a packet, the nodes
  watchdog verifies that the next node in the path
  also forwards the packet
• Watchdog does this by listening promiscuously to
  the next nodes transmissions
• If the next node does not forward the packet,
  then it is classified as misbehaving

Hint Promiscuous mode means a node accepts the
packets regardless of its destination
10
Outlines

• Introduction and Motivation
• Watchdog Technique
• Research Problem Statement
• Proposed Solutions
• TWOACK (2005)
• SAHN-IDS(2005)
• ExWatchdog (2007)
• Research Objectives
• Research Methodology

11
Research Problem Statement (1/2)(Receiver
Collisions)

• Node A believes that B has forwarded packet 1 on
  to C
• However, C never received the packet due to a
  collision with packet 2 being sent from D
• 2 cases
• Intended misbehavior ( malicious)
• Non-intended misbehavior ( selfish)

12
Research Problem Statement (2/2)(Limited
Power Transmission)
B
A
C

• A node could limit its transmission power such
  that the signal is strong enough to be overheard
  by the previous node but too weak to be received
  by the true recipient.

13
Outlines

• Introduction and Motivation
• Watchdog Technique
• Research Problem Statement
• Proposed Solutions
• TWOACK (2005)
• SAHN-IDS(2005)
• ExWatchdog (2007)
• Research Objectives
• Research Methodology

14
TWOACK (2005)
ACK1
ACK1
S
A
C
D
B
1
1

• If A does not get an ACK from C it suspects B to
  be misbehaving
• Every set of three consecutive nodes along the
  source rout will do the same procedure
• More traffic congestion and routing overhead

15
SAHN-IDS(2005)
H
H-1
H1
S
A
C
D
B

• Every node measures its forwarding rate, R
  f,h
• At the end of each period T, D will send back a
  routing status packet (RSP) S, this packet
  collects the R of all nodes along the path.
• Forwarding ratio, Ff, h Rf, h 1 / Rf, h
  - 1
• If Ff,h lt R-Threshold ? suspect the node
• Limitation the adversary node can change its
  Rf,h, which would lead to increasing false
  alarms

16
ExWatchdog (2007)

• The source and destination nodes will maintain a
  counter for sending and receiving packets.
• If the source node receives a report about
  misbehaving node, it will find another path to
  ask the destination about the number of received
  packets
• It the two counters are equal, the reporter is
  the malicious otherwise the reported node is the
  malicious
• Limitation it works just if there will be
  another path to the destination

17
Outlines

• Introduction and Motivation
• Watchdog Technique
• Research Problem Statement
• Proposed Solutions
• TWOACK (2005)
• SAHN-IDS(2005)
• ExWatchdog (2007)
• Research Objectives
• Research Methodology

18
Research Objectives

• Propose an effective solution to tackle the two
  significant problems of watchdog technique,
  receiver collisions and limited power
  transmission.
• Implement the new IDS technique, and analyze it
  through simulation.

19
Research Methodology

• Solving the two problems by new effective
  solution.
• Writing the solution algorithm
• Using NS-2 simulator to implement and simulate
  the algorithm
• Results analysis
• Thesis writing

20
Thank You