Distributed intrusion detection for mobile ad hoc networks

作     者：Yi Ping Jiang Xinghao Wu Yue Liu Ning 

作者机构：School of Information Security Engineering Shanghai Jiaotong Univ Shanghai 200030 P. R. China State Key Lab of Information Security Graduate School of Chinese Academy of Sciences Beijing 100039 P. R. China 

出 版 物：《Journal of Systems Engineering and Electronics》 (系统工程与电子技术（英文版）)

年 卷 期：2008年第19卷第4期

页      面：851-859页

核心收录：

学科分类：0810[工学-信息与通信工程] 08[工学] 081001[工学-通信与信息系统] 

基　　金：the National High Technology Development "863" Program of China (2006AA01Z436, 2007AA01Z452) the National Natural Science Foundation of China(60702042) 

主　　题：mobile ad hoc networks routing protocol security intrusion detection timed automata. 

摘      要：Mobile ad hoc networking （MANET） has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, and lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. A distributed intrusion detection approach based on timed automata is given. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then the timed automata is constructed by the way of manually abstracting the correct behaviours of the node according to the routing protocol of dynamic source routing （DSR）. The monitor nodes can verify the behaviour of every nodes by timed automata, and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, the approach is much more efficient while maintaining the same level of effectiveness. Finally, the intrusion detection method is evaluated through simulation experiments.