Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computational Science and Its Applications

ICCSA 2003: Computational Science and Its Applications — ICCSA 2003 pp 91–113Cite as

A Modular Architecture for Distributed IDS in MANET

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2669))

Abstract

In this paper we propose a distributed and modular architecture for an intrusion detection system (IDS) dedicated to a mobile ad hoc network (MANET) environment. The main feature of our proposition relies on the use, on each node of the MANET, of a local IDS (LIDS) cooperating with other LIDSes through the use of mobile agents. The modular design is needed as a response to the extensibility requirements related to the complex contexts of MANET. The proposed solution has been validated by a proof-of-concept prototype, which is described in the paper. Two different types of attacks are presented and have been implemented, at the network level and at the application level. The detection of such attacks are formally described by specification of data collection, attack signatures associated with such data and alerts generation, emphasizing the relation of each of these detection steps with the modules in the designed architecture. The use of the management information base (MIB) as a primary data source for the detection process is discussed and modules for MIB data extraction and processing are specified and implemented in the prototype. Experiments exhibit fairly good results, the attacks being collaboratively detected in real-time.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. S. Corson and J. Marker-Mobile ad hoc networking (MANET): Routing protocol performance issues and evaluation consideration. RFC 2501 (informational), IETF, 1999.

    Google Scholar 

  2. Y. Chun, L. Qin, L. Yong and Shi MeiLin-Routing protocols overview and design issues for self-organized network. Proceedings of IEEE International Conference on Communication Technology—(ICCT 2000), pp. 1298–1303, 2000.

    Google Scholar 

  3. L. Zhou and Z. J. Haas-Securing ad hoc networks. IEEE Network, Vol. 13, Nov.-Dec. 1999, pp. 24–30, 1999.

    Article  Google Scholar 

  4. H. Luo, P. Zerfos, J. Kong, S. Lu, and L. Zhang-Self-securing Ad Hoc Wireless Networks, Proceedings of the Seventh International Symposium on Computers and Communications (ISCC’02), 2002.

    Google Scholar 

  5. Reference anonymized for the review process.

    Google Scholar 

  6. T. Droste-Weighted communication in a security compound,. Proceedings of the 5th International Conference on Telecommunications in Modern Satellite, Cable and Broadcasting Service, 2001 (TELSIKS 2001), pp. 463–466, vol.2, Yugoslavia, Sept. 2001.

    Article  Google Scholar 

  7. Y. Zhang and W. Lee-Intrusion detection in wireless ad hoc networks. Proceedings of 6 th Annual International Conference on Mobile Computing and Networking, MOBICOM 2000, ACM, ACM Press New York, pp. 275–283, 2000.

    Chapter  Google Scholar 

  8. Reference anonymized for the review process.

    Google Scholar 

  9. Wood and Erlinger, “Intrusion detection message exchange requirements”. IETF Internet draft. June 2002.

    Google Scholar 

  10. D. Curry, H. Debar, and Merrill Lynch-Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML). IETF Internet draft. June 2002.

    Google Scholar 

  11. B. Feinstein, G. Matthews, and J. White-The Intrusion Detection Exchange Protocol (IDXP). IETF Internet Draft. October 2002.

    Google Scholar 

  12. J. Balasubraniyan, J. Fernandez, D. Isacoff, E. Spafford, D. Zamboni-AAFID-Autonomous Agents For Intrusion Detection, Technical report 98/05, COAST Laboratory Purdue University, June 1998.

    Google Scholar 

  13. Steven R. Snapp, James Brentano, Gihan V. Dias, Terrance L. Goan, L. Todd Heberlein, Che-Lin Ho, Karl N. Levitt, Biswanath Mukkherjee, Stephen E. Smaha, Tim Grance, Daniel M. Teal, and Doug Mansur-DIDS-Distributed Intrusion Detection System, Computer Security Laboratory, Department of Computer Science, University of California, Davis, June 1992.

    Google Scholar 

  14. C. Ko, M. Ruschitzka, and K. Levitt. Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach. Proceedings of the 1997 IEEE Symposium on Security and Privacy, 1997.

    Google Scholar 

  15. S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, D. Zerkle-GrIDS-A Graph Based Intrusion Detection System for Large Networks, Computer Security Laboratory, Department of Computer Science,University of California, Davis, 1996.

    Google Scholar 

  16. Gregory B White, Eric A. Fish and Udo Pooch-CSM-Cooperating Security Managers: a peer based intrusion detection system, IEEE Networks, pages 20–23, January/February 1996.

    Google Scholar 

  17. Y. F Fou, F. Gong, C. Sargor, X. Wu, S. F. Wu, H. C. Chang, F. Wang — JINAO — Design and Implementation of a Scalable Intrusion Detection System for the OSPF Routing Protocol, Advanced Networking Research, MCNC Computer Science Dept, NC State University, February, 1999.

    Google Scholar 

  18. Phillip A. Porras, Peter G. Neumann-EMERAL-Event Monitoring Enabling Responses to Anomalous Live Disturbances, Conceptual Overview, December, 1996.

    Google Scholar 

  19. Midori Asaka, Atsushi Taguchi, Shigeki Goto — IDA — The Implementation of IDA: An In-trusion Detection Agent System, IPA Waseda University, 1999.

    Google Scholar 

  20. Christopher Krügel, Thomas Toth-Flexible, Mobile Agent Based Intrusion Detection for Dynamic Networks, Distributed Systems Group, Technical University Vienna, 2002.

    Google Scholar 

  21. K. Ilgun, R. A. Kemmerer, and P. A. Porras-State Transition Analysis: A Rule-Based In-trusion Detection Approach. IEEE Transactions on Software Engineering. pp 181–199.March 1995.

    Google Scholar 

  22. J. Cabrera, L. Lewis, R. Prasanth, X. Qin, W. Lee, and R. Mehra-Proactive detection of distributed denial of service attacks using MIB traffic variables — a feasibility study, in Proceedings of the 7th IFIP/IEEE International Symposium on Integrated Network Management, Seattle, WA, USA, may 2001.

    Google Scholar 

  23. S. Satinford-Chen, and L. Heberlein-Holding Intruders Accountable on the Internet. Proceedings of the 1995 IEEE Symposium on Security and Privacy, 1995.

    Google Scholar 

  24. S. Martino — A mobile agent approach to intrusion detection, technical report, Joint Research Centre Institute for Systems, Informatics and Safety, Italy, June 1999.

    Google Scholar 

  25. W. Lee; S. J. Stolfo; and K. W. Mok-A data mining framework for building intrusion detection models. Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999.

    Google Scholar 

  26. Reference anonymized for the review process.

    Google Scholar 

  27. H. Debar, M. Dacier and A. Wespi-A Revised Taxonomy for Intrusion-Detection Systems, IBM Research Report, Zurich, 1999.

    Google Scholar 

  28. K. McCloghrie; and A. Bierman-Entity MIB (Version 2), IETF Request for Comment 2737, December 1999.

    Google Scholar 

  29. T. Clausen, P. Jacquet, A. Laouiti, P. Minet, P. Muhlethaler, A. Qayyum, L. Viennot-Optimized Link State Routing Protocol-IETF draft, MANET working group, version 7, July 2002.

    Google Scholar 

  30. http://edge.mcs.drexel.edu/GICL/people/sevy/snmp/snmp-package.html.

  31. J. Kiniry and D. Zimmerman-Special Feature: A Hands-On Look at Java Mobile Agents, IEEE Internet Computing, Vol. 1,No. 4, July/August 1997.

    Google Scholar 

  32. http://www.netsnmp.org.

  33. http://www.tcpdump.org.

  34. D. Comer; and D. L. — Internetworking with TCP/IP, Vol. 3: Client-Server Programming and Applications, Linux/Posix Sockets Version LINUX/POSI, Prentice-Hall, 2000.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electric Engineering, University of Brasilia (UnB) Campus Universitário Darcy Ribeiro - CP 4386 - Asa Norte, Brasilia - DF, 70919-970, Brazil

    Ricardo S. Puttini, Rafael de Sousa Jr. & Cláudia J. Barenco Abbas

  2. École Supérieure d’Électronique de l’Ouest (E.S.E.O.), France, 4, rue Merlet de la Boulaye, BP 926, 49009, Angers Cedex 01, France

    Jean-Marc Percher & Olivier Camp

  3. Supélec, BP 81127, Cesson Sévigné Cedex, France

    Ludovic Mé

  4. Department of Computer Systems and Programming, Complutense University of Madrid (UCM) Ciudad Universitaria s/n, 28040, Madrid, Spain

    L. Javier García-Villalba

Authors
  1. Ricardo S. Puttini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean-Marc Percher
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ludovic Mé
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Olivier Camp
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Rafael de Sousa Jr.
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Cláudia J. Barenco Abbas
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. L. Javier García-Villalba
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Army High Performance Computing Research Center, USA University of Minessota Department of Computer Science and Engineering, MN, 55455, USA

    Vipin Kumar

  2. Department of Computer Science, University of Calgary, Calgary, AB, T2N1N4, Canada

    Marina L. Gavrilova

  3. Heuchera Technologies Inc., 122 9251-8Yonge Street, Richmond Hill, ON, Canada, L4C 9T3

    Chih Jeng Kenneth Tan

  4. School of Computer Science, The Queen’s University of Belfast, Belfast, BT7 1NN, Northern Ireland UK

    Chih Jeng Kenneth Tan

  5. Département d’informatique et de recherche opérationelle Montréal, Université de Montréal, Québec, H3C 3J7, Canada

    Pierre L’Ecuyer

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Puttini, R.S. et al. (2003). A Modular Architecture for Distributed IDS in MANET. In: Kumar, V., Gavrilova, M.L., Tan, C.J.K., L’Ecuyer, P. (eds) Computational Science and Its Applications — ICCSA 2003. ICCSA 2003. Lecture Notes in Computer Science, vol 2669. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44842-X_11

Download citation

  • DOI: https://doi.org/10.1007/3-540-44842-X_11

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40156-8

  • Online ISBN: 978-3-540-44842-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation