Intrusion Detection And Active Response In Mobile Ad Hoc Networks

Mobile Ad Hoc Networks are the collection of wireless computer, communicating among themselves over possible multi-hop paths, without the help of any infrastructure, such as base stations or access points. Nodes in mobile Ad Hoc network collaboratively contribute to routing functionality by forwarding packets for each other to allow nodes to communicate beyond direct wireless transmission range, hence practically all nodes may act as both hosts and routers. Mobile Ad Hoc networks require no centralized administration or fixed network infrastructure and can be quickly and inexpensively set up as needed. They can thus be used in scenarios where no infrastructure exists, such as military applications, emergent operations, personal electronic device networking, and civilian applications like an ad-hoc meeting or an ad-hoc classroom.With more and more application, security for mobile Ad Hoc networks becomes increasingly important. To secure mobile Ad Hoc networks, my dissertation will explore the security technologies in mobile Ad Hoc networks, including security architecture, DOS attack model, instruction detection, active response. The contributions of this dissertation can be summarized as following:1. Contrary to their wired counterpart, mobile Ad Hoc networks do not have a clear line of defense, and every node must be prepared for encounters with an adversary. Therefore, a centralized or hierarchical network security solution does not work well. We provide scalable, distributed security architecture for mobile Ad Hoc networks in this paper. The architecture integrates the ideas of immune system and a multi-agent architecture. Compared with traditional security system, the proposed security architecture is designed to be distributed, autonomy, adaptable, scalable.2. Mobile Ad Hoc networks will often be deployed in environments where the nodes of the networks are unattended and have little or no physical protection against tampering. The nodes of mobile Ad Hoc networks are thus susceptible to compromise. The networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack and its defense in Ad Hoc networks. The new DOS attack, called Ad Hoc Flooding Attack(AHFA), can result in denial of service when used against on-demand routing protocols for mobile Ad Hoc networks, such as AODV, DSR. The intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication can not be kept. After analyzed Ad Hoc Flooding Attack, we develop Flooding Attack Prevention (FAP), a generic defense against the Ad Hoc Flooding Attack in mobile Ad Hoc networks. When the intruder broadcasts exceeding packets of Route Request, the immediate neighbors of the intruder record the rate of Route Request. Once the threshold is exceeded, nodes deny any future request packets from the intruder. The results of our implementation...