Distributed and cooperative intrusion response models for Mobile Ad hoc Networks

A Mobile Ad-hoc Network (MANET) provides instant and quick wireless communication for a set of mobile nodes that have no pre-established infrastructure such as in a hostile environment. A MANET possesses some inherent characteristics including: dynamic topology, fully distributed architecture, and a heavy dependence on cooperation among all nodes. These unique characteristics make MANETs more vulnerable to attacks and create a greater challenge for developing an intrusion and response system when compared to traditional wired or wireless networks. To realize Intrusion Detection (ID) in a decentralized MANET, we proposed a distributed Intrusion Detection System (IDS), which is composed of two main models: (1) the Distributed Evidence-driven Message Exchanging intrusion detection Model (DEMEM) that provides a distributed intrusion detection and message exchange framework and (2) the Distributed Routing Evidence Tracing and Authentication intrusion prevention model (DRETA). DRETA provides DEMEM authentication services to protect the integrity and authenticity of the IDS messages being exchanged among distributed detectors and is considerate of low computational and message overhead. All of these IDS decisions are determined independently at each IDS agent. We also developed a distributed automated response system (ARS), which responds to those alarms delivered by IDS. The distributed response system also contains two main models: (1) a cost sensitive response model, which prevents response actions from causing more damage than the attack itself and (2) an alarm validation framework. Because a node that raises an alarm cannot validate its own alarm, validation must be performed at a centralized node. Our framework provides a secure communication for RAs to aggregate their alarms at a centralized node to perform local alarm validation. We apply digital signature algorithm (DSA) to both local and global alarm validations. In conclusion, we have a complete distributed Intrusion and Response System for MANETs.