NIDS Based On DSR Routing Protocol In Ad Hoc Networks

Ad Hoc network is the temporary self-organized system which has the wireless transmitter-receiver set. Ad Hoc network calls Mobile Self-Organized Network, Multi-Hop Wireless Network. In the network mobile termination has the function of route and retransmitter, it can constitute free network through the wireless connection. In Ad Hoc network, its routing question is more complex than the fixed network. According to the different pattern of the routing discovered, the routing protocols divides into Table Driven Protocols, Source-Initiated On-Demand Protocols and the mixed routing protocols. DSR-Dynamic Source Routing Protocols is one kind of Source-Initiated On-Demand Protocols.At present,the attacks divides into four kinds: Authentication and on-Repudiation Attacks, Availability Attacks, Integrity Attacks and Confidentiality and Privacy Attacks. ID-Intrusion Detection detect whether network or system exists violative behavior and the attacked sign through collection and analysis of the network or system's information. IDS-Intrusion Detection System monitor network but not affect network performance, it provides the real-time protection and safeguards the system security further. There are two principal achievements in this paper:1, Building a Intrusion-Detection Test platform for DSR protocolMANETS are vulnerable to malicious attacks, as Adhoc networks do not rely on any fixed infrastructure. Previous researches mainly focus on key management and secure routing protocols. Intrusion detection technology in Adhoc network is a rather new research field. Many researchers have regarded it, for example NIST has a project concentrate on IDS of Adhoc.In this paper, we construct DSR protocol under Linux with Click. Then we develop Intrusion-Detection Test Platform which implements some attacks against DSR and intrusion detection. The Test Platform is helpful to research and management Ad hoc network with DSR.2, One kind of IDS modelAlthough any kind of IDS detection all invasions is impossible. But if IDS realize detection of package, it can detect more invasions. One IDS is responsible to monitor a region (for example the model of the article [7]), if there are many sending packets, it will be difficulty to detect all packets. In this article we propose one kind of individual responsibility hierarchical IDS model, the notes all is based on network, also uses Signature-based detection. Each note all runs watchdog to share part work of IDS (mainly to inquire packet processing which oneself sends out), When it discover vicious note it reports to the IDS, the IDS makes response which bases on the rank, confidence level, to protect network normal transmission.Comparison with former IDS model, this kind of IDS model can detect single node malice behavior not only, can also may examine the union invasion of the neighboring notes, thus better perfects the invasion detection function. In addition, after examining a malice node, the IDS node reports in time, each node deletes routing including mis malice node, so can enlarge the successful probability of routing, and can economize energy, time and network bandwidth in the routing process.