Friends Mechanism-based Routing Intrusion Detection Technology For Mobile Ad Hoc Network

Mobile Ad Hoc Network is a no infrastructure, self-organizing, dynamic network topology and multi-hop wireless peer network. With fast network, easy configuration, low cost and good performance of invulnerability, it is used more and more widely in tactical communications, commercial & civil applications, disaster relief and other occasions. However, because of its unique characteristics to MANET, many problems would arise in different aspects, such as routing, nodes cooperating, threats detecting and defending. The selection of appropriate route protocols and routing maintenance is the foundation of normal network services, more important to network topology. Due to every node in MANETs may be involved in routing, it is vulnerable to external or internal attacks. The research on routing security is one of the key issues in developing mobile Ad Hoc networks. While encryption mechanisms and authentication technology have been provided to protect mobile Ad Hoc networks against some types of attacks from external nodes, they could do nothing on attacks from inside nodes. Therefore, intrusion detection and response technology should be deployed complementally to protect routing security.On the basis of related researches about routing security and intrusion detection for mobile Ad Hoc networks, this paper focused on how to effectively detect routing invasions from mobile Ad Hoc network as well as how to accurately respond to the malicious nodes, providing a trusted routing environment. By reference to the intrusion detection models and methods from the existing wired and wireless networks, and fully take into account the characteristics of mobile Ad Hoc network, we propose a lightweight intrusion detection model based on friends mechanism. The model is a two-layer architecture which fits the unique requirement of MANETs. First layer is a local intrusion detection module, which identifies the friends quickly by the hybrid intrusion detection engines and the second layer is a global detection module, in which intrusion behavior is checked rigorously before declaring the node as a trusted node or an intruder node. Finally, it adds a voting mechanism to generate the trust level for each node. Based on the proposed intrusion detection system, two typical attack detection schemes for AODV routing protocol have been designed. The OPNET software gives the simulation test, and results show that the schemes can effectively detect attacks.Further, compared with the existing models, it was found that the proposed detection system is more accurate and feasible.