Intrusion Detection Technique For MANETs and WSNs

Mobile ad hoc networks and wireless sensor networks have promised a wide variety of applications. However, they are often deployed in potentially adverse or even hostile environments. Therefore, they cannot be readily deployed without first addressing security challenges. Intrusion detection systems provide a necessary layer of in-depth protection for wired networks. However, relatively little research has been performed about intrusion detection in the areas of mobile ad hoc networks and wireless sensor networks. In this article, first we briefly introduce mobile ad hoc networks and wireless sensor networks and their security concerns. Then, we focus on their intrusion detection capabilities. Specifically, we present the challenge of constructing intrusion detection systems for mobile ad hoc networks and wireless sensor networks, survey the existing intrusion detection techniques, and indicate important future research directions. First we briefly introduce mobile ad hoc networks and wireless sensor networks and their security concerns. Then, we focus on their intrusion detection capabilities. Specifically, we present the challenge of constructing intrusion detection systems for mobile ad hoc networks and wireless sensor networks, survey the existing intrusion detection techniques, and indicate important future research directions.


IDS

An intrusion is defined as a set of actions that compromises confidentiality, availability, and integrity of a system. Intrusion detection is a security technology that attempts to identify those who are trying to break into and misuse a system without authorization and those who have legitimate access to the system but are abusing their privileges. The system can be a host computer, network equipment, a firewall, a router, a corporate network, or any information system being monitored by an intrusion detection system.

An IDS dynamically monitors a system and users’ actions in the system to detect intrusions. Because an information system can suffer from various kinds of security vulnerabilities, it is both technically difficult and economically costly to build and maintain a system that is not susceptible of attacks. Experience teaches us never to rely on a single defensive technique. An IDS, by analyzing the system and users’ operations, in search of undesirable and suspicious activities, may effectively monitor and protect against threats. Generally, there are two types of intrusion detection: misuse-based detection and anomaly based detection.

A misuse-based detection technique encodes known attack signatures and system vulnerabilities and stores them in a database. If a deployed IDS finds a match between current activities and signatures, an alarm is generated. Misuse detection techniques are not effective to detect novel attacks because of the lack of corresponding signatures. An anomaly-based detection technique creates normal profiles of system states or user behaviors and compares them with current activities. If a significant deviation is observed, the IDS raises an alarm. Anomaly detection can detect unknown attacks. However, normal profiles are usually very difficult to build. For example, in a MANET, mobility-induced dynamics make it challenging to distinguish between normalcy and anomaly. It is, therefore, more challenging to distinguish between false alarms and real intrusions. The capability to establish normal profiles is crucial in designing an efficient, anomaly based IDS. As a promising alternative, specification based detection techniques combine the advantages of misuse detection and anomaly detection by using manually developed specifications to characterize legitimate system behaviors.