Introduction and Statement of the Problem

Transcription

1 Chapter 1 Introduction and Statement of the Problem 1.1 Introduction Unlike conventional cellular wireless mobile networks that rely on centralized infrastructure to support mobility. An Adhoc network is a collection of nodes that are capable of forming dynamically a temporary network without the support of any centralized fixed infrastructure. Two important properties of an Adhoc network are that it is self organized and adaptive. The absence of a fixed infrastructure requires mobile hosts in a mobile Adhoc network (MANET) to cooperate with each other for the message transmissions. To form such a cooperative self configurable environment, every mobile node is supposed to be a friendly node and is willing to relay messages for others to their ultimate destinations. Global trustworthiness in all network nodes is the main fundamental security assumption in MANETs. Mobile Adhoc network [1] is a future technology and various challenges are imposed by this technology. MANET is used where no infrastructure is available for communication; such like a disaster area, military tactical application, environmental monitoring, and application of sensor network. One primary application of MANET is in the military tactical operations. 1

2 Infrastructure based cellular and mobile networks are still limited by the need of infrastructure such like base station, allocation of frequencies to fulfill the demand of users various approaches have been introduced like frequency reuse concepts, clustering technique, sectoring technique, and assignment of conflict free channels. This infrastructure based communication fulfills the desire of users, but we still lag behind to use the full potential of wireless communication. Think about the area where the war is going on, a natural disaster area or a defense application, where there is no infrastructure available. To serve such kind of applications, mobile Adhoc network based communication is introduced. Adhoc networks are key to the evolution of wireless networks [2], [3]. The Adhoc wireless network inherited the traditional problem of wireless and mobile communication, such as bandwidth optimization, power control and transmission quality enhancement [4]. In addition the topology is highly dynamic, random and very hard to predict. Physical security is limited. Detecting malicious nodes in an Adhoc network in which no previous security association is present among the participating nodes. A number of challenges not faced by traditional wired and wireless networks are introduced in Adhoc network. The major issues irrespective of traditional wireless system, are given as : Highly Dynamic Topology Routing in Mobile Adhoc Network Security in Mobile Adhoc Network IP Configuration in Mobile Adhoc Network Battery Backup Problem The security of a network system can be provided with the help of intrusion prevention system and intrusion detection system. Both techniques need to be complement each other to guarantee a highly secure environment. They play different roles in different states of the network. Security mechanism (X.800) is provided by intrusion prevention system, and more useful in preventing outside attacks. When a node of a system is compromised, the attacker owns all its cryptographic information, so encryption and authentication cannot defend against a trusted but malicious user. Therefore, the role of intrusion detection is more important. Intrusion detection system is a security technology which attempts to identify individuals who are trying to break into and misuse a system without authorization and 2

3 those who have legitimate access to the system but are abusing their privileges [28]. A protected system is used to denote an information system being monitored by an intrusion detection system. It can be a host or network equipment, such as a server, a firewall, a router, or a corporate network, etc. [29]. An intrusion detection system (IDS) is a system that dynamically monitors the system and user actions in the network in order to detect intrusions. Because an information system can suffer from various kinds of security vulnerabilities, it is both technically difficult and economically costly to build and maintain a system which is not susceptible to attack. Experience has taught us to never rely on a single defensive line or technique. IDSs have been widely regarded as being a part of the solution to protect today s network systems. Research on IDSs began with a report by Anderson [30] followed by Denning s seminal paper [31], which lays the foundation for most of the current intrusion detection prototypes. Since then, many research efforts have been devoted to wired network IDSs. Numerous detection techniques and architecture for host machines and wired networks have been proposed. A good taxonomy of wired IDSs is presented in [29]. With the proliferation of wireless network and mobile computing applications, new vulnerabilities that do not exist in the wired network have appeared. Security poses a serious challenge in deploying wireless network in reality. However, the vast difference between wired and wireless network make traditional intrusion detection techniques inapplicable. Wireless IDSs, emerging as a new research topic, aim at developing new architecture and mechanisms to protect the wireless network. However, most of today s intrusion detection systems (IDSs) focus on the wired network. The dramatic differences between MANETs and wired network make it inapplicable to apply traditional wired IDS technologies directly to the mobile Adhoc network. Most of today s wired IDSs, which rely on real-time traffic parse, filter, format and analysis, usually monitor the traffic at switches, routers, and gateways. The lack of such traffic monitoring points make traditional wired IDSs inadequate for MANET platforms. There are also some characteristics in MANET such as highly dynamic topology, disconnected operations, which seldom exist in the wired network. What s more, each mobile node has limited resources (such as limited bandwidth, computation ability and energy supply, etc.). Which means MANET IDSs should have the property to be light 3

4 weighted, accurate and able to respond faster. Furthermore, in the mobile Adhoc environment, the rate of false alarm raised by the detection system is very high because it is very difficult for IDS to tell the validity of some operations. For example, the reason that one node sends out falsified routing information could be because this node is compromised, or the link is broken due to the physical movement of the node or due to the battery backup problem. All these suggest that an IDS of a different architecture needs to be developed to be applicable on Adhoc network platform. 1.2 Statement of the Problem It is very challenging to design an intrusion detection system for mobile Adhoc networks. The lack of fixed infrastructures and monitoring points make it difficult to collect audit data for the entire network. MANET s scared resources should be considered while designing the IDS framework. In MANET it is more difficult to differentiate between false alarms and true positives. The main objective of the research is to propose an efficient framework for intrusion detection system in the mobile Adhoc environment. This problem can be divided into following sub problems. To design light weighted intrusion detection framework for the mobile Adhoc environment. To construct the detection engines based on the statistical security features. To evaluate the performance of the MANET intrusion detection system and validate the work. 1.2 Organization of the Thesis It is very difficult to design a once for all intrusion detection system. Instead an incremental enhancement strategy may be more feasible. In addition, it should provide a scheme to add new security features in the future. The general methodology is to identify the possible attacks on Adhoc environment. Then develop a framework to facilitate the cooperation of IDS and design of detection engines using statistics collected for known attack types. The entire work has been organized as follows. 4

5 In Chapter II, the contribution made by previous researchers have been critically reviewed and research gaps are identified. On the basis of literature review rules of thumb are identified to design IDS for Adhoc network environment. In this thesis focus is given only on the detection part, although the intrusion response component is necessary in the system. Chapter III, proposes the prototype model which we will use for further investigation of intrusion detection system; In this prototype model is divided into two modules Local IDS and Global IDS, local ids will work on the data collected from the network and identify the friend list for the first phase, these friend lists are again tested in Global IDS module for rigorous checking, before declaring a node as a trusted or an intruder node. In Chapter IV, attacks applied to the network using TCP segment header based attack. Results are collected to design the detection engine for Transport layer. Training and testing data sets are used to design the detection engine and to check the accuracy of the detection system. However, attacks based on TCP segment header are not necessary in this thesis but it will provide the future directions in the field of security for mobile Adhoc networks. In Chapter V, Denial of Service attack applied to the network layer of MANET nodes in the Adhoc environment. Evidences are collected to design an intrusion detection engine specifically to defend against Denial of Service attacks. Feature extraction and induction of rule sets from the statistics collected, and rules are applied to design detection engine, support vector machine is used to check the accuracy of the detection engine. In Chapter VI, Blackhole and Wormhole attacks are applied to the Adhoc network. Evidences are collected, features are extracted and rules are inducted to design an intrusion detection engine specifically to defend against Blackhole and Wormhole attacks for MANET intrusion detection system (IDS). Support vector machine is used for training and testing the data set and checking the accuracy of the model file generated which will be used to deploy for detection engine. Chapter VII concluded this thesis and lists important future work. Because not many research efforts have been devoted to MANET IDSs. This work only provides the initial effort in constructing a viable and statistical based MANET IDS. Based on the work done in this thesis suggestions/scope for future work are also presented. 5