Methodologies and frameworks for testing ids in adhoc networks

Authors:
Marko Jahnke;Jens Toelle;Alexander Finkenbrink;Alexander Wenzel;Elmar Gerhards-Padilla;Nils Aschenbruck;Peter Martini
Affiliations:
Research Institute for Communication, Wachtberg, Germany;Research Institute for Communication, Wachtberg, Germany;Research Institute for Communication, Wachtberg, Germany;Research Institute for Communication, Wachtberg, Germany;University of Bonn, Bonn, Germany;University of Bonn, Bonn, Germany;University of Bonn, Bonn, Germany
Venue:
Proceedings of the 3rd ACM workshop on QoS and security for wireless and mobile networks
Year:
2007

Citing 6
Cited 0

The base-rate fallacy and its implications for the difficulty of intrusion detection

CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Evaluation of the performance of ID systems in a switched and distributed environment: the RealSecure case study

Computer Networks: The International Journal of Computer and Telecommunications Networking
A high-throughput path metric for multi-hop wireless routing

Proceedings of the 9th annual international conference on Mobile computing and networking
Generating realistic workloads for network intrusion detection systems

WOSP '04 Proceedings of the 4th international workshop on Software and performance
Secure Routing and Intrusion Detection in Ad Hoc Networks

PERCOM '05 Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Testing Intrusion Detection Systems (IDS) has been a substantial part of the development lifecycle, since the first prototypes and products appeared on the market. Unfortunately, many of the existing principles, procedures and systematic frameworks for testing IDS are not broad enough to cover systems which are focussed on mobile adhoc networks (MANETs). As a baseline, this paper expands the most important requirements for IDS testing to MANET environments. Two alternative testbed realization approaches are described, including a common example scenario for comparing the properties of the approaches. One approach is based on hardware nodes, reproducible physical motion and radio signal attenuation; the other uses both hardware and virtual nodes and a motion emulation framework that is able to incorporate arbitrary radio propagation models. A selection of MANET specific attacks and their implementation and impact on both types of testbeds is presented. These attacks are beyond the threats that we know from conventional wired networks, which still need to be taken care of in MANETs. Finally, the advantages of both test bed approaches are discussed. As a conclusion, a deployment strategy for testing MANET IDS under different conditions is derived.