State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Internetworking with TCP/IP, Vol. 3: Client-Server Programming and Applications, Linux/Posix Sockets Version
A Hands-On Look at Java Mobile Agents
IEEE Internet Computing
Self-Securing Ad Hoc Wireless Networks
ISCC '02 Proceedings of the Seventh International Symposium on Computers and Communications (ISCC'02)
Holding intruders accountable on the Internet
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Cooperating security managers: a peer-based intrusion detection system
IEEE Network: The Magazine of Global Internetworking
IEEE Network: The Magazine of Global Internetworking
Distributed flow detection over multi-path sessions
Computer Communications
APA: an interior-oriented intrusion detection system based on multi-agents
ICCNMC'05 Proceedings of the Third international conference on Networking and Mobile Computing
A novel intrusion detection method for mobile ad hoc networks
EGC'05 Proceedings of the 2005 European conference on Advances in Grid Computing
Intrusion Detection Algorithm for MANET
International Journal of Information Security and Privacy
Hi-index | 0.00 |
In this paper we propose a distributed and modular architecture for an intrusion detection system (IDS) dedicated to a mobile ad hoc network (MANET) environment. The main feature of our proposition relies on the use, on each node of the MANET, of a local IDS (LIDS) cooperating with other LIDSes through the use of mobile agents. The modular design is needed as a response to the extensibility requirements related to the complex contexts of MANET. The proposed solution has been validated by a proof-of-concept prototype, which is described in the paper. Two different types of attacks are presented and have been implemented, at the network level and at the application level. The detection of such attacks are formally described by specification of data collection, attack signatures associated with such data and alerts generation, emphasizing the relation of each of these detection steps with the modules in the designed architecture. The use of the management information base (MIB) as a primary data source for the detection process is discussed and modules for MIB data extraction and processing are specified and implemented in the prototype. Experiments exhibit fairly good results, the attacks being collaboratively detected in real-time.