Niveau: Supérieur, Doctorat, Bac+8
Log-based Link Spoofing Detection in MANET Mouhannad Alattar1, Franc¸oise Sailhan2 and Julien Bourgeois1 1 LIFC, University of Franche-Comte,25201 Montbeliard, FRANCE. 2 Cedric Laboratory, CNAM,Paris, FRANCE. Abstract—Ad hoc networks mostly operate over open environ- ments and are hence vulnerable to a large body of threats. This calls for coupling preventive mechanisms, e.g., firewall, with advanced intrusion detection. To meet this requirement, we introduce IDAR, a signature- and log-based distributed intrusion detector dedicated to ad hoc routing protocols. Contrary to existing systems that observe packets, IDAR analyses logs and identifies patterns of misuse. This detector scopes with the resource-constraints of devices by pro- viding distributed detection. In particular, depending on the level of suspicion/gravity involved, in-depth cooperative investigation is whether launched. Simulation shows limited bandwidth usage, high detection and low false positives. I. INTRODUCTION Securing ad hoc networks is challenging because these net- works rely on an open medium of communication, are cooper- ative by nature and hence lack of centralized security enforce- ment points e.g., routers, from which preventive strategies are launched. Thus, traditional ways of securing networks relying on e.g., firewall, should be enriched with reactive mechanisms, e.g., intrusion detection system.
- evidence-group
- mpr
- based
- attacks targeting
- intrusion detection
- routing protocols
- nodes
- signature
- forge attacks