Zone-Based Intrusion Detection for Mobile Ad Hoc Networks
Bo Sun, Kui Wu and Udo W. Pooch
Intrusion Detection Systems (IDSs) for Mobile Ad hoc NETworks (MANETs) are indispensable since traditional intrusion prevention based techniques are not strong enough to protect MANETs. However, the dynamic environment of MANETs makes the design and implementation of IDSs a very challenging task. In this paper, we present a non-overlapping Zone-Based Intrusion Detection System (ZBIDS) that fits the requirement of MANETs. On the local detection part, we present a general intrusion detection agent model and propose a Markov Chain based anomaly detection algorithm. We focus on the protection of MANET routing protocols and present the details regarding feature selection, data collection, data preprocess, Markov Chain construction, classifier construction,and parameter tuning. We demonstrate that local detection alone cannot achieve desirable performance. Therefore, we further propose a collaboration mechanism among ZBIDS agents and an aggregation algorithm used by gateway nodes. With alert information from a wider area, gateway nodes ’IDS can effectively suppress many falsified alerts and provide more diagnostic information about the occurring attacks. Security officers can have a general understanding about the attacks using the proposed MANET Intrusion Detection Message Exchange Format (MIDMEF). We carry out extensive simulation to evaluate the performance of ZBIDS at different mobility levels. Simulation results show that ZBIDS can achieve desirable performance and meet the security requirement of MANETs.