Page 1

International Journal of Computer Science Engineering and Information Technology Research (IJCSEITR) ISSN 2249-6831 Vol. 3, Issue 2, Jun 2013, 389-394 Š TJPRC Pvt. Ltd.


Scholar, Computer Science and Engineering Department, PDM College of Engineering, Bahadurgarh, Haryana, India


Guide, Computer Science and Engineering Department, PDM College of Engineering, Bahadurgarh, Haryana, India

ABSTRACT Mobile Ad hoc Networks (MANET) are utilized to set up wireless communication in improvised environments without a predefined infrastructure or centralized administration. An IDS is used to detect attempted intrusion into a computer or network. It processes audit data, performs analysis and takes certain set of actions against the intruder. In this paper, MANET, IDS and its architecture, attacks and previous work are explained.

KEYWORDS: Standalone IDS, Hierarchical IDS, Selfishness Attack INTRODUCTION A MANET is a self-configuring dynamic network of mobile devices connected by wireless links with the set for a specific purpose. A MANET is formed by a group of mobile wireless nodes often without the assistance of fixed network infrastructure. It is formed dynamically by autonomous systems of mobile nodes that are connected wirelessly without support of any existing network infrastructure or centralized administration. Instead of using a central base station for nodes to communicate with one another, MANETs do not rely on any pre-defined infrastructure. MANET operates in peerto-peer mode. Nodes within the communication range communicate via wireless radio links, and for those outside the communication range, use other nodes to relay their packets. Mobile nodes may move away from their current locations and re-join the network from different locations in the network, thus dynamically changing their network topology and node density. In many applications MANET could be deployed such as military tactical operations, automated battlefields, sensor networks, disaster recovery, emergency search-and rescue missions and mobile teleconferencing. MANETs have some special characteristic features such as unreliable wireless links used for communication between hosts, constantly changing network topologies and memberships, limited bandwidth, battery, lifetime, and computation power of nodes etc. While these characteristics are essential for the flexibility of MANETs . One of the primary concerns related to ad hoc networks is to provide a secure communication among mobile nodes in a hostile environment. The nature of mobile ad hoc networks poses a range of challenges to the security design. The main problem for MANET security resides: the ad hoc networks can be reached very easily by users, but also by malicious attackers. If a malicious attacker reaches the network, the attacker can easily exploit or possibly even disable the mobile ad hoc network. A MANET can be examined on the basis of availability, confidentiality, authentication, integrity and non-repudiation. Considering continuous discovery of new vulnerabilities, the intrusion-detection system (IDS) must be effective and efficient in identifying attacks, and then neutralizing them. The traditional IDSs developed for wired networks are difficult to use for MANETs because of their architectural differences. Without centralized audit points like routers, switches, and gateways, MANETs can only collect audit data locally and thus require a distributed and cooperative IDS. Other differences between wired networks and MANETs include traffic patterns, node mobility, and node constraints.These differences all render the traditional IDSs hard to be directly applied to MANETs. Nodes in MANETs


Himanshu & Parveen Bano

can move freely through the network, and thus their dynamically changing network topology makes MANETs very different from the traditional wired networks. Also, nodes in MANETs usually have slower communication links, limited bandwidth, limited battery power, and limited memory. Therefore, these constraints make the design of IDS in MANETs much more challenging than in wired networks.

INTRODUCTION OF IDS IDS can be defined as the tools, methods, and resources to help identify, assess, and report unauthorized or unapproved network activity. An IDS is used to detect attempted intrusion into a computer or network. It processes audit data, performs analysis and takes certain set of actions against the intruder, such as blocking them and or informing the system administrator. Ad hoc networks lacks in centralized audit points, therefore, it is necessary to use the IDS in a distributed manner. This also helps in reducing computation and memory overhead on each node. Intrusion detection is typically one part of an overall Depending on the detection techniques used; IDS can be classified into three main categories as follows: Signature or Misuse Based IDS The signature-based IDS use pre-known attack scenarios (or signatures) and compare them within coming packets traffic. There are several approaches in the signature detection, which they differ in representation and matching algorithm employed to detect the intrusion patterns. Anomaly Based IDS Attempts to detect activities that differ from the normal expected system behavior. This detection has several techniques, i.e.: statistics , neural networks, and other techniques such as immunology, data mining and Chi-square test utilization. Specification Based IDS Is a hybrid both of the signature and the anomaly based IDS. The specification-based IDS monitors’ current behavior of systems according to specifications that describe desired functionality for security-critical entities. A mismatch between current behavior and the specifications will be reported as an attack protection system that is installed around a system or device. It is not a stand-alone protection measure. Now come to the architecture of IDS. There are four main architectures on the network as follows:  Standalone IDS,  Distributed and Collaborative IDS,  Hierarchical IDS, and  Mobile Agent for Intrusion Detection Systems. 

In the Standalone Architecture, the IDS run on each node to determine intrusions independently. There is no cooperation and no data exchanged among the IDSes on the network. This architecture is also more suitable for flat network infrastructure than for multilayered network infrastructure.

The Distributed and Collaborative Architecture has a rule that every node in the MANET must participate in intrusion detection and response behaving an IDS agent running on them. The IDS agent is responsible for detecting and collecting local events and data to identify possible intrusions, as well as initiating a response

Intrusion Detection System and its Types in MANET


independently. 

The Hierarchical Architecture is an extended version of the distributed and collaborative IDS architecture. This architecture proposes using multi-layered network infrastructures where the network is divided into clusters. The architecture has cluster heads, in some sense, act as control points which are similar to switches, routers, or gate ways in wired networks.

The Mobile Agent for IDS Architecture uses mobile agents to perform specific task on a nodes behalf the owner of the agents. This architecture allows the distribution of the intrusion detection tasks. IDS may be classified as either host-based or network based, depending on the data collection method.

Host-based IDS operate on the operating system’s audit trails, system and application logs, or assessment data generated by loadable-kernel modules that intercept system calls.

Network-based IDS operate on packets captured from network traffic. In addition, IDS can be classified based on the detection procedure that is Signature-based detection and

Anomaly-based detection. Signature-based detection technique may display low false positive rates, but does not perform well at detecting previously unknown attacks. Anomaly-based detection technique may detect previously unknown attacks, but may exhibit high rates of false positives. An effective IDS is a key component in securing MANETs. Two different methodologies of intrusion detection are commonly usedanomaly intrusion detection and misuse intrusion detection. Anomaly detection systems are usually slow and inefficient and are prone to miss insider attacks. Misuse-detection systems cannot detect new types of attack. Hybrid system using both techniques is often deployed in order to minimize these shortcomings. The MANET is susceptible to passive and active attacks. The Passive attacks typically involve only eavesdropping of data, whereas the active attacks involve actions performed by adversaries such as replication, modification and deletion of exchanged data. In particular, attacks in MANET can cause congestion, propagate incorrect routing information, prevent services from working properly or shutdown them completely. The active attacks are considered to be malicious, while nodes that just drop the packets they receive with the aim of saving battery life are considered to be selfish. In addition, a compromised node may use the routing protocol to the node whose packets it wants to intercept as in the so called black hole attack. Spoofing is a special case of integrity attacks whereby a compromised node impersonates a legitimate one due to the lack of authentication in the current ad hoc routing protocols. The main result of the spoofing attack is the misrepresentation of the network topology that may cause network loops or partitioning. Lack of integrity and authentication in routing protocols creates fabrication attacks that result in erroneous and bogus routing messages. Selfishness is another type of attack on MANET in which a node is not serving as a relay to other nodes. Denial of service (DoS) is another type of attack, where the attacker injects a large amount of junk packets into the network. These packets overspend a significant portion of network resources, and introduce wireless channel contention and network contention in the MANET.

RELATED WORK This author presented a cooperative, distributed intrusion detection architecture that addresses these challenges while facilitating accurate detection of MANET-specific and conventional attacks. The architecture is organized as a


Himanshu & Parveen Bano

dynamic hierarchy in which detection data is acquired at the leaves and is incrementally aggregated, reduced, and analyzed as it flows upward toward the root. Security management directives flow downward from nodes at the top. The utility of the architecture is illustrated via multiple attack scenarios presented a brief description of Intrusion Detection System (IDS) to make a secured MANET. So they are proposed for ad-hoc mobile networks and also provide techniques of IDS according to distributed architecture of IDS. It has also presented a comparison of techniques such as Watchdog, Confidant, CORE, Route guard, Ocean and Cooperative ideas and reveals their features. By considering all the aspects, MANET is better and secures. They presented the design of these IDS and the overall network structure, as well as the methods for authenticating and dispatching MAs. In this they also evaluated the trade-offs between different designs parameters of MANETs.Wireless ad hoc networks have been in focus within the wireless research community. Essentially, these are networks that do not have an essential fixed infrastructure. Mobile hosts “join” on the fly and create a network on their own. With the network topology changing dynamically and the lack of a centralized network management functionality, these networks tend to be vulnerable to a number of attacks. In this they discussed an enhancement of the Watchdog/Path rater form of Intrusion Detection in Mobile wireless Adhoc networks (MANET). Depending on the Trustworthiness of the node’s sending the tag information, and information already relayed by other nodes, the tagged node may then dropped from routing paths by the Path rater, and new routes formulated. The author proposed a risk-aware response mechanism to systematically cope with the identified routing attacks. Risk-aware approach is based on an extended Dempster-Shafer mathematical theory of evidence introducing a notion of importance factors. In addition, experiments demonstrate the effectiveness of the approach with the consideration of several performance metrics.

CONCLUSIONS An IDS is used to make a secured MANET. Routing attacks in MANET have received a great attention due to the dynamic nature of MANET. There exist several intrusion response techniques to mitigate attacks; existing solutions typically attempt to isolate malicious nodes based on binary. In future, we propose a risk-aware response mechanism to systematically cope with the identified routing attacks. Our risk-aware approach will define various risk levels. Mathematical notion will be given to each level.


A. Hijazi and N. Nasser. “Using Mobile Agents for Intrusion Detection in Wireless Ad Hoc Networks”. In Wireless and Optical Communications Networks (WOCN), 2005.


P. Porras and A. Valdes, “Live Traffic Analysis of TCP/IP Gateways”.ISOC Symposium on Network and Distributed System Security, San Diego, CA, 1998.


H. Debar, M. Becker and D. Siboni. “A Neural Network Component for an Intrusion Detection System”. Proceedings of IEEE Symposium on Research in Security and Privacy, Oakland, CA, pp. 240-250, 1992.


N. Ye, X. Li, “Probabilistic Techniques for Intrusion Detection Based on Computer Audit Data”. IEEE Transactions on Systems, Man, and Cybernetics, pp. 266-274, 2001.

Intrusion Detection System and its Types in MANET



W. Lee, S.J. Stolfo, K.W. Mok. “A Data Mining Framework for Building Intrusion Detection Models”. IEEE Symposium on Security and Privacy (Oakland, California), 1999.


G. Florez, S.M. Bridges, and R.B. Vaughn, “An Improved Algorithm for Fuzzy Data Mining for Intrusion Detection”. The North American Fuzzy Information Processing Society Conference, New Orleans, LA, 2002


L. Blazevic et al. “Self-organization in mobile ad-hoc networks: the approach of terminodes”, IEEE Communications Magazine, pp.166–173, 2001.


J. Kong et al. “Adaptive security for multi-layer ad-hoc networks”. Special Issue of Wireless Communications and Mobile Computing, John Wiley Inter Science Press (2002).


C. Ko, J. Rowe, P. Brutch, K. Levitt, “System Health and Intrusion Monitoring Using a hierarchy of Constraints”. In Proceedings of 4th International Symposium, RAID, 2001.

10. T. Anantvalee and J. Wu. “A Survey on Intrusion Detection in Mobile Ad Hoc Networks”, Book Series Wireless Network Security, Springer, pp. 170 – 196, ISBN: 978-0-387-28040-0 (2007). 11. J. S. Balasubramaniyan et al., “An Architecture for Intrusion Detection using Autonomous Agents,” Proceedings of the Fourteenth Annual Computer Security Applications Conference, 1998 12. M. Asaka et al., “A Method of Tracing Intruders by Use of Mobile Agents,” in proceedings of the Internet Society, 1999 13. S. Kumar and E. Spafford, “An Application of Pattern Matchin in Intrusion Detection,” Technical Report 94-013, Dept. of Computer Science, Purdue University, 1994. 14. Paul Brutch, Calvin Ko “Challenges in Intrusion Detection for Wireless Ad-hoc Networks” Network Associates Laboratories {Paul_Brutch, Calvin_Ko}@nai.com2010. 15. D. Sterne, P. Balasubramanyam, D. Carman, B. Wilson, R. Talpade “A General Cooperative Intrusion Detection Architecture for MANETs”, 2004. 16. Vinay P.Virada, proposed Intrusion Detection System (IDS) for Secure MANETs: A Study, International Journal of Computational Engineering Research ( Vol. 2 Issue. 6 , 2007. 17. Katharine Chang and Kang G. Shin “Application-Layer Intrusion Detection in MANETs”, 2009. 18. Deepti Verma, Gitanjali Sinha, “A Novel Review IDS on MANETs”, 2010. 19. Charlie Obimbo, Liliana Maria Arboleda Cobo,“An Intrusion Detection System for MANET” Vol.2 No.3 PP.15,2012. 20. Ziming Zhao, Hongxin Hu, Gail-Joon Ahn, “Risk-Aware Mitigation for MANET Routing Attacks” IEEE transactions on dependable and secure computing, vol. 9, NO. 2, 2012. 21. The Network Simulator Wiki. [Online] 22. Katharine Chang and Kang G. Shin “Application-Layer Intrusion Detection in MANETs”. 23. Rohit Sharma, Dr. Jatinder Singh “A Role of Co-Operative Intrusion Detection System to Mobile Adhoc Network” International Journal of Emerging Technology and Advanced Engineering (ISSN 2250-2459, Volume 2, Issue 10, October 2012).


Himanshu & Parveen Bano

24. Kamini Maheshwar; Divakar Singh “Black Hole Effect Analysis and Prevention through IDS in MANET Environment” European Journal of Applied Engineering and Scientific Research, 2012, 1 (4):84-90 (

43 intrusion detection full  
43 intrusion detection full  

Mobile Ad hoc Networks (MANET) are utilized to set up wireless communication in improvised environments without a predefined infrastructure...