A fully distributed IDS for MANET

In This work we propose a new distributed intrusion detection system (IDS) designed for mobile ad hoc network (MANET) environments. The complete distribution of the intrusion detection process is the salient feature of our proposition: distribution is not restricted to data collection but also applied to execution of the detection algorithm and alert correlation. Each node in the MANET runs a local IDS (LIDS) that cooperates with others LIDS. A mobile agent framework is used to preserve the autonomy of each LIDS while providing a flexible technique for exploring the natural redundancies in MANET to compensate for the dynamic state of wireless links between high mobility nodes. The proposed solution has been validated by actual implementation, which is described in the paper. Three attacks are presented as illustrative examples of the IDS mechanisms. Attack detection is formally described by specification of data collection, attack signatures associated with such data and alerts generation and correlation. Experiments exhibit fairly good results, the attacks being collaboratively detected in real-time.