Real-time intrusion detection for ad hoc networks

A mobile ad hoc network is a collection of nodes that are connected through a wireless medium and form rapidly changing topologies. The widely accepted existing routing protocols designed to accommodate the needs of such self-organised networks do not address possible threats aimed at the disruption of the protocol itself. The assumption of a trusted environment is not one that can be realistically expected; hence several efforts have been made towards the design of a secure routing protocol for ad hoc networks. The main problems with this approach are that it requires changes to the underlying routing protocol and that manual configuration of the initial security associations cannot be completely avoided. We propose RIDAN, a novel architecture that uses knowledge-based intrusion detection techniques to detect, in real-time, attacks that an adversary can perform against the routing fabric of a mobile ad hoc network. Our system is designed to take countermeasures minimising the effectiveness of an attack and maintaining the performance of the network within acceptable limits. RIDAN does not introduce any changes to the underlying routing protocol since it operates as an intermediate component between the network traffic and the utilised protocol with minimum processing overhead. We have developed a prototype that was evaluated in AODV-enabled networks using the ns-2 network simulator.