1 / 25

Using Mobile Agents for Intrusion Detection in Wireless Ad Hoc Networks

Using Mobile Agents for Intrusion Detection in Wireless Ad Hoc Networks. Nidal Nasser University of Guelph Guelph, Canada. Abdulrahman Hijazi Queen’s University Kingston, Canada. Agenda. Introduction Wireless Ad Hoc Networks (WAHNs) Mobile Agents (MA) Intrusion Detection Systems (IDS)

taite
Télécharger la présentation

Using Mobile Agents for Intrusion Detection in Wireless Ad Hoc Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using Mobile Agents for Intrusion Detection in Wireless Ad Hoc Networks Nidal Nasser University of Guelph Guelph, Canada Abdulrahman Hijazi Queen’s University Kingston, Canada

  2. Agenda • Introduction • Wireless Ad Hoc Networks (WAHNs) • Mobile Agents (MA) • Intrusion Detection Systems (IDS) • Security Challenges and Vulnerabilities in WAHNs • Mobile Agents Suitability for WAHNs

  3. Agenda (Cont’d) • Comparison Study between Existing Mobile-Agent-Based IDSs for WAHNs • Local Intrusion Detection System (LIDS) • ID Architecture based on a Static Stationary Database • Distributed Intrusion Detection Using Mobile Agents • Concluding Remarks

  4. Wireless Ad Hoc Networks • Wireless ad hoc networks are • autonomous nodes that • communicate with each other in a decentralized manner • through multi-hop radio network. • Wireless nodesform a dynamic network topology and communicate with each other directly without wireless access point.

  5. Wireless Ad Hoc Networks • Examples: • Conferences and classrooms • Tactical battlefield (communication between planes, tanks, etc.) • Sensor networks to detect environmental changes • Wireless parking lot sensor networks NIST Advanced Network Technologies Division: http://w3.antd.nist.gov

  6. Wireless Ad Hoc Networks (Cont.) • Host and router: • Each node functions as both a host and a router, and the control of the network is distributed among the nodes. • Two common types: • MANETs: autonomous collection of mobile users that communicate over relatively bandwidth constrained wireless links • WSNs consist of a number of sensors spread across a geographical area.  Each sensor has wireless communication capability and some level of intelligence

  7. MANETs vs. WSNs • Similarities • Ad-hoc network topology • Power is an expensive resource • Communication over wireless medium

  8. MANETs vs. WSNs • Differences • Purpose: • WSNs information gathering • MANETs distributed computing • Number of users: • WSNs one user • MANETs  many users • Number of nodes: WSNs >> MANETs • Mobility: • WSNs  mostly static • MANETs  mostly moving

  9. Mobile agents • Mobile Agents are: • Autonomous software entities that can • halt themselves • ship themselves to another host • continue execution • decide where to go and what to do along the way

  10. Intrusion Detection Systems IDS • Intrusion detection systems (IDS) are: • guard systems that • automatically detect malicious activities within a host or a network, and then • report that for subsequent response • Two types: • Host based • Network based

  11. Intrusion Detection Systems IDS • Detection Techniques: • Anomaly: attempts to detect activities that differ from the normal expected system behavior • Signature: uses pre-known attack scenarios (or signatures) and compare them with incoming traffic • Hybrid

  12. Security in Wireless Ad Hoc Networks • Motivation: • Increasing popularity and applications of the wireless ad hoc networks • Early research assumed a friendly and cooperative environment. Fix before it is too late!

  13. Security in Wireless Ad Hoc Networks • Wireless vs. Wireline Networks: • Existing security solutions for wired networks do NOT directly apply to the MANET domain due to the key architectural differences

  14. Security Challenges and Vulnerabilities in Wireless Ad Hoc Networks • Challenges and vulnerabilities: • Lack of infrastructure • Absence of certification or authorization authority • Lack of centralized monitoring or management unit • Shared wireless medium • Accessibility to both legitimate users and malicious attackers • Cooperative nature between the nodes

  15. Security Challenges and Vulnerabilities in Wireless Ad Hoc Networks • Challenges and vulnerabilities: • Easy physical accessibility • Dynamic network topology • Lack of a clear line of defense • Difficult to detect Byzantine attack from normal “out of sync” behavior • Operational constraints • Battery • Range • Bandwidth • CPU and memory

  16. Mobile Agents Suitability for WAHNs • Main mobile agents’ features : • Reducing network load • Conserving bandwidth • Improving load balancing in the network • Reducing the total tasks completion time • Overcome network latency

  17. Mobile Agents Suitability for WAHNs • Main mobile agents’ features (Cont’d): • Advance mobile computing • Enabling dynamic deployment • Having robust and fault-tolerant behavior • Working on a heterogeneous network • Light-weight

  18. Mobile Agents Suitability for WAHNs • One problem: • Potential Security Vulnerability!

  19. Comparison Study between Existing Mobile-Agent-Based IDSs for WAHNs

  20. 1) Local Intrusion Detection System (LIDS) • The innovation of this design is the use of SNMP’s data located at MIBs as audit sources and the use of mobile agents to process these data at the source node to reduce communication overheads

  21. 2) Intrusion Detection Architecture based on a Static Stationary Database • This design also allows for the use of anomaly, signature, or hybrid detection methods. However, the use of stationary database limits the allowed mobility duration of the nodes. This might not be acceptable at all times in the case of MANETs

  22. 3) Distributed Intrusion Detection Using Mobile Agents • This design works only using the anomaly-based detection method. It uses the hierarchical model to assign agents limited different functionality to achieve better network performance through light-weight distributed agents. This, in turns, increases fault tolerance and scalability of the whole system.

  23. Comparison between the three designs against common design and performance parameters

  24. Conclusion Remarks • The study shows an immense potential fittingness of mobile agents to be used in IDS for WAHNs. Many of the features offered by mobile agents are just exact requirements of the ideal WAHNs IDS. • Two possible disadvantages of mobile agents are their architectural inherited security vulnerabilities and the extra weight they may add. • In spite of the novel ideas presented in the existing three mobile-agent based IDSs for WAHNs papers, there still are other features of mobile agents that have not been fully utilized. An improved deployment of mobile agents may add extra flexibility, efficiency, and robustness to the overall IDS design.

  25. Thank you …

More Related