cross layer intrusion detection system

the research paper is attached. Go through it you will get some idea, or you can give any cross layer based ids implemented in ns2.

network simulator-2 must be used for the implementation.

works have become an important facet in our
everyday lives as they are increasingly deployed in numerous
applications. However, their growing popularity is challenged
by insecure environment and characteristics of these networks.
The inherent nature of the wireless medium makes it sus-
ceptible to variety of security attacks ranging from passive
eavesdropping to active interference.
Moreover, in a truly ad hoc wireless network domain,
network services such as routing are provided by the nodes
themselves. In such a scenario, a malicious entity (apart
from compromising a node), can deny network services by
dropping packets that need to be forwarded, by misrouting
packets or by launching other attacks. Such attacks, called
Denial of Service (DoS) attacks [1] affect the availability of
the nodes significantly thereby disrupting the entire network.
Fortifying the wireless infrastructure against intrusion is more
challenging than in the case of wired networks as the wired
network based access control mechanisms such as firewalls are
ineffective in these networks due to their dynamically varying
topology.
In the presence of malicious nodes, traditionally, intrusion
prevention mechanisms such as secret key and encryption
are used. However, these authentication mechanisms are not
effective against insider attacks as the physical compromise
of a node could compromise the secret key. In order to
secure wireless networks, we need a second line of defense to
detect the intrusions [2]. For this purpose, Intrusion Detection
Systems (IDS) are deployed to identify any set of actions that
compromise the integrity, confidentiality and availability of
resources. Misuse and anomaly detection are common IDS
techniques that are used to study the abnormalities in the
system to detect if an intrusion has occurred. The intrusion
detection mechanisms complement the intrusion prevention
measures and help enhance the security of the networks. The
intrusion, in the case of DoS attacks is often manifested
as non-availability of the network infrastructure. In order to
detect DoS attacks, conventional systems use a network IDS
that resides in a gateway node and monitors the network for
abnormal network behavior. In a wireless ad hoc network, a
dedicated gateway node cannot be assumed because of the
transient nature of the network.
Additionally, it is difficult to identify intrusions in these
networks as nodes may fail to provide services due to genuine
reasons such as network congestion, link failure or topology
changes, thus causing high false positives. For example, a
node could drop a packet due to collision attack caused by
a malicious entity or simply due to poor channel conditions.
Also, DoS attacks could be launched at multiple layers of the
protocol suite (Table I). By detecting abnormal behavior at
different layers and using information across layers, we can
detect malicious nodes with increasing accuracy.
In this paper, we provide a host based IDS that resides in
every host and monitors its local neighborhood for abnormali-
ties in the network activities. We develop a cross-layer design
framework that will exchange the detection information across
the layers and trigger multiple levels of detection. This enables
the IDS to make a more informed decision about the intrusion
in the network. We simulate our approach using NS2
for proof of concept. Results indicate that attacks are detected
at a higher percentage with considerable reduction in false
positives.

DENIAL O F SERVICE ATTACKS
Protocol layer DoS Attacks
Link Layer Collision
Network Layer Packet Drop
Misdirection
The remainder of the paper is organized as follows. Section
II discusses the related work. Section III gives the threat
model and the assumptions used in this work. Section IV
describes the proposed cross-layer design approach. Section
V presents a detailed analysis of the collision detection algo-
rithm implemented.

Programowanie C Bezprzewodowy

Numer ID Projektu: #4252102

O projekcie