|
To mitigate the problem of intrusion attacks by malicious nodes in mobile ad hoc networks (MANETs), security attributes and quantifiable trust levels, unique to the MANET's transient, self-organizing topology, augment or replace traditional protocol metrics of throughput, packet delay and hop-count in the ad hoc route discovery procedures. The new features are unique to the candidate security protocol, which views security as a quality metric to improve the relevance of the routes discovered by established reactive ad hoc routing protocols. Attributes of a secure route are identified in order to define the appropriate metrics to quantify the "level of security" associated with the protocol messaging and the detection of malicious activities by some intrusive nodes. A state vector of features and metrics based on the published Secure Routing Protocol (SRP) for MANETs is constructed to encode network security characteristics. This route discovery protocol mitigates the detrimental effects of various malicious behaviors to provide trustworthy connectivity information. The protocol ensures that fabricated, compromised, or replayed route replies would either be rejected or never reach the querying source node. In this paper, the pattern of values, taken by the state vector of the SRP features in the route request, discovery and reply operations, are analyzed to detect evidence of intrusion attacks by malicious nodes that could lead to denial of service and network shutdown. The pattern analysis applies a technique based on negative selection found in natural immune systems that can detect extraneous patterns in the (nonself) space that is the complement of vector values associated with correct route discovery and route maintenance. The immune system is well-suited to the distributed nature of the MANET. It does not rely on a central controller, but instead uses a distributed detection and response mechanism in order to respond to foreign invaders, mirroring the operation of the route discovery and selection process in the presence of intrusive or malicious nodes. Furthermore, this pattern detection approach is suitable for the difficult problem of passive or hidden security threats. Based on the SRP features of the state vector, an artificial immune system (AIS) is constructed as a hierarchy of rules to detect different types of intrusive activity within the MANET. The pattern detection rules in the complement (nonself) space are generated in an evolutionary manner using a genetic search algorithm. The effect of the genetic search is to discern the varying levels of abnormal behavior in the MANET protocol transactions. The efficacy of the AIS technique is compared to the positive characterization method based on nearest-neighbor classification. Initial evaluations of the detection scheme are performed to validate the AIS-based method using training and test data sets, generated from intrusion scenarios simulated from various threat models and security-aware modifications to reactive MANET routing protocols. These results are reported along with a performance analysis comparing the AIS approach with competing techniques. Conclusions about the AIS application to MANETs using the SRP are discussed.
|
