Skip to main content
SpringerLink
Log in

Attack Analysis and Detection for Ad Hoc Routing Protocols

  • Conference paper
Recent Advances in Intrusion Detection (RAID 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3224))

Included in the following conference series:

Abstract

Attack analysis is a challenging problem, especially in emerging environments where there are few known attack cases. One such new environment is the Mobile Ad hoc Network (MANET). In this paper, we present a systematic approach to analyze attacks. We introduce the concept of basic events. An attack can be decomposed into certain combinations of basic events. We then define a taxonomy of anomalous basic events by analyzing the basic security goals.

Attack analysis provides a basis for designing detection models. We use both specification-based and statistical-based approaches. First, normal basic events of the protocol can be modeled by an extended finite state automaton (EFSA) according to the protocol specifications. The EFSA can detect anomalous basic events that are direct violations of the specifications. Statistical learning algorithms, with statistical features, i.e., statistics on the states and transitions of the EFSA, can train an effective detection model to detect those anomalous basic events that are temporal and statistical in nature.

We use the AODV routing protocol as a case study to validate our research. Our experiments on the MobiEmu wireless emulation platform show that our specification-based and statistical-based models cover most of the anomalous basic events in our taxonomy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bhargavan, K., Gunter, C.A., Kim, M., Lee, I., Obradovic, D., Sokolsky, O., Viswanathan, M.: Verisim: Formal analysis of network simulations. IEEE Transactions on Software Engineering (2002)

    Google Scholar 

  2. Cohen, W.W.: Fast effective rule induction. In: Proceedings of the International Conference on Machine Learning, pp. 115–123 (1995)

    Google Scholar 

  3. Huang, Y., Fan, W., Lee, W., Yu, P.S.: Cross-feature analysis for detecting ad-hoc routing anomalies. In: Proceedings of the 23rd International Conference on Distributed Computing Systems (May 2002)

    Google Scholar 

  4. Hu, Y.-C., Perrig, A., Johnson, D.B.: Wormhole detection in wireless ad hoc networks. Technical Report TR01-384, Department of Computer Science, Rice University (December 2001)

    Google Scholar 

  5. Hu, Y.-C., Perrig, A., Johnson, D.B.: Ariadne: A secure on-demand routing protocol for ad hoc networks. In: Proceedings of the Eighth Annual International Conference on Mobile Computing and Networking (Mobi-Com 2002) (September 2002)

    Google Scholar 

  6. Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: A rule-based intrusion detection approach. Software Engineering 21(3), 181–199 (1995)

    Article  Google Scholar 

  7. Johnson, D.B., Maltz, D.A., Broch, J.: DSR: The dynamic source routing protocol for multi-hop wireless ad hoc networks. In: Perkins, C.E. (ed.) Ad Hoc Networking, ch. 5, pp. 139–172. Addison-Wesley, Reading (2001)

    Google Scholar 

  8. Ko, C., Ruschitzka, M., Levitt, K.N.: Execution monitoring of securitycritical programs in distributed systems: A specification-based approach. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 134–144 (1997)

    Google Scholar 

  9. Kawadia, V., Zhang, Y., Gupta, B.: System services for ad-hoc routing: Architecture, implementation and experiences. In: First International Conference on Mobile Systems, Applications, and Services (MobiSys 2003), San Francisco, CA (May 2003)

    Google Scholar 

  10. Malkin, G.: RIP version 2 - carrying additional information. RFC 1723, Internet Engineering Task Force (November 1994)

    Google Scholar 

  11. Maltz, D.A., Broch, J., Jetcheva, J.G., Johnson, D.B.: The effects of on-demand behavior in routing protocols for multi-hop wireless ad hoc networks. IEEE Journal on Selected Areas in Communications (August 1999)

    Google Scholar 

  12. Marti, S., Giuli, T.J., Lai, K., Baker, M.: Mitigating routing misbehavior in mobile ad hoc networks. Mobile Computing and Networking 255 (2000)

    Google Scholar 

  13. Ning, P., Sun, K.: How to misuse AODV: A case study of insider attacks against mobile ad-hoc routing protocols. In: Proceedings of the 4th Annual IEEE Information Assurance Workshop, June 2003, pp. 60–67 (2003)

    Google Scholar 

  14. Perkins, C.E., Belding-Royer, E.M., Das, S.R.: Ad hoc on-demand distance vector (AODV) routing. Internet draft draft-ietf-manet-aodv- 13.txt, Internet Engineering Task Force (February 2003) (expired 2003)

    Google Scholar 

  15. Perkins, C.E., Royer, E.M., Das, S.R., Marina, M.K.: Performance comparison of two on-demand routing protocols for ad hoc networks. IEEE Personal Communications Magazine special issue on Ad hoc Networking, 16–28 (February 2001)

    Google Scholar 

  16. Sekar, R., Gupta, A., Frullo, J., Shanbhag, T., Tiwari, A., Yang, H., Zhou, S.: Specification-based anomaly detection: A new approach for detecting network intrusions. In: Proceedings of the ACM Computer and Communication Security Conference, CCS 2002 (2002)

    Google Scholar 

  17. Tseng, C.-Y., Balasubramanyam, P., Ko, C., Limprasittiporn, R., Rowe, J., Levitt, K.N.: A specification-based intrusion detection system for AODV. In: ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN 2003), George W. Johnson Center at George Mason University, Fairfax, VA (October 2003)

    Google Scholar 

  18. Vigna, G., Kemmerer, R.A.: NetSTAT: A network-based intrusion detection approach. In: Proceedings of the 14th Annual Computer Security Applications Conference (1998)

    Google Scholar 

  19. Zapata, M.G.: Secure ad hoc on-demand distance vector (SAODV) routing. Internet draft draft-guerrero-manet-saodv-00.txt, Internet Engineering Task Force (August 2001) (expired 2002)

    Google Scholar 

  20. Zhang, Y., Li, W.: An integrated environment for testing mobile adhoc networks. In: Proceedings of the Third ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc 2002), Lausanne, Switzerland (June 2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Computing, Georgia Institute of Technology, 801 Atlantic Dr., Atlanta, GA, USA, 30332

    Yi-an Huang & Wenke Lee

Authors
  1. Yi-an Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenke Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Chalmers University of Technology, SE-412 96, Göteborg, Sweden

    Erland Jonsson  & Magnus Almgren  & 

  2. SRI International, 333 Ravenswood Ave., CA 94025, Menlo Park, USA

    Alfonso Valdes

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Huang, Ya., Lee, W. (2004). Attack Analysis and Detection for Ad Hoc Routing Protocols. In: Jonsson, E., Valdes, A., Almgren, M. (eds) Recent Advances in Intrusion Detection. RAID 2004. Lecture Notes in Computer Science, vol 3224. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30143-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30143-1_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23123-3

  • Online ISBN: 978-3-540-30143-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation