Académique Documents
Professionnel Documents
Culture Documents
MANET Features:
Dynamic network topology: As the network varies rapidly, the movable nodes
dynamically establish routing among themselves.
Passive attack: Attacker does not disturb the operation of the routing protocol but
attempts to seek some valuable information through traffic analysis.
Eaves dropping : Because of the wireless links in MANETs, a message sent by a node
can be heard by every device equipped with a transceiver and within radio range, and
if no encryption is used then the attacker can get useful information.
Routing Attacks : Both the reactive and proactive routing protocols are vulnerable to
routing attacks.
Sleep Deprivation Attack: Sleep deprivation (SD) is a distributed denial of service
attack in which an attacker interacts with the node in a manner that appears to be
legitimate, but where the purpose of the interaction is to keep the victim node out of
its power conserving sleep mode.
Black hole attack: If the intruder may succeed in becoming part of many routes in the
network and the intruder, once chosen as an intermediate node, drops the packets
instead of forwarding or processing them, causing a black hole (BH) in the network.
Grey Hole Attack: A grey hole attack (GH) is a special case of the BH attack, in
which an intruder first captures the routes, i.e. becomes part of the routes in the
network (as with the BH attack), and then drops packets selectively.
Sybil Attack: Each node in a MANET requires a unique address to participate in
routing, through which nodes are identified. However, in a MANET there is no central
authority to verify these identities. An attacker can exploit this property and send
control packets.
IDS
An Intrusion Detection System (IDS) is a device or software applications for
monitoring network traffic, suspicious activity if any deviation occurs against normal
behavior, then give alerts the system or network administrator. An IDS is a software
that automates the intrusion detection process. The primary responsibility of IDS is to
detect unwanted and malicious activities. Intrusion Prevention System (IPS) is
software that has all the capabilities of an intrusion detection system and can also
attempt to stop possible incidents.
based IDS generate an alarm, if fingerprint or signatures patterns are matched and it
also maintains a signatures pattern of known attacks.
Drawback: Difficulty to gather signatures/ detect unknown attack and keep them up
to date.
2) Anomaly-based detection (profile based detection)
Anomaly-based intrusion detection (ABID) systems flag as anomalous observed
activities that deviate significantly from the normal profile. ABID systems are also
known as behaviour-based intrusion detection, in which the model of normal
behaviour of the network is extracted, and then this model is compared with the
current behaviour of the network to detect intrusion in the network.
Ability to rectifying previously unknown and insider attacks, without need for
signatures.
Drawback: Generate large number of false positives alarm rate due to legitimate
activity.
3) Specification-based detection
Generally, specification-based intrusion detection systems (SBIDs) first explicitly
define specifications as a set of constraints. They then use these specifications to
monitor the routing protocol operations or network layer operations to detect attacks
in the network. The first step extracts the specifications, which define the correct
operation of (for example) the network or the MAC layer protocol through a set of
constraints. The system then monitors the execution of the protocol with respect to the
given specification, deviations from the specification being treated as intrusion.
to existing techniques and the introduction of new methods for intrusion detection
have been considered by researchers.
SURYA K R
S2 ES, 23
VAST