Detecting Critical Nodes for MANET IDS A Karygiannis

  • Slides: 12
Download presentation
Detecting Critical Nodes for MANET IDS A Karygiannis, E Antonakakis, and A Apostolopoulos Presented

Detecting Critical Nodes for MANET IDS A Karygiannis, E Antonakakis, and A Apostolopoulos Presented by: Sarah Casey 1

MANET Intrusion Detection Challenges No Central Authority or Administration Can only directly monitor neighbouring

MANET Intrusion Detection Challenges No Central Authority or Administration Can only directly monitor neighbouring nodes (within radio range) Mobility allows malicious nodes to enter and leave the network at will 2

Additional Challenges Dynamic topology No trust relationships between nodes Little incentive for collaboration 3

Additional Challenges Dynamic topology No trust relationships between nodes Little incentive for collaboration 3

Re-Routing Often possible Densely populated or highly mobile Easier than trying to monitor nodes

Re-Routing Often possible Densely populated or highly mobile Easier than trying to monitor nodes and paths 4

Critical Nodes “Any node whose failure or malicious behaviour disconnects or significantly degrades the

Critical Nodes “Any node whose failure or malicious behaviour disconnects or significantly degrades the performance of the network” 5

Critical Node Detection Step 1: Disable all links but one Step 2: Attempt to

Critical Node Detection Step 1: Disable all links but one Step 2: Attempt to ping node under test Step 3: Restore original routing Iterate for all possible links except the link to the node under test. If another path exists, the node is not critical.

m. Lab Emulator, not a simulator Management software for real nodes Allows dynamic topology

m. Lab Emulator, not a simulator Management software for real nodes Allows dynamic topology changes without physical node movement http: //csrc. nist. gov/manet/#m. Lab

Emulation Environment 12 nodes total 10 ARM, 2 x 86 topology changes every 5

Emulation Environment 12 nodes total 10 ARM, 2 x 86 topology changes every 5 -10 min “Detailed test conditions, . . . , and test results can be found on our project web site” - no URL provided

Critical Test vs Watchdog Monitoring CPU Usage: Watchdog - 60 -70% m. Critical -

Critical Test vs Watchdog Monitoring CPU Usage: Watchdog - 60 -70% m. Critical - < 1%

Critical Test vs Watchdog Monitoring Initial Memory: Watchdog - 450 KB m. Critical -

Critical Test vs Watchdog Monitoring Initial Memory: Watchdog - 450 KB m. Critical - 125 KB m. Critical keeps tables of outgoing and incoming packet headers Track links and routes

Critical Test vs Watchdog Monitoring Additional Packet Loss: Watchdog - 0% m. Critical -

Critical Test vs Watchdog Monitoring Additional Packet Loss: Watchdog - 0% m. Critical - 2 -4% Additional packet loss occurs when manipulating routing table during test

Conclusions Light weight alternative to full IDS monitoring on all nodes No cooperation from,

Conclusions Light weight alternative to full IDS monitoring on all nodes No cooperation from, or security association with, other nodes required If re-routing is possible, do it; If not, time to employ (limited) monitoring 12

Skolemising Blank Nodes while Preserving Isomorphism Blank NodesSkolemising Blank Nodes while Preserving Isomorphism Blank Nodes
MN IDS Intersection Construction Update MN IDS TestMN IDS Intersection Construction Update MN IDS Test
IDS Mentoring Project IDS Conference 2007 August 7IDS Mentoring Project IDS Conference 2007 August 7
Statistical based IDS background introduction Statistical IDS backgroundStatistical based IDS background introduction Statistical IDS background
IDS Search Built for Sharing What is IDSIDS Search Built for Sharing What is IDS
Statistical based IDS background introduction Statistical IDS backgroundStatistical based IDS background introduction Statistical IDS background
Welcome IDS Project Members IDS Community VUG DISCUSSIONWelcome IDS Project Members IDS Community VUG DISCUSSION
Intrusion Detection Systems IDS IDS Intrusion Detection SystemIntrusion Detection Systems IDS IDS Intrusion Detection System
Welcome IDS Project Members IDS Community VUG DISCUSSIONWelcome IDS Project Members IDS Community VUG DISCUSSION
Welcome IDS Project Members IDS Community VUG DISCUSSIONWelcome IDS Project Members IDS Community VUG DISCUSSION
Statistical based IDS background introduction Statistical IDS backgroundStatistical based IDS background introduction Statistical IDS background
IDS Search Built for Sharing What is IDSIDS Search Built for Sharing What is IDS
Intrusion Detection Systems IDS What is an IDSIntrusion Detection Systems IDS What is an IDS
The IDS Website Ajit Kurup IDS Meeting 17The IDS Website Ajit Kurup IDS Meeting 17
Selective Forwarding Attack Detecting Colluding Nodes in WirelessSelective Forwarding Attack Detecting Colluding Nodes in Wireless
Detecting and Reducing Partition Nodes in Limitedroutinghop OverlayDetecting and Reducing Partition Nodes in Limitedroutinghop Overlay
Sparse Multitask Learning for Detecting Influential Nodes inSparse Multitask Learning for Detecting Influential Nodes in
Sparse Multitask Learning for Detecting Influential Nodes inSparse Multitask Learning for Detecting Influential Nodes in
Detecting Forged RSTs Weaver Sommer Paxson Detecting ForgedDetecting Forged RSTs Weaver Sommer Paxson Detecting Forged
Review Detecting Outliers Review Detecting Outliers Standard DeviationReview Detecting Outliers Review Detecting Outliers Standard Deviation
CRITICAL LITERACY CRITICAL LITERACY Related to critical pedagogyCRITICAL LITERACY CRITICAL LITERACY Related to critical pedagogy
Critical Analysis Critical Reading Critical reading is anCritical Analysis Critical Reading Critical reading is an
CRITICAL LITERACY CRITICAL LITERACY Related to critical pedagogyCRITICAL LITERACY CRITICAL LITERACY Related to critical pedagogy
Critical Inquiry Critical Questions to Stimulate Critical ThinkingCritical Inquiry Critical Questions to Stimulate Critical Thinking
Critical Analysis Critical AnalysisThinking Critical thinking is aboutCritical Analysis Critical AnalysisThinking Critical thinking is about
Detecting Access Anomalies in Programs with Critical SectionsDetecting Access Anomalies in Programs with Critical Sections
Critical Thinking A Users Manual Chapter 11 DetectingCritical Thinking A Users Manual Chapter 11 Detecting
AMDV Autonomous Metal Detecting Vehicle Critical Design ReviewAMDV Autonomous Metal Detecting Vehicle Critical Design Review
Impressionnisme francais Impressionnisme Edouard MANET le maitre desImpressionnisme francais Impressionnisme Edouard MANET le maitre des
Attacks and Defenses Utilizing CrossLayer Interactions in MANETAttacks and Defenses Utilizing CrossLayer Interactions in MANET
Outline Introduction MANET Motivation Objective Problem Description RelatedOutline Introduction MANET Motivation Objective Problem Description Related
manet Charlie Perkins Stan Ratliff John Dowdell IETFmanet Charlie Perkins Stan Ratliff John Dowdell IETF
Authentication in Mobile Adhoc Network MANET Student StleAuthentication in Mobile Adhoc Network MANET Student Stle
Objectives MANET with more than 20 Ad HocObjectives MANET with more than 20 Ad Hoc
Attacks and Defenses Utilizing CrossLayer Interactions in MANETAttacks and Defenses Utilizing CrossLayer Interactions in MANET
Attacks and Defenses Utilizing CrossLayer Interactions in MANETAttacks and Defenses Utilizing CrossLayer Interactions in MANET
Multicasting in Mobile AdHoc Networks MANET Project SupervisorMulticasting in Mobile AdHoc Networks MANET Project Supervisor
MANET P 2 P file sharing over NDNMANET P 2 P file sharing over NDN
MANET NEMO Converged Communication Kouji Okada okadasfc wideMANET NEMO Converged Communication Kouji Okada okadasfc wide
Mobile Adhoc Networks MANET z Adhoc network yMobile Adhoc Networks MANET z Adhoc network y