Specification-based intrusion detection combined with cryptography methods for mobile ad hoc networks
Publish date: 2005-01-01
Report number: FOI-R--1867--SE
Written in: English
New challenges within the area of security have arisen due to a relatively new paradigm called mobile ad hoc networks. A mobile ad hoc network consists of wireless nodes that build a radio network without any pre-existing infrastructure or centralized servers. However, these networks have inherent vulnerabilities that make them susceptible to malicious attacks such as denial of service and propagation of incorrect routing information. Current security solutions for tactical radio networks, which mainly are based on cryptography, are not sufficient. We need to search for new solutions in order to obtain an acceptable level of security for tactical mobile ad hoc networks. In this report, we examine the vulnerabilities of mobile ad hoc networks and argue that both cryptography solutions and intrusion detection must be included in mobile ad hoc networks. First, we present an architecture for intrusion detection that is applicable to mobile ad hoc networks. Second, we present an intrusion detection approach that detects attacks against mobile ad hoc networks. The key mechanism in this approach, specification-based detection, is evaluated through experiments. The experiments show that our specification-based model can detect attacks with high detection rates and few false alarms.