Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (20)
Ähnlich wie Intrusion Detection Techniques for Mobile Wireless Networks
Ähnlich wie Intrusion Detection Techniques for Mobile Wireless Networks (20)
Intrusion Detection Techniques for Mobile Wireless Networks
- 1. INTRUSION DETECTION TECHNIQUES FOR MOBILE WIRELESS NETWORKS Y Zhang, W Lee & Y Huang Presenter: Tanzir Musabbir
- 2. OUTLINE Vulnerabilities of Mobile Wireless Networks What is IDS? Types of IDS Problems of current IDS techniques IDS design issues Architecture for Intrusion Detection Anomaly detection in Mobile Ad-Hoc Networks Experimental Results Conclusion
- 3. VULNERABILITIES OF MOBILE WIRELESS NETWORKS The wireless networks and mobile computing has developed rapidly in the last decade Traditional way of protecting networks is no longer sufficient Use of wireless links increases attacks ranging from passive eavesdropping to active interfering. Missing of physical access and unprepared for possible encounters Damage includes leaking secret information, message contamination, node impersonation
- 4. VULNERABILITIES OF MOBILE WIRELESS NETWORKS (CONTINUED) Independent roaming could cause node to be captured, hijacked Tracking is difficult in a global scale network Lack of centralized authority creates new types of attacks to break the cooperative algorithms Application and services can be a wink link Attacks may target proxies or agents of base- station to mount DoS attacks
- 5. SOLUTION? Design a model for Intrusion Detection Techniques (IDS) Deploy IDS into wireless networks Keep the wireless networks secured from intrusions
- 6. OUTLINE Vulnerabilities of Mobile Wireless Networks What is IDS? Types of IDS Problems of current IDS techniques IDS design issues Architecture for Intrusion Detection Anomaly detection in Mobile Ad-Hoc Networks Experimental Results Conclusion
- 7. WHAT IS IDS Intrusion: Any set of actions that attempt to compromise the integrity, confidentiality, or availability of a resource Intrusion detection: A detection technique that attempts to identify unauthorized, illicit, and anomalous behavior based solely on network traffic. The role of a IDS is passive, only gathering, identifying, logging and altering.
- 8. OUTLINE Vulnerabilities of Mobile Wireless Networks What is IDS? Types of IDS Problems of current IDS techniques IDS design issues Architecture for Intrusion Detection Anomaly detection in Mobile Ad-Hoc Networks Experimental Results Conclusion
- 9. TYPES OF IDS Based on the type of audit data Network-based IDS Runs at the gateway of a network Inspects packets that go through the network hardware interface Host-based IDS Runs on the operating system audit data Monitors and analyzes events generated by programs or users
- 10. TYPES OF IDS (CONTINUED) Misuse detection system Uses patterns of well known attacks or weak spots Accurately detects instances of known attacks Fails to detected newly invented attacks Anomaly detection system Observes activities that different from the established usage way Does not require prior knowledge and detects new intrusion Fails to describe the type of attack May have high false positive rate
- 11. OUTLINE Vulnerabilities of Mobile Wireless Networks What is IDS? Types of IDS Problems of current IDS techniques IDS design issues Architecture for Intrusion Detection Anomaly detection in Mobile Ad-Hoc Networks Experimental Results Conclusion
- 12. PROBLEMS OF CURRENT IDS TECHNIQUES Current IDS relies on real-time traffic analysis Mobile ad hoc environment does not have switches, routers and gateway, where the IDS can be used to audit data Mobile users may adopt new operations modes, so anomaly based IDS cannot be used in all cases
- 13. OUTLINE Vulnerabilities of Mobile Wireless Networks What is IDS? Types of IDS Problems of current IDS techniques IDS design issues Architecture for Intrusion Detection Anomaly detection in Mobile Ad-Hoc Networks Experimental Results Conclusion
- 14. IDS DESIGN ISSUES To build an intrusion detection system that fits the feature of mobile ad-hoc networks To chose the audit data sources appropriately To design a model of activities that can separate anomaly from normalcy during attacks
- 15. OUTLINE Vulnerabilities of Mobile Wireless Networks What is IDS? Types of IDS Problems of current IDS techniques IDS design issues Architecture for Intrusion Detection Anomaly detection in Mobile Ad-Hoc Networks Experimental Results Conclusion
- 16. ARCHITECTURE FOR INTRUSION DETECTION Intrusion detection and response system should be both distributed and cooperative Every node in the mobile ad-hoc network participates in intrusion detection and response Each node is responsible for detecting signs of intrusion locally and independently Individual IDS agents are placed on each and every node Each IDS agent monitors local activities
- 17. ARCHITECTURE FOR INTRUSION DETECTION
- 18. ARCHITECTURE FOR INTRUSION DETECTION (CONTINUED) Data collection module is responsible for gathering local audit traces Local detection engine will use this data to detect local anomaly Cooperative detection engines collaborates IDS agents
- 19. ARCHITECTURE FOR INTRUSION DETECTION (CONTINUED) Local response module triggers actions local to the node Global response module coordinates actions among neighboring nodes Secure communication module provides a high-confidence communication channel among IDS agents
- 20. OUTLINE Vulnerabilities of Mobile Wireless Networks What is IDS? Types of IDS Problems of current IDS techniques IDS design issues Architecture for Intrusion Detection Anomaly detection in Mobile Ad-Hoc Networks Experimental Results Conclusion
- 21. ANOMALY DETECTION IN MOBILE AD-HOC NETWORKS Differentiate normal behavior from abnormal behavior Uses information-theoretic technique to describe the characteristics of information flow Uses classification algorithms to build anomaly detection models
- 22. ANOMALY DETECTION IN MOBILE AD-HOC NETWORKS (CONTINUED) Procedure for anomaly detection Select audit data so that the normal dataset has low entropy Perform appropriate data transformation according to the entropy measures (for information gain) Compute classifier using training data Apply the classifier to test data Post-process alarms to produce intrusion reports
- 23. OUTLINE Vulnerabilities of Mobile Wireless Networks What is IDS? Types of IDS Problems of current IDS techniques IDS design issues Architecture for Intrusion Detection Anomaly detection in Mobile Ad-Hoc Networks Experimental Results Conclusion
- 24. EXPERIMENTAL RESULTS Used three specific ad-hoc wireless protocols DSR AODV DSDV The feature set reflects information from different sources such as traffic pattern, routing change, topological movement Built models using two classification algorithms RIPPER (induction based classifier) SVM_Light Five different test scripts were used to generate traces
- 25. EXPERIMENTAL RESULTS (CONTINUED) Experiment suggested that DSR and AODV are better for anomaly detection. Works better where degree of path and pattern redundancy exists High correlation among changes of three types of information is proffered: Traffic flow Routing activities Topological patterns
- 26. OUTLINE Vulnerabilities of Mobile Wireless Networks What is IDS? Types of IDS Problems of current IDS techniques IDS design issues Architecture for Intrusion Detection Anomaly detection in Mobile Ad-Hoc Networks Experimental Results Conclusion
- 27. CONCLUSION Architecture for better intrusion detection in mobile computing environment should be distributed and cooperative. On demand protocols are work better than table driven protocols because the behavior of on- demand protocols reflects the correlation between traffic pattern and routing message flows
- 28. QUESTIONS? Location-Aided Routing protocol may be more advantageous – why? Why the alarm rate is much higher if the model is classified using values from another mobility level?