0
INTRUSION DETECTION TECHNIQUES
FOR MOBILE WIRELESS NETWORKS
Y Zhang, W Lee & Y Huang


Presenter: Tanzir Musabbir
OUTLINE
 Vulnerabilities of Mobile Wireless Networks
 What is IDS?

 Types of IDS

 Problems of current IDS techniques...
VULNERABILITIES OF MOBILE WIRELESS
NETWORKS

 The wireless networks and mobile computing has
  developed rapidly in the l...
VULNERABILITIES OF MOBILE WIRELESS
NETWORKS (CONTINUED)

 Independent roaming could cause node to be
  captured, hijacked...
SOLUTION?
 Design a model for Intrusion Detection Techniques
  (IDS)
 Deploy IDS into wireless networks

 Keep the wire...
OUTLINE
 Vulnerabilities of Mobile Wireless Networks
 What is IDS?

 Types of IDS

 Problems of current IDS techniques...
WHAT IS IDS
 Intrusion: Any set of actions that attempt to
  compromise the integrity, confidentiality, or
  availability...
OUTLINE
 Vulnerabilities of Mobile Wireless Networks
 What is IDS?

 Types of IDS

 Problems of current IDS techniques...
TYPES OF IDS
 Based on the type of audit data
 Network-based IDS
     Runs at the gateway of a network
     Inspects p...
TYPES OF IDS (CONTINUED)
   Misuse detection system
     Uses patterns of well known attacks or weak spots
     Accurat...
OUTLINE
 Vulnerabilities of Mobile Wireless Networks
 What is IDS?

 Types of IDS

 Problems of current IDS techniques...
PROBLEMS OF CURRENT IDS TECHNIQUES
 Current IDS relies on real-time traffic analysis
 Mobile ad hoc environment does not...
OUTLINE
 Vulnerabilities of Mobile Wireless Networks
 What is IDS?

 Types of IDS

 Problems of current IDS techniques...
IDS DESIGN ISSUES
 To build an intrusion detection system that fits the
  feature of mobile ad-hoc networks
 To chose th...
OUTLINE
 Vulnerabilities of Mobile Wireless Networks
 What is IDS?

 Types of IDS

 Problems of current IDS techniques...
ARCHITECTURE FOR INTRUSION DETECTION
 Intrusion detection and response system should be
  both distributed and cooperativ...
ARCHITECTURE FOR INTRUSION DETECTION
ARCHITECTURE FOR INTRUSION DETECTION
(CONTINUED)
 Data collection module is
  responsible for gathering local
  audit tra...
ARCHITECTURE FOR INTRUSION DETECTION
(CONTINUED)
 Local response module triggers
  actions local to the node
 Global res...
OUTLINE
 Vulnerabilities of Mobile Wireless Networks
 What is IDS?

 Types of IDS

 Problems of current IDS techniques...
ANOMALY DETECTION IN MOBILE AD-HOC
NETWORKS
 Differentiate normal behavior from abnormal
  behavior
 Uses information-th...
ANOMALY DETECTION IN MOBILE AD-HOC
NETWORKS (CONTINUED)
   Procedure for anomaly detection
       Select audit data so t...
OUTLINE
 Vulnerabilities of Mobile Wireless Networks
 What is IDS?

 Types of IDS

 Problems of current IDS techniques...
EXPERIMENTAL RESULTS
   Used three specific ad-hoc wireless protocols
     DSR
     AODV
     DSDV

 The feature set ...
EXPERIMENTAL RESULTS (CONTINUED)
   Experiment suggested that DSR and AODV are
    better for anomaly detection.
       ...
OUTLINE
 Vulnerabilities of Mobile Wireless Networks
 What is IDS?

 Types of IDS

 Problems of current IDS techniques...
CONCLUSION
 Architecture for better intrusion detection in mobile
  computing environment should be distributed and
  coo...
QUESTIONS?
 Location-Aided Routing protocol may be more
  advantageous – why?
 Why the alarm rate is much higher if the ...
Upcoming SlideShare
Loading in...5
×

Intrusion Detection Techniques for Mobile Wireless Networks

3,469

Published on

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,469
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
179
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Transcript of "Intrusion Detection Techniques for Mobile Wireless Networks"

  1. 1. INTRUSION DETECTION TECHNIQUES FOR MOBILE WIRELESS NETWORKS Y Zhang, W Lee & Y Huang Presenter: Tanzir Musabbir
  2. 2. OUTLINE  Vulnerabilities of Mobile Wireless Networks  What is IDS?  Types of IDS  Problems of current IDS techniques  IDS design issues  Architecture for Intrusion Detection  Anomaly detection in Mobile Ad-Hoc Networks  Experimental Results  Conclusion
  3. 3. VULNERABILITIES OF MOBILE WIRELESS NETWORKS  The wireless networks and mobile computing has developed rapidly in the last decade  Traditional way of protecting networks is no longer sufficient  Use of wireless links increases attacks ranging from passive eavesdropping to active interfering.  Missing of physical access and unprepared for possible encounters  Damage includes leaking secret information, message contamination, node impersonation
  4. 4. VULNERABILITIES OF MOBILE WIRELESS NETWORKS (CONTINUED)  Independent roaming could cause node to be captured, hijacked  Tracking is difficult in a global scale network  Lack of centralized authority creates new types of attacks to break the cooperative algorithms  Application and services can be a wink link  Attacks may target proxies or agents of base- station to mount DoS attacks
  5. 5. SOLUTION?  Design a model for Intrusion Detection Techniques (IDS)  Deploy IDS into wireless networks  Keep the wireless networks secured from intrusions
  6. 6. OUTLINE  Vulnerabilities of Mobile Wireless Networks  What is IDS?  Types of IDS  Problems of current IDS techniques  IDS design issues  Architecture for Intrusion Detection  Anomaly detection in Mobile Ad-Hoc Networks  Experimental Results  Conclusion
  7. 7. WHAT IS IDS  Intrusion: Any set of actions that attempt to compromise the integrity, confidentiality, or availability of a resource  Intrusion detection: A detection technique that attempts to identify unauthorized, illicit, and anomalous behavior based solely on network traffic.  The role of a IDS is passive, only gathering, identifying, logging and altering.
  8. 8. OUTLINE  Vulnerabilities of Mobile Wireless Networks  What is IDS?  Types of IDS  Problems of current IDS techniques  IDS design issues  Architecture for Intrusion Detection  Anomaly detection in Mobile Ad-Hoc Networks  Experimental Results  Conclusion
  9. 9. TYPES OF IDS  Based on the type of audit data  Network-based IDS  Runs at the gateway of a network  Inspects packets that go through the network hardware interface  Host-based IDS  Runs on the operating system audit data  Monitors and analyzes events generated by programs or users
  10. 10. TYPES OF IDS (CONTINUED)  Misuse detection system  Uses patterns of well known attacks or weak spots  Accurately detects instances of known attacks  Fails to detected newly invented attacks  Anomaly detection system  Observes activities that different from the established usage way  Does not require prior knowledge and detects new intrusion  Fails to describe the type of attack  May have high false positive rate
  11. 11. OUTLINE  Vulnerabilities of Mobile Wireless Networks  What is IDS?  Types of IDS  Problems of current IDS techniques  IDS design issues  Architecture for Intrusion Detection  Anomaly detection in Mobile Ad-Hoc Networks  Experimental Results  Conclusion
  12. 12. PROBLEMS OF CURRENT IDS TECHNIQUES  Current IDS relies on real-time traffic analysis  Mobile ad hoc environment does not have switches, routers and gateway, where the IDS can be used to audit data  Mobile users may adopt new operations modes, so anomaly based IDS cannot be used in all cases
  13. 13. OUTLINE  Vulnerabilities of Mobile Wireless Networks  What is IDS?  Types of IDS  Problems of current IDS techniques  IDS design issues  Architecture for Intrusion Detection  Anomaly detection in Mobile Ad-Hoc Networks  Experimental Results  Conclusion
  14. 14. IDS DESIGN ISSUES  To build an intrusion detection system that fits the feature of mobile ad-hoc networks  To chose the audit data sources appropriately  To design a model of activities that can separate anomaly from normalcy during attacks
  15. 15. OUTLINE  Vulnerabilities of Mobile Wireless Networks  What is IDS?  Types of IDS  Problems of current IDS techniques  IDS design issues  Architecture for Intrusion Detection  Anomaly detection in Mobile Ad-Hoc Networks  Experimental Results  Conclusion
  16. 16. ARCHITECTURE FOR INTRUSION DETECTION  Intrusion detection and response system should be both distributed and cooperative  Every node in the mobile ad-hoc network participates in intrusion detection and response  Each node is responsible for detecting signs of intrusion locally and independently  Individual IDS agents are placed on each and every node  Each IDS agent monitors local activities
  17. 17. ARCHITECTURE FOR INTRUSION DETECTION
  18. 18. ARCHITECTURE FOR INTRUSION DETECTION (CONTINUED)  Data collection module is responsible for gathering local audit traces  Local detection engine will use this data to detect local anomaly  Cooperative detection engines collaborates IDS agents
  19. 19. ARCHITECTURE FOR INTRUSION DETECTION (CONTINUED)  Local response module triggers actions local to the node  Global response module coordinates actions among neighboring nodes  Secure communication module provides a high-confidence communication channel among IDS agents
  20. 20. OUTLINE  Vulnerabilities of Mobile Wireless Networks  What is IDS?  Types of IDS  Problems of current IDS techniques  IDS design issues  Architecture for Intrusion Detection  Anomaly detection in Mobile Ad-Hoc Networks  Experimental Results  Conclusion
  21. 21. ANOMALY DETECTION IN MOBILE AD-HOC NETWORKS  Differentiate normal behavior from abnormal behavior  Uses information-theoretic technique to describe the characteristics of information flow  Uses classification algorithms to build anomaly detection models
  22. 22. ANOMALY DETECTION IN MOBILE AD-HOC NETWORKS (CONTINUED)  Procedure for anomaly detection  Select audit data so that the normal dataset has low entropy  Perform appropriate data transformation according to the entropy measures (for information gain)  Compute classifier using training data  Apply the classifier to test data  Post-process alarms to produce intrusion reports
  23. 23. OUTLINE  Vulnerabilities of Mobile Wireless Networks  What is IDS?  Types of IDS  Problems of current IDS techniques  IDS design issues  Architecture for Intrusion Detection  Anomaly detection in Mobile Ad-Hoc Networks  Experimental Results  Conclusion
  24. 24. EXPERIMENTAL RESULTS  Used three specific ad-hoc wireless protocols  DSR  AODV  DSDV  The feature set reflects information from different sources such as traffic pattern, routing change, topological movement  Built models using two classification algorithms  RIPPER (induction based classifier)  SVM_Light  Five different test scripts were used to generate traces
  25. 25. EXPERIMENTAL RESULTS (CONTINUED)  Experiment suggested that DSR and AODV are better for anomaly detection.  Works better where degree of path and pattern redundancy exists  High correlation among changes of three types of information is proffered:  Traffic flow  Routing activities  Topological patterns
  26. 26. OUTLINE  Vulnerabilities of Mobile Wireless Networks  What is IDS?  Types of IDS  Problems of current IDS techniques  IDS design issues  Architecture for Intrusion Detection  Anomaly detection in Mobile Ad-Hoc Networks  Experimental Results  Conclusion
  27. 27. CONCLUSION  Architecture for better intrusion detection in mobile computing environment should be distributed and cooperative.  On demand protocols are work better than table driven protocols because the behavior of on- demand protocols reflects the correlation between traffic pattern and routing message flows
  28. 28. QUESTIONS?  Location-Aided Routing protocol may be more advantageous – why?  Why the alarm rate is much higher if the model is classified using values from another mobility level?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×