using mobile agents for intrusion detection in wireless ad hoc networks
DESCRIPTION
Using Mobile Agents for Intrusion Detection in Wireless Ad Hoc Networks. Nidal Nasser University of Guelph Guelph, Canada. Abdulrahman Hijazi Queen’s University Kingston, Canada. Agenda. Introduction Wireless Ad Hoc Networks (WAHNs) Mobile Agents (MA) Intrusion Detection Systems (IDS) - PowerPoint PPT PresentationTRANSCRIPT
Using Mobile Agents for Using Mobile Agents for Intrusion Detection in Intrusion Detection in
Wireless Ad Hoc NetworksWireless Ad Hoc Networks
Nidal NasserNidal NasserUniversity of Guelph University of Guelph
Guelph, CanadaGuelph, Canada
Abdulrahman HijaziAbdulrahman HijaziQueen’s UniversityQueen’s University
Kingston, CanadaKingston, Canada
AgendaAgenda
IntroductionIntroduction
Wireless Ad Hoc Networks (WAHNs)Wireless Ad Hoc Networks (WAHNs) Mobile Agents (MA)Mobile Agents (MA) Intrusion Detection Systems (IDS)Intrusion Detection Systems (IDS)
Security Challenges and Vulnerabilities in Security Challenges and Vulnerabilities in WAHNsWAHNs
Mobile Agents Suitability for WAHNsMobile Agents Suitability for WAHNs
Agenda (Cont’d)Agenda (Cont’d)
Comparison Study between Existing Mobile-Comparison Study between Existing Mobile-Agent-Based IDSs for WAHNsAgent-Based IDSs for WAHNs
Local Intrusion Detection System (LIDS)Local Intrusion Detection System (LIDS) ID Architecture based on a Static Stationary DatabaseID Architecture based on a Static Stationary Database Distributed Intrusion Detection Using Mobile AgentsDistributed Intrusion Detection Using Mobile Agents
Concluding Remarks Concluding Remarks
Wireless Ad Hoc NetworksWireless Ad Hoc Networks
Wireless ad hoc networks are Wireless ad hoc networks are autonomous nodes that autonomous nodes that communicate with each other in a decentralized communicate with each other in a decentralized
manner manner
through multi-hop radio network.through multi-hop radio network.
Wireless nodesWireless nodes form a dynamic network form a dynamic network topology and communicate with each other topology and communicate with each other directly without wireless access point.directly without wireless access point.
Wireless Ad Hoc NetworksWireless Ad Hoc Networks
Examples: Examples: Conferences and Conferences and
classroomsclassrooms Tactical battlefield Tactical battlefield
(communication (communication between planes, tanks, between planes, tanks, etc.) etc.)
Sensor networks to Sensor networks to detect environmental detect environmental changeschanges
Wireless parking lot Wireless parking lot sensor networks sensor networks
NIST Advanced Network Technologies Division: http://w3.antd.nist.gov
Wireless Ad Hoc Networks (Cont.)Wireless Ad Hoc Networks (Cont.)
Host and router: Host and router: Each node functions as both a host and a router, and Each node functions as both a host and a router, and
the control of the network is distributed among the the control of the network is distributed among the nodes.nodes.
Two common types:Two common types: MANETs: autonomous collection of mobile users that MANETs: autonomous collection of mobile users that
communicate over relatively bandwidth constrained communicate over relatively bandwidth constrained wireless linkswireless links
WSNs consist of a number of sensors spread across WSNs consist of a number of sensors spread across a geographical area. Each sensor has wireless a geographical area. Each sensor has wireless communication capability and some level of communication capability and some level of intelligenceintelligence
MANETs vs. WSNsMANETs vs. WSNs
SimilaritiesSimilarities
Ad-hoc network topologyAd-hoc network topology Power is an expensive resourcePower is an expensive resource Communication over wireless mediumCommunication over wireless medium
MANETs vs. WSNsMANETs vs. WSNs
DifferencesDifferences
Purpose: Purpose: WSNs WSNs information gatheringinformation gathering MANETs MANETs distributed computingdistributed computing
Number of users: Number of users: WSNs WSNs one userone user MANETs MANETs many users many users
Number of nodes: WSNs >> MANETsNumber of nodes: WSNs >> MANETs Mobility: Mobility:
WSNs WSNs mostly static mostly static MANETs MANETs mostly moving mostly moving
Mobile agentsMobile agents
Mobile Agents are:Mobile Agents are: Autonomous software entities that can Autonomous software entities that can halt themselveshalt themselves ship themselves to another host ship themselves to another host continue executioncontinue execution decide where to go and what to do along the waydecide where to go and what to do along the way
Intrusion Detection Systems IDSIntrusion Detection Systems IDS
Intrusion detection systems (IDS) are:Intrusion detection systems (IDS) are: guard systems that guard systems that automatically detect malicious activities within a host automatically detect malicious activities within a host
or a network, and then or a network, and then report that for subsequent responsereport that for subsequent response
Two types:Two types: Host basedHost based Network basedNetwork based
Intrusion Detection Systems IDSIntrusion Detection Systems IDS
Detection Techniques:Detection Techniques:
Anomaly: Anomaly: attempts to detect activities that differ attempts to detect activities that differ from the normal expected system behaviorfrom the normal expected system behavior
Signature: Signature: uses pre-known attack scenarios (or uses pre-known attack scenarios (or signatures) and compare them with incoming trafficsignatures) and compare them with incoming traffic
HybridHybrid
Security in Wireless Ad Hoc NetworksSecurity in Wireless Ad Hoc Networks
Motivation:Motivation:
Increasing popularity and applications of the Increasing popularity and applications of the wireless ad hoc networks wireless ad hoc networks
Early research assumed a friendly and Early research assumed a friendly and cooperative environment. cooperative environment.
Fix before it is too late!Fix before it is too late!
Security in Wireless Ad Hoc NetworksSecurity in Wireless Ad Hoc Networks
Wireless vs. Wireline Networks:Wireless vs. Wireline Networks:
Existing security solutions for wired networks Existing security solutions for wired networks do NOT directly apply to the MANET domain do NOT directly apply to the MANET domain due to the key architectural differencesdue to the key architectural differences
Security Challenges and Vulnerabilities Security Challenges and Vulnerabilities in Wireless Ad Hoc Networksin Wireless Ad Hoc Networks
Challenges and vulnerabilitiesChallenges and vulnerabilities::
Lack of infrastructure Lack of infrastructure Absence of certification or authorization authorityAbsence of certification or authorization authority Lack of centralized monitoring or management unitLack of centralized monitoring or management unit
Shared wireless mediumShared wireless medium Accessibility to both legitimate users and malicious Accessibility to both legitimate users and malicious
attackersattackers
Cooperative nature between the nodes Cooperative nature between the nodes
Security Challenges and Vulnerabilities Security Challenges and Vulnerabilities in Wireless Ad Hoc Networksin Wireless Ad Hoc Networks
Challenges and vulnerabilities:Challenges and vulnerabilities:
Easy physical accessibility Easy physical accessibility Dynamic network topologyDynamic network topology
Lack of a clear line of defense Lack of a clear line of defense Difficult to detect Byzantine attack from normal “out Difficult to detect Byzantine attack from normal “out
of sync” behaviorof sync” behavior Operational constraints Operational constraints
Battery Battery Range Range Bandwidth Bandwidth CPU and memoryCPU and memory
Mobile Agents Suitability for WAHNsMobile Agents Suitability for WAHNs
Main mobile agents’ features :Main mobile agents’ features :
Reducing network load Reducing network load Conserving bandwidth Conserving bandwidth Improving load balancing in the network Improving load balancing in the network Reducing the total tasks completion time Reducing the total tasks completion time Overcome network latency Overcome network latency
Mobile Agents Suitability for WAHNsMobile Agents Suitability for WAHNs
Main mobile agents’ features (Cont’d):Main mobile agents’ features (Cont’d):
Advance mobile computing Advance mobile computing Enabling dynamic deployment Enabling dynamic deployment Having robust and fault-tolerant behaviorHaving robust and fault-tolerant behavior Working on a heterogeneous network Working on a heterogeneous network Light-weight Light-weight
Mobile Agents Suitability for WAHNsMobile Agents Suitability for WAHNs
One problem:One problem:
Potential Security Vulnerability! Potential Security Vulnerability!
Comparison Study between Comparison Study between
Existing Existing
Mobile-Agent-Based IDSs Mobile-Agent-Based IDSs
for WAHNs for WAHNs
1) Local Intrusion Detection System 1) Local Intrusion Detection System (LIDS)(LIDS)
The innovation of this design is the use of SNMP’s data located at The innovation of this design is the use of SNMP’s data located at MIBs as audit sources and the use of mobile agents to process MIBs as audit sources and the use of mobile agents to process these data at the source node to reduce communication overheads these data at the source node to reduce communication overheads
2) Intrusion Detection Architecture 2) Intrusion Detection Architecture based on a Static Stationary Databasebased on a Static Stationary Database
This design also allows for the use of anomaly, signature, or hybrid This design also allows for the use of anomaly, signature, or hybrid detection methods. However, the use of stationary database limits detection methods. However, the use of stationary database limits the allowed mobility duration of the nodes. This might not be the allowed mobility duration of the nodes. This might not be acceptable at all times in the case of MANETsacceptable at all times in the case of MANETs
3) Distributed Intrusion Detection Using 3) Distributed Intrusion Detection Using Mobile AgentsMobile Agents
This design works only using the anomaly-based detection method. It uses This design works only using the anomaly-based detection method. It uses the hierarchical model to assign agents limited different functionality to the hierarchical model to assign agents limited different functionality to achieve better network performance through light-weight distributed agents. achieve better network performance through light-weight distributed agents. This, in turns, increases fault tolerance and scalability of the whole system.This, in turns, increases fault tolerance and scalability of the whole system.
Comparison between the three designs against Comparison between the three designs against
common design and performance parameterscommon design and performance parameters
Conclusion RemarksConclusion Remarks
The study shows an immense potential fittingness of The study shows an immense potential fittingness of mobile agents to be used in IDS for WAHNs. Many of the mobile agents to be used in IDS for WAHNs. Many of the features offered by mobile agents are just exact features offered by mobile agents are just exact requirements of the ideal WAHNs IDS. requirements of the ideal WAHNs IDS.
Two possible disadvantages of mobile agents are their Two possible disadvantages of mobile agents are their architectural inherited security vulnerabilities and the extra architectural inherited security vulnerabilities and the extra weight they may add. weight they may add.
In spite of the novel ideas presented in the existing three In spite of the novel ideas presented in the existing three mobile-agent based IDSs for WAHNs papers, there still are mobile-agent based IDSs for WAHNs papers, there still are other features of mobile agents that have not been fully other features of mobile agents that have not been fully utilized. An improved deployment of mobile agents may utilized. An improved deployment of mobile agents may add extra flexibility, efficiency, and robustness to the add extra flexibility, efficiency, and robustness to the overall IDS design. overall IDS design.
Thank you …Thank you …