SECURITY IN MOBILE ADHOC NETWORKS

Security in Mobile ADhoc Networks

Chapter 5: Security in Mobile ADhoc Networks

Specification-based Monitoring of AODV

Specification-based monitoring compares the demeanour of things with their affiliated security specifications that arrest the correct demeanour of the objects. In general specifications are manually crated counting on the security principle, functionalities of the things, and forecast rate of usage. Intrusion will not be noticed exactly by specification-based detection. It notices the effect of the intrusions as run-time violation of the specifications instead. Specification-based detection will notice not only renowned attacks but furthermore other ones, this is likely because specifications by default worried with the correct demeanour of objects. The specification-based detection approach has been effectively directed to monitor security critical programs, submissions, and protocols. In specific, specifications for the Address Resolution Protocol (ARP) and the Dynamic Host Configuration Protocol (DHCP) have been utilised to notice attacks that exploit vulnerabilities in these protocols.

To monitor AODV while exercising the specification methods, first aim will be on the routing notes that are conveyed in the detection of routes. In exact, there is an try to ascertain every RREQ and RREP notes in a request-reply flow from a source node to a place travelled to node and come back to the source. In the following subsections, we recount how to monitor a request-reply flow utilising circulated Network Monitors (NM). Basic Hypothesis

In alignment to slender the scope of the difficulty, we provide work the following assumptions. Future enquiry of the difficulty will rest some of the assumptions.

The MAC locations and IP locations of all wireless nodes are listed in network monitors and stay unchanged.

MAC locations will not be forged.

Every network monitor and its notes are protected and authenticated.

Every node should ahead or reply to the notes as asserted by the protocol inside some finite time span of time.

Network monitors are well chosen to be adept to cover all nodes and present all needed functionality.

If a node is out of variety of a network monitor, it should be in the variety of neighboring monitors.

If some nodes do not reply to announced notes, this will not origin grave problems.



Request-Reply Flow Run-time monitoring

The environment of publicity hoc networks prohibits any lone IDS node to observe all notes in a request-reply flow. Therefore, finding of RREQ and RREP notes in a request-reply flow have to be presented by circulated network monitors (NMs).

AODV Packets



Sniff new Packets Updates



Detect anomaly

Exchange data with

Other NM if needed

Figure : Architecture of Network Monitor

Above Figure depicts the architecture of a network monitor. Networks monitors passively hearing to AODV routing note and notice incorrect RREQ and RREP messages. Messages are grouped based on the request-reply flow to which they belong. A demand answer flow can be exclusively recognised by the RREQ ID, the source and place travelled to IP addresses. A RREQ or RREP note can chart to a request-reply flow based on these areas as shown below. RREQ: AODV Source address and RREQ ID RREP: AODV Source and Destination address A network ...